feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Modify ffdhe to not return addresses.

Browse Source
This commit is contained in:
John Safranek
2021-04-08 18:39:58 -07:00
committed by Daniel Pouzzner
parent ebdadefb9a
commit 908ec9b14a
8 changed files with 762 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/WIN10/user_settings.h
View File

@@ -85,7 +85,7 @@
#define HAVE_FFDHE_4096 #define HAVE_FFDHE_4096
#define HAVE_FFDHE_6144 #define HAVE_FFDHE_6144
#define HAVE_FFDHE_8192 #define HAVE_FFDHE_8192
#define FP_MAX_BITS=16384 #define FP_MAX_BITS 16384
#endif /* FIPS v5 */ #endif /* FIPS v5 */
#else #else
/* Enables blinding mode, to prevent timing attacks */ /* Enables blinding mode, to prevent timing attacks */

74
src/internal.c
View File

@@ -23401,7 +23401,6 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
int ret = 0; int ret = 0;
word16 length; word16 length;
#ifdef HAVE_FFDHE #ifdef HAVE_FFDHE
const DhParams* params = NULL;
word16 group = 0; word16 group = 0;
#endif #endif
@@ -23567,31 +23566,26 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
switch (ssl->options.dhKeySz) { switch (ssl->options.dhKeySz) {
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
case 2048/8: case 2048/8:
params = wc_Dh_ffdhe2048_Get();
group = WOLFSSL_FFDHE_2048; group = WOLFSSL_FFDHE_2048;
break; break;
#endif #endif
#ifdef HAVE_FFDHE_3072 #ifdef HAVE_FFDHE_3072
case 3072/8: case 3072/8:
params = wc_Dh_ffdhe3072_Get();
group = WOLFSSL_FFDHE_3072; group = WOLFSSL_FFDHE_3072;
break; break;
#endif #endif
#ifdef HAVE_FFDHE_4096 #ifdef HAVE_FFDHE_4096
case 4096/8: case 4096/8:
params = wc_Dh_ffdhe4096_Get();
group = WOLFSSL_FFDHE_4096; group = WOLFSSL_FFDHE_4096;
break; break;
#endif #endif
#ifdef HAVE_FFDHE_6144 #ifdef HAVE_FFDHE_6144
case 6144/8: case 6144/8:
params = wc_Dh_ffdhe6144_Get();
group = WOLFSSL_FFDHE_6144; group = WOLFSSL_FFDHE_6144;
break; break;
#endif #endif
#ifdef HAVE_FFDHE_8192 #ifdef HAVE_FFDHE_8192
case 8192/8: case 8192/8:
params = wc_Dh_ffdhe8192_Get();
group = WOLFSSL_FFDHE_8192; group = WOLFSSL_FFDHE_8192;
break; break;
#endif #endif
@@ -23599,11 +23593,10 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
break; break;
} }
if (params == NULL || params->g_len != ssl->buffers.serverDH_G.length || if (!wc_DhCmpNamedKey(group, 1,
(XMEMCMP(ssl->buffers.serverDH_G.buffer, params->g, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length,
params->g_len) != 0) || NULL, 0,
(XMEMCMP(ssl->buffers.serverDH_P.buffer, params->p, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length)) {
params->p_len) != 0)) {
WOLFSSL_MSG("Server not using FFDHE parameters"); WOLFSSL_MSG("Server not using FFDHE parameters");
#ifdef WOLFSSL_REQUIRE_FFDHE #ifdef WOLFSSL_REQUIRE_FFDHE
SendAlert(ssl, alert_fatal, handshake_failure); SendAlert(ssl, alert_fatal, handshake_failure);
@@ -26870,6 +26863,65 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
!defined(WOLFSSL_NO_TLS12)) !defined(WOLFSSL_NO_TLS12))
case diffie_hellman_kea: case diffie_hellman_kea:
#endif #endif
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
if (ssl->namedGroup) {
word32 pSz = 0;
wc_DhGetNamedKeyParamSize(ssl->namedGroup, &pSz,
NULL, NULL);
if (ssl->buffers.serverDH_Pub.buffer == NULL) {
/* Free'd in SSL_ResourceFree and
* FreeHandshakeResources */
ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
pSz + OPAQUE16_LEN,
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_Pub.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
ssl->buffers.serverDH_Pub.length =
pSz + OPAQUE16_LEN;
}
if (ssl->buffers.serverDH_Priv.buffer == NULL) {
/* Free'd in SSL_ResourceFree and
* FreeHandshakeResources */
ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
pSz + OPAQUE16_LEN,
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (ssl->buffers.serverDH_Priv.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
ssl->buffers.serverDH_Priv.length =
pSz + OPAQUE16_LEN;
}
ssl->options.dhKeySz =(word16)pSz;
ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
(void**)&ssl->buffers.serverDH_Key);
if (ret != 0) {
goto exit_sske;
}
ret = wc_DhSetNamedKey(ssl->buffers.serverDH_Key,
ssl->namedGroup);
if (ret != 0) {
goto exit_sske;
}
#if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ssl->options.dhKeyTested = 1;
#endif
ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_Priv.buffer,
(word32*)&ssl->buffers.serverDH_Priv.length,
ssl->buffers.serverDH_Pub.buffer,
(word32*)&ssl->buffers.serverDH_Pub.length);
break;
}
else
#endif
{ {
/* Allocate DH key buffers and generate key */ /* Allocate DH key buffers and generate key */
if (ssl->buffers.serverDH_P.buffer == NULL || if (ssl->buffers.serverDH_P.buffer == NULL ||

56
src/sniffer.c
View File

@@ -2282,25 +2282,17 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
/* Static DH Key */ /* Static DH Key */
if (ksInfo && ksInfo->dh_key_bits != 0 && keys->dhKey) { if (ksInfo && ksInfo->dh_key_bits != 0 && keys->dhKey) {
DhKey dhKey; DhKey dhKey;
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* params; const DhParams* params;
word32 privKeySz; word32 privKeySz;
#else
word32 privKeySz = 0, p_len = 0;
#endif
byte privKey[52]; /* max for TLS */ byte privKey[52]; /* max for TLS */
keyBuf = keys->dhKey; keyBuf = keys->dhKey;
#ifdef WOLFSSL_SNIFFER_KEY_CALLBACK #ifdef HAVE_PUBLIC_FFDHE
if (KeyCb != NULL) {
ret = KeyCb(session, ksInfo->named_group,
session->srvKs.key, session->srvKs.key_len,
session->cliKs.key, session->cliKs.key_len,
keyBuf, KeyCbCtx, error);
if (ret != 0) {
SetError(-1, error, session, FATAL_ERROR_STATE);
return ret;
}
}
#endif
/* get DH params */ /* get DH params */
switch (ksInfo->named_group) { switch (ksInfo->named_group) {
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
@@ -2336,16 +2328,28 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
default: default:
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#endif
ret = wc_InitDhKey_ex(&dhKey, NULL, devId); ret = wc_InitDhKey(&dhKey);
if (ret == 0) { if (ret == 0) {
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey(&dhKey, ret = wc_DhSetKey(&dhKey,
(byte*)params->p, params->p_len, (byte*)params->p, params->p_len,
(byte*)params->g, params->g_len); (byte*)params->g, params->g_len);
#else
ret = wc_DhSetNamedKey(&dhKey, ksInfo->named_group);
#endif
if (ret == 0) { if (ret == 0) {
ret = wc_DhKeyDecode(keyBuf->buffer, &idx, &dhKey, ret = wc_DhKeyDecode(keyBuf->buffer, &idx, &dhKey,
keyBuf->length); keyBuf->length);
} }
#ifndef HAVE_PUBLIC_FFDHE
if (ret == 0) {
privKeySz = wc_DhGetNamedKeyMinSize(ksInfo->named_group);
ret = wc_DhGetNamedKeyParamSize(ksInfo->named_group,
&p_len, NULL, NULL);
}
#endif
if (ret == 0) { if (ret == 0) {
ret = wc_DhExportKeyPair(&dhKey, privKey, &privKeySz, NULL, ret = wc_DhExportKeyPair(&dhKey, privKey, &privKeySz, NULL,
NULL); NULL);
@@ -2354,7 +2358,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
/* Derive secret from private key and peer's public key */ /* Derive secret from private key and peer's public key */
do { do {
