source: azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/dh.c@ 464

Last change on this file since 464 was 464, checked in by coas-nagasima, 3 years ago

WolfSSLとAzure IoT SDKを更新
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc;charset=UTF-8
File size: 85.5 KB
Line 
1/* dh.c
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23#ifdef HAVE_CONFIG_H
24 #include <config.h>
25#endif
26
27#include <wolfssl/wolfcrypt/settings.h>
28
29#ifndef NO_DH
30
31#if defined(HAVE_FIPS) && \
32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
33
34 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
35 #define FIPS_NO_WRAPPERS
36
37 #ifdef USE_WINDOWS_API
38 #pragma code_seg(".fipsA$m")
39 #pragma const_seg(".fipsB$m")
40 #endif
41#endif
42
43#include <wolfssl/wolfcrypt/dh.h>
44#include <wolfssl/wolfcrypt/error-crypt.h>
45#include <wolfssl/wolfcrypt/logging.h>
46
47#ifdef WOLFSSL_HAVE_SP_DH
48#include <wolfssl/wolfcrypt/sp.h>
49#endif
50
51#ifdef NO_INLINE
52 #include <wolfssl/wolfcrypt/misc.h>
53#else
54 #define WOLFSSL_MISC_INCLUDED
55 #include <wolfcrypt/src/misc.c>
56#endif
57
58
59/*
60Possible DH enable options:
61 * NO_RSA: Overall control of DH default: on (not defined)
62 * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not
63 directly effect this file, but it does speed up DH
64 removing the testing. It is not recommended to
65 disable the prime checking. default: off
66
67*/
68
69
70#if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
71 #include <math.h>
72 #define XPOW(x,y) pow((x),(y))
73 #define XLOG(x) log((x))
74#else
75 /* user's own math lib */
76#endif
77
78#ifdef HAVE_FFDHE_2048
79static const byte dh_ffdhe2048_p[] = {
80 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
81 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
82 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
83 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
84 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
85 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
86 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
87 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
88 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
89 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
90 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
91 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
92 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
93 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
94 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
95 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
96 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
97 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
98 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
99 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
100 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
101 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
102 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
103 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
104 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
105 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
106 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
107 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
108 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
109 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
110 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
111 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
112};
113static const byte dh_ffdhe2048_g[] = { 0x02 };
114#ifdef HAVE_FFDHE_Q
115static const byte dh_ffdhe2048_q[] = {
116 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
117 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
118 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
119 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
120 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
121 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
122 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
123 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
124 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
125 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
126 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
127 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
128 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
129 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
130 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
131 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
132 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
133 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
134 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
135 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
136 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
137 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
138 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
139 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
140 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
141 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
142 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
143 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
144 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
145 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
146 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
148};
149#endif /* HAVE_FFDHE_Q */
150
151const DhParams* wc_Dh_ffdhe2048_Get(void)
152{
153 static const DhParams ffdhe2048 = {
154 #ifdef HAVE_FFDHE_Q
155 dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
156 #endif /* HAVE_FFDHE_Q */
157 dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
158 dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
159 };
160 return &ffdhe2048;
161}
162#endif
163
164#ifdef HAVE_FFDHE_3072
165static const byte dh_ffdhe3072_p[] = {
166 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
167 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
168 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
169 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
170 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
171 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
172 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
173 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
174 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
175 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
176 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
177 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
178 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
179 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
180 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
181 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
182 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
183 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
184 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
185 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
186 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
187 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
188 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
189 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
190 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
191 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
192 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
193 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
194 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
195 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
196 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
197 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
198 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
199 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
200 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
201 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
202 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
203 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
204 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
205 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
206 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
207 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
208 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
209 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
210 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
211 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
212 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
213 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
214};
215static const byte dh_ffdhe3072_g[] = { 0x02 };
216#ifdef HAVE_FFDHE_Q
217static const byte dh_ffdhe3072_q[] = {
218 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
219 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
220 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
221 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
222 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
223 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
224 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
225 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
226 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
227 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
228 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
229 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
230 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
231 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
232 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
233 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
234 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
235 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
236 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
237 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
238 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
239 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
240 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
241 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
242 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
243 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
244 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
245 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
246 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
247 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
248 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
249 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
250 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
251 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
252 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
253 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
254 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
255 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
256 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
257 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
258 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
259 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
260 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
261 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
262 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
263 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
264 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
265 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
266};
267#endif /* HAVE_FFDHE_Q */
268
269const DhParams* wc_Dh_ffdhe3072_Get(void)
270{
271 static const DhParams ffdhe3072 = {
272 #ifdef HAVE_FFDHE_Q
273 dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
274 #endif /* HAVE_FFDHE_Q */
275 dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
276 dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
277 };
278 return &ffdhe3072;
279}
280#endif
281
282#ifdef HAVE_FFDHE_4096
283static const byte dh_ffdhe4096_p[] = {
284 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
285 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
286 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
287 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
288 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
289 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
290 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
291 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
292 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
293 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
294 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
295 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
296 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
297 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
298 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
299 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
300 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
301 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
302 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
303 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
304 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
305 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
306 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
307 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
308 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
309 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
310 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
311 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
312 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
313 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
314 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
315 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
316 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
317 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
318 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
319 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
320 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
321 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
322 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
323 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
324 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
325 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
326 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
327 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
328 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
329 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
330 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
331 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
332 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
333 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
334 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
335 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
336 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
337 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
338 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
339 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
340 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
341 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
342 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
343 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
344 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
345 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
346 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
348};
349static const byte dh_ffdhe4096_g[] = { 0x02 };
350#ifdef HAVE_FFDHE_Q
351static const byte dh_ffdhe4096_q[] = {
352 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
