diff --git a/configure.ac b/configure.ac index 0c096fd7d..769c81de5 100644 --- a/configure.ac +++ b/configure.ac @@ -2043,7 +2043,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" # Add the FIPS flag. AS_IF([test "x$FIPS_VERSION" = "xv2"], - [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144" + [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT" ENABLED_KEYGEN="yes" ENABLED_SHA224="yes" AS_IF([test "x$ENABLED_AESCCM" != "xyes"], @@ -2054,7 +2054,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) AS_IF([test "x$ENABLED_ECC" != "xyes"], [ENABLED_ECC="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) AS_IF([test "x$ENABLED_AESCTR" != "xyes"], @@ -2066,6 +2066,8 @@ then AS_IF([test "x$ENABLED_HKDF" != "xyes"], [ENABLED_HKDF="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) + AS_IF([test "x$ENABLED_INTELASM" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) ]) else if test "x$ENABLED_FORTRESS" = "xyes" diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 8ff61f274..34c7a16a0 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -100,10 +100,49 @@ static const byte dh_ffdhe2048_p[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const byte dh_ffdhe2048_g[] = { 0x02 }; +#ifdef HAVE_FFDHE_Q +static const byte dh_ffdhe2048_q[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, + 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, + 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, + 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, + 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, + 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, + 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, + 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, + 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, + 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, + 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, + 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, + 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, + 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, + 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, + 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, + 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, + 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, + 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, + 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, + 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, + 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, + 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, + 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, + 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, + 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; +#endif /* HAVE_FFDHE_Q */ const DhParams* wc_Dh_ffdhe2048_Get(void) { static const DhParams ffdhe2048 = { + #ifdef HAVE_FFDHE_Q + dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q), + #endif /* HAVE_FFDHE_Q */ dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p), dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) }; @@ -163,10 +202,65 @@ static const byte dh_ffdhe3072_p[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const byte dh_ffdhe3072_g[] = { 0x02 }; +#if HAVE_FFDHE_Q +static const byte dh_ffdhe3072_q[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, + 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, + 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, + 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, + 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, + 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, + 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, + 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, + 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, + 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, + 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, + 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, + 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, + 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, + 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, + 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, + 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, + 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, + 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, + 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, + 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, + 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, + 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, + 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, + 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, + 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, + 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, + 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, + 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, + 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, + 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, + 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, + 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, + 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, + 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, + 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, + 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, + 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, + 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, + 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; +#endif /* HAVE_FFDHE_Q */ const DhParams* wc_Dh_ffdhe3072_Get(void) { static const DhParams ffdhe3072 = { + #ifdef HAVE_FFDHE_Q + dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q), + #endif /* HAVE_FFDHE_Q */ dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p), dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g) }; @@ -242,10 +336,81 @@ static const byte dh_ffdhe4096_p[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const byte dh_ffdhe4096_g[] = { 0x02 }; +#if HAVE_FFDHE_Q +static const byte dh_ffdhe4096_q[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, + 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, + 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, + 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, + 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, + 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, + 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, + 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, + 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, + 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, + 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, + 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, + 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, + 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, + 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, + 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, + 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, + 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, + 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, + 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, + 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, + 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, + 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, + 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, + 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, + 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, + 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, + 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, + 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, + 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, + 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, + 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, + 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, + 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, + 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, + 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, + 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, + 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, + 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, + 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, + 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, + 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, + 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, + 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, + 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, + 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, + 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, + 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, + 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, + 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, + 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, + 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, + 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, + 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5, + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; +#endif /* HAVE_FFDHE_Q */ const DhParams* wc_Dh_ffdhe4096_Get(void) { static const DhParams ffdhe4096 = { + #ifdef HAVE_FFDHE_Q + dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q), + #endif /* HAVE_FFDHE_Q */ dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p), dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g) }; @@ -353,10 +518,113 @@ static const byte dh_ffdhe6144_p[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const byte dh_ffdhe6144_g[] = { 0x02 }; +#if HAVE_FFDHE_Q +static const byte dh_ffdhe6144_q[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, + 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, + 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, + 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, + 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, + 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, + 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, + 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, + 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, + 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, + 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, + 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, + 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, + 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, + 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, + 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, + 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, + 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, + 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, + 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, + 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, + 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, + 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, + 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, + 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, + 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, + 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, + 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, + 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, + 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, + 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, + 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, + 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, + 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, + 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, + 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, + 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, + 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, + 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, + 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, + 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, + 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, + 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, + 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, + 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, + 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, + 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, + 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, + 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, + 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, + 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, + 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, + 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, + 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, + 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D, + 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D, + 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53, + 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64, + 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6, + 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, + 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, + 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F, + 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B, + 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88, + 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C, + 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1, + 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, + 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, + 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA, + 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0, + 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9, + 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB, + 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41, + 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, + 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, + 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF, + 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23, + 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5, + 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B, + 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01, + 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, + 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, + 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34, + 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0, + 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A, + 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; +#endif /* HAVE_FFDHE_Q */ const DhParams* wc_Dh_ffdhe6144_Get(void) { static const DhParams ffdhe6144 = { + #ifdef HAVE_FFDHE_Q + dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q), + #endif /* HAVE_FFDHE_Q */ dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p), dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g) }; @@ -496,10 +764,145 @@ static const byte dh_ffdhe8192_p[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const byte dh_ffdhe8192_g[] = { 0x02 }; +#if HAVE_FFDHE_Q +static const byte dh_ffdhe8192_g[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D, + 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78, + 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A, + 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD, + 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, + 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD, + 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0, + 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68, + 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79, + 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, + 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, + 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A, + 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD, + 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0, + 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD, + 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34, + 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, + 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8, + 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76, + 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0, + 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF, + 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1, + 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, + 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9, + 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD, + 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE, + 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD, + 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C, + 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, + 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E, + 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38, + 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2, + 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9, + 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF, + 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, + 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D, + 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27, + 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7, + 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE, + 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78, + 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, + 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C, + 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02, + 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D, + 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5, + 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19, + 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, + 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD, + 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E, + 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66, + 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7, + 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35, + 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, + 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, + 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D, + 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D, + 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53, + 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64, + 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6, + 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, + 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, + 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F, + 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B, + 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88, + 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C, + 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1, + 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, + 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, + 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA, + 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0, + 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9, + 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB, + 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41, + 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, + 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, + 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF, + 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23, + 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5, + 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B, + 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01, + 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, + 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, + 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34, + 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0, + 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A, + 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55, + 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C, + 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32, + 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1, + 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F, + 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77, + 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14, + 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32, + 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81, + 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2, + 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41, + 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE, + 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28, + 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11, + 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A, + 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7, + 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96, + 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E, + 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD, + 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC, + 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50, + 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18, + 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B, + 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4, + 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37, + 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18, + 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F, + 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F, + 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86, + 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E, + 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7, + 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46, + 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26, + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; +#endif /* HAVE_FFDHE_Q */ const DhParams* wc_Dh_ffdhe8192_Get(void) { static const DhParams ffdhe8192 = { + #ifdef HAVE_FFDHE_Q + dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q), + #endif /* HAVE_FFDHE_Q */ dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p), dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g) }; @@ -894,6 +1297,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng, /* Check DH Public Key for invalid numbers, optionally allowing * the public key to be checked against the large prime (q). + * Check per process in SP 800-56Ar3, section 5.6.2.3.1. * * key DH key group parameters. * pub Public Key. @@ -933,6 +1337,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, ret = MP_INIT_E; } + /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */ /* pub (y) should not be 0 or 1 */ if (ret == 0 && mp_cmp_d(&y, 2) == MP_LT) { ret = MP_CMP_E; @@ -976,6 +1381,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, #endif #endif + /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */ #ifndef WOLFSSL_SP_MATH { /* calculate (y^q) mod(p), store back into y */ @@ -1015,6 +1421,150 @@ int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz) } +/* Check DH Private Key for invalid numbers, optionally allowing + * the private key to be checked against the large prime (q). + * Check per process in SP 800-56Ar3, section 5.6.2.1.2. + * + * key DH key group parameters. + * priv Private Key. + * privSz Private Key size. + * prime Large prime (q), optionally NULL to skip check + * primeSz Size of large prime + * + * returns 0 on success or error code + */ +int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz, + const byte* prime, word32 primeSz) +{ + int ret = 0; + mp_int x; + mp_int q; + + if (key == NULL || priv == NULL) { + return BAD_FUNC_ARG; + } + + if (mp_init_multi(&x, &q, NULL, NULL, NULL, NULL) != MP_OKAY) { + return MP_INIT_E; + } + + if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY) { + ret = MP_READ_E; + } + + if (ret == 0) { + if (prime != NULL) { + if (mp_read_unsigned_bin(&q, prime, primeSz) != MP_OKAY) + ret = MP_READ_E; + } + else if (mp_iszero(&key->q) == MP_NO) { + /* use q available in DhKey */ + if (mp_copy(&key->q, &q) != MP_OKAY) + ret = MP_INIT_E; + } + } + + /* priv (x) should not be 0 */ + if (ret == 0) { + if (mp_cmp_d(&x, 0) == MP_EQ) + ret = MP_CMP_E; + } + + if (ret == 0) { + if (mp_iszero(&q) == MP_NO) { + /* priv (x) shouldn't be greater than q - 1 */ + if (ret == 0) { + if (mp_copy(&key->q, &q) != MP_OKAY) + ret = MP_INIT_E; + } + if (ret == 0) { + if (mp_sub_d(&q, 1, &q) != MP_OKAY) + ret = MP_SUB_E; + } + if (ret == 0) { + if (mp_cmp(&x, &q) == MP_GT) + ret = DH_CHECK_PRIV_E; + } + } + } + + mp_clear(&x); + mp_clear(&q); + + return ret; +} + + +/* Check DH Private Key for invalid numbers + * + * key DH key group parameters. + * priv Private Key. + * privSz Private Key size. + * + * returns 0 on success or error code + */ +int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz) +{ + return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0); +} + + +/* Check DH Keys for pair-wise consistency per process in + * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. + * + * key DH key group parameters. + * pub Public Key. + * pubSz Public Key size. + * priv Private Key. + * privSz Private Key size. + * + * returns 0 on success or error code + */ +int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, + const byte* priv, word32 privSz) +{ + mp_int publicKey; + mp_int privateKey; + mp_int checkKey; + int ret = 0; + + if (key == NULL || pub == NULL || priv == NULL) + return BAD_FUNC_ARG; + + if (mp_init_multi(&publicKey, &privateKey, &checkKey, + NULL, NULL, NULL) != MP_OKAY) { + + return MP_INIT_E; + } + + /* Load the private and public keys into big integers. */ + if (mp_read_unsigned_bin(&publicKey, pub, pubSz) != MP_OKAY || + mp_read_unsigned_bin(&privateKey, priv, privSz) != MP_OKAY) { + + ret = MP_READ_E; + } + + /* Calculate checkKey = g^privateKey mod p */ + if (ret == 0) { + if (mp_exptmod(&key->g, &privateKey, &key->p, &checkKey) != MP_OKAY) + ret = MP_EXPTMOD_E; + } + + /* Compare the calculated public key to the supplied check value. */ + if (ret == 0) { + if (mp_cmp(&checkKey, &publicKey) != MP_EQ) + ret = MP_CMP_E; + } + + mp_forcezero(&privateKey); + mp_clear(&privateKey); + mp_clear(&publicKey); + mp_clear(&checkKey); + + return ret; +} + + int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz) { @@ -1049,10 +1599,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, mp_int z; #endif +#ifdef WOLFSSL_VALIDATE_FFC_IMPORT + if (wc_DhCheckPrivKey(key, priv, privSz) != 0) { + WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed"); + return DH_CHECK_PRIV_E; + } + if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) { WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed"); return DH_CHECK_PUB_E; } +#endif #ifdef WOLFSSL_HAVE_SP_DH #ifndef WOLFSSL_SP_NO_2048 diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 686a8767c..64725f525 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -5415,6 +5415,7 @@ int wc_ecc_check_key(ecc_key* key) #else + /* SP 800-56Ar3, section 5.6.2.3.3, process step 1 */ /* pubkey point cannot be at infinity */ if (wc_ecc_point_is_at_infinity(&key->pubkey)) return ECC_INF_E; @@ -5437,6 +5438,7 @@ int wc_ecc_check_key(ecc_key* key) b = curve->Bf; #endif + /* SP 800-56Ar3, section 5.6.2.3.3, process step 2 */ /* Qx must be in the range [0, p-1] */ if (mp_cmp(key->pubkey.x, curve->prime) != MP_LT) err = ECC_OUT_OF_RANGE_E; @@ -5445,15 +5447,18 @@ int wc_ecc_check_key(ecc_key* key) if (mp_cmp(key->pubkey.y, curve->prime) != MP_LT) err = ECC_OUT_OF_RANGE_E; + /* SP 800-56Ar3, section 5.6.2.3.3, process steps 3 */ /* make sure point is actually on curve */ if (err == MP_OKAY) err = wc_ecc_is_point(&key->pubkey, curve->Af, b, curve->prime); + /* SP 800-56Ar3, section 5.6.2.3.3, process steps 4 */ /* pubkey * order must be at infinity */ if (err == MP_OKAY) err = ecc_check_pubkey_order(key, &key->pubkey, curve->Af, curve->prime, curve->order); + /* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */ /* private * base generator must equal pubkey */ if (err == MP_OKAY && key->type == ECC_PRIVATEKEY) err = ecc_check_privkey_gen(key, curve->Af, curve->prime); diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index ffc67252e..0a32d332d 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -479,6 +479,9 @@ const char* wc_GetErrorString(int error) case RSA_KEY_PAIR_E: return "RSA Key Pair-Wise Consistency check fail"; + case DH_CHECK_PRIV_E: + return "DH Check Private Key failure"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 9b9e4d3d0..532d77ed0 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1143,6 +1143,7 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) return ret; XMEMCPY(output, &rndTmp, sz); + ForceZero(&rndTmp, sizeof(rndTmp)); return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d04ea9020..d88d7aec6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10781,21 +10781,33 @@ static int dh_fips_generate_test(WC_RNG *rng) ret = -5727; } + ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); + if (ret != 0) { + ERROR_OUT(-8229, exit_gen_test); + } + + /* Taint the public key so the check fails. */ + pub[0]++; + ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); + if (ret != MP_CMP_E) { + ERROR_OUT(-8230, exit_gen_test); + } + else + ret = 0; + #ifdef WOLFSSL_KEY_GEN - if (ret == 0) { - ret = wc_DhGenerateParams(rng, 2048, &key); - if (ret != 0) { - ERROR_OUT(-8226, exit_gen_test); - } + ret = wc_DhGenerateParams(rng, 2048, &key); + if (ret != 0) { + ERROR_OUT(-8226, exit_gen_test); + } - privSz = sizeof(priv); - pubSz = sizeof(pub); + privSz = sizeof(priv); + pubSz = sizeof(pub); - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); - if (ret != 0) { - ret = -8227; - } + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); + if (ret != 0) { + ERROR_OUT(-8227, exit_gen_test); } #endif /* WOLFSSL_KEY_GEN */ diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 52ae6c513..f30a19f3c 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -46,6 +46,10 @@ #include #endif typedef struct DhParams { + #ifdef HAVE_FFDHE_Q + const byte* q; + word32 q_len; + #endif /* HAVE_FFDHE_Q */ const byte* p; word32 p_len; const byte* g; @@ -99,6 +103,11 @@ WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, WOLFSSL_API int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz); WOLFSSL_API int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, const byte* prime, word32 primeSz); +WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz); +WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz, + const byte* prime, word32 primeSz); +WOLFSSL_API int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, + const byte* priv, word32 privSz); WOLFSSL_API int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh); WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, byte* q, word32* qSz, byte* g, word32* gSz); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 8b013fc4f..87a5d0201 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -211,8 +211,9 @@ enum { AES_GCM_OVERFLOW_E = -260, /* AES-GCM invocation counter overflow. */ AES_CCM_OVERFLOW_E = -261, /* AES-CCM invocation counter overflow. */ RSA_KEY_PAIR_E = -262, /* RSA Key Pair-Wise Consistency check fail. */ + DH_CHECK_PRIV_E = -263, /* DH Check Priv Key error */ - WC_LAST_E = -262, /* Update this to indicate last error */ + WC_LAST_E = -263, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes