- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c
r337 r372 29 29 #ifndef NO_DH 30 30 31 #if defined(HAVE_FIPS) && \ 32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 33 34 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ 35 #define FIPS_NO_WRAPPERS 36 37 #ifdef USE_WINDOWS_API 38 #pragma code_seg(".fipsA$m") 39 #pragma const_seg(".fipsB$m") 40 #endif 41 #endif 42 31 43 #include <wolfssl/wolfcrypt/dh.h> 32 44 #include <wolfssl/wolfcrypt/error-crypt.h> … … 43 55 #include <wolfcrypt/src/misc.c> 44 56 #endif 57 58 59 /* 60 Possible DH enable options: 61 * NO_RSA: Overall control of DH default: on (not defined) 62 * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not 63 directly effect this file, but it does speed up DH 64 removing the testing. It is not recommended to 65 disable the prime checking. default: off 66 67 */ 45 68 46 69 … … 89 112 }; 90 113 static const byte dh_ffdhe2048_g[] = { 0x02 }; 114 #ifdef HAVE_FFDHE_Q 115 static const byte dh_ffdhe2048_q[] = { 116 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 117 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, 118 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, 119 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, 120 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, 121 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 122 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, 123 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, 124 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, 125 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, 126 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, 127 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 128 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 129 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, 130 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, 131 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, 132 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, 133 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, 134 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 135 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 136 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, 137 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, 138 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, 139 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, 140 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, 141 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, 142 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 143 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, 144 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, 145 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, 146 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B, 147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 148 }; 149 #endif /* HAVE_FFDHE_Q */ 91 150 92 151 const DhParams* wc_Dh_ffdhe2048_Get(void) 93 152 { 94 153 static const DhParams ffdhe2048 = { 154 #ifdef HAVE_FFDHE_Q 155 dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q), 156 #endif /* HAVE_FFDHE_Q */ 95 157 dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p), 96 158 dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) … … 152 214 }; 153 215 static const byte dh_ffdhe3072_g[] = { 0x02 }; 216 #ifdef HAVE_FFDHE_Q 217 static const byte dh_ffdhe3072_q[] = { 218 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 219 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, 220 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, 221 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, 222 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, 223 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 224 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, 225 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, 226 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, 227 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, 228 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, 229 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 230 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 231 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, 232 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, 233 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, 234 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, 235 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, 236 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 237 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 238 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, 239 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, 240 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, 241 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, 242 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, 243 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, 244 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 245 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, 246 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, 247 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, 248 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, 249 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, 250 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 251 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 252 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, 253 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, 254 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, 255 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, 256 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, 257 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 258 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 259 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, 260 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, 261 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, 262 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, 263 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, 264 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B, 265 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 266 }; 267 #endif /* HAVE_FFDHE_Q */ 154 268 155 269 const DhParams* wc_Dh_ffdhe3072_Get(void) 156 270 { 157 271 static const DhParams ffdhe3072 = { 272 #ifdef HAVE_FFDHE_Q 273 dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q), 274 #endif /* HAVE_FFDHE_Q */ 158 275 dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p), 159 276 dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g) … … 231 348 }; 232 349 static const byte dh_ffdhe4096_g[] = { 0x02 }; 350 #ifdef HAVE_FFDHE_Q 351 static const byte dh_ffdhe4096_q[] = { 352 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 353 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, 354 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, 355 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, 356 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, 357 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 358 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, 359 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, 360 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, 361 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, 362 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, 363 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 364 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 365 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, 366 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, 367 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, 368 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, 369 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, 370 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 371 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 372 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, 373 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, 374 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, 375 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, 376 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, 377 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, 378 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 379 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, 380 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, 381 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, 382 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, 383 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, 384 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 385 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 386 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, 387 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, 388 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, 389 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, 390 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, 391 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 392 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 393 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, 394 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, 395 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, 396 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, 397 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, 398 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, 399 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 400 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, 401 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, 402 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, 403 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, 404 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, 405 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, 406 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 407 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, 408 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, 409 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, 410 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, 411 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, 412 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, 413 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 414 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5, 415 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 416 }; 417 #endif /* HAVE_FFDHE_Q */ 233 418 234 419 const DhParams* wc_Dh_ffdhe4096_Get(void) 235 420 { 236 421 static const DhParams ffdhe4096 = { 422 #ifdef HAVE_FFDHE_Q 423 dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q), 424 #endif /* HAVE_FFDHE_Q */ 237 425 dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p), 238 426 dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g) … … 342 530 }; 343 531 static const byte dh_ffdhe6144_g[] = { 0x02 }; 532 #ifdef HAVE_FFDHE_Q 533 static const byte dh_ffdhe6144_q[] = { 534 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 535 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, 536 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, 537 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, 538 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, 539 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 540 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, 541 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, 542 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, 543 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, 544 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, 545 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 546 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 547 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, 548 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, 549 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, 550 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, 551 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, 552 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 553 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 554 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, 555 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, 556 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, 557 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, 558 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, 559 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, 560 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 561 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, 562 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, 563 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, 564 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, 565 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, 566 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 567 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 568 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, 569 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, 570 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, 571 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, 572 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, 573 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 574 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 575 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, 576 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, 577 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, 578 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, 579 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, 580 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, 581 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 582 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, 583 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, 584 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, 585 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, 586 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, 587 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, 588 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 589 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, 590 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, 591 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, 592 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, 593 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, 594 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, 595 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 596 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, 597 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D, 598 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D, 599 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53, 600 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64, 601 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6, 602 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 603 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, 604 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F, 605 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B, 606 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88, 607 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C, 608 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1, 609 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 610 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, 611 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA, 612 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0, 613 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9, 614 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB, 615 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41, 616 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 617 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, 618 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF, 619 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23, 620 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5, 621 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B, 622 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01, 623 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 624 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, 625 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34, 626 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0, 627 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A, 628 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32, 629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 630 }; 631 #endif /* HAVE_FFDHE_Q */ 344 632 345 633 const DhParams* wc_Dh_ffdhe6144_Get(void) 346 634 { 347 635 static const DhParams ffdhe6144 = { 636 #ifdef HAVE_FFDHE_Q 637 dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q), 638 #endif /* HAVE_FFDHE_Q */ 348 639 dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p), 349 640 dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g) … … 485 776 }; 486 777 static const byte dh_ffdhe8192_g[] = { 0x02 }; 778 #ifdef HAVE_FFDHE_Q 779 static const byte dh_ffdhe8192_q[] = { 780 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 781 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, 782 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, 783 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, 784 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, 785 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 786 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, 787 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, 788 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, 789 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, 790 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, 791 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 792 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 793 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, 794 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, 795 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, 796 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, 797 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, 798 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 799 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 800 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, 801 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, 802 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, 803 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, 804 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, 805 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, 806 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 807 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, 808 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, 809 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, 810 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, 811 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, 812 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 813 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 814 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, 815 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, 816 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, 817 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, 818 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, 819 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 820 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 821 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, 822 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, 823 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, 824 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, 825 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, 826 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, 827 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 828 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, 829 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, 830 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, 831 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, 832 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, 833 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, 834 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 835 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, 836 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, 837 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, 838 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, 839 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, 840 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, 841 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 842 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, 843 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D, 844 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D, 845 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53, 846 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64, 847 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6, 848 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 849 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, 850 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F, 851 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B, 852 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88, 853 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C, 854 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1, 855 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 856 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, 857 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA, 858 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0, 859 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9, 860 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB, 861 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41, 862 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 863 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, 864 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF, 865 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23, 866 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5, 867 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B, 868 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01, 869 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 870 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, 871 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34, 872 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0, 873 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A, 874 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55, 875 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C, 876 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32, 877 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1, 878 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F, 879 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77, 880 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14, 881 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32, 882 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81, 883 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2, 884 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41, 885 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE, 886 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28, 887 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11, 888 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A, 889 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7, 890 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96, 891 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E, 892 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD, 893 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC, 894 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50, 895 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18, 896 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B, 897 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4, 898 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37, 899 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18, 900 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F, 901 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F, 902 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86, 903 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E, 904 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7, 905 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46, 906 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26, 907 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 908 }; 909 #endif /* HAVE_FFDHE_Q */ 487 910 488 911 const DhParams* wc_Dh_ffdhe8192_Get(void) 489 912 { 490 913 static const DhParams ffdhe8192 = { 914 #ifdef HAVE_FFDHE_Q 915 dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q), 916 #endif /* HAVE_FFDHE_Q */ 491 917 dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p), 492 918 dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g) … … 505 931 key->heap = heap; /* for XMALLOC/XFREE in future */ 506 932 507 if (mp_init_multi(&key->p, &key->g, NULL, NULL, NULL, NULL) != MP_OKAY)933 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY) 508 934 return MEMORY_E; 509 935 … … 525 951 526 952 527 voidwc_FreeDhKey(DhKey* key)953 int wc_FreeDhKey(DhKey* key) 528 954 { 529 955 if (key) { 530 956 mp_clear(&key->p); 531 957 mp_clear(&key->g); 958 mp_clear(&key->q); 532 959 533 960 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH) … … 535 962 #endif 536 963 } 537 } 538 539 964 return 0; 965 } 966 967 968 #ifndef WC_NO_RNG 540 969 /* if defined to not use floating point values do not compile in */ 541 970 #ifndef WOLFSSL_DH_CONST … … 568 997 569 998 570 static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz) 571 { 999 #ifndef WOLFSSL_NO_DH186 1000 /* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1. 1001 * modLen - represents L, the size of p in bits 1002 * divLen - represents N, the size of q in bits 1003 * return 0 on success, -1 on error */ 1004 static int CheckDhLN(int modLen, int divLen) 1005 { 1006 int ret = -1; 1007 1008 switch (modLen) { 1009 /* FA */ 1010 case 1024: 1011 if (divLen == 160) 1012 ret = 0; 1013 break; 1014 /* FB, FC */ 1015 case 2048: 1016 if (divLen == 224 || divLen == 256) 1017 ret = 0; 1018 break; 1019 default: 1020 break; 1021 } 1022 1023 return ret; 1024 } 1025 1026 1027 /* Create DH private key 1028 * 1029 * Based on NIST FIPS 186-4, 1030 * "B.1.1 Key Pair Generation Using Extra Random Bits" 1031 * 1032 * dh - pointer to initialized DhKey structure, needs to have dh->q 1033 * rng - pointer to initialized WC_RNG structure 1034 * priv - output location for generated private key 1035 * privSz - IN/OUT, size of priv buffer, size of generated private key 1036 * 1037 * return 0 on success, negative on error */ 1038 static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, 1039 word32* privSz) 1040 { 1041 byte* cBuf; 1042 int qSz, pSz, cSz, err; 1043 #ifdef WOLFSSL_SMALL_STACK 1044 mp_int* tmpQ = NULL; 1045 mp_int* tmpX = NULL; 1046 #else 1047 mp_int tmpQ[1], tmpX[1]; 1048 #endif 1049 1050 /* Parameters validated in calling functions. */ 1051 1052 if (mp_iszero(&key->q) == MP_YES) { 1053 WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation"); 1054 return BAD_FUNC_ARG; 1055 } 1056 1057 qSz = mp_unsigned_bin_size(&key->q); 1058 pSz = mp_unsigned_bin_size(&key->p); 1059 1060 /* verify (L,N) pair bit lengths */ 1061 if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) { 1062 WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements"); 1063 return BAD_FUNC_ARG; 1064 } 1065 1066 /* generate extra 64 bits so that bias from mod function is negligible */ 1067 cSz = qSz + (64 / WOLFSSL_BIT_SIZE); 1068 cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1069 if (cBuf == NULL) { 1070 return MEMORY_E; 1071 } 1072 #ifdef WOLFSSL_SMALL_STACK 1073 tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1074 if (tmpQ == NULL) { 1075 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1076 return MEMORY_E; 1077 } 1078 tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1079 if (tmpX == NULL) { 1080 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1081 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH); 1082 return MEMORY_E; 1083 } 1084 #endif 1085 1086 1087 if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL)) 1088 != MP_OKAY) { 1089 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1090 #ifdef WOLFSSL_SMALL_STACK 1091 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH); 1092 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH); 1093 #endif 1094 return err; 1095 } 1096 1097 do { 1098 /* generate N+64 bits (c) from RBG into tmpX, making sure positive. 1099 * Hash_DRBG uses SHA-256 which matches maximum 1100 * requested_security_strength of (L,N) */ 1101 err = wc_RNG_GenerateBlock(rng, cBuf, cSz); 1102 if (err == MP_OKAY) 1103 err = mp_read_unsigned_bin(tmpX, cBuf, cSz); 1104 if (err != MP_OKAY) { 1105 mp_clear(tmpX); 1106 mp_clear(tmpQ); 1107 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1108 #ifdef WOLFSSL_SMALL_STACK 1109 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH); 1110 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH); 1111 #endif 1112 return err; 1113 } 1114 } while (mp_cmp_d(tmpX, 1) != MP_GT); 1115 1116 ForceZero(cBuf, cSz); 1117 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1118 1119 /* tmpQ = q - 1 */ 1120 if (err == MP_OKAY) 1121 err = mp_copy(&key->q, tmpQ); 1122 1123 if (err == MP_OKAY) 1124 err = mp_sub_d(tmpQ, 1, tmpQ); 1125 1126 /* x = c mod (q-1), tmpX holds c */ 1127 if (err == MP_OKAY) 1128 err = mp_mod(tmpX, tmpQ, tmpX); 1129 1130 /* x = c mod (q-1) + 1 */ 1131 if (err == MP_OKAY) 1132 err = mp_add_d(tmpX, 1, tmpX); 1133 1134 /* copy tmpX into priv */ 1135 if (err == MP_OKAY) { 1136 pSz = mp_unsigned_bin_size(tmpX); 1137 if (pSz > (int)*privSz) { 1138 WOLFSSL_MSG("DH private key output buffer too small"); 1139 err = BAD_FUNC_ARG; 1140 } else { 1141 *privSz = pSz; 1142 err = mp_to_unsigned_bin(tmpX, priv); 1143 } 1144 } 1145 1146 mp_forcezero(tmpX); 1147 mp_clear(tmpX); 1148 mp_clear(tmpQ); 1149 #ifdef WOLFSSL_SMALL_STACK 1150 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH); 1151 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH); 1152 #endif 1153 1154 return err; 1155 } 1156 #endif /* WOLFSSL_NO_DH186 */ 1157 #endif /* !WC_NO_RNG */ 1158 1159 static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, 1160 word32* privSz) 1161 { 1162 #ifndef WC_NO_RNG 572 1163 int ret = 0; 573 word32 sz = mp_unsigned_bin_size(&key->p); 1164 word32 sz = 0; 1165 1166 #ifndef WOLFSSL_NO_DH186 1167 if (mp_iszero(&key->q) == MP_NO) { 1168 1169 /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair 1170 * Generation Using Extra Random Bits" */ 1171 ret = GeneratePrivateDh186(key, rng, priv, privSz); 1172 1173 } else 1174 #endif 1175 { 1176 1177 sz = mp_unsigned_bin_size(&key->p); 574 1178 575 1179 /* Table of predetermined values from the operation 576 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1 1180 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / 1181 WOLFSSL_BIT_SIZE + 1 577 1182 Sizes in table checked against RFC 3526 578 1183 */ … … 604 1209 *privSz = sz; 605 1210 } 1211 } 606 1212 607 1213 return ret; 1214 #else 1215 (void)key; 1216 (void)rng; 1217 (void)priv; 1218 (void)privSz; 1219 return NOT_COMPILED_IN; 1220 #endif /* WC_NO_RNG */ 608 1221 } 609 1222 … … 613 1226 { 614 1227 int ret = 0; 615 mp_int x; 616 mp_int y; 1228 #ifndef WOLFSSL_SP_MATH 1229 #ifdef WOLFSSL_SMALL_STACK 1230 mp_int* x = NULL; 1231 mp_int* y = NULL; 1232 #else 1233 mp_int x[1]; 1234 mp_int y[1]; 1235 #endif 1236 #endif 617 1237 618 1238 #ifdef WOLFSSL_HAVE_SP_DH … … 627 1247 #endif 628 1248 629 if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY) 1249 #ifndef WOLFSSL_SP_MATH 1250 #ifdef WOLFSSL_SMALL_STACK 1251 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1252 if (x == NULL) 1253 return MEMORY_E; 1254 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1255 if (y == NULL) { 1256 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1257 return MEMORY_E; 1258 } 1259 #endif 1260 if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) { 1261 #ifdef WOLFSSL_SMALL_STACK 1262 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1263 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1264 #endif 630 1265 return MP_INIT_E; 631 632 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY) 1266 } 1267 1268 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) 633 1269 ret = MP_READ_E; 634 1270 635 if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)1271 if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY) 636 1272 ret = MP_EXPTMOD_E; 637 1273 638 if (ret == 0 && mp_to_unsigned_bin( &y, pub) != MP_OKAY)1274 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY) 639 1275 ret = MP_TO_E; 640 1276 641 1277 if (ret == 0) 642 *pubSz = mp_unsigned_bin_size(&y); 643 644 mp_clear(&y); 645 mp_clear(&x); 1278 *pubSz = mp_unsigned_bin_size(y); 1279 1280 mp_clear(y); 1281 mp_clear(x); 1282 #ifdef WOLFSSL_SMALL_STACK 1283 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1284 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1285 #endif 1286 #else 1287 ret = WC_KEY_SIZE_E; 1288 #endif 646 1289 647 1290 return ret; … … 723 1366 724 1367 1368 /* Check DH Public Key for invalid numbers, optionally allowing 1369 * the public key to be checked against the large prime (q). 1370 * Check per process in SP 800-56Ar3, section 5.6.2.3.1. 1371 * 1372 * key DH key group parameters. 1373 * pub Public Key. 1374 * pubSz Public Key size. 1375 * prime Large prime (q), optionally NULL to skip check 1376 * primeSz Size of large prime 1377 * 1378 * returns 0 on success or error code 1379 */ 1380 int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, 1381 const byte* prime, word32 primeSz) 1382 { 1383 int ret = 0; 1384 #ifdef WOLFSSL_SMALL_STACK 1385 mp_int* y = NULL; 1386 mp_int* p = NULL; 1387 mp_int* q = NULL; 1388 #else 1389 mp_int y[1]; 1390 mp_int p[1]; 1391 mp_int q[1]; 1392 #endif 1393 1394 if (key == NULL || pub == NULL) { 1395 return BAD_FUNC_ARG; 1396 } 1397 1398 #ifdef WOLFSSL_SMALL_STACK 1399 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1400 if (y == NULL) 1401 return MEMORY_E; 1402 p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1403 if (p == NULL) { 1404 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1405 return MEMORY_E; 1406 } 1407 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1408 if (q == NULL) { 1409 XFREE(p, key->heap, DYNAMIC_TYPE_DH); 1410 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1411 return MEMORY_E; 1412 } 1413 #endif 1414 1415 if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) { 1416 #ifdef WOLFSSL_SMALL_STACK 1417 XFREE(q, key->heap, DYNAMIC_TYPE_DH); 1418 XFREE(p, key->heap, DYNAMIC_TYPE_DH); 1419 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1420 #endif 1421 return MP_INIT_E; 1422 } 1423 1424 if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) { 1425 ret = MP_READ_E; 1426 } 1427 1428 if (ret == 0 && prime != NULL) { 1429 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY) 1430 ret = MP_READ_E; 1431 1432 } else if (mp_iszero(&key->q) == MP_NO) { 1433 /* use q available in DhKey */ 1434 if (mp_copy(&key->q, q) != MP_OKAY) 1435 ret = MP_INIT_E; 1436 } 1437 1438 /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */ 1439 /* pub (y) should not be 0 or 1 */ 1440 if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) { 1441 ret = MP_CMP_E; 1442 } 1443 1444 /* pub (y) shouldn't be greater than or equal to p - 1 */ 1445 if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) { 1446 ret = MP_INIT_E; 1447 } 1448 if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) { 1449 ret = MP_SUB_E; 1450 } 1451 if (ret == 0 && mp_cmp(y, p) == MP_GT) { 1452 ret = MP_CMP_E; 1453 } 1454 1455 if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) { 1456 1457 /* restore key->p into p */ 1458 if (mp_copy(&key->p, p) != MP_OKAY) 1459 ret = MP_INIT_E; 1460 } 1461 1462 if (ret == 0 && prime != NULL) { 1463 #ifdef WOLFSSL_HAVE_SP_DH 1464 #ifndef WOLFSSL_SP_NO_2048 1465 if (mp_count_bits(&key->p) == 2048) { 1466 ret = sp_ModExp_2048(y, q, p, y); 1467 if (ret != 0) 1468 ret = MP_EXPTMOD_E; 1469 } 1470 else 1471 #endif 1472 #ifndef WOLFSSL_SP_NO_3072 1473 if (mp_count_bits(&key->p) == 3072) { 1474 ret = sp_ModExp_3072(y, q, p, y); 1475 if (ret != 0) 1476 ret = MP_EXPTMOD_E; 1477 } 1478 else 1479 #endif 1480 #endif 1481 1482 { 1483 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */ 1484 #ifndef WOLFSSL_SP_MATH 1485 /* calculate (y^q) mod(p), store back into y */ 1486 if (ret == 0 && mp_exptmod(y, q, p, y) != MP_OKAY) 1487 ret = MP_EXPTMOD_E; 1488 #else 1489 ret = WC_KEY_SIZE_E; 1490 #endif 1491 } 1492 1493 /* verify above == 1 */ 1494 if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ) 1495 ret = MP_CMP_E; 1496 } 1497 1498 mp_clear(y); 1499 mp_clear(p); 1500 mp_clear(q); 1501 #ifdef WOLFSSL_SMALL_STACK 1502 XFREE(q, key->heap, DYNAMIC_TYPE_DH); 1503 XFREE(p, key->heap, DYNAMIC_TYPE_DH); 1504 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1505 #endif 1506 1507 return ret; 1508 } 1509 1510 725 1511 /* Check DH Public Key for invalid numbers 726 1512 * … … 733 1519 int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz) 734 1520 { 1521 return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0); 1522 } 1523 1524 1525 /* Check DH Private Key for invalid numbers, optionally allowing 1526 * the private key to be checked against the large prime (q). 1527 * Check per process in SP 800-56Ar3, section 5.6.2.1.2. 1528 * 1529 * key DH key group parameters. 1530 * priv Private Key. 1531 * privSz Private Key size. 1532 * prime Large prime (q), optionally NULL to skip check 1533 * primeSz Size of large prime 1534 * 1535 * returns 0 on success or error code 1536 */ 1537 int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz, 1538 const byte* prime, word32 primeSz) 1539 { 735 1540 int ret = 0; 736 737 mp_int x; 738 mp_int y; 739 740 if (key == NULL || pub == NULL) { 1541 #ifdef WOLFSSL_SMALL_STACK 1542 mp_int* x = NULL; 1543 mp_int* q = NULL; 1544 #else 1545 mp_int x[1]; 1546 mp_int q[1]; 1547 #endif 1548 1549 if (key == NULL || priv == NULL) { 741 1550 return BAD_FUNC_ARG; 742 1551 } 743 1552 744 if (mp_init_multi(&x, &y, NULL, NULL, NULL, NULL) != MP_OKAY) { 1553 #ifdef WOLFSSL_SMALL_STACK 1554 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1555 if (x == NULL) 1556 return MEMORY_E; 1557 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1558 if (q == NULL) { 1559 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1560 return MEMORY_E; 1561 } 1562 #endif 1563 1564 if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) { 1565 #ifdef WOLFSSL_SMALL_STACK 1566 XFREE(q, key->heap, DYNAMIC_TYPE_DH); 1567 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1568 #endif 745 1569 return MP_INIT_E; 746 1570 } 747 1571 748 if (mp_read_unsigned_bin( &x, pub, pubSz) != MP_OKAY) {1572 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) { 749 1573 ret = MP_READ_E; 750 1574 } 751 1575 752 /* pub should not be 0 or 1 */ 753 if (ret == 0 && mp_cmp_d(&x, 2) == MP_LT) { 1576 if (ret == 0) { 1577 if (prime != NULL) { 1578 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY) 1579 ret = MP_READ_E; 1580 } 1581 else if (mp_iszero(&key->q) == MP_NO) { 1582 /* use q available in DhKey */ 1583 if (mp_copy(&key->q, q) != MP_OKAY) 1584 ret = MP_INIT_E; 1585 } 1586 } 1587 1588 /* priv (x) should not be 0 */ 1589 if (ret == 0) { 1590 if (mp_cmp_d(x, 0) == MP_EQ) 754 1591 ret = MP_CMP_E; 755 1592 } 756 1593 757 /* pub shouldn't be greater than or equal to p - 1 */ 758 if (ret == 0 && mp_copy(&key->p, &y) != MP_OKAY) { 1594 if (ret == 0) { 1595 if (mp_iszero(q) == MP_NO) { 1596 /* priv (x) shouldn't be greater than q - 1 */ 1597 if (ret == 0) { 1598 if (mp_copy(&key->q, q) != MP_OKAY) 759 1599 ret = MP_INIT_E; 760 1600 } 761 if (ret == 0 && mp_sub_d(&y, 2, &y) != MP_OKAY) { 1601 if (ret == 0) { 1602 if (mp_sub_d(q, 1, q) != MP_OKAY) 762 1603 ret = MP_SUB_E; 763 1604 } 764 if (ret == 0 && mp_cmp(&x, &y) == MP_GT) { 1605 if (ret == 0) { 1606 if (mp_cmp(x, q) == MP_GT) 1607 ret = DH_CHECK_PRIV_E; 1608 } 1609 } 1610 } 1611 1612 mp_clear(x); 1613 mp_clear(q); 1614 #ifdef WOLFSSL_SMALL_STACK 1615 XFREE(q, key->heap, DYNAMIC_TYPE_DH); 1616 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1617 #endif 1618 1619 return ret; 1620 } 1621 1622 1623 /* Check DH Private Key for invalid numbers 1624 * 1625 * key DH key group parameters. 1626 * priv Private Key. 1627 * privSz Private Key size. 1628 * 1629 * returns 0 on success or error code 1630 */ 1631 int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz) 1632 { 1633 return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0); 1634 } 1635 1636 1637 /* Check DH Keys for pair-wise consistency per process in 1638 * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. 1639 * 1640 * key DH key group parameters. 1641 * pub Public Key. 1642 * pubSz Public Key size. 1643 * priv Private Key. 1644 * privSz Private Key size. 1645 * 1646 * returns 0 on success or error code 1647 */ 1648 int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, 1649 const byte* priv, word32 privSz) 1650 { 1651 #ifdef WOLFSSL_SMALL_STACK 1652 mp_int* publicKey = NULL; 1653 mp_int* privateKey = NULL; 1654 mp_int* checkKey = NULL; 1655 #else 1656 mp_int publicKey[1]; 1657 mp_int privateKey[1]; 1658 mp_int checkKey[1]; 1659 #endif 1660 int ret = 0; 1661 1662 if (key == NULL || pub == NULL || priv == NULL) 1663 return BAD_FUNC_ARG; 1664 1665 #ifdef WOLFSSL_SMALL_STACK 1666 publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1667 if (publicKey == NULL) 1668 return MEMORY_E; 1669 privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1670 if (privateKey == NULL) { 1671 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH); 1672 return MEMORY_E; 1673 } 1674 checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1675 if (checkKey == NULL) { 1676 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH); 1677 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH); 1678 return MEMORY_E; 1679 } 1680 #endif 1681 1682 if (mp_init_multi(publicKey, privateKey, checkKey, 1683 NULL, NULL, NULL) != MP_OKAY) { 1684 1685 #ifdef WOLFSSL_SMALL_STACK 1686 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH); 1687 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH); 1688 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH); 1689 #endif 1690 return MP_INIT_E; 1691 } 1692 1693 /* Load the private and public keys into big integers. */ 1694 if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY || 1695 mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) { 1696 1697 ret = MP_READ_E; 1698 } 1699 1700 /* Calculate checkKey = g^privateKey mod p */ 1701 if (ret == 0) { 1702 #ifdef WOLFSSL_HAVE_SP_DH 1703 #ifndef WOLFSSL_SP_NO_2048 1704 if (mp_count_bits(&key->p) == 2048) { 1705 ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey); 1706 if (ret != 0) 1707 ret = MP_EXPTMOD_E; 1708 } 1709 else 1710 #endif 1711 #ifndef WOLFSSL_SP_NO_3072 1712 if (mp_count_bits(&key->p) == 3072) { 1713 ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey); 1714 if (ret != 0) 1715 ret = MP_EXPTMOD_E; 1716 } 1717 else 1718 #endif 1719 #endif 1720 { 1721 #ifndef WOLFSSL_SP_MATH 1722 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY) 1723 ret = MP_EXPTMOD_E; 1724 #else 1725 ret = WC_KEY_SIZE_E; 1726 #endif 1727 } 1728 } 1729 1730 /* Compare the calculated public key to the supplied check value. */ 1731 if (ret == 0) { 1732 if (mp_cmp(checkKey, publicKey) != MP_EQ) 765 1733 ret = MP_CMP_E; 766 1734 } 767 1735 768 mp_clear(&y); 769 mp_clear(&x); 1736 mp_forcezero(privateKey); 1737 mp_clear(privateKey); 1738 mp_clear(publicKey); 1739 mp_clear(checkKey); 1740 #ifdef WOLFSSL_SMALL_STACK 1741 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH); 1742 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH); 1743 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH); 1744 #endif 770 1745 771 1746 return ret; … … 801 1776 { 802 1777 int ret = 0; 803 mp_int x; 804 mp_int y; 805 mp_int z; 1778 #ifdef WOLFSSL_SMALL_STACK 1779 mp_int* y = NULL; 1780 #ifndef WOLFSSL_SP_MATH 1781 mp_int* x = NULL; 1782 mp_int* z = NULL; 1783 #endif 1784 #else 1785 mp_int y[1]; 1786 #ifndef WOLFSSL_SP_MATH 1787 mp_int x[1]; 1788 mp_int z[1]; 1789 #endif 1790 #endif 1791 1792 #ifdef WOLFSSL_VALIDATE_FFC_IMPORT 1793 if (wc_DhCheckPrivKey(key, priv, privSz) != 0) { 1794 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed"); 1795 return DH_CHECK_PRIV_E; 1796 } 806 1797 807 1798 if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) { … … 809 1800 return DH_CHECK_PUB_E; 810 1801 } 1802 #endif 1803 1804 #ifdef WOLFSSL_SMALL_STACK 1805 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1806 if (y == NULL) 1807 return MEMORY_E; 1808 #ifndef WOLFSSL_SP_MATH 1809 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1810 if (x == NULL) { 1811 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1812 return MEMORY_E; 1813 } 1814 z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1815 if (z == NULL) { 1816 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1817 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1818 return MEMORY_E; 1819 } 1820 #endif 1821 #endif 811 1822 812 1823 #ifdef WOLFSSL_HAVE_SP_DH 813 1824 #ifndef WOLFSSL_SP_NO_2048 814 1825 if (mp_count_bits(&key->p) == 2048) { 815 if (mp_init( &y) != MP_OKAY)1826 if (mp_init(y) != MP_OKAY) 816 1827 return MP_INIT_E; 817 1828 818 if (ret == 0 && mp_read_unsigned_bin( &y, otherPub, pubSz) != MP_OKAY)1829 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) 819 1830 ret = MP_READ_E; 820 1831 821 1832 if (ret == 0) 822 ret = sp_DhExp_2048(&y, priv, privSz, &key->p, agree, agreeSz); 823 824 mp_clear(&y); 1833 ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz); 1834 1835 mp_clear(y); 1836 #ifdef WOLFSSL_SMALL_STACK 1837 #ifndef WOLFSSL_SP_MATH 1838 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1839 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1840 #endif 1841 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1842 #endif 825 1843 return ret; 826 1844 } … … 828 1846 #ifndef WOLFSSL_SP_NO_3072 829 1847 if (mp_count_bits(&key->p) == 3072) { 830 if (mp_init( &y) != MP_OKAY)1848 if (mp_init(y) != MP_OKAY) 831 1849 return MP_INIT_E; 832 1850 833 if (ret == 0 && mp_read_unsigned_bin( &y, otherPub, pubSz) != MP_OKAY)1851 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) 834 1852 ret = MP_READ_E; 835 1853 836 1854 if (ret == 0) 837 ret = sp_DhExp_3072(&y, priv, privSz, &key->p, agree, agreeSz); 838 839 mp_clear(&y); 1855 ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz); 1856 1857 mp_clear(y); 1858 #ifdef WOLFSSL_SMALL_STACK 1859 #ifndef WOLFSSL_SP_MATH 1860 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1861 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1862 #endif 1863 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1864 #endif 840 1865 return ret; 841 1866 } … … 843 1868 #endif 844 1869 845 if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY) 1870 #ifndef WOLFSSL_SP_MATH 1871 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) { 1872 #ifdef WOLFSSL_SMALL_STACK 1873 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1874 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1875 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1876 #endif 846 1877 return MP_INIT_E; 847 848 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY) 1878 } 1879 1880 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) 849 1881 ret = MP_READ_E; 850 1882 851 if (ret == 0 && mp_read_unsigned_bin( &y, otherPub, pubSz) != MP_OKAY)1883 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) 852 1884 ret = MP_READ_E; 853 1885 854 if (ret == 0 && mp_exptmod( &y, &x, &key->p, &z) != MP_OKAY)1886 if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY) 855 1887 ret = MP_EXPTMOD_E; 856 1888 857 if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY) 1889 /* make sure z is not one (SP800-56A, 5.7.1.1) */ 1890 if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ)) 1891 ret = MP_VAL; 1892 1893 if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY) 858 1894 ret = MP_TO_E; 859 1895 860 1896 if (ret == 0) 861 *agreeSz = mp_unsigned_bin_size(&z); 862 863 mp_clear(&z); 864 mp_clear(&y); 865 mp_forcezero(&x); 1897 *agreeSz = mp_unsigned_bin_size(z); 1898 1899 mp_clear(z); 1900 mp_clear(y); 1901 mp_forcezero(x); 1902 #endif 1903 1904 #ifdef WOLFSSL_SMALL_STACK 1905 #ifndef WOLFSSL_SP_MATH 1906 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1907 XFREE(x, key->heap, DYNAMIC_TYPE_DH); 1908 #endif 1909 XFREE(y, key->heap, DYNAMIC_TYPE_DH); 1910 #endif 866 1911 867 1912 return ret; … … 926 1971 927 1972 1973 static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, 1974 word32 gSz, const byte* q, word32 qSz, int trusted, 1975 WC_RNG* rng) 1976 { 1977 int ret = 0; 1978 mp_int* keyP = NULL; 1979 mp_int* keyG = NULL; 1980 mp_int* keyQ = NULL; 1981 1982 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) { 1983 ret = BAD_FUNC_ARG; 1984 } 1985 1986 if (ret == 0) { 1987 /* may have leading 0 */ 1988 if (p[0] == 0) { 1989 pSz--; p++; 1990 } 1991 1992 if (g[0] == 0) { 1993 gSz--; g++; 1994 } 1995 1996 if (q != NULL) { 1997 if (q[0] == 0) { 1998 qSz--; q++; 1999 } 2000 } 2001 2002 if (mp_init(&key->p) != MP_OKAY) 2003 ret = MP_INIT_E; 2004 } 2005 2006 if (ret == 0) { 2007 if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY) 2008 ret = ASN_DH_KEY_E; 2009 else 2010 keyP = &key->p; 2011 } 2012 2013 #ifndef WOLFSSL_SP_MATH 2014 if (ret == 0 && !trusted) { 2015 int isPrime = 0; 2016 if (rng != NULL) 2017 ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng); 2018 else 2019 ret = mp_prime_is_prime(keyP, 8, &isPrime); 2020 2021 if (ret == 0 && isPrime == 0) 2022 ret = DH_CHECK_PUB_E; 2023 } 2024 #else 2025 (void)trusted; 2026 (void)rng; 2027 #endif 2028 2029 if (ret == 0 && mp_init(&key->g) != MP_OKAY) 2030 ret = MP_INIT_E; 2031 if (ret == 0) { 2032 if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY) 2033 ret = ASN_DH_KEY_E; 2034 else 2035 keyG = &key->g; 2036 } 2037 2038 if (ret == 0 && q != NULL) { 2039 if (mp_init(&key->q) != MP_OKAY) 2040 ret = MP_INIT_E; 2041 } 2042 if (ret == 0 && q != NULL) { 2043 if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY) 2044 ret = MP_INIT_E; 2045 else 2046 keyQ = &key->q; 2047 } 2048 2049 if (ret != 0 && key != NULL) { 2050 if (keyQ) 2051 mp_clear(keyQ); 2052 if (keyG) 2053 mp_clear(keyG); 2054 if (keyP) 2055 mp_clear(keyP); 2056 } 2057 2058 return ret; 2059 } 2060 2061 2062 int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, 2063 word32 gSz, const byte* q, word32 qSz, int trusted, 2064 WC_RNG* rng) 2065 { 2066 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng); 2067 } 2068 2069 2070 int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, 2071 word32 gSz, const byte* q, word32 qSz) 2072 { 2073 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL); 2074 } 2075 2076 928 2077 /* not in asn anymore since no actual asn types used */ 929 2078 int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, 930 2079 word32 gSz) 931 2080 { 932 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) { 933 return BAD_FUNC_ARG; 934 } 935 936 /* may have leading 0 */ 937 if (p[0] == 0) { 938 pSz--; p++; 939 } 940 941 if (g[0] == 0) { 942 gSz--; g++; 943 } 944 945 if (mp_init(&key->p) != MP_OKAY) 946 return MP_INIT_E; 947 if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) { 948 mp_clear(&key->p); 949 return ASN_DH_KEY_E; 950 } 951 952 if (mp_init(&key->g) != MP_OKAY) { 953 mp_clear(&key->p); 954 return MP_INIT_E; 955 } 956 if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) { 957 mp_clear(&key->g); 958 mp_clear(&key->p); 959 return ASN_DH_KEY_E; 960 } 961 962 return 0; 963 } 2081 return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL); 2082 } 2083 2084 2085 #ifdef WOLFSSL_KEY_GEN 2086 2087 /* modulus_size in bits */ 2088 int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) 2089 { 2090 mp_int tmp, tmp2; 2091 int groupSz = 0, bufSz = 0, 2092 primeCheckCount = 0, 2093 primeCheck = MP_NO, 2094 ret = 0; 2095 unsigned char *buf = NULL; 2096 2097 if (rng == NULL || dh == NULL) 2098 ret = BAD_FUNC_ARG; 2099 2100 /* set group size in bytes from modulus size 2101 * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256) 2102 */ 2103 if (ret == 0) { 2104 switch (modSz) { 2105 case 1024: 2106 groupSz = 20; 2107 break; 2108 case 2048: 2109 case 3072: 2110 groupSz = 32; 2111 break; 2112 default: 2113 ret = BAD_FUNC_ARG; 2114 break; 2115 } 2116 } 2117 2118 if (ret == 0) { 2119 /* modulus size in bytes */ 2120 modSz /= WOLFSSL_BIT_SIZE; 2121 bufSz = modSz - groupSz; 2122 2123 /* allocate ram */ 2124 buf = (unsigned char *)XMALLOC(bufSz, 2125 dh->heap, DYNAMIC_TYPE_TMP_BUFFER); 2126 if (buf == NULL) 2127 ret = MEMORY_E; 2128 } 2129 2130 /* make a random string that will be multplied against q */ 2131 if (ret == 0) 2132 ret = wc_RNG_GenerateBlock(rng, buf, bufSz); 2133 2134 if (ret == 0) { 2135 /* force magnitude */ 2136 buf[0] |= 0xC0; 2137 /* force even */ 2138 buf[bufSz - 1] &= ~1; 2139 2140 if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0) 2141 != MP_OKAY) { 2142 ret = MP_INIT_E; 2143 } 2144 } 2145 2146 if (ret == 0) { 2147 if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY) 2148 ret = MP_READ_E; 2149 } 2150 2151 /* make our prime q */ 2152 if (ret == 0) { 2153 if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY) 2154 ret = PRIME_GEN_E; 2155 } 2156 2157 /* p = random * q */ 2158 if (ret == 0) { 2159 if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY) 2160 ret = MP_MUL_E; 2161 } 2162 2163 /* p = random * q + 1, so q is a prime divisor of p-1 */ 2164 if (ret == 0) { 2165 if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY) 2166 ret = MP_ADD_E; 2167 } 2168 2169 /* tmp = 2q */ 2170 if (ret == 0) { 2171 if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY) 2172 ret = MP_ADD_E; 2173 } 2174 2175 /* loop until p is prime */ 2176 if (ret == 0) { 2177 do { 2178 if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY) 2179 ret = PRIME_GEN_E; 2180 2181 if (primeCheck != MP_YES) { 2182 /* p += 2q */ 2183 if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY) 2184 ret = MP_ADD_E; 2185 else 2186 primeCheckCount++; 2187 } 2188 } while (ret == 0 && primeCheck == MP_NO); 2189 } 2190 2191 /* tmp2 += (2*loop_check_prime) 2192 * to have p = (q * tmp2) + 1 prime 2193 */ 2194 if (primeCheckCount) { 2195 if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY) 2196 ret = MP_ADD_E; 2197 } 2198 2199 /* find a value g for which g^tmp2 != 1 */ 2200 if (mp_set(&dh->g, 1) != MP_OKAY) 2201 ret = MP_ZERO_E; 2202 2203 if (ret == 0) { 2204 do { 2205 if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY) 2206 ret = MP_ADD_E; 2207 else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY) 2208 ret = MP_EXPTMOD_E; 2209 } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ); 2210 } 2211 2212 /* at this point tmp generates a group of order q mod p */ 2213 mp_exch(&tmp, &dh->g); 2214 2215 /* clear the parameters if there was an error */ 2216 if (ret != 0) { 2217 mp_clear(&dh->q); 2218 mp_clear(&dh->p); 2219 mp_clear(&dh->g); 2220 } 2221 2222 ForceZero(buf, bufSz); 2223 XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); 2224 mp_clear(&tmp); 2225 mp_clear(&tmp2); 2226 2227 return ret; 2228 } 2229 2230 2231 /* Export raw DH parameters from DhKey structure 2232 * 2233 * dh - pointer to initialized DhKey structure 2234 * p - output location for DH (p) parameter 2235 * pSz - [IN/OUT] size of output buffer for p, size of p 2236 * q - output location for DH (q) parameter 2237 * qSz - [IN/OUT] size of output buffer for q, size of q 2238 * g - output location for DH (g) parameter 2239 * gSz - [IN/OUT] size of output buffer for g, size of g 2240 * 2241 * If p, q, and g pointers are all passed in as NULL, the function 2242 * will set pSz, qSz, and gSz to the required output buffer sizes for p, 2243 * q, and g. In this case, the function will return LENGTH_ONLY_E. 2244 * 2245 * returns 0 on success, negative upon failure 2246 */ 2247 int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, 2248 byte* q, word32* qSz, byte* g, word32* gSz) 2249 { 2250 int ret = 0; 2251 word32 pLen = 0, qLen = 0, gLen = 0; 2252 2253 if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL) 2254 ret = BAD_FUNC_ARG; 2255 2256 /* get required output buffer sizes */ 2257 if (ret == 0) { 2258 pLen = mp_unsigned_bin_size(&dh->p); 2259 qLen = mp_unsigned_bin_size(&dh->q); 2260 gLen = mp_unsigned_bin_size(&dh->g); 2261 2262 /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */ 2263 if (p == NULL && q == NULL && g == NULL) { 2264 *pSz = pLen; 2265 *qSz = qLen; 2266 *gSz = gLen; 2267 ret = LENGTH_ONLY_E; 2268 } 2269 } 2270 2271 if (ret == 0) { 2272 if (p == NULL || q == NULL || g == NULL) 2273 ret = BAD_FUNC_ARG; 2274 } 2275 2276 /* export p */ 2277 if (ret == 0) { 2278 if (*pSz < pLen) { 2279 WOLFSSL_MSG("Output buffer for DH p parameter too small, " 2280 "required size placed into pSz"); 2281 *pSz = pLen; 2282 ret = BUFFER_E; 2283 } 2284 } 2285 2286 if (ret == 0) { 2287 *pSz = pLen; 2288 if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY) 2289 ret = MP_TO_E; 2290 } 2291 2292 /* export q */ 2293 if (ret == 0) { 2294 if (*qSz < qLen) { 2295 WOLFSSL_MSG("Output buffer for DH q parameter too small, " 2296 "required size placed into qSz"); 2297 *qSz = qLen; 2298 ret = BUFFER_E; 2299 } 2300 } 2301 2302 if (ret == 0) { 2303 *qSz = qLen; 2304 if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY) 2305 ret = MP_TO_E; 2306 } 2307 2308 /* export g */ 2309 if (ret == 0) { 2310 if (*gSz < gLen) { 2311 WOLFSSL_MSG("Output buffer for DH g parameter too small, " 2312 "required size placed into gSz"); 2313 *gSz = gLen; 2314 ret = BUFFER_E; 2315 } 2316 } 2317 2318 if (ret == 0) { 2319 *gSz = gLen; 2320 if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY) 2321 ret = MP_TO_E; 2322 } 2323 2324 return ret; 2325 } 2326 2327 #endif /* WOLFSSL_KEY_GEN */ 964 2328 965 2329 #endif /* NO_DH */
Note:
See TracChangeset
for help on using the changeset viewer.