353 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
354 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
355 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
356 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
357 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
358 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
359 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
360 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
361 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
362 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
363 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
364 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
365 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
366 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
367 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
368 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
369 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
370 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
371 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
372 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
373 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
374 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
375 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
376 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
377 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
378 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
379 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
380 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
381 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
382 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
383 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
384 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
385 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
386 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
387 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
388 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
389 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
390 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
391 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
392 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
393 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
394 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
395 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
396 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
397 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
398 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
399 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
400 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
401 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
402 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
403 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
404 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
405 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
406 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
407 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
408 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
409 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
410 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
411 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
412 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
413 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
414 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
415 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
416};
417#endif /* HAVE_FFDHE_Q */
418
419const DhParams* wc_Dh_ffdhe4096_Get(void)
420{
421 static const DhParams ffdhe4096 = {
422 #ifdef HAVE_FFDHE_Q
423 dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
424 #endif /* HAVE_FFDHE_Q */
425 dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
426 dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
427 };
428 return &ffdhe4096;
429}
430#endif
431
432#ifdef HAVE_FFDHE_6144
433static const byte dh_ffdhe6144_p[] = {
434 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
435 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
436 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
437 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
438 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
439 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
440 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
441 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
442 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
443 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
444 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
445 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
446 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
447 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
448 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
449 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
450 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
451 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
452 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
453 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
454 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
455 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
456 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
457 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
458 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
459 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
460 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
461 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
462 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
463 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
464 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
465 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
466 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
467 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
468 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
469 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
470 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
471 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
472 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
473 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
474 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
475 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
476 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
477 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
478 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
479 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
480 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
481 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
482 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
483 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
484 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
485 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
486 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
487 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
488 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
489 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
490 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
491 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
492 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
493 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
494 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
495 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
496 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
497 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
498 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
499 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
500 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
501 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
502 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
503 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
504 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
505 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
506 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
507 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
508 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
509 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
510 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
511 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
512 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
513 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
514 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
515 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
516 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
517 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
518 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
519 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
520 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
521 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
522 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
523 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
524 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
525 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
526 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
527 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
528 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
529 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
530};
531static const byte dh_ffdhe6144_g[] = { 0x02 };
532#ifdef HAVE_FFDHE_Q
533static const byte dh_ffdhe6144_q[] = {
534 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
535 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
536 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
537 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
538 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
539 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
540 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
541 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
542 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
543 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
544 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
545 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
546 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
547 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
548 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
549 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
550 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
551 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
552 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
553 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
554 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
555 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
556 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
557 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
558 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
559 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
560 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
561 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
562 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
563 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
564 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
565 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
566 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
567 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
568 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
569 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
570 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
571 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
572 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
573 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
574 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
575 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
576 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
577 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
578 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
579 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
580 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
581 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
582 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
583 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
584 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
585 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
586 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
587 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
588 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
589 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
590 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
591 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
592 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
593 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
594 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
595 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
596 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
597 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
598 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
599 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
600 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
601 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
602 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
603 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
604 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
605 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
606 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
607 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
608 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
609 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
610 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
611 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
612 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
613 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
614 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
615 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
616 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
617 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
618 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
619 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
620 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
621 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
622 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
623 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
624 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
625 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
626 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
627 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
628 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
630};
631#endif /* HAVE_FFDHE_Q */
632
633const DhParams* wc_Dh_ffdhe6144_Get(void)
634{
635 static const DhParams ffdhe6144 = {
636 #ifdef HAVE_FFDHE_Q
637 dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
638 #endif /* HAVE_FFDHE_Q */
639 dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
640 dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
641 };
642 return &ffdhe6144;
643}
644#endif
645
646#ifdef HAVE_FFDHE_8192
647static const byte dh_ffdhe8192_p[] = {
648 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
649 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
650 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
651 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
652 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
653 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
654 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
655 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
656 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
657 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
658 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
659 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
660 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
661 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
662 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
663 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
664 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
665 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
666 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
667 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
668 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
669 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
670 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
671 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
672 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
673 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
674 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
675 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
676 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
677 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
678 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
679 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
680 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
681 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
682 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
683 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
684 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
685 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
686 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
687 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
688 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
689 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
690 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
691 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
692 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
693 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
694 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
695 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
696 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
697 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
698 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
699 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
700 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
701 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
702 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
703 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
704 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
705 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
706 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
707 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
708 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
709 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
710 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
711 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
712 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
713 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
714 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
715 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
716 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
717 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
718 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
719 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
720 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
721 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
722 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
723 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
724 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
725 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
726 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
727 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
728 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
729 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
730 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
731 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
732 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
733 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
734 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
735 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
736 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
737 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
738 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
739 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
740 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
741 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
742 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
743 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
744 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
745 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
746 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
747 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
748 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
749 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
750 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
751 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
752 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
753 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
754 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
755 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
756 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
757 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
758 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
759 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
760 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
761 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
762 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
763 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
764 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
765 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
766 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
767 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
768 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
769 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
770 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
771 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
772 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
773 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
774 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
775 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
776};
777static const byte dh_ffdhe8192_g[] = { 0x02 };
778#ifdef HAVE_FFDHE_Q
779static const byte dh_ffdhe8192_q[] = {
780 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
781 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
782 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
783 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
784 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
785 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
786 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
787 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
788 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
789 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
790 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
791 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
792 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
793 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
794 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
795 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
796 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
797 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
798 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
799 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
800 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
801 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
802 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
803 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
804 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
805 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
806 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
807 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
808 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
809 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
810 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
811 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
812 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
813 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
814 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
815 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
816 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
817 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
818 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
819 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
820 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
821 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
822 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
823 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
824 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
825 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
826 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
827 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
828 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
829 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
830 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
831 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
832 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
833 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
834 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
835 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
836 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
837 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
838 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
839 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
840 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
841 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
842 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
843 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
844 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
845 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
846 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
847 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
848 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
849 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
850 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
851 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
852 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
853 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
854 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
855 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
856 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
857 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
858 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
859 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
860 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
861 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
862 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
863 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
864 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
865 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
866 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
867 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
868 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
869 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
870 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
871 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
872 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
873 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
874 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
875 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
876 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
877 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
878 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
879 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
880 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
881 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
882 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
883 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
884 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
885 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
886 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
887 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
888 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
889 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
890 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
891 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
892 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
893 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
894 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
895 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
896 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
897 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
898 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
899 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
900 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
901 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
902 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
903 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
904 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
905 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
906 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
907 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
908};
909#endif /* HAVE_FFDHE_Q */
910
911const DhParams* wc_Dh_ffdhe8192_Get(void)
912{
913 static const DhParams ffdhe8192 = {
914 #ifdef HAVE_FFDHE_Q
915 dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
916 #endif /* HAVE_FFDHE_Q */
917 dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
918 dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
919 };
920 return &ffdhe8192;
921}
922#endif
923
924int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
925{
926 int ret = 0;
927
928 if (key == NULL)
929 return BAD_FUNC_ARG;
930
931 key->heap = heap; /* for XMALLOC/XFREE in future */
932
933#ifdef WOLFSSL_DH_EXTRA
934 if (mp_init_multi(&key->p, &key->g, &key->q, &key->pub, &key->priv, NULL) != MP_OKAY)
935#else
936 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
937#endif
938 return MEMORY_E;
939
940#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
941 /* handle as async */
942 ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
943 key->heap, devId);
944#else
945 (void)devId;
946#endif
947
948 return ret;
949}
950
951int wc_InitDhKey(DhKey* key)
952{
953 return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
954}
955
956
957int wc_FreeDhKey(DhKey* key)
958{
959 if (key) {
960 mp_clear(&key->p);
961 mp_clear(&key->g);
962 mp_clear(&key->q);
963 #ifdef WOLFSSL_DH_EXTRA
964 mp_clear(&key->pub);
965 mp_forcezero(&key->priv);
966 #endif
967
968 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
969 wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
970 #endif
971 }
972 return 0;
973}
974
975
976#ifndef WC_NO_RNG
977/* if defined to not use floating point values do not compile in */
978#ifndef WOLFSSL_DH_CONST
979 static word32 DiscreteLogWorkFactor(word32 n)
980 {
981 /* assuming discrete log takes about the same time as factoring */
982 if (n < 5)
983 return 0;
984 else
985 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
986 XPOW(XLOG((double)n), 2.0/3.0) - 5);
987 }
988#endif /* WOLFSSL_DH_CONST*/
989
990
991/* if not using fixed points use DiscreteLogWorkFactor function for unusual size
992 otherwise round up on size needed */
993#ifndef WOLFSSL_DH_CONST
994 #define WOLFSSL_DH_ROUND(x)
995#else
996 #define WOLFSSL_DH_ROUND(x) \
997 do { \
998 if (x % 128) { \
999 x &= 0xffffff80;\
1000 x += 128; \
1001 } \
1002 } \
1003 while (0)
1004#endif
1005
1006
1007#ifndef WOLFSSL_NO_DH186
1008/* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
1009 * modLen - represents L, the size of p in bits
1010 * divLen - represents N, the size of q in bits
1011 * return 0 on success, -1 on error */
1012static int CheckDhLN(int modLen, int divLen)
1013{
1014 int ret = -1;
1015
1016 switch (modLen) {
1017 /* FA */
1018 case 1024:
1019 if (divLen == 160)
1020 ret = 0;
1021 break;
1022 /* FB, FC */
1023 case 2048:
1024 if (divLen == 224 || divLen == 256)
1025 ret = 0;
1026 break;
1027 default:
1028 break;
1029 }
1030
1031 return ret;
1032}
1033
1034
1035/* Create DH private key
1036 *
1037 * Based on NIST FIPS 186-4,
1038 * "B.1.1 Key Pair Generation Using Extra Random Bits"
1039 *
1040 * dh - pointer to initialized DhKey structure, needs to have dh->q
1041 * rng - pointer to initialized WC_RNG structure
1042 * priv - output location for generated private key
1043 * privSz - IN/OUT, size of priv buffer, size of generated private key
1044 *
1045 * return 0 on success, negative on error */
1046static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
1047 word32* privSz)
1048{
1049 byte* cBuf;
1050 int qSz, pSz, cSz, err;
1051#ifdef WOLFSSL_SMALL_STACK
1052 mp_int* tmpQ = NULL;
1053 mp_int* tmpX = NULL;
1054#else
1055 mp_int tmpQ[1], tmpX[1];
1056#endif
1057
1058 /* Parameters validated in calling functions. */
1059
1060 if (mp_iszero(&key->q) == MP_YES) {
1061 WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation");
1062 return BAD_FUNC_ARG;
1063 }
1064
1065 qSz = mp_unsigned_bin_size(&key->q);
1066 pSz = mp_unsigned_bin_size(&key->p);
1067
1068 /* verify (L,N) pair bit lengths */
1069 if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
1070 WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
1071 return BAD_FUNC_ARG;
1072 }
1073
1074 /* generate extra 64 bits so that bias from mod function is negligible */
1075 cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
1076 cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1077 if (cBuf == NULL) {
1078 return MEMORY_E;
1079 }
1080#ifdef WOLFSSL_SMALL_STACK
1081 tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1082 if (tmpQ == NULL) {
1083 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1084 return MEMORY_E;
1085 }
1086 tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1087 if (tmpX == NULL) {
1088 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1089 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1090 return MEMORY_E;
1091 }
1092#endif
1093
1094
1095 if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL))
1096 != MP_OKAY) {
1097 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1098#ifdef WOLFSSL_SMALL_STACK
1099 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1100 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1101#endif
1102 return err;
1103 }
1104
1105 do {
1106 /* generate N+64 bits (c) from RBG into tmpX, making sure positive.
1107 * Hash_DRBG uses SHA-256 which matches maximum
1108 * requested_security_strength of (L,N) */
1109 err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
1110 if (err == MP_OKAY)
1111 err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
1112 if (err != MP_OKAY) {
1113 mp_clear(tmpX);
1114 mp_clear(tmpQ);
1115 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1116#ifdef WOLFSSL_SMALL_STACK
1117 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1118 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1119#endif
1120 return err;
1121 }
1122 } while (mp_cmp_d(tmpX, 1) != MP_GT);
1123
1124 ForceZero(cBuf, cSz);
1125 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1126
1127 /* tmpQ = q - 1 */
1128 if (err == MP_OKAY)
1129 err = mp_copy(&key->q, tmpQ);
1130
1131 if (err == MP_OKAY)
1132 err = mp_sub_d(tmpQ, 1, tmpQ);
1133
1134 /* x = c mod (q-1), tmpX holds c */
1135 if (err == MP_OKAY)
1136 err = mp_mod(tmpX, tmpQ, tmpX);
1137
1138 /* x = c mod (q-1) + 1 */
1139 if (err == MP_OKAY)
1140 err = mp_add_d(tmpX, 1, tmpX);
1141
1142 /* copy tmpX into priv */
1143 if (err == MP_OKAY) {
1144 pSz = mp_unsigned_bin_size(tmpX);
1145 if (pSz > (int)*privSz) {
1146 WOLFSSL_MSG("DH private key output buffer too small");
1147 err = BAD_FUNC_ARG;
1148 } else {
1149 *privSz = pSz;
1150 err = mp_to_unsigned_bin(tmpX, priv);
1151 }
1152 }
1153
1154 mp_forcezero(tmpX);
1155 mp_clear(tmpQ);
1156#ifdef WOLFSSL_SMALL_STACK
1157 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1158 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1159#endif
1160
1161 return err;
1162}
1163#endif /* WOLFSSL_NO_DH186 */
1164#endif /* !WC_NO_RNG */
1165
1166static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
1167 word32* privSz)
1168{
1169#ifndef WC_NO_RNG
1170 int ret = 0;
1171 word32 sz = 0;
1172
1173#ifndef WOLFSSL_NO_DH186
1174 if (mp_iszero(&key->q) == MP_NO) {
1175
1176 /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
1177 * Generation Using Extra Random Bits" */
1178 ret = GeneratePrivateDh186(key, rng, priv, privSz);
1179
1180 } else
1181#endif
1182 {
1183
1184 sz = mp_unsigned_bin_size(&key->p);
1185
1186 /* Table of predetermined values from the operation
1187 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1188 WOLFSSL_BIT_SIZE + 1
1189 Sizes in table checked against RFC 3526
1190 */
1191 WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */
1192 switch (sz) {
1193 case 128: sz = 21; break;
1194 case 256: sz = 29; break;
1195 case 384: sz = 34; break;
1196 case 512: sz = 39; break;
1197 case 640: sz = 42; break;
1198 case 768: sz = 46; break;
1199 case 896: sz = 49; break;
1200 case 1024: sz = 52; break;
1201 default:
1202 #ifndef WOLFSSL_DH_CONST
1203 /* if using floating points and size of p is not in table */
1204 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1205 WOLFSSL_BIT_SIZE + 1);
1206 break;
1207 #else
1208 return BAD_FUNC_ARG;
1209 #endif
1210 }
1211
1212 if (sz > *privSz)
1213 ret = WC_KEY_SIZE_E;
1214
1215 if (ret == 0)
1216 ret = wc_RNG_GenerateBlock(rng, priv, sz);
1217
1218 if (ret == 0) {
1219 priv[0] |= 0x0C;
1220 *privSz = sz;
1221 }
1222 }
1223
1224 return ret;
1225#else
1226 (void)key;
1227 (void)rng;
1228 (void)priv;
1229 (void)privSz;
1230 return NOT_COMPILED_IN;
1231#endif /* WC_NO_RNG */
1232}
1233
1234
1235static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
1236 byte* pub, word32* pubSz)
1237{
1238 int ret = 0;
1239#ifndef WOLFSSL_SP_MATH
1240 word32 binSz = 0;
1241#ifdef WOLFSSL_SMALL_STACK
1242 mp_int* x;
1243 mp_int* y;
1244#else
1245 mp_int x[1];
1246 mp_int y[1];
1247#endif
1248#endif
1249
1250#ifdef WOLFSSL_HAVE_SP_DH
1251#ifndef WOLFSSL_SP_NO_2048
1252 if (mp_count_bits(&key->p) == 2048)
1253 return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
1254#endif
1255#ifndef WOLFSSL_SP_NO_3072
1256 if (mp_count_bits(&key->p) == 3072)
1257 return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
1258#endif
1259#ifdef WOLFSSL_SP_4096
1260 if (mp_count_bits(&key->p) == 4096)
1261 return sp_DhExp_4096(&key->g, priv, privSz, &key->p, pub, pubSz);
1262#endif
1263#endif
1264
1265#if !defined(WOLFSSL_SP_MATH)
1266#ifdef WOLFSSL_SMALL_STACK
1267 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1268 if (x == NULL)
1269 return MEMORY_E;
1270 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1271 if (y == NULL) {
1272 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1273 return MEMORY_E;
1274 }
1275#endif
1276 if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) {
1277 #ifdef WOLFSSL_SMALL_STACK
1278 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1279 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1280 #endif
1281 return MP_INIT_E;
1282 }
1283
1284 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1285 ret = MP_READ_E;
1286
1287 if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
1288 ret = MP_EXPTMOD_E;
1289
1290 if (ret == 0) {
1291 binSz = mp_unsigned_bin_size(y);
1292 if (binSz > *pubSz) {
1293 ret = WC_KEY_SIZE_E;
1294 }
1295 }
1296
1297 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
1298 ret = MP_TO_E;
1299
1300 if (ret == 0)
1301 *pubSz = binSz;
1302
1303 mp_clear(y);
1304 mp_clear(x);
1305#ifdef WOLFSSL_SMALL_STACK
1306 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1307 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1308#endif
1309#else
1310 ret = WC_KEY_SIZE_E;
1311#endif
1312
1313 return ret;
1314}
1315
1316static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
1317 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1318{
1319 int ret;
1320
1321 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1322 pub == NULL || pubSz == NULL) {
1323 return BAD_FUNC_ARG;
1324 }
1325
1326 ret = GeneratePrivateDh(key, rng, priv, privSz);
1327
1328 return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
1329}
1330
1331#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1332static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
1333 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1334{
1335 int ret;
1336
1337#if defined(HAVE_INTEL_QA)
1338 word32 pBits;
1339
1340 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
1341 pBits = mp_unsigned_bin_size(&key->p) * 8;
1342 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
1343 pBits == 2048 || pBits == 3072 || pBits == 4096) {
1344 mp_int x;
1345
1346 ret = mp_init(&x);
1347 if (ret != MP_OKAY)
1348 return ret;
1349
1350 ret = GeneratePrivateDh(key, rng, priv, privSz);
1351 if (ret == 0)
1352 ret = mp_read_unsigned_bin(&x, priv, *privSz);
1353 if (ret == MP_OKAY)
1354 ret = wc_mp_to_bigint(&x, &x.raw);
1355 if (ret == MP_OKAY)
1356 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
1357 if (ret == MP_OKAY)
1358 ret = wc_mp_to_bigint(&key->g, &key->g.raw);
1359 if (ret == MP_OKAY)
1360 ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
1361 &x.raw, pub, pubSz);
1362 mp_clear(&x);
1363
1364 return ret;
1365 }
1366
1367#elif defined(HAVE_CAVIUM)
1368 /* TODO: Not implemented - use software for now */
1369
1370#else /* WOLFSSL_ASYNC_CRYPT_TEST */
1371 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_GEN)) {
1372 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
1373 testDev->dhGen.key = key;
1374 testDev->dhGen.rng = rng;
1375 testDev->dhGen.priv = priv;
1376 testDev->dhGen.privSz = privSz;
1377 testDev->dhGen.pub = pub;
1378 testDev->dhGen.pubSz = pubSz;
1379 return WC_PENDING_E;
1380 }
1381#endif
1382
1383 /* otherwise use software DH */
1384 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1385
1386 return ret;
1387}
1388#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
1389
1390
1391/* Check DH Public Key for invalid numbers, optionally allowing
1392 * the public key to be checked against the large prime (q).
1393 * Check per process in SP 800-56Ar3, section 5.6.2.3.1.
1394 *
1395 * key DH key group parameters.
1396 * pub Public Key.
1397 * pubSz Public Key size.
1398 * prime Large prime (q), optionally NULL to skip check
1399 * primeSz Size of large prime
1400 *
1401 * returns 0 on success or error code
1402 */
1403int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
1404 const byte* prime, word32 primeSz)
1405{
1406 int ret = 0;
1407#ifdef WOLFSSL_SMALL_STACK
1408 mp_int* y = NULL;
1409 mp_int* p = NULL;
1410 mp_int* q = NULL;
1411#else
1412 mp_int y[1];
1413 mp_int p[1];
1414 mp_int q[1];
1415#endif
1416
1417 if (key == NULL || pub == NULL) {
1418 return BAD_FUNC_ARG;
1419 }
1420
1421#ifdef WOLFSSL_SMALL_STACK
1422 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1423 if (y == NULL)
1424 return MEMORY_E;
1425 p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1426 if (p == NULL) {
1427 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1428 return MEMORY_E;
1429 }
1430 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1431 if (q == NULL) {
1432 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1433 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1434 return MEMORY_E;
1435 }
1436#endif
1437
1438 if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) {
1439 #ifdef WOLFSSL_SMALL_STACK
1440 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1441 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1442 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1443 #endif
1444 return MP_INIT_E;
1445 }
1446
1447 if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
1448 ret = MP_READ_E;
1449 }
1450
1451 if (ret == 0 && prime != NULL) {
1452 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1453 ret = MP_READ_E;
1454
1455 } else if (mp_iszero(&key->q) == MP_NO) {
1456 /* use q available in DhKey */
1457 if (mp_copy(&key->q, q) != MP_OKAY)
1458 ret = MP_INIT_E;
1459 }
1460
1461 /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
1462 /* pub (y) should not be 0 or 1 */
1463 if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) {
1464 ret = MP_CMP_E;
1465 }
1466
1467 /* pub (y) shouldn't be greater than or equal to p - 1 */
1468 if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) {
1469 ret = MP_INIT_E;
1470 }
1471 if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) {
1472 ret = MP_SUB_E;
1473 }
1474 if (ret == 0 && mp_cmp(y, p) == MP_GT) {
1475 ret = MP_CMP_E;
1476 }
1477
1478 if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) {
1479
1480 /* restore key->p into p */
1481 if (mp_copy(&key->p, p) != MP_OKAY)
1482 ret = MP_INIT_E;
1483 }
1484
1485 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
1486 if (ret == 0 && prime != NULL) {
1487#ifdef WOLFSSL_HAVE_SP_DH
1488#ifndef WOLFSSL_SP_NO_2048
1489 if (mp_count_bits(&key->p) == 2048) {
1490 ret = sp_ModExp_2048(y, q, p, y);
1491 if (ret != 0)
1492 ret = MP_EXPTMOD_E;
1493 }
1494 else
1495#endif
1496#ifndef WOLFSSL_SP_NO_3072
1497 if (mp_count_bits(&key->p) == 3072) {
1498 ret = sp_ModExp_3072(y, q, p, y);
1499 if (ret != 0)
1500 ret = MP_EXPTMOD_E;
1501 }
1502 else
1503#endif
1504#ifdef WOLFSSL_SP_4096
1505 if (mp_count_bits(&key->p) == 4096) {
1506 ret = sp_ModExp_4096(y, q, p, y);
1507 if (ret != 0)
1508 ret = MP_EXPTMOD_E;
1509 }
1510 else
1511#endif
1512#endif
1513
1514 {
1515#if !defined(WOLFSSL_SP_MATH)
1516 /* calculate (y^q) mod(p), store back into y */
1517 if (mp_exptmod(y, q, p, y) != MP_OKAY)
1518 ret = MP_EXPTMOD_E;
1519#else
1520 ret = WC_KEY_SIZE_E;
1521#endif
1522 }
1523
1524 /* verify above == 1 */
1525 if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ)
1526 ret = MP_CMP_E;
1527 }
1528
1529 mp_clear(y);
1530 mp_clear(p);
1531 mp_clear(q);
1532#ifdef WOLFSSL_SMALL_STACK
1533 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1534 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1535 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1536#endif
1537
1538 return ret;
1539}
1540
1541
1542/* Check DH Public Key for invalid numbers
1543 *
1544 * key DH key group parameters.
1545 * pub Public Key.
1546 * pubSz Public Key size.
1547 *
1548 * returns 0 on success or error code
1549 */
1550int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
1551{
1552 return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0);
1553}
1554
1555
1556/**
1557 * Quick validity check of public key value against prime.
1558 * Checks are:
1559 * - Public key not 0 or 1
1560 * - Public key not equal to prime or prime - 1
1561 * - Public key not bigger than prime.
1562 *
1563 * prime Big-endian encoding of prime in bytes.
1564 * primeSz Size of prime in bytes.
1565 * pub Big-endian encoding of public key in bytes.
1566 * pubSz Size of public key in bytes.
1567 */
1568int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
1569 word32 pubSz)
1570{
1571 int ret = 0;
1572 word32 i;
1573
1574 for (i = 0; i < pubSz && pub[i] == 0; i++) {
1575 }
1576 pubSz -= i;
1577 pub += i;
1578
1579 if (pubSz == 0 || (pubSz == 1 && pub[0] == 1))
1580 ret = MP_VAL;
1581 else if (pubSz == primeSz) {
1582 for (i = 0; i < pubSz-1 && pub[i] == prime[i]; i++) {
1583 }
1584 if (i == pubSz-1 && (pub[i] == prime[i] || pub[i] == prime[i] - 1))
1585 ret = MP_VAL;
1586 else if (pub[i] > prime[i])
1587 ret = MP_VAL;
1588 }
1589 else if (pubSz > primeSz)
1590 ret = MP_VAL;
1591
1592 return ret;
1593}
1594
1595
1596/* Check DH Private Key for invalid numbers, optionally allowing
1597 * the private key to be checked against the large prime (q).
1598 * Check per process in SP 800-56Ar3, section 5.6.2.1.2.
1599 *
1600 * key DH key group parameters.
1601 * priv Private Key.
1602 * privSz Private Key size.
1603 * prime Large prime (q), optionally NULL to skip check
1604 * primeSz Size of large prime
1605 *
1606 * returns 0 on success or error code
1607 */
1608int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
1609 const byte* prime, word32 primeSz)
1610{
1611 int ret = 0;
1612#ifdef WOLFSSL_SMALL_STACK
1613 mp_int* x = NULL;
1614 mp_int* q = NULL;
1615#else
1616 mp_int x[1];
1617 mp_int q[1];
1618#endif
1619
1620 if (key == NULL || priv == NULL) {
1621 return BAD_FUNC_ARG;
1622 }
1623
1624#ifdef WOLFSSL_SMALL_STACK
1625 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1626 if (x == NULL)
1627 return MEMORY_E;
1628 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1629 if (q == NULL) {
1630 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1631 return MEMORY_E;
1632 }
1633#endif
1634
1635 if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) {
1636 #ifdef WOLFSSL_SMALL_STACK
1637 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1638 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1639 #endif
1640 return MP_INIT_E;
1641 }
1642
1643 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) {
1644 ret = MP_READ_E;
1645 }
1646
1647 if (ret == 0) {
1648 if (prime != NULL) {
1649 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1650 ret = MP_READ_E;
1651 }
1652 else if (mp_iszero(&key->q) == MP_NO) {
1653 /* use q available in DhKey */
1654 if (mp_copy(&key->q, q) != MP_OKAY)
1655 ret = MP_INIT_E;
1656 }
1657 }
1658
1659 /* priv (x) should not be 0 */
1660 if (ret == 0) {
1661 if (mp_cmp_d(x, 0) == MP_EQ)
1662 ret = MP_CMP_E;
1663 }
1664
1665 if (ret == 0) {
1666 if (mp_iszero(q) == MP_NO) {
1667 /* priv (x) shouldn't be greater than q - 1 */
1668 if (ret == 0) {
1669 if (mp_copy(&key->q, q) != MP_OKAY)
1670 ret = MP_INIT_E;
1671 }
1672 if (ret == 0) {
1673 if (mp_sub_d(q, 1, q) != MP_OKAY)
1674 ret = MP_SUB_E;
1675 }
1676 if (ret == 0) {
1677 if (mp_cmp(x, q) == MP_GT)
1678 ret = DH_CHECK_PRIV_E;
1679 }
1680 }
1681 }
1682
1683 mp_clear(x);
1684 mp_clear(q);
1685#ifdef WOLFSSL_SMALL_STACK
1686 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1687 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1688#endif
1689
1690 return ret;
1691}
1692
1693
1694/* Check DH Private Key for invalid numbers
1695 *
1696 * key DH key group parameters.
1697 * priv Private Key.
1698 * privSz Private Key size.
1699 *
1700 * returns 0 on success or error code
1701 */
1702int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
1703{
1704 return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
1705}
1706
1707
1708/* Check DH Keys for pair-wise consistency per process in
1709 * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
1710 *
1711 * key DH key group parameters.
1712 * pub Public Key.
1713 * pubSz Public Key size.
1714 * priv Private Key.
1715 * privSz Private Key size.
1716 *
1717 * returns 0 on success or error code
1718 */
1719int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
1720 const byte* priv, word32 privSz)
1721{
1722#ifdef WOLFSSL_SMALL_STACK
1723 mp_int* publicKey = NULL;
1724 mp_int* privateKey = NULL;
1725 mp_int* checkKey = NULL;
1726#else
1727 mp_int publicKey[1];
1728 mp_int privateKey[1];
1729 mp_int checkKey[1];
1730#endif
1731 int ret = 0;
1732
1733 if (key == NULL || pub == NULL || priv == NULL)
1734 return BAD_FUNC_ARG;
1735
1736#ifdef WOLFSSL_SMALL_STACK
1737 publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1738 if (publicKey == NULL)
1739 return MEMORY_E;
1740 privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1741 if (privateKey == NULL) {
1742 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1743 return MEMORY_E;
1744 }
1745 checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1746 if (checkKey == NULL) {
1747 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1748 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1749 return MEMORY_E;
1750 }
1751#endif
1752
1753 if (mp_init_multi(publicKey, privateKey, checkKey,
1754 NULL, NULL, NULL) != MP_OKAY) {
1755
1756 #ifdef WOLFSSL_SMALL_STACK
1757 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1758 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1759 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1760 #endif
1761 return MP_INIT_E;
1762 }
1763
1764 /* Load the private and public keys into big integers. */
1765 if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
1766 mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
1767
1768 ret = MP_READ_E;
1769 }
1770
1771 /* Calculate checkKey = g^privateKey mod p */
1772 if (ret == 0) {
1773#ifdef WOLFSSL_HAVE_SP_DH
1774#ifndef WOLFSSL_SP_NO_2048
1775 if (mp_count_bits(&key->p) == 2048) {
1776 ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey);
1777 if (ret != 0)
1778 ret = MP_EXPTMOD_E;
1779 }
1780 else
1781#endif
1782#ifndef WOLFSSL_SP_NO_3072
1783 if (mp_count_bits(&key->p) == 3072) {
1784 ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey);
1785 if (ret != 0)
1786 ret = MP_EXPTMOD_E;
1787 }
1788 else
1789#endif
1790#ifdef WOLFSSL_SP_4096
1791 if (mp_count_bits(&key->p) == 4096) {
1792 ret = sp_ModExp_4096(&key->g, privateKey, &key->p, checkKey);
1793 if (ret != 0)
1794 ret = MP_EXPTMOD_E;
1795 }
1796 else
1797#endif
1798#endif
1799 {
1800#if !defined(WOLFSSL_SP_MATH)
1801 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY)
1802 ret = MP_EXPTMOD_E;
1803#else
1804 ret = WC_KEY_SIZE_E;
1805#endif
1806 }
1807 }
1808
1809 /* Compare the calculated public key to the supplied check value. */
1810 if (ret == 0) {
1811 if (mp_cmp(checkKey, publicKey) != MP_EQ)
1812 ret = MP_CMP_E;
1813 }
1814
1815 mp_forcezero(privateKey);
1816 mp_clear(publicKey);
1817 mp_clear(checkKey);
1818#ifdef WOLFSSL_SMALL_STACK
1819 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1820 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1821 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1822#endif
1823
1824 return ret;
1825}
1826
1827
1828int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
1829 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1830{
1831 int ret;
1832
1833 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1834 pub == NULL || pubSz == NULL) {
1835 return BAD_FUNC_ARG;
1836 }
1837
1838#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1839 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
1840 ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
1841 }
1842 else
1843#endif
1844 {
1845 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1846 }
1847
1848 return ret;
1849}
1850
1851static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
1852 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
1853{
1854 int ret = 0;
1855#ifdef WOLFSSL_SMALL_STACK
1856 mp_int* y = NULL;
1857#if !defined(WOLFSSL_SP_MATH)
1858 mp_int* x = NULL;
1859 mp_int* z = NULL;
1860#endif
1861#else
1862 mp_int y[1];
1863#if !defined(WOLFSSL_SP_MATH)
1864 mp_int x[1];
1865 mp_int z[1];
1866#endif
1867#endif
1868
1869#ifdef WOLFSSL_VALIDATE_FFC_IMPORT
1870 if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
1871 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
1872 return DH_CHECK_PRIV_E;
1873 }
1874
1875 if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
1876 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
1877 return DH_CHECK_PUB_E;
1878 }
1879#endif
1880
1881#ifdef WOLFSSL_SMALL_STACK
1882 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1883 if (y == NULL)
1884 return MEMORY_E;
1885#if !defined(WOLFSSL_SP_MATH)
1886 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1887 if (x == NULL) {
1888 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1889 return MEMORY_E;
1890 }
1891 z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1892 if (z == NULL) {
1893 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1894 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1895 return MEMORY_E;
1896 }
1897#endif
1898#endif
1899
1900#ifdef WOLFSSL_HAVE_SP_DH
1901#ifndef WOLFSSL_SP_NO_2048
1902 if (mp_count_bits(&key->p) == 2048) {
1903 if (mp_init(y) != MP_OKAY)
1904 return MP_INIT_E;
1905
1906 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1907 ret = MP_READ_E;
1908
1909 if (ret == 0)
1910 ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
1911
1912 mp_clear(y);
1913 #ifdef WOLFSSL_SMALL_STACK
1914 #if !defined(WOLFSSL_SP_MATH)
1915 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1916 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1917 #endif
1918 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1919 #endif
1920 return ret;
1921 }
1922#endif
1923#ifndef WOLFSSL_SP_NO_3072
1924 if (mp_count_bits(&key->p) == 3072) {
1925 if (mp_init(y) != MP_OKAY)
1926 return MP_INIT_E;
1927
1928 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1929 ret = MP_READ_E;
1930
1931 if (ret == 0)
1932 ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
1933
1934 mp_clear(y);
1935 #ifdef WOLFSSL_SMALL_STACK
1936 #if !defined(WOLFSSL_SP_MATH)
1937 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1938 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1939 #endif
1940 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1941 #endif
1942 return ret;
1943 }
1944#endif
1945#ifdef WOLFSSL_SP_4096
1946 if (mp_count_bits(&key->p) == 4096) {
1947 if (mp_init(y) != MP_OKAY)
1948 return MP_INIT_E;
1949
1950 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1951 ret = MP_READ_E;
1952
1953 if (ret == 0)
1954 ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
1955
1956 mp_clear(y);
1957 #ifdef WOLFSSL_SMALL_STACK
1958 #if !defined(WOLFSSL_SP_MATH)
1959 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1960 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1961 #endif
1962 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1963 #endif
1964 return ret;
1965 }
1966#endif
1967#endif
1968
1969#if !defined(WOLFSSL_SP_MATH)
1970 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
1971 #ifdef WOLFSSL_SMALL_STACK
1972 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1973 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1974 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1975 #endif
1976 return MP_INIT_E;
1977 }
1978
1979 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1980 ret = MP_READ_E;
1981
1982 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1983 ret = MP_READ_E;
1984
1985 if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
1986 ret = MP_EXPTMOD_E;
1987
1988 /* make sure z is not one (SP800-56A, 5.7.1.1) */
1989 if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
1990 ret = MP_VAL;
1991
1992 if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
1993 ret = MP_TO_E;
1994
1995 if (ret == 0)
1996 *agreeSz = mp_unsigned_bin_size(z);
1997
1998 mp_clear(z);
1999 mp_clear(y);
2000 mp_forcezero(x);
2001#else
2002 ret = WC_KEY_SIZE_E;
2003#endif
2004
2005#ifdef WOLFSSL_SMALL_STACK
2006#if !defined(WOLFSSL_SP_MATH)
2007 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
2008 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
2009#endif
2010 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
2011#endif
2012
2013 return ret;
2014}
2015
2016#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
2017static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
2018 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
2019{
2020 int ret;
2021
2022#if defined(HAVE_INTEL_QA)
2023 word32 pBits;
2024
2025 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
2026 pBits = mp_unsigned_bin_size(&key->p) * 8;
2027 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
2028 pBits == 2048 || pBits == 3072 || pBits == 4096) {
2029 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
2030 if (ret == MP_OKAY)
2031 ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
2032 agree, agreeSz, priv, privSz, otherPub, pubSz);
2033 return ret;
2034 }
2035
2036#elif defined(HAVE_CAVIUM)
2037 /* TODO: Not implemented - use software for now */
2038
2039#else /* WOLFSSL_ASYNC_CRYPT_TEST */
2040 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) {
2041 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
2042 testDev->dhAgree.key = key;
2043 testDev->dhAgree.agree = agree;
2044 testDev->dhAgree.agreeSz = agreeSz;
2045 testDev->dhAgree.priv = priv;
2046 testDev->dhAgree.privSz = privSz;
2047 testDev->dhAgree.otherPub = otherPub;
2048 testDev->dhAgree.pubSz = pubSz;
2049 return WC_PENDING_E;
2050 }
2051#endif
2052
2053 /* otherwise use software DH */
2054 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2055
2056 return ret;
2057}
2058#endif /* WOLFSSL_ASYNC_CRYPT */
2059
2060int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
2061 word32 privSz, const byte* otherPub, word32 pubSz)
2062{
2063 int ret = 0;
2064
2065 if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
2066 otherPub == NULL) {
2067 return BAD_FUNC_ARG;
2068 }
2069
2070#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
2071 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
2072 ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2073 }
2074 else
2075#endif
2076 {
2077 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2078 }
2079
2080 return ret;
2081}
2082
2083#ifdef WOLFSSL_DH_EXTRA
2084WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
2085{
2086 int ret;
2087
2088 if (!src || !dst || src == dst) {
2089 WOLFSSL_MSG("Parameters not provided or are the same");
2090 return BAD_FUNC_ARG;
2091 }
2092
2093 if ((ret = mp_copy(&src->p, &dst->p)) != MP_OKAY) {
2094 WOLFSSL_MSG("mp_copy error");
2095 return ret;
2096 }
2097
2098 if ((ret = mp_copy(&src->g, &dst->g)) != MP_OKAY) {
2099 WOLFSSL_MSG("mp_copy error");
2100 return ret;
2101 }
2102
2103 if ((ret = mp_copy(&src->q, &dst->q)) != MP_OKAY) {
2104 WOLFSSL_MSG("mp_copy error");
2105 return ret;
2106 }
2107
2108 if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) {
2109 WOLFSSL_MSG("mp_copy error");
2110 return ret;
2111 }
2112
2113 if ((ret = mp_copy(&src->priv, &dst->priv)) != MP_OKAY) {
2114 WOLFSSL_MSG("mp_copy error");
2115 return ret;
2116 }
2117
2118 dst->heap = src->heap;
2119
2120 return MP_OKAY;
2121}
2122
2123/* Sets private and public key in DhKey if both are available, otherwise sets
2124 either private or public key, depending on which is available. */
2125int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
2126 const byte* pub, word32 pubSz)
2127{
2128 byte havePriv, havePub;
2129 mp_int *keyPriv = NULL, *keyPub = NULL;
2130
2131 if (key == NULL) {
2132 return BAD_FUNC_ARG;
2133 }
2134
2135 havePriv = ( (priv != NULL) && (privSz > 0) );
2136 havePub = ( (pub != NULL) && (pubSz > 0) );
2137
2138 if (!havePub && !havePriv) {
2139 WOLFSSL_MSG("No Public or Private Key to Set");
2140 return BAD_FUNC_ARG;
2141 }
2142
2143 /* Set Private Key */
2144 if (havePriv) {
2145 /* may have leading 0 */
2146 if (priv[0] == 0) {
2147 privSz--; priv++;
2148 }
2149 if (mp_init(&key->priv) != MP_OKAY)
2150 havePriv = 0;
2151 }
2152 if (havePriv) {
2153 if (mp_read_unsigned_bin(&key->priv, priv, privSz) != MP_OKAY) {
2154 mp_clear(&key->priv);
2155 havePriv = 0;
2156 } else {
2157 keyPriv = &key->priv;
2158 WOLFSSL_MSG("DH Private Key Set");
2159 }
2160 }
2161
2162 /* Set Public Key */
2163 if (havePub) {
2164 /* may have leading 0 */
2165 if (pub[0] == 0) {
2166 pubSz--; pub++;
2167 }
2168 if (mp_init(&key->pub) != MP_OKAY)
2169 havePub = 0;
2170 }
2171 if (havePub) {
2172 if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) {
2173 mp_clear(&key->pub);
2174 havePub = 0;
2175 } else {
2176 keyPub = &key->pub;
2177 WOLFSSL_MSG("DH Public Key Set");
2178 }
2179 }
2180 /* Free Memory if error occurred */
2181 if (havePriv == 0 && keyPriv != NULL)
2182 mp_clear(keyPriv);
2183 if (havePub == 0 && keyPub != NULL)
2184 mp_clear(keyPub);
2185
2186 if (havePriv == 0 && havePub == 0) {
2187 return MEMORY_E;
2188 }
2189
2190 return 0;
2191}
2192
2193/* Can be used with WOLFSSL_DH_EXTRA when key is loaded with
2194 wc_DhKeyDecode or wc_DhImportKeyPair */
2195int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
2196 byte* pub, word32* pPubSz)
2197{
2198 int ret = 0;
2199 word32 pubSz, privSz;
2200
2201 if (key == NULL || (priv && pPrivSz == NULL) || (pub && pPubSz == NULL)) {
2202 return BAD_FUNC_ARG;
2203 }
2204
2205 if (priv) {
2206 privSz = mp_unsigned_bin_size(&key->priv);
2207 if (privSz > *pPrivSz) {
2208 return BUFFER_E;
2209 }
2210 *pPrivSz = privSz;
2211 ret |= mp_to_unsigned_bin(&key->priv, priv);
2212 }
2213
2214 if (pub) {
2215 pubSz = mp_unsigned_bin_size(&key->pub);
2216 if (pubSz > *pPubSz) {
2217 return BUFFER_E;
2218 }
2219 *pPubSz = pubSz;
2220 ret |= mp_to_unsigned_bin(&key->pub, pub);
2221 }
2222
2223 if (ret != 0)
2224 ret = ASN_DH_KEY_E;
2225 return ret;
2226}
2227
2228#endif /* WOLFSSL_DH_EXTRA */
2229
2230static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2231 word32 gSz, const byte* q, word32 qSz, int trusted,
2232 WC_RNG* rng)
2233{
2234 int ret = 0;
2235 mp_int* keyP = NULL;
2236 mp_int* keyG = NULL;
2237
2238 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
2239 ret = BAD_FUNC_ARG;
2240 }
2241
2242 if (ret == 0) {
2243 /* may have leading 0 */
2244 if (p[0] == 0) {
2245 pSz--; p++;
2246 }
2247
2248 if (g[0] == 0) {
2249 gSz--; g++;
2250 }
2251
2252 if (q != NULL) {
2253 if (q[0] == 0) {
2254 qSz--; q++;
2255 }
2256 }
2257
2258 if (mp_init(&key->p) != MP_OKAY)
2259 ret = MP_INIT_E;
2260 }
2261
2262 if (ret == 0) {
2263 if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY)
2264 ret = ASN_DH_KEY_E;
2265 else
2266 keyP = &key->p;
2267 }
2268
2269 if (ret == 0 && !trusted) {
2270 int isPrime = 0;
2271 if (rng != NULL)
2272 ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
2273 else
2274 ret = mp_prime_is_prime(keyP, 8, &isPrime);
2275
2276 if (ret == 0 && isPrime == 0)
2277 ret = DH_CHECK_PUB_E;
2278 }
2279
2280 if (ret == 0 && mp_init(&key->g) != MP_OKAY)
2281 ret = MP_INIT_E;
2282 if (ret == 0) {
2283 if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY)
2284 ret = ASN_DH_KEY_E;
2285 else
2286 keyG = &key->g;
2287 }
2288
2289 if (ret == 0 && q != NULL) {
2290 if (mp_init(&key->q) != MP_OKAY)
2291 ret = MP_INIT_E;
2292 }
2293 if (ret == 0 && q != NULL) {
2294 if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
2295 ret = MP_INIT_E;
2296 }
2297
2298 if (ret != 0 && key != NULL) {
2299 if (keyG)
2300 mp_clear(keyG);
2301 if (keyP)
2302 mp_clear(keyP);
2303 }
2304
2305 return ret;
2306}
2307
2308
2309int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2310 word32 gSz, const byte* q, word32 qSz, int trusted,
2311 WC_RNG* rng)
2312{
2313 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng);
2314}
2315
2316
2317int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g,
2318 word32 gSz, const byte* q, word32 qSz)
2319{
2320 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
2321}
2322
2323
2324/* not in asn anymore since no actual asn types used */
2325int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2326 word32 gSz)
2327{
2328 return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
2329}
2330
2331
2332#ifdef WOLFSSL_KEY_GEN
2333
2334/* modulus_size in bits */
2335int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
2336{
2337 mp_int tmp, tmp2;
2338 int groupSz = 0, bufSz = 0,
2339 primeCheckCount = 0,
2340 primeCheck = MP_NO,
2341 ret = 0;
2342 unsigned char *buf = NULL;
2343
2344 if (rng == NULL || dh == NULL)
2345 ret = BAD_FUNC_ARG;
2346
2347 /* set group size in bytes from modulus size
2348 * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
2349 */
2350 if (ret == 0) {
2351 switch (modSz) {
2352 case 1024:
2353 groupSz = 20;
2354 break;
2355 case 2048:
2356 case 3072:
2357 groupSz = 32;
2358 break;
2359 default:
2360 ret = BAD_FUNC_ARG;
2361 break;
2362 }
2363 }
2364
2365 if (ret == 0) {
2366 /* modulus size in bytes */
2367 modSz /= WOLFSSL_BIT_SIZE;
2368 bufSz = modSz - groupSz;
2369
2370 /* allocate ram */
2371 buf = (unsigned char *)XMALLOC(bufSz,
2372 dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2373 if (buf == NULL)
2374 ret = MEMORY_E;
2375 }
2376
2377 /* make a random string that will be multiplied against q */
2378 if (ret == 0)
2379 ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
2380
2381 if (ret == 0) {
2382 /* force magnitude */
2383 buf[0] |= 0xC0;
2384 /* force even */
2385 buf[bufSz - 1] &= ~1;
2386
2387 if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
2388 != MP_OKAY) {
2389 ret = MP_INIT_E;
2390 }
2391 }
2392
2393 if (ret == 0) {
2394 if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
2395 ret = MP_READ_E;
2396 }
2397
2398 /* make our prime q */
2399 if (ret == 0) {
2400 if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY)
2401 ret = PRIME_GEN_E;
2402 }
2403
2404 /* p = random * q */
2405 if (ret == 0) {
2406 if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
2407 ret = MP_MUL_E;
2408 }
2409
2410 /* p = random * q + 1, so q is a prime divisor of p-1 */
2411 if (ret == 0) {
2412 if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY)
2413 ret = MP_ADD_E;
2414 }
2415
2416 /* tmp = 2q */
2417 if (ret == 0) {
2418 if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
2419 ret = MP_ADD_E;
2420 }
2421
2422 /* loop until p is prime */
2423 if (ret == 0) {
2424 do {
2425 if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
2426 ret = PRIME_GEN_E;
2427
2428 if (primeCheck != MP_YES) {
2429 /* p += 2q */
2430 if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
2431 ret = MP_ADD_E;
2432 else
2433 primeCheckCount++;
2434 }
2435 } while (ret == 0 && primeCheck == MP_NO);
2436 }
2437
2438 /* tmp2 += (2*loop_check_prime)
2439 * to have p = (q * tmp2) + 1 prime
2440 */
2441 if ((ret == 0) && (primeCheckCount)) {
2442 if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
2443 ret = MP_ADD_E;
2444 }
2445
2446 /* find a value g for which g^tmp2 != 1 */
2447 if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
2448 ret = MP_ZERO_E;
2449
2450 if (ret == 0) {
2451 do {
2452 if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
2453 ret = MP_ADD_E;
2454 else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
2455 ret = MP_EXPTMOD_E;
2456 } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
2457 }
2458
2459 if (ret == 0) {
2460 /* at this point tmp generates a group of order q mod p */
2461#ifndef USE_FAST_MATH
2462 /* Exchanging is quick when the data pointer can be copied. */
2463 mp_exch(&tmp, &dh->g);
2464#else
2465 mp_copy(&tmp, &dh->g);
2466#endif
2467 }
2468
2469 /* clear the parameters if there was an error */
2470 if ((ret != 0) && (dh != NULL)) {
2471 mp_clear(&dh->q);
2472 mp_clear(&dh->p);
2473 mp_clear(&dh->g);
2474 }
2475
2476 if (buf != NULL) {
2477 ForceZero(buf, bufSz);
2478 if (dh != NULL) {
2479 XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2480 }
2481 }
2482 mp_clear(&tmp);
2483 mp_clear(&tmp2);
2484
2485 return ret;
2486}
2487
2488
2489/* Export raw DH parameters from DhKey structure
2490 *
2491 * dh - pointer to initialized DhKey structure
2492 * p - output location for DH (p) parameter
2493 * pSz - [IN/OUT] size of output buffer for p, size of p
2494 * q - output location for DH (q) parameter
2495 * qSz - [IN/OUT] size of output buffer for q, size of q
2496 * g - output location for DH (g) parameter
2497 * gSz - [IN/OUT] size of output buffer for g, size of g
2498 *
2499 * If p, q, and g pointers are all passed in as NULL, the function
2500 * will set pSz, qSz, and gSz to the required output buffer sizes for p,
2501 * q, and g. In this case, the function will return LENGTH_ONLY_E.
2502 *
2503 * returns 0 on success, negative upon failure
2504 */
2505int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
2506 byte* q, word32* qSz, byte* g, word32* gSz)
2507{
2508 int ret = 0;
2509 word32 pLen = 0, qLen = 0, gLen = 0;
2510
2511 if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
2512 ret = BAD_FUNC_ARG;
2513
2514 /* get required output buffer sizes */
2515 if (ret == 0) {
2516 pLen = mp_unsigned_bin_size(&dh->p);
2517 qLen = mp_unsigned_bin_size(&dh->q);
2518 gLen = mp_unsigned_bin_size(&dh->g);
2519
2520 /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */
2521 if (p == NULL && q == NULL && g == NULL) {
2522 *pSz = pLen;
2523 *qSz = qLen;
2524 *gSz = gLen;
2525 ret = LENGTH_ONLY_E;
2526 }
2527 }
2528
2529 if (ret == 0) {
2530 if (p == NULL || q == NULL || g == NULL)
2531 ret = BAD_FUNC_ARG;
2532 }
2533
2534 /* export p */
2535 if (ret == 0) {
2536 if (*pSz < pLen) {
2537 WOLFSSL_MSG("Output buffer for DH p parameter too small, "
2538 "required size placed into pSz");
2539 *pSz = pLen;
2540 ret = BUFFER_E;
2541 }
2542 }
2543
2544 if (ret == 0) {
2545 *pSz = pLen;
2546 if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY)
2547 ret = MP_TO_E;
2548 }
2549
2550 /* export q */
2551 if (ret == 0) {
2552 if (*qSz < qLen) {
2553 WOLFSSL_MSG("Output buffer for DH q parameter too small, "
2554 "required size placed into qSz");
2555 *qSz = qLen;
2556 ret = BUFFER_E;
2557 }
2558 }
2559
2560 if (ret == 0) {
2561 *qSz = qLen;
2562 if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY)
2563 ret = MP_TO_E;
2564 }
2565
2566 /* export g */
2567 if (ret == 0) {
2568 if (*gSz < gLen) {
2569 WOLFSSL_MSG("Output buffer for DH g parameter too small, "
2570 "required size placed into gSz");
2571 *gSz = gLen;
2572 ret = BUFFER_E;
2573 }
2574 }
2575
2576 if (ret == 0) {
2577 *gSz = gLen;
2578 if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY)
2579 ret = MP_TO_E;
2580 }
2581
2582 return ret;
2583}
2584
2585#endif /* WOLFSSL_KEY_GEN */
2586
2587#endif /* NO_DH */
Note: See TracBrowser for help on using the repository browser.