WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

FIPS Revalidation 

1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
cert-3389
John Safranek 2018-05-08 17:02:59 -07:00
parent ceed6e08fd
commit 12edf80e2b
8 changed files with 604 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@ -2043,7 +2043,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144"
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT"
ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
@ -2054,7 +2054,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
@ -2066,6 +2066,8 @@ then
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
])
else
if test "x$ENABLED_FORTRESS" = "xyes"

557
wolfcrypt/src/dh.c
View File

@ -100,10 +100,49 @@ static const byte dh_ffdhe2048_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe2048_g[] = { 0x02 };
#ifdef HAVE_FFDHE_Q
static const byte dh_ffdhe2048_q[] = {
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
#endif /* HAVE_FFDHE_Q */
const DhParams* wc_Dh_ffdhe2048_Get(void)
{
static const DhParams ffdhe2048 = {
#ifdef HAVE_FFDHE_Q
dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
#endif /* HAVE_FFDHE_Q */
dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
};
@ -163,10 +202,65 @@ static const byte dh_ffdhe3072_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe3072_g[] = { 0x02 };
#if HAVE_FFDHE_Q
static const byte dh_ffdhe3072_q[] = {
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
#endif /* HAVE_FFDHE_Q */
const DhParams* wc_Dh_ffdhe3072_Get(void)
{
static const DhParams ffdhe3072 = {
#ifdef HAVE_FFDHE_Q
dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
#endif /* HAVE_FFDHE_Q */
dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
};
@ -242,10 +336,81 @@ static const byte dh_ffdhe4096_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe4096_g[] = { 0x02 };
#if HAVE_FFDHE_Q
static const byte dh_ffdhe4096_q[] = {
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
#endif /* HAVE_FFDHE_Q */
const DhParams* wc_Dh_ffdhe4096_Get(void)
{
static const DhParams ffdhe4096 = {
#ifdef HAVE_FFDHE_Q
dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
#endif /* HAVE_FFDHE_Q */
dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
};
@ -353,10 +518,113 @@ static const byte dh_ffdhe6144_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe6144_g[] = { 0x02 };
#if HAVE_FFDHE_Q
static const byte dh_ffdhe6144_q[] = {
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
#endif /* HAVE_FFDHE_Q */
const DhParams* wc_Dh_ffdhe6144_Get(void)
{
static const DhParams ffdhe6144 = {
#ifdef HAVE_FFDHE_Q
dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
#endif /* HAVE_FFDHE_Q */
dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
};
@ -496,10 +764,145 @@ static const byte dh_ffdhe8192_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe8192_g[] = { 0x02 };
#if HAVE_FFDHE_Q
static const byte dh_ffdhe8192_g[] = {
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
#endif /* HAVE_FFDHE_Q */
const DhParams* wc_Dh_ffdhe8192_Get(void)
{
static const DhParams ffdhe8192 = {
#ifdef HAVE_FFDHE_Q
dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
#endif /* HAVE_FFDHE_Q */
dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
};
@ -894,6 +1297,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
/* Check DH Public Key for invalid numbers, optionally allowing
* the public key to be checked against the large prime (q).
* Check per process in SP 800-56Ar3, section 5.6.2.3.1.
*
* key DH key group parameters.
* pub Public Key.
@ -933,6 +1337,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
ret = MP_INIT_E;
}
/* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
/* pub (y) should not be 0 or 1 */
if (ret == 0 && mp_cmp_d(&y, 2) == MP_LT) {
ret = MP_CMP_E;
@ -976,6 +1381,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
#endif
#endif
/* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
#ifndef WOLFSSL_SP_MATH
{
/* calculate (y^q) mod(p), store back into y */
@ -1015,6 +1421,150 @@ int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
}
/* Check DH Private Key for invalid numbers, optionally allowing
* the private key to be checked against the large prime (q).
* Check per process in SP 800-56Ar3, section 5.6.2.1.2.
*
* key DH key group parameters.
* priv Private Key.
* privSz Private Key size.
* prime Large prime (q), optionally NULL to skip check
* primeSz Size of large prime
*
* returns 0 on success or error code
*/
int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
const byte* prime, word32 primeSz)
{
int ret = 0;
mp_int x;
mp_int q;
if (key == NULL || priv == NULL) {
return BAD_FUNC_ARG;
}
if (mp_init_multi(&x, &q, NULL, NULL, NULL, NULL) != MP_OKAY) {
return MP_INIT_E;
}
if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY) {
ret = MP_READ_E;
}
if (ret == 0) {
if (prime != NULL) {
if (mp_read_unsigned_bin(&q, prime, primeSz) != MP_OKAY)
ret = MP_READ_E;
}
else if (mp_iszero(&key->q) == MP_NO) {
/* use q available in DhKey */
if (mp_copy(&key->q, &q) != MP_OKAY)
ret = MP_INIT_E;
}
}
/* priv (x) should not be 0 */
if (ret == 0) {
if (mp_cmp_d(&x, 0) == MP_EQ)
ret = MP_CMP_E;
}
if (ret == 0) {
if (mp_iszero(&q) == MP_NO) {
/* priv (x) shouldn't be greater than q - 1 */
if (ret == 0) {
if (mp_copy(&key->q, &q) != MP_OKAY)
ret = MP_INIT_E;
}
if (ret == 0) {
if (mp_sub_d(&q, 1, &q) != MP_OKAY)
ret = MP_SUB_E;
}
if (ret == 0) {
if (mp_cmp(&x, &q) == MP_GT)
ret = DH_CHECK_PRIV_E;
}
}
}
mp_clear(&x);
mp_clear(&q);
return ret;
}
/* Check DH Private Key for invalid numbers
*
* key DH key group parameters.
* priv Private Key.
* privSz Private Key size.
*
* returns 0 on success or error code
*/
int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
{
return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
}
/* Check DH Keys for pair-wise consistency per process in
* SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
*
* key DH key group parameters.
* pub Public Key.
* pubSz Public Key size.
* priv Private Key.
* privSz Private Key size.
*
* returns 0 on success or error code
*/
int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
const byte* priv, word32 privSz)
{
mp_int publicKey;
mp_int privateKey;
mp_int checkKey;
int ret = 0;
if (key == NULL || pub == NULL || priv == NULL)
return BAD_FUNC_ARG;
if (mp_init_multi(&publicKey, &privateKey, &checkKey,
NULL, NULL, NULL) != MP_OKAY) {
return MP_INIT_E;
}
/* Load the private and public keys into big integers. */
if (mp_read_unsigned_bin(&publicKey, pub, pubSz) != MP_OKAY ||
mp_read_unsigned_bin(&privateKey, priv, privSz) != MP_OKAY) {
ret = MP_READ_E;
}
/* Calculate checkKey = g^privateKey mod p */
if (ret == 0) {
if (mp_exptmod(&key->g, &privateKey, &key->p, &checkKey) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
/* Compare the calculated public key to the supplied check value. */
if (ret == 0) {
if (mp_cmp(&checkKey, &publicKey) != MP_EQ)
ret = MP_CMP_E;
}
mp_forcezero(&privateKey);
mp_clear(&privateKey);
mp_clear(&publicKey);
mp_clear(&checkKey);
return ret;
}
int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
@ -1049,10 +1599,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
mp_int z;
#endif
#ifdef WOLFSSL_VALIDATE_FFC_IMPORT
if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
return DH_CHECK_PRIV_E;
}
if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
return DH_CHECK_PUB_E;
}
#endif
#ifdef WOLFSSL_HAVE_SP_DH
#ifndef WOLFSSL_SP_NO_2048

5
wolfcrypt/src/ecc.c
View File

@ -5415,6 +5415,7 @@ int wc_ecc_check_key(ecc_key* key)
#else
/* SP 800-56Ar3, section 5.6.2.3.3, process step 1 */
/* pubkey point cannot be at infinity */
if (wc_ecc_point_is_at_infinity(&key->pubkey))
return ECC_INF_E;
@ -5437,6 +5438,7 @@ int wc_ecc_check_key(ecc_key* key)
b = curve->Bf;
#endif
/* SP 800-56Ar3, section 5.6.2.3.3, process step 2 */
/* Qx must be in the range [0, p-1] */
if (mp_cmp(key->pubkey.x, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
@ -5445,15 +5447,18 @@ int wc_ecc_check_key(ecc_key* key)
if (mp_cmp(key->pubkey.y, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
/* SP 800-56Ar3, section 5.6.2.3.3, process steps 3 */
/* make sure point is actually on curve */
if (err == MP_OKAY)
err = wc_ecc_is_point(&key->pubkey, curve->Af, b, curve->prime);
/* SP 800-56Ar3, section 5.6.2.3.3, process steps 4 */
/* pubkey * order must be at infinity */
if (err == MP_OKAY)
err = ecc_check_pubkey_order(key, &key->pubkey, curve->Af, curve->prime,
curve->order);
/* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */
/* private * base generator must equal pubkey */
if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
err = ecc_check_privkey_gen(key, curve->Af, curve->prime);

3
wolfcrypt/src/error.c
View File

@ -479,6 +479,9 @@ const char* wc_GetErrorString(int error)
case RSA_KEY_PAIR_E:
return "RSA Key Pair-Wise Consistency check fail";
case DH_CHECK_PRIV_E:
return "DH Check Private Key failure";
default:
return "unknown error number";

1
wolfcrypt/src/random.c
View File

@ -1143,6 +1143,7 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
return ret;
XMEMCPY(output, &rndTmp, sz);
ForceZero(&rndTmp, sizeof(rndTmp));
return 0;
}

34
wolfcrypt/test/test.c
View File

@ -10781,21 +10781,33 @@ static int dh_fips_generate_test(WC_RNG *rng)
ret = -5727;
}
ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz);
if (ret != 0) {
ERROR_OUT(-8229, exit_gen_test);
}
/* Taint the public key so the check fails. */
pub[0]++;
ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz);
if (ret != MP_CMP_E) {
ERROR_OUT(-8230, exit_gen_test);
}
else
ret = 0;
#ifdef WOLFSSL_KEY_GEN
if (ret == 0) {
ret = wc_DhGenerateParams(rng, 2048, &key);
if (ret != 0) {
ERROR_OUT(-8226, exit_gen_test);
}
ret = wc_DhGenerateParams(rng, 2048, &key);
if (ret != 0) {
ERROR_OUT(-8226, exit_gen_test);
}
privSz = sizeof(priv);
pubSz = sizeof(pub);
privSz = sizeof(priv);
pubSz = sizeof(pub);
ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz);
if (ret != 0) {
ret = -8227;
}
ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz);
if (ret != 0) {
ERROR_OUT(-8227, exit_gen_test);
}
#endif /* WOLFSSL_KEY_GEN */

9
wolfssl/wolfcrypt/dh.h
View File

@ -46,6 +46,10 @@
#include <wolfssl/wolfcrypt/async.h>
#endif
typedef struct DhParams {
#ifdef HAVE_FFDHE_Q
const byte* q;
word32 q_len;
#endif /* HAVE_FFDHE_Q */
const byte* p;
word32 p_len;
const byte* g;
@ -99,6 +103,11 @@ WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
WOLFSSL_API int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
const byte* prime, word32 primeSz);
WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz,
const byte* prime, word32 primeSz);
WOLFSSL_API int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
const byte* priv, word32 privSz);
WOLFSSL_API int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh);
WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
byte* q, word32* qSz, byte* g, word32* gSz);

3
wolfssl/wolfcrypt/error-crypt.h
View File

@ -211,8 +211,9 @@ enum {
AES_GCM_OVERFLOW_E = -260, /* AES-GCM invocation counter overflow. */
AES_CCM_OVERFLOW_E = -261, /* AES-CCM invocation counter overflow. */
RSA_KEY_PAIR_E = -262, /* RSA Key Pair-Wise Consistency check fail. */
DH_CHECK_PRIV_E = -263, /* DH Check Priv Key error */
WC_LAST_E = -262, /* Update this to indicate last error */
WC_LAST_E = -263, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes