Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c@ 352

Last change on this file since 352 was 352, checked in by coas-nagasima, 6 years ago
arm向けASP3版ECNLを追加
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc;charset=UTF-8`
File size: 33.7 KB

Line
1	/* dh.c
2	*
3	* Copyright (C) 2006-2017 wolfSSL Inc.
4	*
5	* This file is part of wolfSSL.
6	*
7	* wolfSSL is free software; you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License as published by
9	* the Free Software Foundation; either version 2 of the License, or
10	* (at your option) any later version.
11	*
12	* wolfSSL is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	* GNU General Public License for more details.
16	*
17	* You should have received a copy of the GNU General Public License
18	* along with this program; if not, write to the Free Software
19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20	*/
21
22
23	#ifdef HAVE_CONFIG_H
24	#include <config.h>
25	#endif
26
27	#include <wolfssl/wolfcrypt/settings.h>
28
29	#ifndef NO_DH
30
31	#include <wolfssl/wolfcrypt/dh.h>
32	#include <wolfssl/wolfcrypt/error-crypt.h>
33	#include <wolfssl/wolfcrypt/logging.h>
34
35	#ifdef WOLFSSL_HAVE_SP_DH
36	#include <wolfssl/wolfcrypt/sp.h>
37	#endif
38
39	#ifdef NO_INLINE
40	#include <wolfssl/wolfcrypt/misc.h>
41	#else
42	#define WOLFSSL_MISC_INCLUDED
43	#include <wolfcrypt/src/misc.c>
44	#endif
45
46
47	#if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
48	#include <math.h>
49	#define XPOW(x,y) pow((x),(y))
50	#define XLOG(x) log((x))
51	#else
52	/* user's own math lib */
53	#endif
54
55	#ifdef HAVE_FFDHE_2048
56	static const byte dh_ffdhe2048_p[] = {
57	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
58	0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
59	0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
60	0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
61	0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
62	0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
63	0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
64	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
65	0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
66	0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
67	0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
68	0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
69	0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
70	0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
71	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
72	0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
73	0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
74	0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
75	0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
76	0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
77	0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
78	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
79	0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
80	0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
81	0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
82	0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
83	0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
84	0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
85	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
86	0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
87	0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
88	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
89	};
90	static const byte dh_ffdhe2048_g[] = { 0x02 };
91
92	const DhParams* wc_Dh_ffdhe2048_Get(void)
93	{
94	static const DhParams ffdhe2048 = {
95	dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
96	dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
97	};
98	return &ffdhe2048;
99	}
100	#endif
101
102	#ifdef HAVE_FFDHE_3072
103	static const byte dh_ffdhe3072_p[] = {
104	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
105	0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
106	0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
107	0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
108	0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
109	0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
110	0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
111	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
112	0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
113	0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
114	0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
115	0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
116	0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
117	0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
118	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
119	0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
120	0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
121	0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
122	0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
123	0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
124	0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
125	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
126	0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
127	0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
128	0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
129	0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
130	0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
131	0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
132	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
133	0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
134	0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
135	0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
136	0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
137	0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
138	0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
139	0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
140	0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
141	0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
142	0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
143	0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
144	0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
145	0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
146	0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
147	0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
148	0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
149	0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
150	0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
151	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
152	};
153	static const byte dh_ffdhe3072_g[] = { 0x02 };
154
155	const DhParams* wc_Dh_ffdhe3072_Get(void)
156	{
157	static const DhParams ffdhe3072 = {
158	dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
159	dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
160	};
161	return &ffdhe3072;
162	}
163	#endif
164
165	#ifdef HAVE_FFDHE_4096
166	static const byte dh_ffdhe4096_p[] = {
167	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
168	0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
169	0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
170	0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
171	0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
172	0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
173	0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
174	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
175	0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
176	0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
177	0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
178	0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
179	0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
180	0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
181	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
182	0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
183	0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
184	0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
185	0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
186	0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
187	0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
188	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
189	0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
190	0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
191	0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
192	0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
193	0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
194	0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
195	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
196	0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
197	0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
198	0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
199	0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
200	0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
201	0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
202	0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
203	0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
204	0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
205	0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
206	0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
207	0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
208	0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
209	0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
210	0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
211	0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
212	0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
213	0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
214	0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
215	0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
216	0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
217	0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
218	0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
219	0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
220	0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
221	0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
222	0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
223	0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
224	0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
225	0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
226	0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
227	0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
228	0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
229	0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
230	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
231	};
232	static const byte dh_ffdhe4096_g[] = { 0x02 };
233
234	const DhParams* wc_Dh_ffdhe4096_Get(void)
235	{
236	static const DhParams ffdhe4096 = {
237	dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
238	dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
239	};
240	return &ffdhe4096;
241	}
242	#endif
243
244	#ifdef HAVE_FFDHE_6144
245	static const byte dh_ffdhe6144_p[] = {
246	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
247	0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
248	0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
249	0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
250	0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
251	0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
252	0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
253	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
254	0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
255	0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
256	0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
257	0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
258	0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
259	0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
260	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
261	0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
262	0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
263	0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
264	0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
265	0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
266	0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
267	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
268	0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
269	0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
270	0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
271	0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
272	0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
273	0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
274	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
275	0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
276	0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
277	0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
278	0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
279	0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
280	0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
281	0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
282	0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
283	0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
284	0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
285	0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
286	0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
287	0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
288	0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
289	0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
290	0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
291	0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
292	0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
293	0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
294	0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
295	0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
296	0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
297	0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
298	0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
299	0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
300	0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
301	0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
302	0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
303	0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
304	0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
305	0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
306	0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
307	0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
308	0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
309	0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
310	0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
311	0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
312	0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
313	0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
314	0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
315	0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
316	0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
317	0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
318	0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
319	0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
320	0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
321	0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
322	0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
323	0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
324	0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
325	0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
326	0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
327	0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
328	0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
329	0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
330	0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
331	0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
332	0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
333	0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
334	0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
335	0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
336	0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
337	0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
338	0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
339	0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
340	0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
341	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
342	};
343	static const byte dh_ffdhe6144_g[] = { 0x02 };
344
345	const DhParams* wc_Dh_ffdhe6144_Get(void)
346	{
347	static const DhParams ffdhe6144 = {
348	dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
349	dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
350	};
351	return &ffdhe6144;
352	}
353	#endif
354
355	#ifdef HAVE_FFDHE_8192
356	static const byte dh_ffdhe8192_p[] = {
357	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
358	0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
359	0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
360	0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
361	0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
362	0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
363	0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
364	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
365	0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
366	0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
367	0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
368	0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
369	0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
370	0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
371	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
372	0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
373	0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
374	0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
375	0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
376	0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
377	0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
378	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
379	0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
380	0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
381	0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
382	0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
383	0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
384	0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
385	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
386	0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
387	0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
388	0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
389	0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
390	0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
391	0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
392	0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
393	0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
394	0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
395	0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
396	0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
397	0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
398	0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
399	0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
400	0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
401	0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
402	0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
403	0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
404	0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
405	0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
406	0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
407	0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
408	0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
409	0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
410	0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
411	0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
412	0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
413	0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
414	0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
415	0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
416	0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
417	0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
418	0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
419	0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
420	0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
421	0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
422	0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
423	0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
424	0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
425	0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
426	0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
427	0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
428	0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
429	0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
430	0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
431	0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
432	0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
433	0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
434	0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
435	0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
436	0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
437	0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
438	0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
439	0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
440	0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
441	0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
442	0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
443	0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
444	0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
445	0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
446	0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
447	0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
448	0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
449	0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
450	0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
451	0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
452	0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
453	0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
454	0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
455	0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
456	0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
457	0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
458	0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
459	0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
460	0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
461	0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
462	0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
463	0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
464	0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
465	0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
466	0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
467	0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
468	0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
469	0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
470	0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
471	0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
472	0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
473	0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
474	0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
475	0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
476	0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
477	0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
478	0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
479	0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
480	0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
481	0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
482	0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
483	0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
484	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
485	};
486	static const byte dh_ffdhe8192_g[] = { 0x02 };
487
488	const DhParams* wc_Dh_ffdhe8192_Get(void)
489	{
490	static const DhParams ffdhe8192 = {
491	dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
492	dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
493	};
494	return &ffdhe8192;
495	}
496	#endif
497
498	int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
499	{
500	int ret = 0;
501
502	if (key == NULL)
503	return BAD_FUNC_ARG;
504
505	key->heap = heap; /* for XMALLOC/XFREE in future */
506
507	if (mp_init_multi(&key->p, &key->g, NULL, NULL, NULL, NULL) != MP_OKAY)
508	return MEMORY_E;
509
510	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
511	/* handle as async */
512	ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
513	key->heap, devId);
514	#else
515	(void)devId;
516	#endif
517
518	return ret;
519	}
520
521	int wc_InitDhKey(DhKey* key)
522	{
523	return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
524	}
525
526
527	void wc_FreeDhKey(DhKey* key)
528	{
529	if (key) {
530	mp_clear(&key->p);
531	mp_clear(&key->g);
532
533	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
534	wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
535	#endif
536	}
537	}
538
539
540	/* if defined to not use floating point values do not compile in */
541	#ifndef WOLFSSL_DH_CONST
542	static word32 DiscreteLogWorkFactor(word32 n)
543	{
544	/* assuming discrete log takes about the same time as factoring */
545	if (n < 5)
546	return 0;
547	else
548	return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
549	XPOW(XLOG((double)n), 2.0/3.0) - 5);
550	}
551	#endif /* WOLFSSL_DH_CONST*/
552
553
554	/* if not using fixed points use DiscreteLogWorkFactor function for unsual size
555	otherwise round up on size needed */
556	#ifndef WOLFSSL_DH_CONST
557	#define WOLFSSL_DH_ROUND(x)
558	#else
559	#define WOLFSSL_DH_ROUND(x) \
560	do { \
561	if (x % 128) { \
562	x &= 0xffffff80;\
563	x += 128; \
564	} \
565	} \
566	while (0)
567	#endif
568
569
570	static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
571	{
572	int ret = 0;
573	word32 sz = mp_unsigned_bin_size(&key->p);
574
575	/* Table of predetermined values from the operation
576	2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1
577	Sizes in table checked against RFC 3526
578	*/
579	WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */
580	switch (sz) {
581	case 128: sz = 21; break;
582	case 256: sz = 29; break;
583	case 384: sz = 34; break;
584	case 512: sz = 39; break;
585	case 640: sz = 42; break;
586	case 768: sz = 46; break;
587	case 896: sz = 49; break;
588	case 1024: sz = 52; break;
589	default:
590	#ifndef WOLFSSL_DH_CONST
591	/* if using floating points and size of p is not in table */
592	sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
593	WOLFSSL_BIT_SIZE + 1);
594	break;
595	#else
596	return BAD_FUNC_ARG;
597	#endif
598	}
599
600	ret = wc_RNG_GenerateBlock(rng, priv, sz);
601
602	if (ret == 0) {
603	priv[0] \|= 0x0C;
604	*privSz = sz;
605	}
606
607	return ret;
608	}
609
610
611	static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
612	byte* pub, word32* pubSz)
613	{
614	int ret = 0;
615	mp_int x;
616	mp_int y;
617
618	#ifdef WOLFSSL_HAVE_SP_DH
619	#ifndef WOLFSSL_SP_NO_2048
620	if (mp_count_bits(&key->p) == 2048)
621	return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
622	#endif
623	#ifndef WOLFSSL_SP_NO_3072
624	if (mp_count_bits(&key->p) == 3072)
625	return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
626	#endif
627	#endif
628
629	if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
630	return MP_INIT_E;
631
632	if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
633	ret = MP_READ_E;
634
635	if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
636	ret = MP_EXPTMOD_E;
637
638	if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
639	ret = MP_TO_E;
640
641	if (ret == 0)
642	*pubSz = mp_unsigned_bin_size(&y);
643
644	mp_clear(&y);
645	mp_clear(&x);
646
647	return ret;
648	}
649
650	static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
651	byte* priv, word32* privSz, byte* pub, word32* pubSz)
652	{
653	int ret;
654
655	if (key == NULL \|\| rng == NULL \|\| priv == NULL \|\| privSz == NULL \|\|
656	pub == NULL \|\| pubSz == NULL) {
657	return BAD_FUNC_ARG;
658	}
659
660	ret = GeneratePrivateDh(key, rng, priv, privSz);
661
662	return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
663	}
664
665	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
666	static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
667	byte* priv, word32* privSz, byte* pub, word32* pubSz)
668	{
669	int ret;
670
671	#if defined(HAVE_INTEL_QA)
672	word32 sz;
673
674	/* verify prime is at least 768-bits */
675	/* QAT HW must have prime at least 768-bits */
676	sz = mp_unsigned_bin_size(&key->p);
677	if (sz >= (768/8)) {
678	mp_int x;
679
680	ret = mp_init(&x);
681	if (ret != MP_OKAY)
682	return ret;
683
684	ret = GeneratePrivateDh(key, rng, priv, privSz);
685	if (ret == 0)
686	ret = mp_read_unsigned_bin(&x, priv, *privSz);
687	if (ret == MP_OKAY)
688	ret = wc_mp_to_bigint(&x, &x.raw);
689	if (ret == MP_OKAY)
690	ret = wc_mp_to_bigint(&key->p, &key->p.raw);
691	if (ret == MP_OKAY)
692	ret = wc_mp_to_bigint(&key->g, &key->g.raw);
693	if (ret == MP_OKAY)
694	ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
695	&x.raw, pub, pubSz);
696	mp_clear(&x);
697
698	return ret;
699	}
700
701	#elif defined(HAVE_CAVIUM)
702	/* TODO: Not implemented - use software for now */
703
704	#else /* WOLFSSL_ASYNC_CRYPT_TEST */
705	if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_GEN)) {
706	WC_ASYNC_TEST* testDev = &key->asyncDev.test;
707	testDev->dhGen.key = key;
708	testDev->dhGen.rng = rng;
709	testDev->dhGen.priv = priv;
710	testDev->dhGen.privSz = privSz;
711	testDev->dhGen.pub = pub;
712	testDev->dhGen.pubSz = pubSz;
713	return WC_PENDING_E;
714	}
715	#endif
716
717	/* otherwise use software DH */
718	ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
719
720	return ret;
721	}
722	#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
723
724
725	/* Check DH Public Key for invalid numbers
726	*
727	* key DH key group parameters.
728	* pub Public Key.
729	* pubSz Public Key size.
730	*
731	* returns 0 on success or error code
732	*/
733	int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
734	{
735	int ret = 0;
736
737	mp_int x;
738	mp_int y;
739
740	if (key == NULL \|\| pub == NULL) {
741	return BAD_FUNC_ARG;
742	}
743
744	if (mp_init_multi(&x, &y, NULL, NULL, NULL, NULL) != MP_OKAY) {
745	return MP_INIT_E;
746	}
747
748	if (mp_read_unsigned_bin(&x, pub, pubSz) != MP_OKAY) {
749	ret = MP_READ_E;
750	}
751
752	/* pub should not be 0 or 1 */
753	if (ret == 0 && mp_cmp_d(&x, 2) == MP_LT) {
754	ret = MP_CMP_E;
755	}
756
757	/* pub shouldn't be greater than or equal to p - 1 */
758	if (ret == 0 && mp_copy(&key->p, &y) != MP_OKAY) {
759	ret = MP_INIT_E;
760	}
761	if (ret == 0 && mp_sub_d(&y, 2, &y) != MP_OKAY) {
762	ret = MP_SUB_E;
763	}
764	if (ret == 0 && mp_cmp(&x, &y) == MP_GT) {
765	ret = MP_CMP_E;
766	}
767
768	mp_clear(&y);
769	mp_clear(&x);
770
771	return ret;
772	}
773
774
775	int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
776	byte* priv, word32* privSz, byte* pub, word32* pubSz)
777	{
778	int ret;
779
780	if (key == NULL \|\| rng == NULL \|\| priv == NULL \|\| privSz == NULL \|\|
781	pub == NULL \|\| pubSz == NULL) {
782	return BAD_FUNC_ARG;
783	}
784
785	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
786	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
787	ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
788	}
789	else
790	#endif
791	{
792	ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
793	}
794
795	return ret;
796	}
797
798
799	static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
800	const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
801	{
802	int ret = 0;
803	mp_int x;
804	mp_int y;
805	mp_int z;
806
807	if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
808	WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
809	return DH_CHECK_PUB_E;
810	}
811
812	#ifdef WOLFSSL_HAVE_SP_DH
813	#ifndef WOLFSSL_SP_NO_2048
814	if (mp_count_bits(&key->p) == 2048) {
815	if (mp_init(&y) != MP_OKAY)
816	return MP_INIT_E;
817
818	if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
819	ret = MP_READ_E;
820
821	if (ret == 0)
822	ret = sp_DhExp_2048(&y, priv, privSz, &key->p, agree, agreeSz);
823
824	mp_clear(&y);
825	return ret;
826	}
827	#endif
828	#ifndef WOLFSSL_SP_NO_3072
829	if (mp_count_bits(&key->p) == 3072) {
830	if (mp_init(&y) != MP_OKAY)
831	return MP_INIT_E;
832
833	if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
834	ret = MP_READ_E;
835
836	if (ret == 0)
837	ret = sp_DhExp_3072(&y, priv, privSz, &key->p, agree, agreeSz);
838
839	mp_clear(&y);
840	return ret;
841	}
842	#endif
843	#endif
844
845	if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
846	return MP_INIT_E;
847
848	if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
849	ret = MP_READ_E;
850
851	if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
852	ret = MP_READ_E;
853
854	if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
855	ret = MP_EXPTMOD_E;
856
857	if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
858	ret = MP_TO_E;
859
860	if (ret == 0)
861	*agreeSz = mp_unsigned_bin_size(&z);
862
863	mp_clear(&z);
864	mp_clear(&y);
865	mp_forcezero(&x);
866
867	return ret;
868	}
869
870	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
871	static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
872	const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
873	{
874	int ret;
875
876	#ifdef HAVE_CAVIUM
877	/* TODO: Not implemented - use software for now */
878	ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
879
880	#elif defined(HAVE_INTEL_QA)
881	ret = wc_mp_to_bigint(&key->p, &key->p.raw);
882	if (ret == MP_OKAY)
883	ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
884	agree, agreeSz, priv, privSz, otherPub, pubSz);
885	#else /* WOLFSSL_ASYNC_CRYPT_TEST */
886	if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) {
887	WC_ASYNC_TEST* testDev = &key->asyncDev.test;
888	testDev->dhAgree.key = key;
889	testDev->dhAgree.agree = agree;
890	testDev->dhAgree.agreeSz = agreeSz;
891	testDev->dhAgree.priv = priv;
892	testDev->dhAgree.privSz = privSz;
893	testDev->dhAgree.otherPub = otherPub;
894	testDev->dhAgree.pubSz = pubSz;
895	return WC_PENDING_E;
896	}
897	ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
898	#endif
899
900	return ret;
901	}
902	#endif /* WOLFSSL_ASYNC_CRYPT */
903
904	int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
905	word32 privSz, const byte* otherPub, word32 pubSz)
906	{
907	int ret = 0;
908
909	if (key == NULL \|\| agree == NULL \|\| agreeSz == NULL \|\| priv == NULL \|\|
910	otherPub == NULL) {
911	return BAD_FUNC_ARG;
912	}
913
914	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
915	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
916	ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
917	}
918	else
919	#endif
920	{
921	ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
922	}
923
924	return ret;
925	}
926
927
928	/* not in asn anymore since no actual asn types used */
929	int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
930	word32 gSz)
931	{
932	if (key == NULL \|\| p == NULL \|\| g == NULL \|\| pSz == 0 \|\| gSz == 0) {
933	return BAD_FUNC_ARG;
934	}
935
936	/* may have leading 0 */
937	if (p[0] == 0) {
938	pSz--; p++;
939	}
940
941	if (g[0] == 0) {
942	gSz--; g++;
943	}
944
945	if (mp_init(&key->p) != MP_OKAY)
946	return MP_INIT_E;
947	if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
948	mp_clear(&key->p);
949	return ASN_DH_KEY_E;
950	}
951
952	if (mp_init(&key->g) != MP_OKAY) {
953	mp_clear(&key->p);
954	return MP_INIT_E;
955	}
956	if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
957	mp_clear(&key->g);
958	mp_clear(&key->p);
959	return ASN_DH_KEY_E;
960	}
961
962	return 0;
963	}
964
965	#endif /* NO_DH */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: