wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/dh.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* dh.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 28
wolfSSL 15:117db924cf7c 29 #ifndef NO_DH
wolfSSL 15:117db924cf7c 30
wolfSSL 15:117db924cf7c 31 #if defined(HAVE_FIPS) && \
wolfSSL 16:8e0d178b1d1e 32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
wolfSSL 15:117db924cf7c 33
wolfSSL 15:117db924cf7c 34 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
wolfSSL 15:117db924cf7c 35 #define FIPS_NO_WRAPPERS
wolfSSL 15:117db924cf7c 36
wolfSSL 15:117db924cf7c 37 #ifdef USE_WINDOWS_API
wolfSSL 15:117db924cf7c 38 #pragma code_seg(".fipsA$m")
wolfSSL 15:117db924cf7c 39 #pragma const_seg(".fipsB$m")
wolfSSL 15:117db924cf7c 40 #endif
wolfSSL 15:117db924cf7c 41 #endif
wolfSSL 15:117db924cf7c 42
wolfSSL 15:117db924cf7c 43 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 15:117db924cf7c 44 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 15:117db924cf7c 45 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 15:117db924cf7c 46
wolfSSL 15:117db924cf7c 47 #ifdef WOLFSSL_HAVE_SP_DH
wolfSSL 15:117db924cf7c 48 #include <wolfssl/wolfcrypt/sp.h>
wolfSSL 15:117db924cf7c 49 #endif
wolfSSL 15:117db924cf7c 50
wolfSSL 15:117db924cf7c 51 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 52 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 53 #else
wolfSSL 15:117db924cf7c 54 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 55 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 56 #endif
wolfSSL 15:117db924cf7c 57
wolfSSL 15:117db924cf7c 58
wolfSSL 16:8e0d178b1d1e 59 /*
wolfSSL 16:8e0d178b1d1e 60 Possible DH enable options:
wolfSSL 16:8e0d178b1d1e 61 * NO_RSA: Overall control of DH default: on (not defined)
wolfSSL 16:8e0d178b1d1e 62 * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not
wolfSSL 16:8e0d178b1d1e 63 directly effect this file, but it does speed up DH
wolfSSL 16:8e0d178b1d1e 64 removing the testing. It is not recommended to
wolfSSL 16:8e0d178b1d1e 65 disable the prime checking. default: off
wolfSSL 16:8e0d178b1d1e 66
wolfSSL 16:8e0d178b1d1e 67 */
wolfSSL 16:8e0d178b1d1e 68
wolfSSL 16:8e0d178b1d1e 69
wolfSSL 15:117db924cf7c 70 #if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
wolfSSL 15:117db924cf7c 71 #include <math.h>
wolfSSL 15:117db924cf7c 72 #define XPOW(x,y) pow((x),(y))
wolfSSL 15:117db924cf7c 73 #define XLOG(x) log((x))
wolfSSL 15:117db924cf7c 74 #else
wolfSSL 15:117db924cf7c 75 /* user's own math lib */
wolfSSL 15:117db924cf7c 76 #endif
wolfSSL 15:117db924cf7c 77
wolfSSL 15:117db924cf7c 78 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 79 static const byte dh_ffdhe2048_p[] = {
wolfSSL 15:117db924cf7c 80 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 81 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
wolfSSL 15:117db924cf7c 82 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
wolfSSL 15:117db924cf7c 83 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
wolfSSL 15:117db924cf7c 84 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
wolfSSL 15:117db924cf7c 85 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
wolfSSL 15:117db924cf7c 86 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
wolfSSL 15:117db924cf7c 87 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
wolfSSL 15:117db924cf7c 88 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
wolfSSL 15:117db924cf7c 89 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
wolfSSL 15:117db924cf7c 90 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
wolfSSL 15:117db924cf7c 91 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
wolfSSL 15:117db924cf7c 92 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
wolfSSL 15:117db924cf7c 93 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
wolfSSL 15:117db924cf7c 94 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
wolfSSL 15:117db924cf7c 95 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
wolfSSL 15:117db924cf7c 96 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
wolfSSL 15:117db924cf7c 97 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
wolfSSL 15:117db924cf7c 98 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
wolfSSL 15:117db924cf7c 99 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
wolfSSL 15:117db924cf7c 100 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
wolfSSL 15:117db924cf7c 101 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
wolfSSL 15:117db924cf7c 102 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
wolfSSL 15:117db924cf7c 103 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
wolfSSL 15:117db924cf7c 104 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
wolfSSL 15:117db924cf7c 105 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
wolfSSL 15:117db924cf7c 106 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
wolfSSL 15:117db924cf7c 107 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
wolfSSL 15:117db924cf7c 108 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
wolfSSL 15:117db924cf7c 109 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
wolfSSL 15:117db924cf7c 110 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
wolfSSL 15:117db924cf7c 111 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 112 };
wolfSSL 15:117db924cf7c 113 static const byte dh_ffdhe2048_g[] = { 0x02 };
wolfSSL 15:117db924cf7c 114 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 115 static const byte dh_ffdhe2048_q[] = {
wolfSSL 15:117db924cf7c 116 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 117 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
wolfSSL 15:117db924cf7c 118 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
wolfSSL 15:117db924cf7c 119 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
wolfSSL 15:117db924cf7c 120 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
wolfSSL 15:117db924cf7c 121 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
wolfSSL 15:117db924cf7c 122 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
wolfSSL 15:117db924cf7c 123 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
wolfSSL 15:117db924cf7c 124 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
wolfSSL 15:117db924cf7c 125 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
wolfSSL 15:117db924cf7c 126 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
wolfSSL 15:117db924cf7c 127 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
wolfSSL 15:117db924cf7c 128 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
wolfSSL 15:117db924cf7c 129 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
wolfSSL 15:117db924cf7c 130 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
wolfSSL 15:117db924cf7c 131 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
wolfSSL 15:117db924cf7c 132 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
wolfSSL 15:117db924cf7c 133 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
wolfSSL 15:117db924cf7c 134 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
wolfSSL 15:117db924cf7c 135 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
wolfSSL 15:117db924cf7c 136 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
wolfSSL 15:117db924cf7c 137 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
wolfSSL 15:117db924cf7c 138 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
wolfSSL 15:117db924cf7c 139 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
wolfSSL 15:117db924cf7c 140 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
wolfSSL 15:117db924cf7c 141 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
wolfSSL 15:117db924cf7c 142 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
wolfSSL 15:117db924cf7c 143 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
wolfSSL 15:117db924cf7c 144 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
wolfSSL 15:117db924cf7c 145 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
wolfSSL 15:117db924cf7c 146 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
wolfSSL 15:117db924cf7c 147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 148 };
wolfSSL 15:117db924cf7c 149 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 150
wolfSSL 15:117db924cf7c 151 const DhParams* wc_Dh_ffdhe2048_Get(void)
wolfSSL 15:117db924cf7c 152 {
wolfSSL 15:117db924cf7c 153 static const DhParams ffdhe2048 = {
wolfSSL 15:117db924cf7c 154 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 155 dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
wolfSSL 15:117db924cf7c 156 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 157 dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
wolfSSL 15:117db924cf7c 158 dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
wolfSSL 15:117db924cf7c 159 };
wolfSSL 15:117db924cf7c 160 return &ffdhe2048;
wolfSSL 15:117db924cf7c 161 }
wolfSSL 15:117db924cf7c 162 #endif
wolfSSL 15:117db924cf7c 163
wolfSSL 15:117db924cf7c 164 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 165 static const byte dh_ffdhe3072_p[] = {
wolfSSL 15:117db924cf7c 166 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 167 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
wolfSSL 15:117db924cf7c 168 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
wolfSSL 15:117db924cf7c 169 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
wolfSSL 15:117db924cf7c 170 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
wolfSSL 15:117db924cf7c 171 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
wolfSSL 15:117db924cf7c 172 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
wolfSSL 15:117db924cf7c 173 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
wolfSSL 15:117db924cf7c 174 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
wolfSSL 15:117db924cf7c 175 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
wolfSSL 15:117db924cf7c 176 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
wolfSSL 15:117db924cf7c 177 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
wolfSSL 15:117db924cf7c 178 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
wolfSSL 15:117db924cf7c 179 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
wolfSSL 15:117db924cf7c 180 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
wolfSSL 15:117db924cf7c 181 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
wolfSSL 15:117db924cf7c 182 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
wolfSSL 15:117db924cf7c 183 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
wolfSSL 15:117db924cf7c 184 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
wolfSSL 15:117db924cf7c 185 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
wolfSSL 15:117db924cf7c 186 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
wolfSSL 15:117db924cf7c 187 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
wolfSSL 15:117db924cf7c 188 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
wolfSSL 15:117db924cf7c 189 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
wolfSSL 15:117db924cf7c 190 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
wolfSSL 15:117db924cf7c 191 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
wolfSSL 15:117db924cf7c 192 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
wolfSSL 15:117db924cf7c 193 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
wolfSSL 15:117db924cf7c 194 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
wolfSSL 15:117db924cf7c 195 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
wolfSSL 15:117db924cf7c 196 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
wolfSSL 15:117db924cf7c 197 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
wolfSSL 15:117db924cf7c 198 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
wolfSSL 15:117db924cf7c 199 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
wolfSSL 15:117db924cf7c 200 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
wolfSSL 15:117db924cf7c 201 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
wolfSSL 15:117db924cf7c 202 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
wolfSSL 15:117db924cf7c 203 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
wolfSSL 15:117db924cf7c 204 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
wolfSSL 15:117db924cf7c 205 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
wolfSSL 15:117db924cf7c 206 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
wolfSSL 15:117db924cf7c 207 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
wolfSSL 15:117db924cf7c 208 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
wolfSSL 15:117db924cf7c 209 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
wolfSSL 15:117db924cf7c 210 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
wolfSSL 15:117db924cf7c 211 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
wolfSSL 15:117db924cf7c 212 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
wolfSSL 15:117db924cf7c 213 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 214 };
wolfSSL 15:117db924cf7c 215 static const byte dh_ffdhe3072_g[] = { 0x02 };
wolfSSL 15:117db924cf7c 216 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 217 static const byte dh_ffdhe3072_q[] = {
wolfSSL 15:117db924cf7c 218 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 219 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
wolfSSL 15:117db924cf7c 220 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
wolfSSL 15:117db924cf7c 221 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
wolfSSL 15:117db924cf7c 222 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
wolfSSL 15:117db924cf7c 223 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
wolfSSL 15:117db924cf7c 224 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
wolfSSL 15:117db924cf7c 225 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
wolfSSL 15:117db924cf7c 226 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
wolfSSL 15:117db924cf7c 227 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
wolfSSL 15:117db924cf7c 228 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
wolfSSL 15:117db924cf7c 229 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
wolfSSL 15:117db924cf7c 230 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
wolfSSL 15:117db924cf7c 231 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
wolfSSL 15:117db924cf7c 232 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
wolfSSL 15:117db924cf7c 233 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
wolfSSL 15:117db924cf7c 234 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
wolfSSL 15:117db924cf7c 235 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
wolfSSL 15:117db924cf7c 236 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
wolfSSL 15:117db924cf7c 237 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
wolfSSL 15:117db924cf7c 238 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
wolfSSL 15:117db924cf7c 239 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
wolfSSL 15:117db924cf7c 240 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
wolfSSL 15:117db924cf7c 241 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
wolfSSL 15:117db924cf7c 242 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
wolfSSL 15:117db924cf7c 243 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
wolfSSL 15:117db924cf7c 244 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
wolfSSL 15:117db924cf7c 245 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
wolfSSL 15:117db924cf7c 246 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
wolfSSL 15:117db924cf7c 247 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
wolfSSL 15:117db924cf7c 248 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
wolfSSL 15:117db924cf7c 249 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
wolfSSL 15:117db924cf7c 250 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
wolfSSL 15:117db924cf7c 251 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
wolfSSL 15:117db924cf7c 252 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
wolfSSL 15:117db924cf7c 253 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
wolfSSL 15:117db924cf7c 254 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
wolfSSL 15:117db924cf7c 255 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
wolfSSL 15:117db924cf7c 256 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
wolfSSL 15:117db924cf7c 257 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
wolfSSL 15:117db924cf7c 258 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
wolfSSL 15:117db924cf7c 259 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
wolfSSL 15:117db924cf7c 260 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
wolfSSL 15:117db924cf7c 261 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
wolfSSL 15:117db924cf7c 262 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
wolfSSL 15:117db924cf7c 263 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
wolfSSL 15:117db924cf7c 264 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
wolfSSL 15:117db924cf7c 265 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 266 };
wolfSSL 15:117db924cf7c 267 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 268
wolfSSL 15:117db924cf7c 269 const DhParams* wc_Dh_ffdhe3072_Get(void)
wolfSSL 15:117db924cf7c 270 {
wolfSSL 15:117db924cf7c 271 static const DhParams ffdhe3072 = {
wolfSSL 15:117db924cf7c 272 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 273 dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
wolfSSL 15:117db924cf7c 274 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 275 dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
wolfSSL 15:117db924cf7c 276 dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
wolfSSL 15:117db924cf7c 277 };
wolfSSL 15:117db924cf7c 278 return &ffdhe3072;
wolfSSL 15:117db924cf7c 279 }
wolfSSL 15:117db924cf7c 280 #endif
wolfSSL 15:117db924cf7c 281
wolfSSL 15:117db924cf7c 282 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 283 static const byte dh_ffdhe4096_p[] = {
wolfSSL 15:117db924cf7c 284 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 285 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
wolfSSL 15:117db924cf7c 286 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
wolfSSL 15:117db924cf7c 287 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
wolfSSL 15:117db924cf7c 288 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
wolfSSL 15:117db924cf7c 289 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
wolfSSL 15:117db924cf7c 290 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
wolfSSL 15:117db924cf7c 291 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
wolfSSL 15:117db924cf7c 292 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
wolfSSL 15:117db924cf7c 293 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
wolfSSL 15:117db924cf7c 294 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
wolfSSL 15:117db924cf7c 295 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
wolfSSL 15:117db924cf7c 296 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
wolfSSL 15:117db924cf7c 297 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
wolfSSL 15:117db924cf7c 298 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
wolfSSL 15:117db924cf7c 299 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
wolfSSL 15:117db924cf7c 300 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
wolfSSL 15:117db924cf7c 301 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
wolfSSL 15:117db924cf7c 302 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
wolfSSL 15:117db924cf7c 303 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
wolfSSL 15:117db924cf7c 304 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
wolfSSL 15:117db924cf7c 305 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
wolfSSL 15:117db924cf7c 306 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
wolfSSL 15:117db924cf7c 307 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
wolfSSL 15:117db924cf7c 308 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
wolfSSL 15:117db924cf7c 309 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
wolfSSL 15:117db924cf7c 310 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
wolfSSL 15:117db924cf7c 311 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
wolfSSL 15:117db924cf7c 312 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
wolfSSL 15:117db924cf7c 313 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
wolfSSL 15:117db924cf7c 314 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
wolfSSL 15:117db924cf7c 315 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
wolfSSL 15:117db924cf7c 316 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
wolfSSL 15:117db924cf7c 317 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
wolfSSL 15:117db924cf7c 318 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
wolfSSL 15:117db924cf7c 319 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
wolfSSL 15:117db924cf7c 320 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
wolfSSL 15:117db924cf7c 321 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
wolfSSL 15:117db924cf7c 322 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
wolfSSL 15:117db924cf7c 323 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
wolfSSL 15:117db924cf7c 324 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
wolfSSL 15:117db924cf7c 325 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
wolfSSL 15:117db924cf7c 326 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
wolfSSL 15:117db924cf7c 327 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
wolfSSL 15:117db924cf7c 328 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
wolfSSL 15:117db924cf7c 329 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
wolfSSL 15:117db924cf7c 330 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
wolfSSL 15:117db924cf7c 331 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
wolfSSL 15:117db924cf7c 332 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
wolfSSL 15:117db924cf7c 333 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
wolfSSL 15:117db924cf7c 334 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
wolfSSL 15:117db924cf7c 335 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
wolfSSL 15:117db924cf7c 336 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
wolfSSL 15:117db924cf7c 337 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
wolfSSL 15:117db924cf7c 338 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
wolfSSL 15:117db924cf7c 339 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
wolfSSL 15:117db924cf7c 340 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
wolfSSL 15:117db924cf7c 341 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
wolfSSL 15:117db924cf7c 342 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
wolfSSL 15:117db924cf7c 343 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
wolfSSL 15:117db924cf7c 344 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
wolfSSL 15:117db924cf7c 345 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
wolfSSL 15:117db924cf7c 346 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
wolfSSL 15:117db924cf7c 347 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 348 };
wolfSSL 15:117db924cf7c 349 static const byte dh_ffdhe4096_g[] = { 0x02 };
wolfSSL 15:117db924cf7c 350 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 351 static const byte dh_ffdhe4096_q[] = {
wolfSSL 15:117db924cf7c 352 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 353 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
wolfSSL 15:117db924cf7c 354 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
wolfSSL 15:117db924cf7c 355 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
wolfSSL 15:117db924cf7c 356 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
wolfSSL 15:117db924cf7c 357 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
wolfSSL 15:117db924cf7c 358 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
wolfSSL 15:117db924cf7c 359 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
wolfSSL 15:117db924cf7c 360 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
wolfSSL 15:117db924cf7c 361 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
wolfSSL 15:117db924cf7c 362 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
wolfSSL 15:117db924cf7c 363 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
wolfSSL 15:117db924cf7c 364 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
wolfSSL 15:117db924cf7c 365 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
wolfSSL 15:117db924cf7c 366 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
wolfSSL 15:117db924cf7c 367 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
wolfSSL 15:117db924cf7c 368 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
wolfSSL 15:117db924cf7c 369 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
wolfSSL 15:117db924cf7c 370 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
wolfSSL 15:117db924cf7c 371 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
wolfSSL 15:117db924cf7c 372 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
wolfSSL 15:117db924cf7c 373 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
wolfSSL 15:117db924cf7c 374 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
wolfSSL 15:117db924cf7c 375 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
wolfSSL 15:117db924cf7c 376 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
wolfSSL 15:117db924cf7c 377 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
wolfSSL 15:117db924cf7c 378 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
wolfSSL 15:117db924cf7c 379 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
wolfSSL 15:117db924cf7c 380 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
wolfSSL 15:117db924cf7c 381 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
wolfSSL 15:117db924cf7c 382 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
wolfSSL 15:117db924cf7c 383 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
wolfSSL 15:117db924cf7c 384 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
wolfSSL 15:117db924cf7c 385 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
wolfSSL 15:117db924cf7c 386 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
wolfSSL 15:117db924cf7c 387 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
wolfSSL 15:117db924cf7c 388 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
wolfSSL 15:117db924cf7c 389 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
wolfSSL 15:117db924cf7c 390 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
wolfSSL 15:117db924cf7c 391 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
wolfSSL 15:117db924cf7c 392 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
wolfSSL 15:117db924cf7c 393 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
wolfSSL 15:117db924cf7c 394 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
wolfSSL 15:117db924cf7c 395 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
wolfSSL 15:117db924cf7c 396 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
wolfSSL 15:117db924cf7c 397 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
wolfSSL 15:117db924cf7c 398 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
wolfSSL 15:117db924cf7c 399 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
wolfSSL 15:117db924cf7c 400 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
wolfSSL 15:117db924cf7c 401 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
wolfSSL 15:117db924cf7c 402 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
wolfSSL 15:117db924cf7c 403 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
wolfSSL 15:117db924cf7c 404 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
wolfSSL 15:117db924cf7c 405 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
wolfSSL 15:117db924cf7c 406 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
wolfSSL 15:117db924cf7c 407 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
wolfSSL 15:117db924cf7c 408 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
wolfSSL 15:117db924cf7c 409 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
wolfSSL 15:117db924cf7c 410 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
wolfSSL 15:117db924cf7c 411 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
wolfSSL 15:117db924cf7c 412 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
wolfSSL 15:117db924cf7c 413 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
wolfSSL 15:117db924cf7c 414 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
wolfSSL 15:117db924cf7c 415 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 416 };
wolfSSL 15:117db924cf7c 417 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 418
wolfSSL 15:117db924cf7c 419 const DhParams* wc_Dh_ffdhe4096_Get(void)
wolfSSL 15:117db924cf7c 420 {
wolfSSL 15:117db924cf7c 421 static const DhParams ffdhe4096 = {
wolfSSL 15:117db924cf7c 422 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 423 dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
wolfSSL 15:117db924cf7c 424 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 425 dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
wolfSSL 15:117db924cf7c 426 dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
wolfSSL 15:117db924cf7c 427 };
wolfSSL 15:117db924cf7c 428 return &ffdhe4096;
wolfSSL 15:117db924cf7c 429 }
wolfSSL 15:117db924cf7c 430 #endif
wolfSSL 15:117db924cf7c 431
wolfSSL 15:117db924cf7c 432 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 433 static const byte dh_ffdhe6144_p[] = {
wolfSSL 15:117db924cf7c 434 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 435 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
wolfSSL 15:117db924cf7c 436 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
wolfSSL 15:117db924cf7c 437 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
wolfSSL 15:117db924cf7c 438 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
wolfSSL 15:117db924cf7c 439 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
wolfSSL 15:117db924cf7c 440 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
wolfSSL 15:117db924cf7c 441 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
wolfSSL 15:117db924cf7c 442 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
wolfSSL 15:117db924cf7c 443 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
wolfSSL 15:117db924cf7c 444 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
wolfSSL 15:117db924cf7c 445 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
wolfSSL 15:117db924cf7c 446 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
wolfSSL 15:117db924cf7c 447 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
wolfSSL 15:117db924cf7c 448 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
wolfSSL 15:117db924cf7c 449 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
wolfSSL 15:117db924cf7c 450 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
wolfSSL 15:117db924cf7c 451 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
wolfSSL 15:117db924cf7c 452 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
wolfSSL 15:117db924cf7c 453 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
wolfSSL 15:117db924cf7c 454 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
wolfSSL 15:117db924cf7c 455 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
wolfSSL 15:117db924cf7c 456 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
wolfSSL 15:117db924cf7c 457 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
wolfSSL 15:117db924cf7c 458 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
wolfSSL 15:117db924cf7c 459 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
wolfSSL 15:117db924cf7c 460 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
wolfSSL 15:117db924cf7c 461 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
wolfSSL 15:117db924cf7c 462 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
wolfSSL 15:117db924cf7c 463 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
wolfSSL 15:117db924cf7c 464 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
wolfSSL 15:117db924cf7c 465 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
wolfSSL 15:117db924cf7c 466 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
wolfSSL 15:117db924cf7c 467 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
wolfSSL 15:117db924cf7c 468 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
wolfSSL 15:117db924cf7c 469 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
wolfSSL 15:117db924cf7c 470 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
wolfSSL 15:117db924cf7c 471 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
wolfSSL 15:117db924cf7c 472 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
wolfSSL 15:117db924cf7c 473 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
wolfSSL 15:117db924cf7c 474 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
wolfSSL 15:117db924cf7c 475 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
wolfSSL 15:117db924cf7c 476 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
wolfSSL 15:117db924cf7c 477 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
wolfSSL 15:117db924cf7c 478 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
wolfSSL 15:117db924cf7c 479 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
wolfSSL 15:117db924cf7c 480 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
wolfSSL 15:117db924cf7c 481 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
wolfSSL 15:117db924cf7c 482 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
wolfSSL 15:117db924cf7c 483 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
wolfSSL 15:117db924cf7c 484 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
wolfSSL 15:117db924cf7c 485 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
wolfSSL 15:117db924cf7c 486 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
wolfSSL 15:117db924cf7c 487 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
wolfSSL 15:117db924cf7c 488 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
wolfSSL 15:117db924cf7c 489 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
wolfSSL 15:117db924cf7c 490 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
wolfSSL 15:117db924cf7c 491 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
wolfSSL 15:117db924cf7c 492 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
wolfSSL 15:117db924cf7c 493 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
wolfSSL 15:117db924cf7c 494 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
wolfSSL 15:117db924cf7c 495 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
wolfSSL 15:117db924cf7c 496 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
wolfSSL 15:117db924cf7c 497 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
wolfSSL 15:117db924cf7c 498 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
wolfSSL 15:117db924cf7c 499 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
wolfSSL 15:117db924cf7c 500 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
wolfSSL 15:117db924cf7c 501 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
wolfSSL 15:117db924cf7c 502 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
wolfSSL 15:117db924cf7c 503 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
wolfSSL 15:117db924cf7c 504 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
wolfSSL 15:117db924cf7c 505 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
wolfSSL 15:117db924cf7c 506 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
wolfSSL 15:117db924cf7c 507 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
wolfSSL 15:117db924cf7c 508 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
wolfSSL 15:117db924cf7c 509 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
wolfSSL 15:117db924cf7c 510 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
wolfSSL 15:117db924cf7c 511 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
wolfSSL 15:117db924cf7c 512 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
wolfSSL 15:117db924cf7c 513 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
wolfSSL 15:117db924cf7c 514 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
wolfSSL 15:117db924cf7c 515 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
wolfSSL 15:117db924cf7c 516 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
wolfSSL 15:117db924cf7c 517 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
wolfSSL 15:117db924cf7c 518 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
wolfSSL 15:117db924cf7c 519 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
wolfSSL 15:117db924cf7c 520 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
wolfSSL 15:117db924cf7c 521 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
wolfSSL 15:117db924cf7c 522 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
wolfSSL 15:117db924cf7c 523 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
wolfSSL 15:117db924cf7c 524 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
wolfSSL 15:117db924cf7c 525 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
wolfSSL 15:117db924cf7c 526 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
wolfSSL 15:117db924cf7c 527 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
wolfSSL 15:117db924cf7c 528 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
wolfSSL 15:117db924cf7c 529 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 530 };
wolfSSL 15:117db924cf7c 531 static const byte dh_ffdhe6144_g[] = { 0x02 };
wolfSSL 15:117db924cf7c 532 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 533 static const byte dh_ffdhe6144_q[] = {
wolfSSL 15:117db924cf7c 534 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 535 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
wolfSSL 15:117db924cf7c 536 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
wolfSSL 15:117db924cf7c 537 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
wolfSSL 15:117db924cf7c 538 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
wolfSSL 15:117db924cf7c 539 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
wolfSSL 15:117db924cf7c 540 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
wolfSSL 15:117db924cf7c 541 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
wolfSSL 15:117db924cf7c 542 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
wolfSSL 15:117db924cf7c 543 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
wolfSSL 15:117db924cf7c 544 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
wolfSSL 15:117db924cf7c 545 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
wolfSSL 15:117db924cf7c 546 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
wolfSSL 15:117db924cf7c 547 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
wolfSSL 15:117db924cf7c 548 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
wolfSSL 15:117db924cf7c 549 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
wolfSSL 15:117db924cf7c 550 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
wolfSSL 15:117db924cf7c 551 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
wolfSSL 15:117db924cf7c 552 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
wolfSSL 15:117db924cf7c 553 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
wolfSSL 15:117db924cf7c 554 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
wolfSSL 15:117db924cf7c 555 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
wolfSSL 15:117db924cf7c 556 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
wolfSSL 15:117db924cf7c 557 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
wolfSSL 15:117db924cf7c 558 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
wolfSSL 15:117db924cf7c 559 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
wolfSSL 15:117db924cf7c 560 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
wolfSSL 15:117db924cf7c 561 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
wolfSSL 15:117db924cf7c 562 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
wolfSSL 15:117db924cf7c 563 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
wolfSSL 15:117db924cf7c 564 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
wolfSSL 15:117db924cf7c 565 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
wolfSSL 15:117db924cf7c 566 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
wolfSSL 15:117db924cf7c 567 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
wolfSSL 15:117db924cf7c 568 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
wolfSSL 15:117db924cf7c 569 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
wolfSSL 15:117db924cf7c 570 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
wolfSSL 15:117db924cf7c 571 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
wolfSSL 15:117db924cf7c 572 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
wolfSSL 15:117db924cf7c 573 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
wolfSSL 15:117db924cf7c 574 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
wolfSSL 15:117db924cf7c 575 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
wolfSSL 15:117db924cf7c 576 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
wolfSSL 15:117db924cf7c 577 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
wolfSSL 15:117db924cf7c 578 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
wolfSSL 15:117db924cf7c 579 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
wolfSSL 15:117db924cf7c 580 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
wolfSSL 15:117db924cf7c 581 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
wolfSSL 15:117db924cf7c 582 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
wolfSSL 15:117db924cf7c 583 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
wolfSSL 15:117db924cf7c 584 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
wolfSSL 15:117db924cf7c 585 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
wolfSSL 15:117db924cf7c 586 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
wolfSSL 15:117db924cf7c 587 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
wolfSSL 15:117db924cf7c 588 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
wolfSSL 15:117db924cf7c 589 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
wolfSSL 15:117db924cf7c 590 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
wolfSSL 15:117db924cf7c 591 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
wolfSSL 15:117db924cf7c 592 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
wolfSSL 15:117db924cf7c 593 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
wolfSSL 15:117db924cf7c 594 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
wolfSSL 15:117db924cf7c 595 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
wolfSSL 15:117db924cf7c 596 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
wolfSSL 15:117db924cf7c 597 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
wolfSSL 15:117db924cf7c 598 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
wolfSSL 15:117db924cf7c 599 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
wolfSSL 15:117db924cf7c 600 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
wolfSSL 15:117db924cf7c 601 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
wolfSSL 15:117db924cf7c 602 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
wolfSSL 15:117db924cf7c 603 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
wolfSSL 15:117db924cf7c 604 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
wolfSSL 15:117db924cf7c 605 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
wolfSSL 15:117db924cf7c 606 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
wolfSSL 15:117db924cf7c 607 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
wolfSSL 15:117db924cf7c 608 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
wolfSSL 15:117db924cf7c 609 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
wolfSSL 15:117db924cf7c 610 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
wolfSSL 15:117db924cf7c 611 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
wolfSSL 15:117db924cf7c 612 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
wolfSSL 15:117db924cf7c 613 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
wolfSSL 15:117db924cf7c 614 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
wolfSSL 15:117db924cf7c 615 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
wolfSSL 15:117db924cf7c 616 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
wolfSSL 15:117db924cf7c 617 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
wolfSSL 15:117db924cf7c 618 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
wolfSSL 15:117db924cf7c 619 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
wolfSSL 15:117db924cf7c 620 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
wolfSSL 15:117db924cf7c 621 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
wolfSSL 15:117db924cf7c 622 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
wolfSSL 15:117db924cf7c 623 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
wolfSSL 15:117db924cf7c 624 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
wolfSSL 15:117db924cf7c 625 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
wolfSSL 15:117db924cf7c 626 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
wolfSSL 15:117db924cf7c 627 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
wolfSSL 15:117db924cf7c 628 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
wolfSSL 15:117db924cf7c 629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 630 };
wolfSSL 15:117db924cf7c 631 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 632
wolfSSL 15:117db924cf7c 633 const DhParams* wc_Dh_ffdhe6144_Get(void)
wolfSSL 15:117db924cf7c 634 {
wolfSSL 15:117db924cf7c 635 static const DhParams ffdhe6144 = {
wolfSSL 15:117db924cf7c 636 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 637 dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
wolfSSL 15:117db924cf7c 638 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 639 dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
wolfSSL 15:117db924cf7c 640 dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
wolfSSL 15:117db924cf7c 641 };
wolfSSL 15:117db924cf7c 642 return &ffdhe6144;
wolfSSL 15:117db924cf7c 643 }
wolfSSL 15:117db924cf7c 644 #endif
wolfSSL 15:117db924cf7c 645
wolfSSL 15:117db924cf7c 646 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 647 static const byte dh_ffdhe8192_p[] = {
wolfSSL 15:117db924cf7c 648 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 649 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
wolfSSL 15:117db924cf7c 650 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
wolfSSL 15:117db924cf7c 651 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
wolfSSL 15:117db924cf7c 652 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
wolfSSL 15:117db924cf7c 653 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
wolfSSL 15:117db924cf7c 654 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
wolfSSL 15:117db924cf7c 655 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
wolfSSL 15:117db924cf7c 656 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
wolfSSL 15:117db924cf7c 657 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
wolfSSL 15:117db924cf7c 658 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
wolfSSL 15:117db924cf7c 659 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
wolfSSL 15:117db924cf7c 660 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
wolfSSL 15:117db924cf7c 661 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
wolfSSL 15:117db924cf7c 662 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
wolfSSL 15:117db924cf7c 663 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
wolfSSL 15:117db924cf7c 664 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
wolfSSL 15:117db924cf7c 665 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
wolfSSL 15:117db924cf7c 666 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
wolfSSL 15:117db924cf7c 667 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
wolfSSL 15:117db924cf7c 668 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
wolfSSL 15:117db924cf7c 669 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
wolfSSL 15:117db924cf7c 670 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
wolfSSL 15:117db924cf7c 671 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
wolfSSL 15:117db924cf7c 672 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
wolfSSL 15:117db924cf7c 673 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
wolfSSL 15:117db924cf7c 674 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
wolfSSL 15:117db924cf7c 675 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
wolfSSL 15:117db924cf7c 676 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
wolfSSL 15:117db924cf7c 677 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
wolfSSL 15:117db924cf7c 678 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
wolfSSL 15:117db924cf7c 679 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
wolfSSL 15:117db924cf7c 680 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
wolfSSL 15:117db924cf7c 681 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
wolfSSL 15:117db924cf7c 682 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
wolfSSL 15:117db924cf7c 683 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
wolfSSL 15:117db924cf7c 684 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
wolfSSL 15:117db924cf7c 685 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
wolfSSL 15:117db924cf7c 686 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
wolfSSL 15:117db924cf7c 687 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
wolfSSL 15:117db924cf7c 688 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
wolfSSL 15:117db924cf7c 689 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
wolfSSL 15:117db924cf7c 690 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
wolfSSL 15:117db924cf7c 691 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
wolfSSL 15:117db924cf7c 692 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
wolfSSL 15:117db924cf7c 693 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
wolfSSL 15:117db924cf7c 694 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
wolfSSL 15:117db924cf7c 695 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
wolfSSL 15:117db924cf7c 696 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
wolfSSL 15:117db924cf7c 697 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
wolfSSL 15:117db924cf7c 698 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
wolfSSL 15:117db924cf7c 699 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
wolfSSL 15:117db924cf7c 700 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
wolfSSL 15:117db924cf7c 701 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
wolfSSL 15:117db924cf7c 702 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
wolfSSL 15:117db924cf7c 703 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
wolfSSL 15:117db924cf7c 704 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
wolfSSL 15:117db924cf7c 705 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
wolfSSL 15:117db924cf7c 706 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
wolfSSL 15:117db924cf7c 707 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
wolfSSL 15:117db924cf7c 708 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
wolfSSL 15:117db924cf7c 709 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
wolfSSL 15:117db924cf7c 710 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
wolfSSL 15:117db924cf7c 711 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
wolfSSL 15:117db924cf7c 712 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
wolfSSL 15:117db924cf7c 713 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
wolfSSL 15:117db924cf7c 714 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
wolfSSL 15:117db924cf7c 715 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
wolfSSL 15:117db924cf7c 716 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
wolfSSL 15:117db924cf7c 717 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
wolfSSL 15:117db924cf7c 718 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
wolfSSL 15:117db924cf7c 719 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
wolfSSL 15:117db924cf7c 720 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
wolfSSL 15:117db924cf7c 721 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
wolfSSL 15:117db924cf7c 722 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
wolfSSL 15:117db924cf7c 723 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
wolfSSL 15:117db924cf7c 724 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
wolfSSL 15:117db924cf7c 725 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
wolfSSL 15:117db924cf7c 726 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
wolfSSL 15:117db924cf7c 727 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
wolfSSL 15:117db924cf7c 728 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
wolfSSL 15:117db924cf7c 729 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
wolfSSL 15:117db924cf7c 730 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
wolfSSL 15:117db924cf7c 731 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
wolfSSL 15:117db924cf7c 732 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
wolfSSL 15:117db924cf7c 733 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
wolfSSL 15:117db924cf7c 734 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
wolfSSL 15:117db924cf7c 735 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
wolfSSL 15:117db924cf7c 736 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
wolfSSL 15:117db924cf7c 737 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
wolfSSL 15:117db924cf7c 738 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
wolfSSL 15:117db924cf7c 739 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
wolfSSL 15:117db924cf7c 740 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
wolfSSL 15:117db924cf7c 741 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
wolfSSL 15:117db924cf7c 742 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
wolfSSL 15:117db924cf7c 743 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
wolfSSL 15:117db924cf7c 744 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
wolfSSL 15:117db924cf7c 745 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
wolfSSL 15:117db924cf7c 746 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
wolfSSL 15:117db924cf7c 747 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
wolfSSL 15:117db924cf7c 748 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
wolfSSL 15:117db924cf7c 749 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
wolfSSL 15:117db924cf7c 750 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
wolfSSL 15:117db924cf7c 751 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
wolfSSL 15:117db924cf7c 752 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
wolfSSL 15:117db924cf7c 753 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
wolfSSL 15:117db924cf7c 754 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
wolfSSL 15:117db924cf7c 755 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
wolfSSL 15:117db924cf7c 756 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
wolfSSL 15:117db924cf7c 757 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
wolfSSL 15:117db924cf7c 758 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
wolfSSL 15:117db924cf7c 759 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
wolfSSL 15:117db924cf7c 760 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
wolfSSL 15:117db924cf7c 761 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
wolfSSL 15:117db924cf7c 762 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
wolfSSL 15:117db924cf7c 763 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
wolfSSL 15:117db924cf7c 764 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
wolfSSL 15:117db924cf7c 765 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
wolfSSL 15:117db924cf7c 766 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
wolfSSL 15:117db924cf7c 767 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
wolfSSL 15:117db924cf7c 768 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
wolfSSL 15:117db924cf7c 769 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
wolfSSL 15:117db924cf7c 770 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
wolfSSL 15:117db924cf7c 771 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
wolfSSL 15:117db924cf7c 772 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
wolfSSL 15:117db924cf7c 773 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
wolfSSL 15:117db924cf7c 774 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
wolfSSL 15:117db924cf7c 775 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 776 };
wolfSSL 15:117db924cf7c 777 static const byte dh_ffdhe8192_g[] = { 0x02 };
wolfSSL 15:117db924cf7c 778 #ifdef HAVE_FFDHE_Q
wolfSSL 16:8e0d178b1d1e 779 static const byte dh_ffdhe8192_q[] = {
wolfSSL 15:117db924cf7c 780 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
wolfSSL 15:117db924cf7c 781 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
wolfSSL 15:117db924cf7c 782 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
wolfSSL 15:117db924cf7c 783 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
wolfSSL 15:117db924cf7c 784 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
wolfSSL 15:117db924cf7c 785 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
wolfSSL 15:117db924cf7c 786 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
wolfSSL 15:117db924cf7c 787 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
wolfSSL 15:117db924cf7c 788 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
wolfSSL 15:117db924cf7c 789 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
wolfSSL 15:117db924cf7c 790 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
wolfSSL 15:117db924cf7c 791 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
wolfSSL 15:117db924cf7c 792 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
wolfSSL 15:117db924cf7c 793 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
wolfSSL 15:117db924cf7c 794 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
wolfSSL 15:117db924cf7c 795 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
wolfSSL 15:117db924cf7c 796 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
wolfSSL 15:117db924cf7c 797 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
wolfSSL 15:117db924cf7c 798 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
wolfSSL 15:117db924cf7c 799 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
wolfSSL 15:117db924cf7c 800 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
wolfSSL 15:117db924cf7c 801 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
wolfSSL 15:117db924cf7c 802 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
wolfSSL 15:117db924cf7c 803 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
wolfSSL 15:117db924cf7c 804 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
wolfSSL 15:117db924cf7c 805 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
wolfSSL 15:117db924cf7c 806 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
wolfSSL 15:117db924cf7c 807 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
wolfSSL 15:117db924cf7c 808 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
wolfSSL 15:117db924cf7c 809 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
wolfSSL 15:117db924cf7c 810 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
wolfSSL 15:117db924cf7c 811 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
wolfSSL 15:117db924cf7c 812 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
wolfSSL 15:117db924cf7c 813 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
wolfSSL 15:117db924cf7c 814 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
wolfSSL 15:117db924cf7c 815 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
wolfSSL 15:117db924cf7c 816 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
wolfSSL 15:117db924cf7c 817 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
wolfSSL 15:117db924cf7c 818 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
wolfSSL 15:117db924cf7c 819 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
wolfSSL 15:117db924cf7c 820 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
wolfSSL 15:117db924cf7c 821 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
wolfSSL 15:117db924cf7c 822 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
wolfSSL 15:117db924cf7c 823 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
wolfSSL 15:117db924cf7c 824 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
wolfSSL 15:117db924cf7c 825 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
wolfSSL 15:117db924cf7c 826 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
wolfSSL 15:117db924cf7c 827 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
wolfSSL 15:117db924cf7c 828 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
wolfSSL 15:117db924cf7c 829 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
wolfSSL 15:117db924cf7c 830 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
wolfSSL 15:117db924cf7c 831 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
wolfSSL 15:117db924cf7c 832 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
wolfSSL 15:117db924cf7c 833 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
wolfSSL 15:117db924cf7c 834 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
wolfSSL 15:117db924cf7c 835 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
wolfSSL 15:117db924cf7c 836 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
wolfSSL 15:117db924cf7c 837 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
wolfSSL 15:117db924cf7c 838 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
wolfSSL 15:117db924cf7c 839 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
wolfSSL 15:117db924cf7c 840 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
wolfSSL 15:117db924cf7c 841 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
wolfSSL 15:117db924cf7c 842 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
wolfSSL 15:117db924cf7c 843 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
wolfSSL 15:117db924cf7c 844 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
wolfSSL 15:117db924cf7c 845 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
wolfSSL 15:117db924cf7c 846 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
wolfSSL 15:117db924cf7c 847 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
wolfSSL 15:117db924cf7c 848 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
wolfSSL 15:117db924cf7c 849 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
wolfSSL 15:117db924cf7c 850 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
wolfSSL 15:117db924cf7c 851 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
wolfSSL 15:117db924cf7c 852 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
wolfSSL 15:117db924cf7c 853 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
wolfSSL 15:117db924cf7c 854 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
wolfSSL 15:117db924cf7c 855 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
wolfSSL 15:117db924cf7c 856 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
wolfSSL 15:117db924cf7c 857 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
wolfSSL 15:117db924cf7c 858 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
wolfSSL 15:117db924cf7c 859 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
wolfSSL 15:117db924cf7c 860 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
wolfSSL 15:117db924cf7c 861 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
wolfSSL 15:117db924cf7c 862 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
wolfSSL 15:117db924cf7c 863 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
wolfSSL 15:117db924cf7c 864 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
wolfSSL 15:117db924cf7c 865 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
wolfSSL 15:117db924cf7c 866 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
wolfSSL 15:117db924cf7c 867 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
wolfSSL 15:117db924cf7c 868 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
wolfSSL 15:117db924cf7c 869 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
wolfSSL 15:117db924cf7c 870 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
wolfSSL 15:117db924cf7c 871 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
wolfSSL 15:117db924cf7c 872 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
wolfSSL 15:117db924cf7c 873 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
wolfSSL 15:117db924cf7c 874 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
wolfSSL 15:117db924cf7c 875 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
wolfSSL 15:117db924cf7c 876 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
wolfSSL 15:117db924cf7c 877 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
wolfSSL 15:117db924cf7c 878 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
wolfSSL 15:117db924cf7c 879 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
wolfSSL 15:117db924cf7c 880 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
wolfSSL 15:117db924cf7c 881 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
wolfSSL 15:117db924cf7c 882 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
wolfSSL 15:117db924cf7c 883 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
wolfSSL 15:117db924cf7c 884 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
wolfSSL 15:117db924cf7c 885 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
wolfSSL 15:117db924cf7c 886 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
wolfSSL 15:117db924cf7c 887 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
wolfSSL 15:117db924cf7c 888 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
wolfSSL 15:117db924cf7c 889 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
wolfSSL 15:117db924cf7c 890 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
wolfSSL 15:117db924cf7c 891 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
wolfSSL 15:117db924cf7c 892 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
wolfSSL 15:117db924cf7c 893 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
wolfSSL 15:117db924cf7c 894 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
wolfSSL 15:117db924cf7c 895 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
wolfSSL 15:117db924cf7c 896 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
wolfSSL 15:117db924cf7c 897 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
wolfSSL 15:117db924cf7c 898 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
wolfSSL 15:117db924cf7c 899 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
wolfSSL 15:117db924cf7c 900 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
wolfSSL 15:117db924cf7c 901 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
wolfSSL 15:117db924cf7c 902 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
wolfSSL 15:117db924cf7c 903 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
wolfSSL 15:117db924cf7c 904 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
wolfSSL 15:117db924cf7c 905 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
wolfSSL 15:117db924cf7c 906 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
wolfSSL 15:117db924cf7c 907 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
wolfSSL 15:117db924cf7c 908 };
wolfSSL 15:117db924cf7c 909 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 910
wolfSSL 15:117db924cf7c 911 const DhParams* wc_Dh_ffdhe8192_Get(void)
wolfSSL 15:117db924cf7c 912 {
wolfSSL 15:117db924cf7c 913 static const DhParams ffdhe8192 = {
wolfSSL 15:117db924cf7c 914 #ifdef HAVE_FFDHE_Q
wolfSSL 15:117db924cf7c 915 dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
wolfSSL 15:117db924cf7c 916 #endif /* HAVE_FFDHE_Q */
wolfSSL 15:117db924cf7c 917 dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
wolfSSL 15:117db924cf7c 918 dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
wolfSSL 15:117db924cf7c 919 };
wolfSSL 15:117db924cf7c 920 return &ffdhe8192;
wolfSSL 15:117db924cf7c 921 }
wolfSSL 15:117db924cf7c 922 #endif
wolfSSL 15:117db924cf7c 923
wolfSSL 15:117db924cf7c 924 int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
wolfSSL 15:117db924cf7c 925 {
wolfSSL 15:117db924cf7c 926 int ret = 0;
wolfSSL 15:117db924cf7c 927
wolfSSL 15:117db924cf7c 928 if (key == NULL)
wolfSSL 15:117db924cf7c 929 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 930
wolfSSL 15:117db924cf7c 931 key->heap = heap; /* for XMALLOC/XFREE in future */
wolfSSL 15:117db924cf7c 932
wolfSSL 16:8e0d178b1d1e 933 #if !defined(WOLFSSL_QT) && !defined(OPENSSL_ALL)
wolfSSL 15:117db924cf7c 934 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 935 #else
wolfSSL 16:8e0d178b1d1e 936 if (mp_init_multi(&key->p,&key->g,&key->q,&key->pub,&key->priv,NULL) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 937 #endif
wolfSSL 15:117db924cf7c 938 return MEMORY_E;
wolfSSL 15:117db924cf7c 939
wolfSSL 15:117db924cf7c 940 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 941 /* handle as async */
wolfSSL 15:117db924cf7c 942 ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
wolfSSL 15:117db924cf7c 943 key->heap, devId);
wolfSSL 15:117db924cf7c 944 #else
wolfSSL 15:117db924cf7c 945 (void)devId;
wolfSSL 15:117db924cf7c 946 #endif
wolfSSL 15:117db924cf7c 947
wolfSSL 15:117db924cf7c 948 return ret;
wolfSSL 15:117db924cf7c 949 }
wolfSSL 15:117db924cf7c 950
wolfSSL 15:117db924cf7c 951 int wc_InitDhKey(DhKey* key)
wolfSSL 15:117db924cf7c 952 {
wolfSSL 15:117db924cf7c 953 return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 954 }
wolfSSL 15:117db924cf7c 955
wolfSSL 15:117db924cf7c 956
wolfSSL 15:117db924cf7c 957 int wc_FreeDhKey(DhKey* key)
wolfSSL 15:117db924cf7c 958 {
wolfSSL 15:117db924cf7c 959 if (key) {
wolfSSL 15:117db924cf7c 960 mp_clear(&key->p);
wolfSSL 15:117db924cf7c 961 mp_clear(&key->g);
wolfSSL 15:117db924cf7c 962 mp_clear(&key->q);
wolfSSL 15:117db924cf7c 963
wolfSSL 15:117db924cf7c 964 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 965 wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
wolfSSL 15:117db924cf7c 966 #endif
wolfSSL 15:117db924cf7c 967 }
wolfSSL 15:117db924cf7c 968 return 0;
wolfSSL 15:117db924cf7c 969 }
wolfSSL 15:117db924cf7c 970
wolfSSL 15:117db924cf7c 971
wolfSSL 16:8e0d178b1d1e 972 #ifndef WC_NO_RNG
wolfSSL 15:117db924cf7c 973 /* if defined to not use floating point values do not compile in */
wolfSSL 15:117db924cf7c 974 #ifndef WOLFSSL_DH_CONST
wolfSSL 15:117db924cf7c 975 static word32 DiscreteLogWorkFactor(word32 n)
wolfSSL 15:117db924cf7c 976 {
wolfSSL 15:117db924cf7c 977 /* assuming discrete log takes about the same time as factoring */
wolfSSL 15:117db924cf7c 978 if (n < 5)
wolfSSL 15:117db924cf7c 979 return 0;
wolfSSL 15:117db924cf7c 980 else
wolfSSL 15:117db924cf7c 981 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
wolfSSL 15:117db924cf7c 982 XPOW(XLOG((double)n), 2.0/3.0) - 5);
wolfSSL 15:117db924cf7c 983 }
wolfSSL 15:117db924cf7c 984 #endif /* WOLFSSL_DH_CONST*/
wolfSSL 15:117db924cf7c 985
wolfSSL 15:117db924cf7c 986
wolfSSL 16:8e0d178b1d1e 987 /* if not using fixed points use DiscreteLogWorkFactor function for unusual size
wolfSSL 15:117db924cf7c 988 otherwise round up on size needed */
wolfSSL 15:117db924cf7c 989 #ifndef WOLFSSL_DH_CONST
wolfSSL 15:117db924cf7c 990 #define WOLFSSL_DH_ROUND(x)
wolfSSL 15:117db924cf7c 991 #else
wolfSSL 15:117db924cf7c 992 #define WOLFSSL_DH_ROUND(x) \
wolfSSL 15:117db924cf7c 993 do { \
wolfSSL 15:117db924cf7c 994 if (x % 128) { \
wolfSSL 15:117db924cf7c 995 x &= 0xffffff80;\
wolfSSL 15:117db924cf7c 996 x += 128; \
wolfSSL 15:117db924cf7c 997 } \
wolfSSL 15:117db924cf7c 998 } \
wolfSSL 15:117db924cf7c 999 while (0)
wolfSSL 15:117db924cf7c 1000 #endif
wolfSSL 15:117db924cf7c 1001
wolfSSL 15:117db924cf7c 1002
wolfSSL 15:117db924cf7c 1003 #ifndef WOLFSSL_NO_DH186
wolfSSL 15:117db924cf7c 1004 /* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
wolfSSL 15:117db924cf7c 1005 * modLen - represents L, the size of p in bits
wolfSSL 15:117db924cf7c 1006 * divLen - represents N, the size of q in bits
wolfSSL 15:117db924cf7c 1007 * return 0 on success, -1 on error */
wolfSSL 15:117db924cf7c 1008 static int CheckDhLN(int modLen, int divLen)
wolfSSL 15:117db924cf7c 1009 {
wolfSSL 15:117db924cf7c 1010 int ret = -1;
wolfSSL 15:117db924cf7c 1011
wolfSSL 15:117db924cf7c 1012 switch (modLen) {
wolfSSL 15:117db924cf7c 1013 /* FA */
wolfSSL 15:117db924cf7c 1014 case 1024:
wolfSSL 15:117db924cf7c 1015 if (divLen == 160)
wolfSSL 15:117db924cf7c 1016 ret = 0;
wolfSSL 15:117db924cf7c 1017 break;
wolfSSL 15:117db924cf7c 1018 /* FB, FC */
wolfSSL 15:117db924cf7c 1019 case 2048:
wolfSSL 15:117db924cf7c 1020 if (divLen == 224 || divLen == 256)
wolfSSL 15:117db924cf7c 1021 ret = 0;
wolfSSL 15:117db924cf7c 1022 break;
wolfSSL 15:117db924cf7c 1023 default:
wolfSSL 15:117db924cf7c 1024 break;
wolfSSL 15:117db924cf7c 1025 }
wolfSSL 15:117db924cf7c 1026
wolfSSL 15:117db924cf7c 1027 return ret;
wolfSSL 15:117db924cf7c 1028 }
wolfSSL 15:117db924cf7c 1029
wolfSSL 15:117db924cf7c 1030
wolfSSL 15:117db924cf7c 1031 /* Create DH private key
wolfSSL 15:117db924cf7c 1032 *
wolfSSL 15:117db924cf7c 1033 * Based on NIST FIPS 186-4,
wolfSSL 15:117db924cf7c 1034 * "B.1.1 Key Pair Generation Using Extra Random Bits"
wolfSSL 15:117db924cf7c 1035 *
wolfSSL 15:117db924cf7c 1036 * dh - pointer to initialized DhKey structure, needs to have dh->q
wolfSSL 15:117db924cf7c 1037 * rng - pointer to initialized WC_RNG structure
wolfSSL 15:117db924cf7c 1038 * priv - output location for generated private key
wolfSSL 15:117db924cf7c 1039 * privSz - IN/OUT, size of priv buffer, size of generated private key
wolfSSL 15:117db924cf7c 1040 *
wolfSSL 15:117db924cf7c 1041 * return 0 on success, negative on error */
wolfSSL 15:117db924cf7c 1042 static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
wolfSSL 15:117db924cf7c 1043 word32* privSz)
wolfSSL 15:117db924cf7c 1044 {
wolfSSL 15:117db924cf7c 1045 byte* cBuf;
wolfSSL 15:117db924cf7c 1046 int qSz, pSz, cSz, err;
wolfSSL 15:117db924cf7c 1047 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1048 mp_int* tmpQ = NULL;
wolfSSL 15:117db924cf7c 1049 mp_int* tmpX = NULL;
wolfSSL 15:117db924cf7c 1050 #else
wolfSSL 15:117db924cf7c 1051 mp_int tmpQ[1], tmpX[1];
wolfSSL 15:117db924cf7c 1052 #endif
wolfSSL 15:117db924cf7c 1053
wolfSSL 15:117db924cf7c 1054 /* Parameters validated in calling functions. */
wolfSSL 15:117db924cf7c 1055
wolfSSL 15:117db924cf7c 1056 if (mp_iszero(&key->q) == MP_YES) {
wolfSSL 15:117db924cf7c 1057 WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation");
wolfSSL 15:117db924cf7c 1058 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1059 }
wolfSSL 15:117db924cf7c 1060
wolfSSL 15:117db924cf7c 1061 qSz = mp_unsigned_bin_size(&key->q);
wolfSSL 15:117db924cf7c 1062 pSz = mp_unsigned_bin_size(&key->p);
wolfSSL 15:117db924cf7c 1063
wolfSSL 15:117db924cf7c 1064 /* verify (L,N) pair bit lengths */
wolfSSL 15:117db924cf7c 1065 if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
wolfSSL 15:117db924cf7c 1066 WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
wolfSSL 15:117db924cf7c 1067 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1068 }
wolfSSL 15:117db924cf7c 1069
wolfSSL 15:117db924cf7c 1070 /* generate extra 64 bits so that bias from mod function is negligible */
wolfSSL 15:117db924cf7c 1071 cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
wolfSSL 15:117db924cf7c 1072 cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1073 if (cBuf == NULL) {
wolfSSL 15:117db924cf7c 1074 return MEMORY_E;
wolfSSL 15:117db924cf7c 1075 }
wolfSSL 15:117db924cf7c 1076 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1077 tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1078 if (tmpQ == NULL) {
wolfSSL 15:117db924cf7c 1079 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1080 return MEMORY_E;
wolfSSL 15:117db924cf7c 1081 }
wolfSSL 15:117db924cf7c 1082 tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1083 if (tmpX == NULL) {
wolfSSL 15:117db924cf7c 1084 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1085 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1086 return MEMORY_E;
wolfSSL 15:117db924cf7c 1087 }
wolfSSL 15:117db924cf7c 1088 #endif
wolfSSL 15:117db924cf7c 1089
wolfSSL 15:117db924cf7c 1090
wolfSSL 15:117db924cf7c 1091 if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL))
wolfSSL 15:117db924cf7c 1092 != MP_OKAY) {
wolfSSL 15:117db924cf7c 1093 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1094 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1095 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1096 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1097 #endif
wolfSSL 15:117db924cf7c 1098 return err;
wolfSSL 15:117db924cf7c 1099 }
wolfSSL 15:117db924cf7c 1100
wolfSSL 15:117db924cf7c 1101 do {
wolfSSL 15:117db924cf7c 1102 /* generate N+64 bits (c) from RBG into tmpX, making sure positive.
wolfSSL 15:117db924cf7c 1103 * Hash_DRBG uses SHA-256 which matches maximum
wolfSSL 15:117db924cf7c 1104 * requested_security_strength of (L,N) */
wolfSSL 15:117db924cf7c 1105 err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
wolfSSL 15:117db924cf7c 1106 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 1107 err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
wolfSSL 15:117db924cf7c 1108 if (err != MP_OKAY) {
wolfSSL 15:117db924cf7c 1109 mp_clear(tmpX);
wolfSSL 15:117db924cf7c 1110 mp_clear(tmpQ);
wolfSSL 15:117db924cf7c 1111 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1112 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1113 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1114 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1115 #endif
wolfSSL 15:117db924cf7c 1116 return err;
wolfSSL 15:117db924cf7c 1117 }
wolfSSL 15:117db924cf7c 1118 } while (mp_cmp_d(tmpX, 1) != MP_GT);
wolfSSL 15:117db924cf7c 1119
wolfSSL 15:117db924cf7c 1120 ForceZero(cBuf, cSz);
wolfSSL 15:117db924cf7c 1121 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 1122
wolfSSL 15:117db924cf7c 1123 /* tmpQ = q - 1 */
wolfSSL 15:117db924cf7c 1124 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 1125 err = mp_copy(&key->q, tmpQ);
wolfSSL 15:117db924cf7c 1126
wolfSSL 15:117db924cf7c 1127 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 1128 err = mp_sub_d(tmpQ, 1, tmpQ);
wolfSSL 15:117db924cf7c 1129
wolfSSL 15:117db924cf7c 1130 /* x = c mod (q-1), tmpX holds c */
wolfSSL 15:117db924cf7c 1131 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 1132 err = mp_mod(tmpX, tmpQ, tmpX);
wolfSSL 15:117db924cf7c 1133
wolfSSL 15:117db924cf7c 1134 /* x = c mod (q-1) + 1 */
wolfSSL 15:117db924cf7c 1135 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 1136 err = mp_add_d(tmpX, 1, tmpX);
wolfSSL 15:117db924cf7c 1137
wolfSSL 15:117db924cf7c 1138 /* copy tmpX into priv */
wolfSSL 15:117db924cf7c 1139 if (err == MP_OKAY) {
wolfSSL 15:117db924cf7c 1140 pSz = mp_unsigned_bin_size(tmpX);
wolfSSL 15:117db924cf7c 1141 if (pSz > (int)*privSz) {
wolfSSL 15:117db924cf7c 1142 WOLFSSL_MSG("DH private key output buffer too small");
wolfSSL 15:117db924cf7c 1143 err = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1144 } else {
wolfSSL 15:117db924cf7c 1145 *privSz = pSz;
wolfSSL 15:117db924cf7c 1146 err = mp_to_unsigned_bin(tmpX, priv);
wolfSSL 15:117db924cf7c 1147 }
wolfSSL 15:117db924cf7c 1148 }
wolfSSL 15:117db924cf7c 1149
wolfSSL 15:117db924cf7c 1150 mp_forcezero(tmpX);
wolfSSL 15:117db924cf7c 1151 mp_clear(tmpX);
wolfSSL 15:117db924cf7c 1152 mp_clear(tmpQ);
wolfSSL 15:117db924cf7c 1153 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1154 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1155 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1156 #endif
wolfSSL 15:117db924cf7c 1157
wolfSSL 15:117db924cf7c 1158 return err;
wolfSSL 15:117db924cf7c 1159 }
wolfSSL 15:117db924cf7c 1160 #endif /* WOLFSSL_NO_DH186 */
wolfSSL 16:8e0d178b1d1e 1161 #endif /* !WC_NO_RNG */
wolfSSL 15:117db924cf7c 1162
wolfSSL 15:117db924cf7c 1163 static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
wolfSSL 15:117db924cf7c 1164 word32* privSz)
wolfSSL 15:117db924cf7c 1165 {
wolfSSL 16:8e0d178b1d1e 1166 #ifndef WC_NO_RNG
wolfSSL 15:117db924cf7c 1167 int ret = 0;
wolfSSL 15:117db924cf7c 1168 word32 sz = 0;
wolfSSL 15:117db924cf7c 1169
wolfSSL 15:117db924cf7c 1170 #ifndef WOLFSSL_NO_DH186
wolfSSL 15:117db924cf7c 1171 if (mp_iszero(&key->q) == MP_NO) {
wolfSSL 15:117db924cf7c 1172
wolfSSL 15:117db924cf7c 1173 /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
wolfSSL 15:117db924cf7c 1174 * Generation Using Extra Random Bits" */
wolfSSL 15:117db924cf7c 1175 ret = GeneratePrivateDh186(key, rng, priv, privSz);
wolfSSL 15:117db924cf7c 1176
wolfSSL 15:117db924cf7c 1177 } else
wolfSSL 15:117db924cf7c 1178 #endif
wolfSSL 15:117db924cf7c 1179 {
wolfSSL 15:117db924cf7c 1180
wolfSSL 15:117db924cf7c 1181 sz = mp_unsigned_bin_size(&key->p);
wolfSSL 15:117db924cf7c 1182
wolfSSL 15:117db924cf7c 1183 /* Table of predetermined values from the operation
wolfSSL 15:117db924cf7c 1184 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
wolfSSL 15:117db924cf7c 1185 WOLFSSL_BIT_SIZE + 1
wolfSSL 15:117db924cf7c 1186 Sizes in table checked against RFC 3526
wolfSSL 15:117db924cf7c 1187 */
wolfSSL 15:117db924cf7c 1188 WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */
wolfSSL 15:117db924cf7c 1189 switch (sz) {
wolfSSL 15:117db924cf7c 1190 case 128: sz = 21; break;
wolfSSL 15:117db924cf7c 1191 case 256: sz = 29; break;
wolfSSL 15:117db924cf7c 1192 case 384: sz = 34; break;
wolfSSL 15:117db924cf7c 1193 case 512: sz = 39; break;
wolfSSL 15:117db924cf7c 1194 case 640: sz = 42; break;
wolfSSL 15:117db924cf7c 1195 case 768: sz = 46; break;
wolfSSL 15:117db924cf7c 1196 case 896: sz = 49; break;
wolfSSL 15:117db924cf7c 1197 case 1024: sz = 52; break;
wolfSSL 15:117db924cf7c 1198 default:
wolfSSL 15:117db924cf7c 1199 #ifndef WOLFSSL_DH_CONST
wolfSSL 15:117db924cf7c 1200 /* if using floating points and size of p is not in table */
wolfSSL 15:117db924cf7c 1201 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
wolfSSL 15:117db924cf7c 1202 WOLFSSL_BIT_SIZE + 1);
wolfSSL 15:117db924cf7c 1203 break;
wolfSSL 15:117db924cf7c 1204 #else
wolfSSL 15:117db924cf7c 1205 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1206 #endif
wolfSSL 15:117db924cf7c 1207 }
wolfSSL 15:117db924cf7c 1208
wolfSSL 15:117db924cf7c 1209 ret = wc_RNG_GenerateBlock(rng, priv, sz);
wolfSSL 15:117db924cf7c 1210
wolfSSL 15:117db924cf7c 1211 if (ret == 0) {
wolfSSL 15:117db924cf7c 1212 priv[0] |= 0x0C;
wolfSSL 15:117db924cf7c 1213 *privSz = sz;
wolfSSL 15:117db924cf7c 1214 }
wolfSSL 15:117db924cf7c 1215 }
wolfSSL 15:117db924cf7c 1216
wolfSSL 15:117db924cf7c 1217 return ret;
wolfSSL 16:8e0d178b1d1e 1218 #else
wolfSSL 16:8e0d178b1d1e 1219 (void)key;
wolfSSL 16:8e0d178b1d1e 1220 (void)rng;
wolfSSL 16:8e0d178b1d1e 1221 (void)priv;
wolfSSL 16:8e0d178b1d1e 1222 (void)privSz;
wolfSSL 16:8e0d178b1d1e 1223 return NOT_COMPILED_IN;
wolfSSL 16:8e0d178b1d1e 1224 #endif /* WC_NO_RNG */
wolfSSL 15:117db924cf7c 1225 }
wolfSSL 15:117db924cf7c 1226
wolfSSL 15:117db924cf7c 1227
wolfSSL 15:117db924cf7c 1228 static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
wolfSSL 15:117db924cf7c 1229 byte* pub, word32* pubSz)
wolfSSL 15:117db924cf7c 1230 {
wolfSSL 15:117db924cf7c 1231 int ret = 0;
wolfSSL 15:117db924cf7c 1232 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1233 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1234 mp_int* x;
wolfSSL 16:8e0d178b1d1e 1235 mp_int* y;
wolfSSL 15:117db924cf7c 1236 #else
wolfSSL 15:117db924cf7c 1237 mp_int x[1];
wolfSSL 15:117db924cf7c 1238 mp_int y[1];
wolfSSL 15:117db924cf7c 1239 #endif
wolfSSL 15:117db924cf7c 1240 #endif
wolfSSL 15:117db924cf7c 1241
wolfSSL 15:117db924cf7c 1242 #ifdef WOLFSSL_HAVE_SP_DH
wolfSSL 15:117db924cf7c 1243 #ifndef WOLFSSL_SP_NO_2048
wolfSSL 15:117db924cf7c 1244 if (mp_count_bits(&key->p) == 2048)
wolfSSL 15:117db924cf7c 1245 return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
wolfSSL 15:117db924cf7c 1246 #endif
wolfSSL 15:117db924cf7c 1247 #ifndef WOLFSSL_SP_NO_3072
wolfSSL 15:117db924cf7c 1248 if (mp_count_bits(&key->p) == 3072)
wolfSSL 15:117db924cf7c 1249 return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
wolfSSL 15:117db924cf7c 1250 #endif
wolfSSL 16:8e0d178b1d1e 1251 #ifdef WOLFSSL_SP_4096
wolfSSL 16:8e0d178b1d1e 1252 if (mp_count_bits(&key->p) == 4096)
wolfSSL 16:8e0d178b1d1e 1253 return sp_DhExp_4096(&key->g, priv, privSz, &key->p, pub, pubSz);
wolfSSL 16:8e0d178b1d1e 1254 #endif
wolfSSL 15:117db924cf7c 1255 #endif
wolfSSL 15:117db924cf7c 1256
wolfSSL 15:117db924cf7c 1257 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1258 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1259 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1260 if (x == NULL)
wolfSSL 15:117db924cf7c 1261 return MEMORY_E;
wolfSSL 15:117db924cf7c 1262 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1263 if (y == NULL) {
wolfSSL 15:117db924cf7c 1264 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1265 return MEMORY_E;
wolfSSL 15:117db924cf7c 1266 }
wolfSSL 15:117db924cf7c 1267 #endif
wolfSSL 16:8e0d178b1d1e 1268 if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1269 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1270 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1271 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1272 #endif
wolfSSL 15:117db924cf7c 1273 return MP_INIT_E;
wolfSSL 16:8e0d178b1d1e 1274 }
wolfSSL 15:117db924cf7c 1275
wolfSSL 15:117db924cf7c 1276 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1277 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1278
wolfSSL 15:117db924cf7c 1279 if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
wolfSSL 15:117db924cf7c 1280 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1281
wolfSSL 15:117db924cf7c 1282 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
wolfSSL 15:117db924cf7c 1283 ret = MP_TO_E;
wolfSSL 15:117db924cf7c 1284
wolfSSL 15:117db924cf7c 1285 if (ret == 0)
wolfSSL 15:117db924cf7c 1286 *pubSz = mp_unsigned_bin_size(y);
wolfSSL 15:117db924cf7c 1287
wolfSSL 15:117db924cf7c 1288 mp_clear(y);
wolfSSL 15:117db924cf7c 1289 mp_clear(x);
wolfSSL 15:117db924cf7c 1290 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1291 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1292 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1293 #endif
wolfSSL 15:117db924cf7c 1294 #else
wolfSSL 15:117db924cf7c 1295 ret = WC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 1296 #endif
wolfSSL 15:117db924cf7c 1297
wolfSSL 15:117db924cf7c 1298 return ret;
wolfSSL 15:117db924cf7c 1299 }
wolfSSL 15:117db924cf7c 1300
wolfSSL 15:117db924cf7c 1301 static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
wolfSSL 15:117db924cf7c 1302 byte* priv, word32* privSz, byte* pub, word32* pubSz)
wolfSSL 15:117db924cf7c 1303 {
wolfSSL 15:117db924cf7c 1304 int ret;
wolfSSL 15:117db924cf7c 1305
wolfSSL 15:117db924cf7c 1306 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
wolfSSL 15:117db924cf7c 1307 pub == NULL || pubSz == NULL) {
wolfSSL 15:117db924cf7c 1308 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1309 }
wolfSSL 15:117db924cf7c 1310
wolfSSL 15:117db924cf7c 1311 ret = GeneratePrivateDh(key, rng, priv, privSz);
wolfSSL 15:117db924cf7c 1312
wolfSSL 15:117db924cf7c 1313 return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
wolfSSL 15:117db924cf7c 1314 }
wolfSSL 15:117db924cf7c 1315
wolfSSL 15:117db924cf7c 1316 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 1317 static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
wolfSSL 15:117db924cf7c 1318 byte* priv, word32* privSz, byte* pub, word32* pubSz)
wolfSSL 15:117db924cf7c 1319 {
wolfSSL 15:117db924cf7c 1320 int ret;
wolfSSL 15:117db924cf7c 1321
wolfSSL 15:117db924cf7c 1322 #if defined(HAVE_INTEL_QA)
wolfSSL 16:8e0d178b1d1e 1323 word32 pBits;
wolfSSL 15:117db924cf7c 1324
wolfSSL 16:8e0d178b1d1e 1325 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
wolfSSL 16:8e0d178b1d1e 1326 pBits = mp_unsigned_bin_size(&key->p) * 8;
wolfSSL 16:8e0d178b1d1e 1327 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
wolfSSL 16:8e0d178b1d1e 1328 pBits == 2048 || pBits == 3072 || pBits == 4096) {
wolfSSL 15:117db924cf7c 1329 mp_int x;
wolfSSL 15:117db924cf7c 1330
wolfSSL 15:117db924cf7c 1331 ret = mp_init(&x);
wolfSSL 15:117db924cf7c 1332 if (ret != MP_OKAY)
wolfSSL 15:117db924cf7c 1333 return ret;
wolfSSL 15:117db924cf7c 1334
wolfSSL 15:117db924cf7c 1335 ret = GeneratePrivateDh(key, rng, priv, privSz);
wolfSSL 15:117db924cf7c 1336 if (ret == 0)
wolfSSL 15:117db924cf7c 1337 ret = mp_read_unsigned_bin(&x, priv, *privSz);
wolfSSL 15:117db924cf7c 1338 if (ret == MP_OKAY)
wolfSSL 15:117db924cf7c 1339 ret = wc_mp_to_bigint(&x, &x.raw);
wolfSSL 15:117db924cf7c 1340 if (ret == MP_OKAY)
wolfSSL 15:117db924cf7c 1341 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
wolfSSL 15:117db924cf7c 1342 if (ret == MP_OKAY)
wolfSSL 15:117db924cf7c 1343 ret = wc_mp_to_bigint(&key->g, &key->g.raw);
wolfSSL 15:117db924cf7c 1344 if (ret == MP_OKAY)
wolfSSL 15:117db924cf7c 1345 ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
wolfSSL 15:117db924cf7c 1346 &x.raw, pub, pubSz);
wolfSSL 15:117db924cf7c 1347 mp_clear(&x);
wolfSSL 15:117db924cf7c 1348
wolfSSL 15:117db924cf7c 1349 return ret;
wolfSSL 15:117db924cf7c 1350 }
wolfSSL 15:117db924cf7c 1351
wolfSSL 15:117db924cf7c 1352 #elif defined(HAVE_CAVIUM)
wolfSSL 15:117db924cf7c 1353 /* TODO: Not implemented - use software for now */
wolfSSL 15:117db924cf7c 1354
wolfSSL 15:117db924cf7c 1355 #else /* WOLFSSL_ASYNC_CRYPT_TEST */
wolfSSL 15:117db924cf7c 1356 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_GEN)) {
wolfSSL 15:117db924cf7c 1357 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
wolfSSL 15:117db924cf7c 1358 testDev->dhGen.key = key;
wolfSSL 15:117db924cf7c 1359 testDev->dhGen.rng = rng;
wolfSSL 15:117db924cf7c 1360 testDev->dhGen.priv = priv;
wolfSSL 15:117db924cf7c 1361 testDev->dhGen.privSz = privSz;
wolfSSL 15:117db924cf7c 1362 testDev->dhGen.pub = pub;
wolfSSL 15:117db924cf7c 1363 testDev->dhGen.pubSz = pubSz;
wolfSSL 15:117db924cf7c 1364 return WC_PENDING_E;
wolfSSL 15:117db924cf7c 1365 }
wolfSSL 15:117db924cf7c 1366 #endif
wolfSSL 15:117db924cf7c 1367
wolfSSL 15:117db924cf7c 1368 /* otherwise use software DH */
wolfSSL 15:117db924cf7c 1369 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
wolfSSL 15:117db924cf7c 1370
wolfSSL 15:117db924cf7c 1371 return ret;
wolfSSL 15:117db924cf7c 1372 }
wolfSSL 15:117db924cf7c 1373 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
wolfSSL 15:117db924cf7c 1374
wolfSSL 15:117db924cf7c 1375
wolfSSL 15:117db924cf7c 1376 /* Check DH Public Key for invalid numbers, optionally allowing
wolfSSL 15:117db924cf7c 1377 * the public key to be checked against the large prime (q).
wolfSSL 15:117db924cf7c 1378 * Check per process in SP 800-56Ar3, section 5.6.2.3.1.
wolfSSL 15:117db924cf7c 1379 *
wolfSSL 15:117db924cf7c 1380 * key DH key group parameters.
wolfSSL 15:117db924cf7c 1381 * pub Public Key.
wolfSSL 15:117db924cf7c 1382 * pubSz Public Key size.
wolfSSL 15:117db924cf7c 1383 * prime Large prime (q), optionally NULL to skip check
wolfSSL 15:117db924cf7c 1384 * primeSz Size of large prime
wolfSSL 15:117db924cf7c 1385 *
wolfSSL 15:117db924cf7c 1386 * returns 0 on success or error code
wolfSSL 15:117db924cf7c 1387 */
wolfSSL 15:117db924cf7c 1388 int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
wolfSSL 15:117db924cf7c 1389 const byte* prime, word32 primeSz)
wolfSSL 15:117db924cf7c 1390 {
wolfSSL 15:117db924cf7c 1391 int ret = 0;
wolfSSL 15:117db924cf7c 1392 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1393 mp_int* y = NULL;
wolfSSL 15:117db924cf7c 1394 mp_int* p = NULL;
wolfSSL 15:117db924cf7c 1395 mp_int* q = NULL;
wolfSSL 15:117db924cf7c 1396 #else
wolfSSL 15:117db924cf7c 1397 mp_int y[1];
wolfSSL 15:117db924cf7c 1398 mp_int p[1];
wolfSSL 15:117db924cf7c 1399 mp_int q[1];
wolfSSL 15:117db924cf7c 1400 #endif
wolfSSL 15:117db924cf7c 1401
wolfSSL 15:117db924cf7c 1402 if (key == NULL || pub == NULL) {
wolfSSL 15:117db924cf7c 1403 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1404 }
wolfSSL 15:117db924cf7c 1405
wolfSSL 15:117db924cf7c 1406 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1407 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1408 if (y == NULL)
wolfSSL 15:117db924cf7c 1409 return MEMORY_E;
wolfSSL 15:117db924cf7c 1410 p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1411 if (p == NULL) {
wolfSSL 15:117db924cf7c 1412 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1413 return MEMORY_E;
wolfSSL 15:117db924cf7c 1414 }
wolfSSL 15:117db924cf7c 1415 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1416 if (q == NULL) {
wolfSSL 15:117db924cf7c 1417 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1418 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1419 return MEMORY_E;
wolfSSL 15:117db924cf7c 1420 }
wolfSSL 15:117db924cf7c 1421 #endif
wolfSSL 15:117db924cf7c 1422
wolfSSL 15:117db924cf7c 1423 if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1424 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1425 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1426 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1427 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1428 #endif
wolfSSL 15:117db924cf7c 1429 return MP_INIT_E;
wolfSSL 15:117db924cf7c 1430 }
wolfSSL 15:117db924cf7c 1431
wolfSSL 15:117db924cf7c 1432 if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1433 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1434 }
wolfSSL 15:117db924cf7c 1435
wolfSSL 15:117db924cf7c 1436 if (ret == 0 && prime != NULL) {
wolfSSL 15:117db924cf7c 1437 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1438 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1439
wolfSSL 15:117db924cf7c 1440 } else if (mp_iszero(&key->q) == MP_NO) {
wolfSSL 15:117db924cf7c 1441 /* use q available in DhKey */
wolfSSL 15:117db924cf7c 1442 if (mp_copy(&key->q, q) != MP_OKAY)
wolfSSL 15:117db924cf7c 1443 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 1444 }
wolfSSL 15:117db924cf7c 1445
wolfSSL 15:117db924cf7c 1446 /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
wolfSSL 15:117db924cf7c 1447 /* pub (y) should not be 0 or 1 */
wolfSSL 15:117db924cf7c 1448 if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) {
wolfSSL 15:117db924cf7c 1449 ret = MP_CMP_E;
wolfSSL 15:117db924cf7c 1450 }
wolfSSL 15:117db924cf7c 1451
wolfSSL 15:117db924cf7c 1452 /* pub (y) shouldn't be greater than or equal to p - 1 */
wolfSSL 15:117db924cf7c 1453 if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1454 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 1455 }
wolfSSL 15:117db924cf7c 1456 if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1457 ret = MP_SUB_E;
wolfSSL 15:117db924cf7c 1458 }
wolfSSL 15:117db924cf7c 1459 if (ret == 0 && mp_cmp(y, p) == MP_GT) {
wolfSSL 15:117db924cf7c 1460 ret = MP_CMP_E;
wolfSSL 15:117db924cf7c 1461 }
wolfSSL 15:117db924cf7c 1462
wolfSSL 15:117db924cf7c 1463 if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) {
wolfSSL 15:117db924cf7c 1464
wolfSSL 15:117db924cf7c 1465 /* restore key->p into p */
wolfSSL 15:117db924cf7c 1466 if (mp_copy(&key->p, p) != MP_OKAY)
wolfSSL 15:117db924cf7c 1467 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 1468 }
wolfSSL 15:117db924cf7c 1469
wolfSSL 15:117db924cf7c 1470 if (ret == 0 && prime != NULL) {
wolfSSL 15:117db924cf7c 1471 #ifdef WOLFSSL_HAVE_SP_DH
wolfSSL 15:117db924cf7c 1472 #ifndef WOLFSSL_SP_NO_2048
wolfSSL 15:117db924cf7c 1473 if (mp_count_bits(&key->p) == 2048) {
wolfSSL 15:117db924cf7c 1474 ret = sp_ModExp_2048(y, q, p, y);
wolfSSL 15:117db924cf7c 1475 if (ret != 0)
wolfSSL 15:117db924cf7c 1476 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1477 }
wolfSSL 15:117db924cf7c 1478 else
wolfSSL 15:117db924cf7c 1479 #endif
wolfSSL 15:117db924cf7c 1480 #ifndef WOLFSSL_SP_NO_3072
wolfSSL 15:117db924cf7c 1481 if (mp_count_bits(&key->p) == 3072) {
wolfSSL 15:117db924cf7c 1482 ret = sp_ModExp_3072(y, q, p, y);
wolfSSL 15:117db924cf7c 1483 if (ret != 0)
wolfSSL 15:117db924cf7c 1484 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1485 }
wolfSSL 15:117db924cf7c 1486 else
wolfSSL 15:117db924cf7c 1487 #endif
wolfSSL 16:8e0d178b1d1e 1488 #ifdef WOLFSSL_SP_NO_4096
wolfSSL 16:8e0d178b1d1e 1489 if (mp_count_bits(&key->p) == 4096) {
wolfSSL 16:8e0d178b1d1e 1490 ret = sp_ModExp_4096(y, q, p, y);
wolfSSL 16:8e0d178b1d1e 1491 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 1492 ret = MP_EXPTMOD_E;
wolfSSL 16:8e0d178b1d1e 1493 }
wolfSSL 16:8e0d178b1d1e 1494 else
wolfSSL 16:8e0d178b1d1e 1495 #endif
wolfSSL 15:117db924cf7c 1496 #endif
wolfSSL 15:117db924cf7c 1497
wolfSSL 15:117db924cf7c 1498 {
wolfSSL 15:117db924cf7c 1499 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
wolfSSL 15:117db924cf7c 1500 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1501 /* calculate (y^q) mod(p), store back into y */
wolfSSL 16:8e0d178b1d1e 1502 if (mp_exptmod(y, q, p, y) != MP_OKAY)
wolfSSL 15:117db924cf7c 1503 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1504 #else
wolfSSL 15:117db924cf7c 1505 ret = WC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 1506 #endif
wolfSSL 15:117db924cf7c 1507 }
wolfSSL 15:117db924cf7c 1508
wolfSSL 15:117db924cf7c 1509 /* verify above == 1 */
wolfSSL 15:117db924cf7c 1510 if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ)
wolfSSL 15:117db924cf7c 1511 ret = MP_CMP_E;
wolfSSL 15:117db924cf7c 1512 }
wolfSSL 15:117db924cf7c 1513
wolfSSL 15:117db924cf7c 1514 mp_clear(y);
wolfSSL 15:117db924cf7c 1515 mp_clear(p);
wolfSSL 15:117db924cf7c 1516 mp_clear(q);
wolfSSL 15:117db924cf7c 1517 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1518 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1519 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1520 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1521 #endif
wolfSSL 15:117db924cf7c 1522
wolfSSL 15:117db924cf7c 1523 return ret;
wolfSSL 15:117db924cf7c 1524 }
wolfSSL 15:117db924cf7c 1525
wolfSSL 15:117db924cf7c 1526
wolfSSL 15:117db924cf7c 1527 /* Check DH Public Key for invalid numbers
wolfSSL 15:117db924cf7c 1528 *
wolfSSL 15:117db924cf7c 1529 * key DH key group parameters.
wolfSSL 15:117db924cf7c 1530 * pub Public Key.
wolfSSL 15:117db924cf7c 1531 * pubSz Public Key size.
wolfSSL 15:117db924cf7c 1532 *
wolfSSL 15:117db924cf7c 1533 * returns 0 on success or error code
wolfSSL 15:117db924cf7c 1534 */
wolfSSL 15:117db924cf7c 1535 int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
wolfSSL 15:117db924cf7c 1536 {
wolfSSL 15:117db924cf7c 1537 return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0);
wolfSSL 15:117db924cf7c 1538 }
wolfSSL 15:117db924cf7c 1539
wolfSSL 15:117db924cf7c 1540
wolfSSL 16:8e0d178b1d1e 1541 /**
wolfSSL 16:8e0d178b1d1e 1542 * Quick validity check of public key value against prime.
wolfSSL 16:8e0d178b1d1e 1543 * Checks are:
wolfSSL 16:8e0d178b1d1e 1544 * - Public key not 0 or 1
wolfSSL 16:8e0d178b1d1e 1545 * - Public key not equal to prime or prime - 1
wolfSSL 16:8e0d178b1d1e 1546 * - Public key not bigger than prime.
wolfSSL 16:8e0d178b1d1e 1547 *
wolfSSL 16:8e0d178b1d1e 1548 * prime Big-endian encoding of prime in bytes.
wolfSSL 16:8e0d178b1d1e 1549 * primeSz Size of prime in bytes.
wolfSSL 16:8e0d178b1d1e 1550 * pub Big-endian encoding of public key in bytes.
wolfSSL 16:8e0d178b1d1e 1551 * pubSz Size of public key in bytes.
wolfSSL 16:8e0d178b1d1e 1552 */
wolfSSL 16:8e0d178b1d1e 1553 int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
wolfSSL 16:8e0d178b1d1e 1554 word32 pubSz)
wolfSSL 16:8e0d178b1d1e 1555 {
wolfSSL 16:8e0d178b1d1e 1556 int ret = 0;
wolfSSL 16:8e0d178b1d1e 1557 word32 i;
wolfSSL 16:8e0d178b1d1e 1558
wolfSSL 16:8e0d178b1d1e 1559 for (i = 0; i < pubSz && pub[i] == 0; i++) {
wolfSSL 16:8e0d178b1d1e 1560 }
wolfSSL 16:8e0d178b1d1e 1561 pubSz -= i;
wolfSSL 16:8e0d178b1d1e 1562 pub += i;
wolfSSL 16:8e0d178b1d1e 1563
wolfSSL 16:8e0d178b1d1e 1564 if (pubSz == 0 || (pubSz == 1 && pub[0] == 1))
wolfSSL 16:8e0d178b1d1e 1565 ret = MP_VAL;
wolfSSL 16:8e0d178b1d1e 1566 else if (pubSz == primeSz) {
wolfSSL 16:8e0d178b1d1e 1567 for (i = 0; i < pubSz-1 && pub[i] == prime[i]; i++) {
wolfSSL 16:8e0d178b1d1e 1568 }
wolfSSL 16:8e0d178b1d1e 1569 if (i == pubSz-1 && (pub[i] == prime[i] || pub[i] == prime[i] - 1))
wolfSSL 16:8e0d178b1d1e 1570 ret = MP_VAL;
wolfSSL 16:8e0d178b1d1e 1571 else if (pub[i] > prime[i])
wolfSSL 16:8e0d178b1d1e 1572 ret = MP_VAL;
wolfSSL 16:8e0d178b1d1e 1573 }
wolfSSL 16:8e0d178b1d1e 1574 else if (pubSz > primeSz)
wolfSSL 16:8e0d178b1d1e 1575 ret = MP_VAL;
wolfSSL 16:8e0d178b1d1e 1576
wolfSSL 16:8e0d178b1d1e 1577 return ret;
wolfSSL 16:8e0d178b1d1e 1578 }
wolfSSL 16:8e0d178b1d1e 1579
wolfSSL 16:8e0d178b1d1e 1580
wolfSSL 15:117db924cf7c 1581 /* Check DH Private Key for invalid numbers, optionally allowing
wolfSSL 15:117db924cf7c 1582 * the private key to be checked against the large prime (q).
wolfSSL 15:117db924cf7c 1583 * Check per process in SP 800-56Ar3, section 5.6.2.1.2.
wolfSSL 15:117db924cf7c 1584 *
wolfSSL 15:117db924cf7c 1585 * key DH key group parameters.
wolfSSL 15:117db924cf7c 1586 * priv Private Key.
wolfSSL 15:117db924cf7c 1587 * privSz Private Key size.
wolfSSL 15:117db924cf7c 1588 * prime Large prime (q), optionally NULL to skip check
wolfSSL 15:117db924cf7c 1589 * primeSz Size of large prime
wolfSSL 15:117db924cf7c 1590 *
wolfSSL 15:117db924cf7c 1591 * returns 0 on success or error code
wolfSSL 15:117db924cf7c 1592 */
wolfSSL 15:117db924cf7c 1593 int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
wolfSSL 15:117db924cf7c 1594 const byte* prime, word32 primeSz)
wolfSSL 15:117db924cf7c 1595 {
wolfSSL 15:117db924cf7c 1596 int ret = 0;
wolfSSL 15:117db924cf7c 1597 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1598 mp_int* x = NULL;
wolfSSL 15:117db924cf7c 1599 mp_int* q = NULL;
wolfSSL 15:117db924cf7c 1600 #else
wolfSSL 15:117db924cf7c 1601 mp_int x[1];
wolfSSL 15:117db924cf7c 1602 mp_int q[1];
wolfSSL 15:117db924cf7c 1603 #endif
wolfSSL 15:117db924cf7c 1604
wolfSSL 15:117db924cf7c 1605 if (key == NULL || priv == NULL) {
wolfSSL 15:117db924cf7c 1606 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1607 }
wolfSSL 15:117db924cf7c 1608
wolfSSL 15:117db924cf7c 1609 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1610 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1611 if (x == NULL)
wolfSSL 15:117db924cf7c 1612 return MEMORY_E;
wolfSSL 15:117db924cf7c 1613 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1614 if (q == NULL) {
wolfSSL 15:117db924cf7c 1615 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1616 return MEMORY_E;
wolfSSL 15:117db924cf7c 1617 }
wolfSSL 15:117db924cf7c 1618 #endif
wolfSSL 15:117db924cf7c 1619
wolfSSL 15:117db924cf7c 1620 if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1621 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1622 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1623 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1624 #endif
wolfSSL 15:117db924cf7c 1625 return MP_INIT_E;
wolfSSL 15:117db924cf7c 1626 }
wolfSSL 15:117db924cf7c 1627
wolfSSL 15:117db924cf7c 1628 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1629 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1630 }
wolfSSL 15:117db924cf7c 1631
wolfSSL 15:117db924cf7c 1632 if (ret == 0) {
wolfSSL 15:117db924cf7c 1633 if (prime != NULL) {
wolfSSL 15:117db924cf7c 1634 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1635 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1636 }
wolfSSL 15:117db924cf7c 1637 else if (mp_iszero(&key->q) == MP_NO) {
wolfSSL 15:117db924cf7c 1638 /* use q available in DhKey */
wolfSSL 15:117db924cf7c 1639 if (mp_copy(&key->q, q) != MP_OKAY)
wolfSSL 15:117db924cf7c 1640 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 1641 }
wolfSSL 15:117db924cf7c 1642 }
wolfSSL 15:117db924cf7c 1643
wolfSSL 15:117db924cf7c 1644 /* priv (x) should not be 0 */
wolfSSL 15:117db924cf7c 1645 if (ret == 0) {
wolfSSL 15:117db924cf7c 1646 if (mp_cmp_d(x, 0) == MP_EQ)
wolfSSL 15:117db924cf7c 1647 ret = MP_CMP_E;
wolfSSL 15:117db924cf7c 1648 }
wolfSSL 15:117db924cf7c 1649
wolfSSL 15:117db924cf7c 1650 if (ret == 0) {
wolfSSL 15:117db924cf7c 1651 if (mp_iszero(q) == MP_NO) {
wolfSSL 15:117db924cf7c 1652 /* priv (x) shouldn't be greater than q - 1 */
wolfSSL 15:117db924cf7c 1653 if (ret == 0) {
wolfSSL 15:117db924cf7c 1654 if (mp_copy(&key->q, q) != MP_OKAY)
wolfSSL 15:117db924cf7c 1655 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 1656 }
wolfSSL 15:117db924cf7c 1657 if (ret == 0) {
wolfSSL 15:117db924cf7c 1658 if (mp_sub_d(q, 1, q) != MP_OKAY)
wolfSSL 15:117db924cf7c 1659 ret = MP_SUB_E;
wolfSSL 15:117db924cf7c 1660 }
wolfSSL 15:117db924cf7c 1661 if (ret == 0) {
wolfSSL 15:117db924cf7c 1662 if (mp_cmp(x, q) == MP_GT)
wolfSSL 15:117db924cf7c 1663 ret = DH_CHECK_PRIV_E;
wolfSSL 15:117db924cf7c 1664 }
wolfSSL 15:117db924cf7c 1665 }
wolfSSL 15:117db924cf7c 1666 }
wolfSSL 15:117db924cf7c 1667
wolfSSL 15:117db924cf7c 1668 mp_clear(x);
wolfSSL 15:117db924cf7c 1669 mp_clear(q);
wolfSSL 15:117db924cf7c 1670 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1671 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1672 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1673 #endif
wolfSSL 15:117db924cf7c 1674
wolfSSL 15:117db924cf7c 1675 return ret;
wolfSSL 15:117db924cf7c 1676 }
wolfSSL 15:117db924cf7c 1677
wolfSSL 15:117db924cf7c 1678
wolfSSL 15:117db924cf7c 1679 /* Check DH Private Key for invalid numbers
wolfSSL 15:117db924cf7c 1680 *
wolfSSL 15:117db924cf7c 1681 * key DH key group parameters.
wolfSSL 15:117db924cf7c 1682 * priv Private Key.
wolfSSL 15:117db924cf7c 1683 * privSz Private Key size.
wolfSSL 15:117db924cf7c 1684 *
wolfSSL 15:117db924cf7c 1685 * returns 0 on success or error code
wolfSSL 15:117db924cf7c 1686 */
wolfSSL 15:117db924cf7c 1687 int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
wolfSSL 15:117db924cf7c 1688 {
wolfSSL 15:117db924cf7c 1689 return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
wolfSSL 15:117db924cf7c 1690 }
wolfSSL 15:117db924cf7c 1691
wolfSSL 15:117db924cf7c 1692
wolfSSL 15:117db924cf7c 1693 /* Check DH Keys for pair-wise consistency per process in
wolfSSL 15:117db924cf7c 1694 * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
wolfSSL 15:117db924cf7c 1695 *
wolfSSL 15:117db924cf7c 1696 * key DH key group parameters.
wolfSSL 15:117db924cf7c 1697 * pub Public Key.
wolfSSL 15:117db924cf7c 1698 * pubSz Public Key size.
wolfSSL 15:117db924cf7c 1699 * priv Private Key.
wolfSSL 15:117db924cf7c 1700 * privSz Private Key size.
wolfSSL 15:117db924cf7c 1701 *
wolfSSL 15:117db924cf7c 1702 * returns 0 on success or error code
wolfSSL 15:117db924cf7c 1703 */
wolfSSL 15:117db924cf7c 1704 int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
wolfSSL 15:117db924cf7c 1705 const byte* priv, word32 privSz)
wolfSSL 15:117db924cf7c 1706 {
wolfSSL 15:117db924cf7c 1707 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1708 mp_int* publicKey = NULL;
wolfSSL 15:117db924cf7c 1709 mp_int* privateKey = NULL;
wolfSSL 15:117db924cf7c 1710 mp_int* checkKey = NULL;
wolfSSL 15:117db924cf7c 1711 #else
wolfSSL 15:117db924cf7c 1712 mp_int publicKey[1];
wolfSSL 15:117db924cf7c 1713 mp_int privateKey[1];
wolfSSL 15:117db924cf7c 1714 mp_int checkKey[1];
wolfSSL 15:117db924cf7c 1715 #endif
wolfSSL 15:117db924cf7c 1716 int ret = 0;
wolfSSL 15:117db924cf7c 1717
wolfSSL 15:117db924cf7c 1718 if (key == NULL || pub == NULL || priv == NULL)
wolfSSL 15:117db924cf7c 1719 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1720
wolfSSL 15:117db924cf7c 1721 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1722 publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1723 if (publicKey == NULL)
wolfSSL 15:117db924cf7c 1724 return MEMORY_E;
wolfSSL 15:117db924cf7c 1725 privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1726 if (privateKey == NULL) {
wolfSSL 15:117db924cf7c 1727 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1728 return MEMORY_E;
wolfSSL 15:117db924cf7c 1729 }
wolfSSL 15:117db924cf7c 1730 checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1731 if (checkKey == NULL) {
wolfSSL 15:117db924cf7c 1732 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1733 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1734 return MEMORY_E;
wolfSSL 15:117db924cf7c 1735 }
wolfSSL 15:117db924cf7c 1736 #endif
wolfSSL 15:117db924cf7c 1737
wolfSSL 15:117db924cf7c 1738 if (mp_init_multi(publicKey, privateKey, checkKey,
wolfSSL 15:117db924cf7c 1739 NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1740
wolfSSL 16:8e0d178b1d1e 1741 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1742 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1743 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1744 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1745 #endif
wolfSSL 15:117db924cf7c 1746 return MP_INIT_E;
wolfSSL 15:117db924cf7c 1747 }
wolfSSL 15:117db924cf7c 1748
wolfSSL 15:117db924cf7c 1749 /* Load the private and public keys into big integers. */
wolfSSL 15:117db924cf7c 1750 if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
wolfSSL 15:117db924cf7c 1751 mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
wolfSSL 15:117db924cf7c 1752
wolfSSL 15:117db924cf7c 1753 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1754 }
wolfSSL 15:117db924cf7c 1755
wolfSSL 15:117db924cf7c 1756 /* Calculate checkKey = g^privateKey mod p */
wolfSSL 15:117db924cf7c 1757 if (ret == 0) {
wolfSSL 15:117db924cf7c 1758 #ifdef WOLFSSL_HAVE_SP_DH
wolfSSL 15:117db924cf7c 1759 #ifndef WOLFSSL_SP_NO_2048
wolfSSL 15:117db924cf7c 1760 if (mp_count_bits(&key->p) == 2048) {
wolfSSL 15:117db924cf7c 1761 ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey);
wolfSSL 15:117db924cf7c 1762 if (ret != 0)
wolfSSL 15:117db924cf7c 1763 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1764 }
wolfSSL 15:117db924cf7c 1765 else
wolfSSL 15:117db924cf7c 1766 #endif
wolfSSL 15:117db924cf7c 1767 #ifndef WOLFSSL_SP_NO_3072
wolfSSL 15:117db924cf7c 1768 if (mp_count_bits(&key->p) == 3072) {
wolfSSL 15:117db924cf7c 1769 ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey);
wolfSSL 15:117db924cf7c 1770 if (ret != 0)
wolfSSL 15:117db924cf7c 1771 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1772 }
wolfSSL 15:117db924cf7c 1773 else
wolfSSL 15:117db924cf7c 1774 #endif
wolfSSL 16:8e0d178b1d1e 1775 #ifdef WOLFSSL_SP_4096
wolfSSL 16:8e0d178b1d1e 1776 if (mp_count_bits(&key->p) == 4096) {
wolfSSL 16:8e0d178b1d1e 1777 ret = sp_ModExp_4096(&key->g, privateKey, &key->p, checkKey);
wolfSSL 16:8e0d178b1d1e 1778 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 1779 ret = MP_EXPTMOD_E;
wolfSSL 16:8e0d178b1d1e 1780 }
wolfSSL 16:8e0d178b1d1e 1781 else
wolfSSL 16:8e0d178b1d1e 1782 #endif
wolfSSL 15:117db924cf7c 1783 #endif
wolfSSL 15:117db924cf7c 1784 {
wolfSSL 15:117db924cf7c 1785 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1786 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY)
wolfSSL 15:117db924cf7c 1787 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1788 #else
wolfSSL 15:117db924cf7c 1789 ret = WC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 1790 #endif
wolfSSL 15:117db924cf7c 1791 }
wolfSSL 15:117db924cf7c 1792 }
wolfSSL 15:117db924cf7c 1793
wolfSSL 15:117db924cf7c 1794 /* Compare the calculated public key to the supplied check value. */
wolfSSL 15:117db924cf7c 1795 if (ret == 0) {
wolfSSL 15:117db924cf7c 1796 if (mp_cmp(checkKey, publicKey) != MP_EQ)
wolfSSL 15:117db924cf7c 1797 ret = MP_CMP_E;
wolfSSL 15:117db924cf7c 1798 }
wolfSSL 15:117db924cf7c 1799
wolfSSL 15:117db924cf7c 1800 mp_forcezero(privateKey);
wolfSSL 15:117db924cf7c 1801 mp_clear(privateKey);
wolfSSL 15:117db924cf7c 1802 mp_clear(publicKey);
wolfSSL 15:117db924cf7c 1803 mp_clear(checkKey);
wolfSSL 15:117db924cf7c 1804 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1805 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1806 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1807 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1808 #endif
wolfSSL 15:117db924cf7c 1809
wolfSSL 15:117db924cf7c 1810 return ret;
wolfSSL 15:117db924cf7c 1811 }
wolfSSL 15:117db924cf7c 1812
wolfSSL 15:117db924cf7c 1813
wolfSSL 15:117db924cf7c 1814 int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
wolfSSL 15:117db924cf7c 1815 byte* priv, word32* privSz, byte* pub, word32* pubSz)
wolfSSL 15:117db924cf7c 1816 {
wolfSSL 15:117db924cf7c 1817 int ret;
wolfSSL 15:117db924cf7c 1818
wolfSSL 15:117db924cf7c 1819 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
wolfSSL 15:117db924cf7c 1820 pub == NULL || pubSz == NULL) {
wolfSSL 15:117db924cf7c 1821 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1822 }
wolfSSL 15:117db924cf7c 1823
wolfSSL 15:117db924cf7c 1824 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 1825 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
wolfSSL 15:117db924cf7c 1826 ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
wolfSSL 15:117db924cf7c 1827 }
wolfSSL 15:117db924cf7c 1828 else
wolfSSL 15:117db924cf7c 1829 #endif
wolfSSL 15:117db924cf7c 1830 {
wolfSSL 15:117db924cf7c 1831 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
wolfSSL 15:117db924cf7c 1832 }
wolfSSL 15:117db924cf7c 1833
wolfSSL 15:117db924cf7c 1834 return ret;
wolfSSL 15:117db924cf7c 1835 }
wolfSSL 15:117db924cf7c 1836
wolfSSL 15:117db924cf7c 1837
wolfSSL 15:117db924cf7c 1838 static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
wolfSSL 15:117db924cf7c 1839 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
wolfSSL 15:117db924cf7c 1840 {
wolfSSL 15:117db924cf7c 1841 int ret = 0;
wolfSSL 15:117db924cf7c 1842 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1843 mp_int* y;
wolfSSL 15:117db924cf7c 1844 #ifndef WOLFSSL_SP_MATH
wolfSSL 16:8e0d178b1d1e 1845 mp_int* x;
wolfSSL 16:8e0d178b1d1e 1846 mp_int* z;
wolfSSL 15:117db924cf7c 1847 #endif
wolfSSL 15:117db924cf7c 1848 #else
wolfSSL 15:117db924cf7c 1849 mp_int y[1];
wolfSSL 15:117db924cf7c 1850 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1851 mp_int x[1];
wolfSSL 15:117db924cf7c 1852 mp_int z[1];
wolfSSL 15:117db924cf7c 1853 #endif
wolfSSL 15:117db924cf7c 1854 #endif
wolfSSL 15:117db924cf7c 1855
wolfSSL 15:117db924cf7c 1856 #ifdef WOLFSSL_VALIDATE_FFC_IMPORT
wolfSSL 15:117db924cf7c 1857 if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
wolfSSL 15:117db924cf7c 1858 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
wolfSSL 15:117db924cf7c 1859 return DH_CHECK_PRIV_E;
wolfSSL 15:117db924cf7c 1860 }
wolfSSL 15:117db924cf7c 1861
wolfSSL 15:117db924cf7c 1862 if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
wolfSSL 15:117db924cf7c 1863 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
wolfSSL 15:117db924cf7c 1864 return DH_CHECK_PUB_E;
wolfSSL 15:117db924cf7c 1865 }
wolfSSL 15:117db924cf7c 1866 #endif
wolfSSL 15:117db924cf7c 1867
wolfSSL 15:117db924cf7c 1868 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1869 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1870 if (y == NULL)
wolfSSL 15:117db924cf7c 1871 return MEMORY_E;
wolfSSL 15:117db924cf7c 1872 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1873 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1874 if (x == NULL) {
wolfSSL 15:117db924cf7c 1875 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1876 return MEMORY_E;
wolfSSL 15:117db924cf7c 1877 }
wolfSSL 15:117db924cf7c 1878 z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1879 if (z == NULL) {
wolfSSL 15:117db924cf7c 1880 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1881 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1882 return MEMORY_E;
wolfSSL 15:117db924cf7c 1883 }
wolfSSL 15:117db924cf7c 1884 #endif
wolfSSL 15:117db924cf7c 1885 #endif
wolfSSL 15:117db924cf7c 1886
wolfSSL 15:117db924cf7c 1887 #ifdef WOLFSSL_HAVE_SP_DH
wolfSSL 15:117db924cf7c 1888 #ifndef WOLFSSL_SP_NO_2048
wolfSSL 15:117db924cf7c 1889 if (mp_count_bits(&key->p) == 2048) {
wolfSSL 15:117db924cf7c 1890 if (mp_init(y) != MP_OKAY)
wolfSSL 15:117db924cf7c 1891 return MP_INIT_E;
wolfSSL 15:117db924cf7c 1892
wolfSSL 15:117db924cf7c 1893 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1894 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1895
wolfSSL 15:117db924cf7c 1896 if (ret == 0)
wolfSSL 15:117db924cf7c 1897 ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
wolfSSL 15:117db924cf7c 1898
wolfSSL 15:117db924cf7c 1899 mp_clear(y);
wolfSSL 15:117db924cf7c 1900 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1901 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1902 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1903 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1904 #endif
wolfSSL 15:117db924cf7c 1905 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1906 #endif
wolfSSL 15:117db924cf7c 1907 return ret;
wolfSSL 15:117db924cf7c 1908 }
wolfSSL 15:117db924cf7c 1909 #endif
wolfSSL 15:117db924cf7c 1910 #ifndef WOLFSSL_SP_NO_3072
wolfSSL 15:117db924cf7c 1911 if (mp_count_bits(&key->p) == 3072) {
wolfSSL 15:117db924cf7c 1912 if (mp_init(y) != MP_OKAY)
wolfSSL 15:117db924cf7c 1913 return MP_INIT_E;
wolfSSL 15:117db924cf7c 1914
wolfSSL 15:117db924cf7c 1915 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1916 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1917
wolfSSL 15:117db924cf7c 1918 if (ret == 0)
wolfSSL 15:117db924cf7c 1919 ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
wolfSSL 15:117db924cf7c 1920
wolfSSL 15:117db924cf7c 1921 mp_clear(y);
wolfSSL 15:117db924cf7c 1922 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1923 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1924 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1925 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1926 #endif
wolfSSL 15:117db924cf7c 1927 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1928 #endif
wolfSSL 15:117db924cf7c 1929 return ret;
wolfSSL 15:117db924cf7c 1930 }
wolfSSL 15:117db924cf7c 1931 #endif
wolfSSL 16:8e0d178b1d1e 1932 #ifdef WOLFSSL_SP_4096
wolfSSL 16:8e0d178b1d1e 1933 if (mp_count_bits(&key->p) == 4096) {
wolfSSL 16:8e0d178b1d1e 1934 if (mp_init(y) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 1935 return MP_INIT_E;
wolfSSL 16:8e0d178b1d1e 1936
wolfSSL 16:8e0d178b1d1e 1937 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 1938 ret = MP_READ_E;
wolfSSL 16:8e0d178b1d1e 1939
wolfSSL 16:8e0d178b1d1e 1940 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 1941 ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
wolfSSL 16:8e0d178b1d1e 1942
wolfSSL 16:8e0d178b1d1e 1943 mp_clear(y);
wolfSSL 16:8e0d178b1d1e 1944 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1945 #ifndef WOLFSSL_SP_MATH
wolfSSL 16:8e0d178b1d1e 1946 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1947 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1948 #endif
wolfSSL 16:8e0d178b1d1e 1949 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1950 #endif
wolfSSL 16:8e0d178b1d1e 1951 return ret;
wolfSSL 16:8e0d178b1d1e 1952 }
wolfSSL 16:8e0d178b1d1e 1953 #endif
wolfSSL 15:117db924cf7c 1954 #endif
wolfSSL 15:117db924cf7c 1955
wolfSSL 15:117db924cf7c 1956 #ifndef WOLFSSL_SP_MATH
wolfSSL 16:8e0d178b1d1e 1957 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1958 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 1959 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1960 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1961 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 16:8e0d178b1d1e 1962 #endif
wolfSSL 15:117db924cf7c 1963 return MP_INIT_E;
wolfSSL 16:8e0d178b1d1e 1964 }
wolfSSL 15:117db924cf7c 1965
wolfSSL 15:117db924cf7c 1966 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1967 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1968
wolfSSL 15:117db924cf7c 1969 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 1970 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 1971
wolfSSL 15:117db924cf7c 1972 if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
wolfSSL 15:117db924cf7c 1973 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 1974
wolfSSL 15:117db924cf7c 1975 /* make sure z is not one (SP800-56A, 5.7.1.1) */
wolfSSL 15:117db924cf7c 1976 if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
wolfSSL 15:117db924cf7c 1977 ret = MP_VAL;
wolfSSL 15:117db924cf7c 1978
wolfSSL 15:117db924cf7c 1979 if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
wolfSSL 15:117db924cf7c 1980 ret = MP_TO_E;
wolfSSL 15:117db924cf7c 1981
wolfSSL 15:117db924cf7c 1982 if (ret == 0)
wolfSSL 15:117db924cf7c 1983 *agreeSz = mp_unsigned_bin_size(z);
wolfSSL 15:117db924cf7c 1984
wolfSSL 15:117db924cf7c 1985 mp_clear(z);
wolfSSL 15:117db924cf7c 1986 mp_clear(y);
wolfSSL 15:117db924cf7c 1987 mp_forcezero(x);
wolfSSL 15:117db924cf7c 1988 #endif
wolfSSL 15:117db924cf7c 1989
wolfSSL 15:117db924cf7c 1990 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 1991 #ifndef WOLFSSL_SP_MATH
wolfSSL 15:117db924cf7c 1992 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1993 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1994 #endif
wolfSSL 15:117db924cf7c 1995 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 1996 #endif
wolfSSL 15:117db924cf7c 1997
wolfSSL 15:117db924cf7c 1998 return ret;
wolfSSL 15:117db924cf7c 1999 }
wolfSSL 15:117db924cf7c 2000
wolfSSL 15:117db924cf7c 2001 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 2002 static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
wolfSSL 15:117db924cf7c 2003 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
wolfSSL 15:117db924cf7c 2004 {
wolfSSL 15:117db924cf7c 2005 int ret;
wolfSSL 15:117db924cf7c 2006
wolfSSL 16:8e0d178b1d1e 2007 #if defined(HAVE_INTEL_QA)
wolfSSL 16:8e0d178b1d1e 2008 word32 pBits;
wolfSSL 15:117db924cf7c 2009
wolfSSL 16:8e0d178b1d1e 2010 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
wolfSSL 16:8e0d178b1d1e 2011 pBits = mp_unsigned_bin_size(&key->p) * 8;
wolfSSL 16:8e0d178b1d1e 2012 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
wolfSSL 16:8e0d178b1d1e 2013 pBits == 2048 || pBits == 3072 || pBits == 4096) {
wolfSSL 16:8e0d178b1d1e 2014 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
wolfSSL 16:8e0d178b1d1e 2015 if (ret == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 2016 ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
wolfSSL 16:8e0d178b1d1e 2017 agree, agreeSz, priv, privSz, otherPub, pubSz);
wolfSSL 16:8e0d178b1d1e 2018 return ret;
wolfSSL 16:8e0d178b1d1e 2019 }
wolfSSL 16:8e0d178b1d1e 2020
wolfSSL 16:8e0d178b1d1e 2021 #elif defined(HAVE_CAVIUM)
wolfSSL 16:8e0d178b1d1e 2022 /* TODO: Not implemented - use software for now */
wolfSSL 16:8e0d178b1d1e 2023
wolfSSL 15:117db924cf7c 2024 #else /* WOLFSSL_ASYNC_CRYPT_TEST */
wolfSSL 15:117db924cf7c 2025 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) {
wolfSSL 15:117db924cf7c 2026 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
wolfSSL 15:117db924cf7c 2027 testDev->dhAgree.key = key;
wolfSSL 15:117db924cf7c 2028 testDev->dhAgree.agree = agree;
wolfSSL 15:117db924cf7c 2029 testDev->dhAgree.agreeSz = agreeSz;
wolfSSL 15:117db924cf7c 2030 testDev->dhAgree.priv = priv;
wolfSSL 15:117db924cf7c 2031 testDev->dhAgree.privSz = privSz;
wolfSSL 15:117db924cf7c 2032 testDev->dhAgree.otherPub = otherPub;
wolfSSL 15:117db924cf7c 2033 testDev->dhAgree.pubSz = pubSz;
wolfSSL 15:117db924cf7c 2034 return WC_PENDING_E;
wolfSSL 15:117db924cf7c 2035 }
wolfSSL 16:8e0d178b1d1e 2036 #endif
wolfSSL 16:8e0d178b1d1e 2037
wolfSSL 16:8e0d178b1d1e 2038 /* otherwise use software DH */
wolfSSL 15:117db924cf7c 2039 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
wolfSSL 15:117db924cf7c 2040
wolfSSL 15:117db924cf7c 2041 return ret;
wolfSSL 15:117db924cf7c 2042 }
wolfSSL 15:117db924cf7c 2043 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 2044
wolfSSL 15:117db924cf7c 2045 int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
wolfSSL 15:117db924cf7c 2046 word32 privSz, const byte* otherPub, word32 pubSz)
wolfSSL 15:117db924cf7c 2047 {
wolfSSL 15:117db924cf7c 2048 int ret = 0;
wolfSSL 15:117db924cf7c 2049
wolfSSL 15:117db924cf7c 2050 if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
wolfSSL 15:117db924cf7c 2051 otherPub == NULL) {
wolfSSL 15:117db924cf7c 2052 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2053 }
wolfSSL 15:117db924cf7c 2054
wolfSSL 15:117db924cf7c 2055 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfSSL 15:117db924cf7c 2056 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
wolfSSL 15:117db924cf7c 2057 ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
wolfSSL 15:117db924cf7c 2058 }
wolfSSL 15:117db924cf7c 2059 else
wolfSSL 15:117db924cf7c 2060 #endif
wolfSSL 15:117db924cf7c 2061 {
wolfSSL 15:117db924cf7c 2062 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
wolfSSL 15:117db924cf7c 2063 }
wolfSSL 15:117db924cf7c 2064
wolfSSL 15:117db924cf7c 2065 return ret;
wolfSSL 15:117db924cf7c 2066 }
wolfSSL 15:117db924cf7c 2067
wolfSSL 16:8e0d178b1d1e 2068 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 2069 /* Sets private and public key in DhKey if both are available, otherwise sets
wolfSSL 16:8e0d178b1d1e 2070 either private or public key, depending on which is available.
wolfSSL 16:8e0d178b1d1e 2071 Returns WOLFSSL_SUCCESS if at least one of the keys was set. */
wolfSSL 16:8e0d178b1d1e 2072 WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
wolfSSL 16:8e0d178b1d1e 2073 const byte* pub_key, word32 pubSz)
wolfSSL 16:8e0d178b1d1e 2074 {
wolfSSL 16:8e0d178b1d1e 2075 byte havePriv = 0;
wolfSSL 16:8e0d178b1d1e 2076 byte havePub = 0;
wolfSSL 16:8e0d178b1d1e 2077 mp_int* keyPriv = NULL;
wolfSSL 16:8e0d178b1d1e 2078 mp_int* keyPub = NULL;
wolfSSL 15:117db924cf7c 2079
wolfSSL 16:8e0d178b1d1e 2080 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 2081 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2082 }
wolfSSL 16:8e0d178b1d1e 2083
wolfSSL 16:8e0d178b1d1e 2084 havePriv = ( (priv_key != NULL) && (privSz > 0) );
wolfSSL 16:8e0d178b1d1e 2085 havePub = ( (pub_key != NULL) && (pubSz > 0) );
wolfSSL 16:8e0d178b1d1e 2086
wolfSSL 16:8e0d178b1d1e 2087 if (!havePub && !havePriv) {
wolfSSL 16:8e0d178b1d1e 2088 WOLFSSL_MSG("No Public or Private Key to Set");
wolfSSL 16:8e0d178b1d1e 2089 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2090 }
wolfSSL 16:8e0d178b1d1e 2091 /* Set Private Key */
wolfSSL 16:8e0d178b1d1e 2092 if (havePriv == TRUE) {
wolfSSL 16:8e0d178b1d1e 2093 /* may have leading 0 */
wolfSSL 16:8e0d178b1d1e 2094 if (priv_key[0] == 0) {
wolfSSL 16:8e0d178b1d1e 2095 privSz--; priv_key++;
wolfSSL 16:8e0d178b1d1e 2096 }
wolfSSL 16:8e0d178b1d1e 2097 if (mp_init(&key->priv) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 2098 havePriv = FALSE;
wolfSSL 16:8e0d178b1d1e 2099 }
wolfSSL 16:8e0d178b1d1e 2100
wolfSSL 16:8e0d178b1d1e 2101 if (havePriv == TRUE) {
wolfSSL 16:8e0d178b1d1e 2102 if (mp_read_unsigned_bin(&key->priv, priv_key, privSz) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2103 havePriv = FALSE;
wolfSSL 16:8e0d178b1d1e 2104 } else {
wolfSSL 16:8e0d178b1d1e 2105 keyPriv = &key->priv;
wolfSSL 16:8e0d178b1d1e 2106 WOLFSSL_MSG("DH Private Key Set.");
wolfSSL 16:8e0d178b1d1e 2107 }
wolfSSL 16:8e0d178b1d1e 2108 }
wolfSSL 16:8e0d178b1d1e 2109
wolfSSL 16:8e0d178b1d1e 2110 /* Set Public Key */
wolfSSL 16:8e0d178b1d1e 2111 if (havePub == TRUE) {
wolfSSL 16:8e0d178b1d1e 2112 /* may have leading 0 */
wolfSSL 16:8e0d178b1d1e 2113 if (pub_key[0] == 0) {
wolfSSL 16:8e0d178b1d1e 2114 pubSz--; pub_key++;
wolfSSL 16:8e0d178b1d1e 2115 }
wolfSSL 16:8e0d178b1d1e 2116 if (mp_init(&key->pub) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 2117 havePub = FALSE;
wolfSSL 16:8e0d178b1d1e 2118 }
wolfSSL 16:8e0d178b1d1e 2119
wolfSSL 16:8e0d178b1d1e 2120 if (havePub == TRUE) {
wolfSSL 16:8e0d178b1d1e 2121 if (mp_read_unsigned_bin(&key->pub, pub_key, pubSz) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2122 havePub = FALSE;
wolfSSL 16:8e0d178b1d1e 2123 } else {
wolfSSL 16:8e0d178b1d1e 2124 keyPub = &key->pub;
wolfSSL 16:8e0d178b1d1e 2125 WOLFSSL_MSG("DH Public Key Set.");
wolfSSL 16:8e0d178b1d1e 2126 }
wolfSSL 16:8e0d178b1d1e 2127 }
wolfSSL 16:8e0d178b1d1e 2128 /* Free Memory if error occured */
wolfSSL 16:8e0d178b1d1e 2129 if (havePriv == FALSE && keyPriv != NULL)
wolfSSL 16:8e0d178b1d1e 2130 mp_clear(keyPriv);
wolfSSL 16:8e0d178b1d1e 2131 if (havePub == FALSE && keyPub != NULL)
wolfSSL 16:8e0d178b1d1e 2132 mp_clear(keyPub);
wolfSSL 16:8e0d178b1d1e 2133
wolfSSL 16:8e0d178b1d1e 2134 /* WOLFSSL_SUCCESS if private or public was set else WOLFSSL_FAILURE */
wolfSSL 16:8e0d178b1d1e 2135 return havePriv || havePub;
wolfSSL 16:8e0d178b1d1e 2136 }
wolfSSL 16:8e0d178b1d1e 2137 #endif
wolfSSL 16:8e0d178b1d1e 2138
wolfSSL 16:8e0d178b1d1e 2139 static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
wolfSSL 16:8e0d178b1d1e 2140 word32 gSz, const byte* q, word32 qSz, int trusted,
wolfSSL 16:8e0d178b1d1e 2141 WC_RNG* rng)
wolfSSL 15:117db924cf7c 2142 {
wolfSSL 15:117db924cf7c 2143 int ret = 0;
wolfSSL 15:117db924cf7c 2144 mp_int* keyP = NULL;
wolfSSL 15:117db924cf7c 2145 mp_int* keyG = NULL;
wolfSSL 15:117db924cf7c 2146
wolfSSL 15:117db924cf7c 2147 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
wolfSSL 15:117db924cf7c 2148 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2149 }
wolfSSL 15:117db924cf7c 2150
wolfSSL 15:117db924cf7c 2151 if (ret == 0) {
wolfSSL 15:117db924cf7c 2152 /* may have leading 0 */
wolfSSL 15:117db924cf7c 2153 if (p[0] == 0) {
wolfSSL 15:117db924cf7c 2154 pSz--; p++;
wolfSSL 15:117db924cf7c 2155 }
wolfSSL 15:117db924cf7c 2156
wolfSSL 15:117db924cf7c 2157 if (g[0] == 0) {
wolfSSL 15:117db924cf7c 2158 gSz--; g++;
wolfSSL 15:117db924cf7c 2159 }
wolfSSL 15:117db924cf7c 2160
wolfSSL 15:117db924cf7c 2161 if (q != NULL) {
wolfSSL 15:117db924cf7c 2162 if (q[0] == 0) {
wolfSSL 15:117db924cf7c 2163 qSz--; q++;
wolfSSL 15:117db924cf7c 2164 }
wolfSSL 15:117db924cf7c 2165 }
wolfSSL 15:117db924cf7c 2166
wolfSSL 15:117db924cf7c 2167 if (mp_init(&key->p) != MP_OKAY)
wolfSSL 15:117db924cf7c 2168 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 2169 }
wolfSSL 15:117db924cf7c 2170
wolfSSL 15:117db924cf7c 2171 if (ret == 0) {
wolfSSL 15:117db924cf7c 2172 if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 2173 ret = ASN_DH_KEY_E;
wolfSSL 15:117db924cf7c 2174 else
wolfSSL 15:117db924cf7c 2175 keyP = &key->p;
wolfSSL 15:117db924cf7c 2176 }
wolfSSL 16:8e0d178b1d1e 2177
wolfSSL 16:8e0d178b1d1e 2178 if (ret == 0 && !trusted) {
wolfSSL 16:8e0d178b1d1e 2179 int isPrime = 0;
wolfSSL 16:8e0d178b1d1e 2180 if (rng != NULL)
wolfSSL 16:8e0d178b1d1e 2181 ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
wolfSSL 16:8e0d178b1d1e 2182 else
wolfSSL 16:8e0d178b1d1e 2183 ret = mp_prime_is_prime(keyP, 8, &isPrime);
wolfSSL 16:8e0d178b1d1e 2184
wolfSSL 16:8e0d178b1d1e 2185 if (ret == 0 && isPrime == 0)
wolfSSL 16:8e0d178b1d1e 2186 ret = DH_CHECK_PUB_E;
wolfSSL 16:8e0d178b1d1e 2187 }
wolfSSL 16:8e0d178b1d1e 2188
wolfSSL 15:117db924cf7c 2189 if (ret == 0 && mp_init(&key->g) != MP_OKAY)
wolfSSL 15:117db924cf7c 2190 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 2191 if (ret == 0) {
wolfSSL 15:117db924cf7c 2192 if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 2193 ret = ASN_DH_KEY_E;
wolfSSL 15:117db924cf7c 2194 else
wolfSSL 15:117db924cf7c 2195 keyG = &key->g;
wolfSSL 15:117db924cf7c 2196 }
wolfSSL 15:117db924cf7c 2197
wolfSSL 15:117db924cf7c 2198 if (ret == 0 && q != NULL) {
wolfSSL 15:117db924cf7c 2199 if (mp_init(&key->q) != MP_OKAY)
wolfSSL 15:117db924cf7c 2200 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 2201 }
wolfSSL 15:117db924cf7c 2202 if (ret == 0 && q != NULL) {
wolfSSL 15:117db924cf7c 2203 if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 2204 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 2205 }
wolfSSL 15:117db924cf7c 2206
wolfSSL 15:117db924cf7c 2207 if (ret != 0 && key != NULL) {
wolfSSL 15:117db924cf7c 2208 if (keyG)
wolfSSL 15:117db924cf7c 2209 mp_clear(keyG);
wolfSSL 15:117db924cf7c 2210 if (keyP)
wolfSSL 15:117db924cf7c 2211 mp_clear(keyP);
wolfSSL 15:117db924cf7c 2212 }
wolfSSL 15:117db924cf7c 2213
wolfSSL 15:117db924cf7c 2214 return ret;
wolfSSL 15:117db924cf7c 2215 }
wolfSSL 15:117db924cf7c 2216
wolfSSL 15:117db924cf7c 2217
wolfSSL 16:8e0d178b1d1e 2218 int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
wolfSSL 16:8e0d178b1d1e 2219 word32 gSz, const byte* q, word32 qSz, int trusted,
wolfSSL 16:8e0d178b1d1e 2220 WC_RNG* rng)
wolfSSL 16:8e0d178b1d1e 2221 {
wolfSSL 16:8e0d178b1d1e 2222 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng);
wolfSSL 16:8e0d178b1d1e 2223 }
wolfSSL 16:8e0d178b1d1e 2224
wolfSSL 16:8e0d178b1d1e 2225
wolfSSL 16:8e0d178b1d1e 2226 int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g,
wolfSSL 16:8e0d178b1d1e 2227 word32 gSz, const byte* q, word32 qSz)
wolfSSL 16:8e0d178b1d1e 2228 {
wolfSSL 16:8e0d178b1d1e 2229 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
wolfSSL 16:8e0d178b1d1e 2230 }
wolfSSL 16:8e0d178b1d1e 2231
wolfSSL 16:8e0d178b1d1e 2232
wolfSSL 15:117db924cf7c 2233 /* not in asn anymore since no actual asn types used */
wolfSSL 15:117db924cf7c 2234 int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
wolfSSL 15:117db924cf7c 2235 word32 gSz)
wolfSSL 15:117db924cf7c 2236 {
wolfSSL 16:8e0d178b1d1e 2237 return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
wolfSSL 15:117db924cf7c 2238 }
wolfSSL 15:117db924cf7c 2239
wolfSSL 15:117db924cf7c 2240
wolfSSL 15:117db924cf7c 2241 #ifdef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 2242
wolfSSL 15:117db924cf7c 2243 /* modulus_size in bits */
wolfSSL 15:117db924cf7c 2244 int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
wolfSSL 15:117db924cf7c 2245 {
wolfSSL 15:117db924cf7c 2246 mp_int tmp, tmp2;
wolfSSL 15:117db924cf7c 2247 int groupSz = 0, bufSz = 0,
wolfSSL 15:117db924cf7c 2248 primeCheckCount = 0,
wolfSSL 15:117db924cf7c 2249 primeCheck = MP_NO,
wolfSSL 15:117db924cf7c 2250 ret = 0;
wolfSSL 15:117db924cf7c 2251 unsigned char *buf = NULL;
wolfSSL 15:117db924cf7c 2252
wolfSSL 15:117db924cf7c 2253 if (rng == NULL || dh == NULL)
wolfSSL 15:117db924cf7c 2254 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2255
wolfSSL 15:117db924cf7c 2256 /* set group size in bytes from modulus size
wolfSSL 15:117db924cf7c 2257 * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
wolfSSL 15:117db924cf7c 2258 */
wolfSSL 15:117db924cf7c 2259 if (ret == 0) {
wolfSSL 15:117db924cf7c 2260 switch (modSz) {
wolfSSL 15:117db924cf7c 2261 case 1024:
wolfSSL 15:117db924cf7c 2262 groupSz = 20;
wolfSSL 15:117db924cf7c 2263 break;
wolfSSL 15:117db924cf7c 2264 case 2048:
wolfSSL 15:117db924cf7c 2265 case 3072:
wolfSSL 15:117db924cf7c 2266 groupSz = 32;
wolfSSL 15:117db924cf7c 2267 break;
wolfSSL 15:117db924cf7c 2268 default:
wolfSSL 15:117db924cf7c 2269 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2270 break;
wolfSSL 15:117db924cf7c 2271 }
wolfSSL 15:117db924cf7c 2272 }
wolfSSL 15:117db924cf7c 2273
wolfSSL 15:117db924cf7c 2274 if (ret == 0) {
wolfSSL 15:117db924cf7c 2275 /* modulus size in bytes */
wolfSSL 15:117db924cf7c 2276 modSz /= WOLFSSL_BIT_SIZE;
wolfSSL 15:117db924cf7c 2277 bufSz = modSz - groupSz;
wolfSSL 15:117db924cf7c 2278
wolfSSL 15:117db924cf7c 2279 /* allocate ram */
wolfSSL 15:117db924cf7c 2280 buf = (unsigned char *)XMALLOC(bufSz,
wolfSSL 15:117db924cf7c 2281 dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 2282 if (buf == NULL)
wolfSSL 15:117db924cf7c 2283 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 2284 }
wolfSSL 15:117db924cf7c 2285
wolfSSL 16:8e0d178b1d1e 2286 /* make a random string that will be multiplied against q */
wolfSSL 15:117db924cf7c 2287 if (ret == 0)
wolfSSL 15:117db924cf7c 2288 ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
wolfSSL 15:117db924cf7c 2289
wolfSSL 15:117db924cf7c 2290 if (ret == 0) {
wolfSSL 15:117db924cf7c 2291 /* force magnitude */
wolfSSL 15:117db924cf7c 2292 buf[0] |= 0xC0;
wolfSSL 15:117db924cf7c 2293 /* force even */
wolfSSL 15:117db924cf7c 2294 buf[bufSz - 1] &= ~1;
wolfSSL 15:117db924cf7c 2295
wolfSSL 15:117db924cf7c 2296 if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
wolfSSL 15:117db924cf7c 2297 != MP_OKAY) {
wolfSSL 15:117db924cf7c 2298 ret = MP_INIT_E;
wolfSSL 15:117db924cf7c 2299 }
wolfSSL 15:117db924cf7c 2300 }
wolfSSL 15:117db924cf7c 2301
wolfSSL 15:117db924cf7c 2302 if (ret == 0) {
wolfSSL 15:117db924cf7c 2303 if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
wolfSSL 15:117db924cf7c 2304 ret = MP_READ_E;
wolfSSL 15:117db924cf7c 2305 }
wolfSSL 15:117db924cf7c 2306
wolfSSL 15:117db924cf7c 2307 /* make our prime q */
wolfSSL 15:117db924cf7c 2308 if (ret == 0) {
wolfSSL 15:117db924cf7c 2309 if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY)
wolfSSL 15:117db924cf7c 2310 ret = PRIME_GEN_E;
wolfSSL 15:117db924cf7c 2311 }
wolfSSL 15:117db924cf7c 2312
wolfSSL 15:117db924cf7c 2313 /* p = random * q */
wolfSSL 15:117db924cf7c 2314 if (ret == 0) {
wolfSSL 15:117db924cf7c 2315 if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
wolfSSL 15:117db924cf7c 2316 ret = MP_MUL_E;
wolfSSL 15:117db924cf7c 2317 }
wolfSSL 15:117db924cf7c 2318
wolfSSL 15:117db924cf7c 2319 /* p = random * q + 1, so q is a prime divisor of p-1 */
wolfSSL 15:117db924cf7c 2320 if (ret == 0) {
wolfSSL 15:117db924cf7c 2321 if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY)
wolfSSL 15:117db924cf7c 2322 ret = MP_ADD_E;
wolfSSL 15:117db924cf7c 2323 }
wolfSSL 15:117db924cf7c 2324
wolfSSL 15:117db924cf7c 2325 /* tmp = 2q */
wolfSSL 15:117db924cf7c 2326 if (ret == 0) {
wolfSSL 15:117db924cf7c 2327 if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
wolfSSL 15:117db924cf7c 2328 ret = MP_ADD_E;
wolfSSL 15:117db924cf7c 2329 }
wolfSSL 15:117db924cf7c 2330
wolfSSL 15:117db924cf7c 2331 /* loop until p is prime */
wolfSSL 15:117db924cf7c 2332 if (ret == 0) {
wolfSSL 15:117db924cf7c 2333 do {
wolfSSL 16:8e0d178b1d1e 2334 if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
wolfSSL 15:117db924cf7c 2335 ret = PRIME_GEN_E;
wolfSSL 15:117db924cf7c 2336
wolfSSL 15:117db924cf7c 2337 if (primeCheck != MP_YES) {
wolfSSL 15:117db924cf7c 2338 /* p += 2q */
wolfSSL 15:117db924cf7c 2339 if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
wolfSSL 15:117db924cf7c 2340 ret = MP_ADD_E;
wolfSSL 15:117db924cf7c 2341 else
wolfSSL 15:117db924cf7c 2342 primeCheckCount++;
wolfSSL 15:117db924cf7c 2343 }
wolfSSL 15:117db924cf7c 2344 } while (ret == 0 && primeCheck == MP_NO);
wolfSSL 15:117db924cf7c 2345 }
wolfSSL 15:117db924cf7c 2346
wolfSSL 15:117db924cf7c 2347 /* tmp2 += (2*loop_check_prime)
wolfSSL 15:117db924cf7c 2348 * to have p = (q * tmp2) + 1 prime
wolfSSL 15:117db924cf7c 2349 */
wolfSSL 16:8e0d178b1d1e 2350 if ((ret == 0) && (primeCheckCount)) {
wolfSSL 15:117db924cf7c 2351 if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
wolfSSL 15:117db924cf7c 2352 ret = MP_ADD_E;
wolfSSL 15:117db924cf7c 2353 }
wolfSSL 15:117db924cf7c 2354
wolfSSL 15:117db924cf7c 2355 /* find a value g for which g^tmp2 != 1 */
wolfSSL 16:8e0d178b1d1e 2356 if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
wolfSSL 15:117db924cf7c 2357 ret = MP_ZERO_E;
wolfSSL 15:117db924cf7c 2358
wolfSSL 15:117db924cf7c 2359 if (ret == 0) {
wolfSSL 15:117db924cf7c 2360 do {
wolfSSL 15:117db924cf7c 2361 if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
wolfSSL 15:117db924cf7c 2362 ret = MP_ADD_E;
wolfSSL 15:117db924cf7c 2363 else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
wolfSSL 15:117db924cf7c 2364 ret = MP_EXPTMOD_E;
wolfSSL 15:117db924cf7c 2365 } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
wolfSSL 15:117db924cf7c 2366 }
wolfSSL 15:117db924cf7c 2367
wolfSSL 16:8e0d178b1d1e 2368 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 2369 /* at this point tmp generates a group of order q mod p */
wolfSSL 16:8e0d178b1d1e 2370 mp_exch(&tmp, &dh->g);
wolfSSL 16:8e0d178b1d1e 2371 }
wolfSSL 15:117db924cf7c 2372
wolfSSL 15:117db924cf7c 2373 /* clear the parameters if there was an error */
wolfSSL 16:8e0d178b1d1e 2374 if ((ret != 0) && (dh != NULL)) {
wolfSSL 15:117db924cf7c 2375 mp_clear(&dh->q);
wolfSSL 15:117db924cf7c 2376 mp_clear(&dh->p);
wolfSSL 15:117db924cf7c 2377 mp_clear(&dh->g);
wolfSSL 15:117db924cf7c 2378 }
wolfSSL 15:117db924cf7c 2379
wolfSSL 16:8e0d178b1d1e 2380 if (buf != NULL) {
wolfSSL 16:8e0d178b1d1e 2381 ForceZero(buf, bufSz);
wolfSSL 16:8e0d178b1d1e 2382 if (dh != NULL) {
wolfSSL 16:8e0d178b1d1e 2383 XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 2384 }
wolfSSL 16:8e0d178b1d1e 2385 }
wolfSSL 15:117db924cf7c 2386 mp_clear(&tmp);
wolfSSL 15:117db924cf7c 2387 mp_clear(&tmp2);
wolfSSL 15:117db924cf7c 2388
wolfSSL 15:117db924cf7c 2389 return ret;
wolfSSL 15:117db924cf7c 2390 }
wolfSSL 15:117db924cf7c 2391
wolfSSL 15:117db924cf7c 2392
wolfSSL 15:117db924cf7c 2393 /* Export raw DH parameters from DhKey structure
wolfSSL 15:117db924cf7c 2394 *
wolfSSL 15:117db924cf7c 2395 * dh - pointer to initialized DhKey structure
wolfSSL 15:117db924cf7c 2396 * p - output location for DH (p) parameter
wolfSSL 15:117db924cf7c 2397 * pSz - [IN/OUT] size of output buffer for p, size of p
wolfSSL 15:117db924cf7c 2398 * q - output location for DH (q) parameter
wolfSSL 15:117db924cf7c 2399 * qSz - [IN/OUT] size of output buffer for q, size of q
wolfSSL 15:117db924cf7c 2400 * g - output location for DH (g) parameter
wolfSSL 15:117db924cf7c 2401 * gSz - [IN/OUT] size of output buffer for g, size of g
wolfSSL 15:117db924cf7c 2402 *
wolfSSL 15:117db924cf7c 2403 * If p, q, and g pointers are all passed in as NULL, the function
wolfSSL 15:117db924cf7c 2404 * will set pSz, qSz, and gSz to the required output buffer sizes for p,
wolfSSL 15:117db924cf7c 2405 * q, and g. In this case, the function will return LENGTH_ONLY_E.
wolfSSL 15:117db924cf7c 2406 *
wolfSSL 15:117db924cf7c 2407 * returns 0 on success, negative upon failure
wolfSSL 15:117db924cf7c 2408 */
wolfSSL 15:117db924cf7c 2409 int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
wolfSSL 15:117db924cf7c 2410 byte* q, word32* qSz, byte* g, word32* gSz)
wolfSSL 15:117db924cf7c 2411 {
wolfSSL 15:117db924cf7c 2412 int ret = 0;
wolfSSL 15:117db924cf7c 2413 word32 pLen = 0, qLen = 0, gLen = 0;
wolfSSL 15:117db924cf7c 2414
wolfSSL 15:117db924cf7c 2415 if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
wolfSSL 15:117db924cf7c 2416 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2417
wolfSSL 15:117db924cf7c 2418 /* get required output buffer sizes */
wolfSSL 15:117db924cf7c 2419 if (ret == 0) {
wolfSSL 15:117db924cf7c 2420 pLen = mp_unsigned_bin_size(&dh->p);
wolfSSL 15:117db924cf7c 2421 qLen = mp_unsigned_bin_size(&dh->q);
wolfSSL 15:117db924cf7c 2422 gLen = mp_unsigned_bin_size(&dh->g);
wolfSSL 15:117db924cf7c 2423
wolfSSL 15:117db924cf7c 2424 /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */
wolfSSL 15:117db924cf7c 2425 if (p == NULL && q == NULL && g == NULL) {
wolfSSL 15:117db924cf7c 2426 *pSz = pLen;
wolfSSL 15:117db924cf7c 2427 *qSz = qLen;
wolfSSL 15:117db924cf7c 2428 *gSz = gLen;
wolfSSL 15:117db924cf7c 2429 ret = LENGTH_ONLY_E;
wolfSSL 15:117db924cf7c 2430 }
wolfSSL 15:117db924cf7c 2431 }
wolfSSL 15:117db924cf7c 2432
wolfSSL 15:117db924cf7c 2433 if (ret == 0) {
wolfSSL 15:117db924cf7c 2434 if (p == NULL || q == NULL || g == NULL)
wolfSSL 15:117db924cf7c 2435 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2436 }
wolfSSL 15:117db924cf7c 2437
wolfSSL 15:117db924cf7c 2438 /* export p */
wolfSSL 15:117db924cf7c 2439 if (ret == 0) {
wolfSSL 15:117db924cf7c 2440 if (*pSz < pLen) {
wolfSSL 15:117db924cf7c 2441 WOLFSSL_MSG("Output buffer for DH p parameter too small, "
wolfSSL 15:117db924cf7c 2442 "required size placed into pSz");
wolfSSL 15:117db924cf7c 2443 *pSz = pLen;
wolfSSL 15:117db924cf7c 2444 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 2445 }
wolfSSL 15:117db924cf7c 2446 }
wolfSSL 15:117db924cf7c 2447
wolfSSL 15:117db924cf7c 2448 if (ret == 0) {
wolfSSL 15:117db924cf7c 2449 *pSz = pLen;
wolfSSL 15:117db924cf7c 2450 if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY)
wolfSSL 15:117db924cf7c 2451 ret = MP_TO_E;
wolfSSL 15:117db924cf7c 2452 }
wolfSSL 15:117db924cf7c 2453
wolfSSL 15:117db924cf7c 2454 /* export q */
wolfSSL 15:117db924cf7c 2455 if (ret == 0) {
wolfSSL 15:117db924cf7c 2456 if (*qSz < qLen) {
wolfSSL 15:117db924cf7c 2457 WOLFSSL_MSG("Output buffer for DH q parameter too small, "
wolfSSL 15:117db924cf7c 2458 "required size placed into qSz");
wolfSSL 15:117db924cf7c 2459 *qSz = qLen;
wolfSSL 15:117db924cf7c 2460 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 2461 }
wolfSSL 15:117db924cf7c 2462 }
wolfSSL 15:117db924cf7c 2463
wolfSSL 15:117db924cf7c 2464 if (ret == 0) {
wolfSSL 15:117db924cf7c 2465 *qSz = qLen;
wolfSSL 15:117db924cf7c 2466 if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY)
wolfSSL 15:117db924cf7c 2467 ret = MP_TO_E;
wolfSSL 15:117db924cf7c 2468 }
wolfSSL 15:117db924cf7c 2469
wolfSSL 15:117db924cf7c 2470 /* export g */
wolfSSL 15:117db924cf7c 2471 if (ret == 0) {
wolfSSL 15:117db924cf7c 2472 if (*gSz < gLen) {
wolfSSL 15:117db924cf7c 2473 WOLFSSL_MSG("Output buffer for DH g parameter too small, "
wolfSSL 15:117db924cf7c 2474 "required size placed into gSz");
wolfSSL 15:117db924cf7c 2475 *gSz = gLen;
wolfSSL 15:117db924cf7c 2476 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 2477 }
wolfSSL 15:117db924cf7c 2478 }
wolfSSL 15:117db924cf7c 2479
wolfSSL 15:117db924cf7c 2480 if (ret == 0) {
wolfSSL 15:117db924cf7c 2481 *gSz = gLen;
wolfSSL 15:117db924cf7c 2482 if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY)
wolfSSL 15:117db924cf7c 2483 ret = MP_TO_E;
wolfSSL 15:117db924cf7c 2484 }
wolfSSL 15:117db924cf7c 2485
wolfSSL 15:117db924cf7c 2486 return ret;
wolfSSL 15:117db924cf7c 2487 }
wolfSSL 15:117db924cf7c 2488
wolfSSL 15:117db924cf7c 2489 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 2490
wolfSSL 15:117db924cf7c 2491 #endif /* NO_DH */
wolfSSL 15:117db924cf7c 2492