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &dhKey.asyncDev, ret = wc_AsyncWait(ret, &dhPriv.asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN); WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret >= 0) { if (ret >= 0) {
@@ -2367,21 +2371,27 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
wc_FreeDhKey(&dhKey); wc_FreeDhKey(&dhKey);
#ifdef WOLFSSL_SNIFFER_STATS
if (ret != 0)
INC_STAT(SnifferStats.sslKeyFails);
#endif
/* left-padded with zeros up to the size of the prime */ /* left-padded with zeros up to the size of the prime */
if (ret == 0 && params->p_len > session->sslServer->arrays->preMasterSz) { #ifdef HAVE_PUBLIC_FFDHE
if (params->p_len > session->sslServer->arrays->preMasterSz) {
word32 diff = params->p_len - session->sslServer->arrays->preMasterSz; word32 diff = params->p_len - session->sslServer->arrays->preMasterSz;
XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff, XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff,
session->sslServer->arrays->preMasterSecret, session->sslServer->arrays->preMasterSecret,
session->sslServer->arrays->preMasterSz); session->sslServer->arrays->preMasterSz);
XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff); XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff);
session->sslServer->arrays->preMasterSz = params->p_len; session->sslServer->arrays->preMasterSz = params->p_len;
} }
#else /* HAVE_PUBLIC_FFDHE */
if (p_len > session->sslServer->arrays->preMasterSz) {
word32 diff = p_len - session->sslServer->arrays->preMasterSz;
XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff,
session->sslServer->arrays->preMasterSecret,
session->sslServer->arrays->preMasterSz);
XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff);
session->sslServer->arrays->preMasterSz = p_len;
}
#endif /* HAVE_PUBLIC_FFDHE */
} }
} }
#endif /* !NO_DH && WOLFSSL_DH_EXTRA */ #endif /* !NO_DH && WOLFSSL_DH_EXTRA */

447
src/tls.c
View File

@@ -4171,7 +4171,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
SupportedCurve* serverGroup; SupportedCurve* serverGroup;
SupportedCurve* clientGroup; SupportedCurve* clientGroup;
SupportedCurve* group; SupportedCurve* group;
const DhParams* params = NULL; word32 p_len;
int found = 0; int found = 0;
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
@@ -4220,39 +4220,11 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
if (serverGroup->name != group->name) if (serverGroup->name != group->name)
continue; continue;
switch (serverGroup->name) { wc_DhGetNamedKeyParamSize(serverGroup->name, &p_len, NULL, NULL);
#ifdef HAVE_FFDHE_2048 if (p_len == 0)
case WOLFSSL_FFDHE_2048:
params = wc_Dh_ffdhe2048_Get();
break;
#endif
#ifdef HAVE_FFDHE_3072
case WOLFSSL_FFDHE_3072:
params = wc_Dh_ffdhe3072_Get();
break;
#endif
#ifdef HAVE_FFDHE_4096
case WOLFSSL_FFDHE_4096:
params = wc_Dh_ffdhe4096_Get();
break;
#endif
#ifdef HAVE_FFDHE_6144
case WOLFSSL_FFDHE_6144:
params = wc_Dh_ffdhe6144_Get();
break;
#endif
#ifdef HAVE_FFDHE_8192
case WOLFSSL_FFDHE_8192:
params = wc_Dh_ffdhe8192_Get();
break;
#endif
default:
break;
}
if (params == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (params->p_len >= ssl->options.minDhKeySz && if (p_len >= ssl->options.minDhKeySz &&
params->p_len <= ssl->options.maxDhKeySz) { p_len <= ssl->options.maxDhKeySz) {
break; break;
} }
} }
@@ -4262,15 +4234,26 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
} }
if (serverGroup) { if (serverGroup) {
ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p; word32 pSz, gSz;
ssl->buffers.serverDH_P.length = params->p_len;
ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g; ret = wc_DhGetNamedKeyParamSize(serverGroup->name, &pSz, &gSz, NULL);
ssl->buffers.serverDH_G.length = params->g_len; ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz,
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.length = pSz;
ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz,
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.length = gSz;
wc_DhCopyNamedKey(serverGroup->name,
ssl->buffers.serverDH_P.buffer, &pSz,
ssl->buffers.serverDH_G.buffer, &gSz,
NULL, NULL);
ssl->namedGroup = serverGroup->name; ssl->namedGroup = serverGroup->name;
#if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ssl->options.dhDoKeyTest = 0; ssl->options.dhDoKeyTest = 0;
#endif #endif
ssl->buffers.weOwnDH = 1;
ssl->options.haveDH = 1; ssl->options.haveDH = 1;
} }
@@ -6047,14 +6030,26 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
*/ */
static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
{ {
int ret = 0; int ret;
#if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) #ifndef NO_DH
word32 keySz = 0; byte* keyData = NULL;
const DhParams* params = NULL; void* key = NULL;
DhKey* dhKey = (DhKey*)kse->key; word32 keySz;
word32 dataSz;
#ifdef WOLFSSL_SMALL_STACK
DhKey* dhKey = NULL;
#else
DhKey dhKey[1];
#endif
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* params;
#else
word32 p_len;
#endif
/* TODO: [TLS13] The key size should come from wolfcrypt. */ /* TODO: [TLS13] The key size should come from wolfcrypt. */
/* Pick the parameters from the named group. */ /* Pick the parameters from the named group. */
#ifdef HAVE_PUBLIC_FFDHE
switch (kse->group) { switch (kse->group) {
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
case WOLFSSL_FFDHE_2048: case WOLFSSL_FFDHE_2048:
@@ -6087,116 +6082,132 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
break; break;
#endif #endif
default: default:
break; return BAD_FUNC_ARG;
} }
#else
if (params == NULL) keySz = wc_DhGetNamedKeyMinSize(kse->group);
if (keySz == 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#endif
kse->pubKeyLen = params->p_len; #ifdef WOLFSSL_SMALL_STACK
kse->keyLen = keySz; dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
if (dhKey == NULL)
return MEMORY_E;
#endif
/* Trigger Key Generation */ ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
if (kse->pubKey == NULL || kse->privKey == NULL) { if (ret != 0) {
if (kse->key == NULL) { #ifdef WOLFSSL_SMALL_STACK
kse->key = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
DYNAMIC_TYPE_DH); #endif
if (kse->key == NULL) return ret;
return MEMORY_E;
/* Setup Key */
ret = wc_InitDhKey_ex((DhKey*)kse->key, ssl->heap, ssl->devId);
if (ret == 0) {
dhKey = (DhKey*)kse->key;
ret = wc_DhSetKey(dhKey, params->p, params->p_len, params->g,
params->g_len);
}
}
/* Allocate space for the private and public key */
if (ret == 0 && kse->pubKey == NULL) {
kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (kse->pubKey == NULL)
ret = MEMORY_E;
}
if (ret == 0 && kse->privKey == NULL) {
kse->privKey = (byte*)XMALLOC(kse->keyLen, ssl->heap,
DYNAMIC_TYPE_PRIVATE_KEY);
if (kse->privKey == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_DH_EXTRA)
if (ssl->staticKE.dhKey) {
DerBuffer* keyDer = ssl->staticKE.dhKey;
word32 idx = 0;
WOLFSSL_MSG("Using static DH key");
ret = wc_DhKeyDecode(keyDer->buffer, &idx, dhKey, keyDer->length);
if (ret == 0) {
ret = wc_DhExportKeyPair(dhKey,
(byte*)kse->privKey, &kse->keyLen, /* private */
kse->pubKey, &kse->pubKeyLen /* public */
);
}
}
else
#endif
{
/* Generate a new key pair */
/* For async this is called once and when event is done, the
* provided buffers will be populated.
* Final processing is zero pad below. */
ret = DhGenKeyPair(ssl, dhKey,
(byte*)kse->privKey, &kse->keyLen, /* private */
kse->pubKey, &kse->pubKeyLen /* public */
);
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
return ret;
}
#endif
}
}
} }
if (ret == 0) { /* Allocate space for the public key */
if (params->p_len != kse->pubKeyLen) { #ifdef HAVE_PUBLIC_FFDHE
/* Zero pad the front of the public key to match prime "p" size */ dataSz = params->p_len;
XMEMMOVE(kse->pubKey + params->p_len - kse->pubKeyLen, kse->pubKey, #else
kse->pubKeyLen); ret = wc_DhGetNamedKeyParamSize(kse->group, &p_len, NULL, NULL);
XMEMSET(kse->pubKey, 0, params->p_len - kse->pubKeyLen); if (ret != 0) {
goto end;
}
dataSz = p_len;
#endif
keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (keyData == NULL) {
ret = MEMORY_E;
goto end;
}
/* Allocate space for the private key */
#ifndef HAVE_PUBLIC_FFDHE
keySz = wc_DhGetNamedKeyMinSize(kse->group);
if (keySz == 0) {
ret = WC_KEY_SIZE_E;
goto end;
}
#endif
key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (key == NULL) {
ret = MEMORY_E;
goto end;
}
/* Set key */
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey(dhKey, params->p, params->p_len, params->g,
params->g_len);
#else
ret = wc_DhSetNamedKey(dhKey, kse->group);
#endif
if (ret != 0)
goto end;
#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_DH_EXTRA)
if (ssl->staticKE.dhKey) {
DerBuffer* keyDer = ssl->staticKE.dhKey;
word32 idx = 0;
WOLFSSL_MSG("Using static DH key");
ret = wc_DhKeyDecode(keyDer->buffer, &idx, dhKey, keyDer->length);
if (ret == 0) {
ret = wc_DhExportKeyPair(dhKey, (byte*)key, &keySz, keyData, &dataSz);
}
}
else
#endif
{
/* Generate a new key pair */
ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData,
&dataSz);
#ifdef WOLFSSL_ASYNC_CRYPT
/* TODO: Make this function non-blocking */
if (ret == WC_PENDING_E) {
ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
} }
kse->pubKeyLen = params->p_len;
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Public DH Key");
WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen);
#endif #endif
} }
if (ret != 0)
goto end;
/* Always release the DH key to free up memory. #ifdef HAVE_PUBLIC_FFDHE
* The DhKey will be setup again in TLSX_KeyShare_ProcessDh */ if (params->p_len != dataSz) {
if (dhKey != NULL) /* Zero pad the front of the public key to match prime "p" size */
wc_FreeDhKey(dhKey); XMEMMOVE(keyData + params->p_len - dataSz, keyData, dataSz);
if (kse->key != NULL) { XMEMSET(keyData, 0, params->p_len - dataSz);
XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH); }
kse->key = NULL; kse->pubKeyLen = params->p_len;
#else
if (p_len != dataSz) {
/* Zero pad the front of the public key to match prime "p" size */
XMEMMOVE(keyData + p_len - dataSz, keyData, dataSz);
XMEMSET(keyData, 0, p_len - dataSz);
} }
kse->pubKeyLen = p_len;
#endif
kse->pubKey = keyData;
kse->key = key;
kse->keyLen = keySz;
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Public DH Key");
WOLFSSL_BUFFER(keyData, params->p_len);
#endif
end:
wc_FreeDhKey(dhKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
if (ret != 0) { if (ret != 0) {
/* Cleanup on error, otherwise data owned by key share entry */ /* Data owned by key share entry otherwise. */
if (kse->privKey != NULL) { if (keyData != NULL)
XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
kse->privKey = NULL; if (key != NULL)
} XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (kse->pubKey != NULL) {
XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
kse->pubKey = NULL;
}
} }
#else #else
(void)ssl; (void)ssl;
@@ -6880,11 +6891,20 @@ static word16 TLSX_KeyShare_Write(KeyShareEntry* list, byte* output,
*/ */
static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
{ {
int ret = 0; #ifndef NO_DH
#if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) int ret;
const DhParams* params = NULL; #ifdef HAVE_PUBLIC_FFDHE
DhKey* dhKey = (DhKey*)keyShareEntry->key; const DhParams* params;
#else
word32 pSz;
#endif
#ifdef WOLFSSL_SMALL_STACK
DhKey* dhKey = NULL;
#else
DhKey dhKey[1];
#endif
#ifdef HAVE_PUBLIC_FFDHE
switch (keyShareEntry->group) { switch (keyShareEntry->group) {
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
case WOLFSSL_FFDHE_2048: case WOLFSSL_FFDHE_2048:
@@ -6912,88 +6932,109 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
break; break;
#endif #endif
default: default:
break; return PEER_KEY_ERROR;
}
#endif
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Peer DH Key");
WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
#endif
#ifdef WOLFSSL_SMALL_STACK
dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
if (dhKey == NULL)
return MEMORY_E;
#endif
ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
return ret;
} }
if (params == NULL) /* Set key */
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey(dhKey, params->p, params->p_len, params->g,
params->g_len);
#else
ret = wc_DhSetNamedKey(dhKey, keyShareEntry->group);
#endif
if (ret != 0) {
wc_FreeDhKey(dhKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
return ret;
}
#ifndef HAVE_PUBLIC_FFDHE
pSz = wc_DhGetNamedKeyMinSize(keyShareEntry->group);
#endif
ret = wc_DhCheckPubKey(dhKey, keyShareEntry->ke, keyShareEntry->keLen);
if (ret != 0) {
wc_FreeDhKey(dhKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
return PEER_KEY_ERROR; return PEER_KEY_ERROR;
/* if DhKey is not setup, do it now */
if (keyShareEntry->key == NULL) {
keyShareEntry->key = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap,
DYNAMIC_TYPE_DH);
if (keyShareEntry->key == NULL)
return MEMORY_E;
/* Setup Key */
ret = wc_InitDhKey_ex((DhKey*)keyShareEntry->key, ssl->heap, ssl->devId);
if (ret == 0) {
dhKey = (DhKey*)keyShareEntry->key;
ret = wc_DhSetKey(dhKey, params->p, params->p_len, params->g,
params->g_len);
}
} }
if (ret == 0 /* Derive secret from private key and peer's public key. */
#ifdef WOLFSSL_ASYNC_CRYPT ret = wc_DhAgree(dhKey,
&& keyShareEntry->lastRet == 0 /* don't enter here if WC_PENDING_E */ ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
#endif (const byte*)keyShareEntry->key, keyShareEntry->keyLen,
) { keyShareEntry->ke, keyShareEntry->keLen);
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_MSG("Peer DH Key"); /* TODO: Make this function non-blocking */
WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); if (ret == WC_PENDING_E) {
#endif ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
ssl->options.dhKeySz = (word16)params->p_len;
/* Derive secret from private key and peer's public key. */
ret = DhAgree(ssl, dhKey,
(const byte*)keyShareEntry->privKey, keyShareEntry->keyLen, /* our private */
keyShareEntry->ke, keyShareEntry->keLen, /* peer's public key */
ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, /* secret */
NULL, 0
);
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
return ret;
}
#endif
} }
#endif
/* RFC 8446 Section 7.4.1: /* RFC 8446 Section 7.4.1:
* ... left-padded with zeros up to the size of the prime. ... * ... left-padded with zeros up to the size of the prime. ...
*/ */
if (ret == 0 && (word32)ssl->options.dhKeySz > ssl->arrays->preMasterSz) { #ifdef HAVE_PUBLIC_FFDHE
word32 diff = (word32)ssl->options.dhKeySz - ssl->arrays->preMasterSz; if (params->p_len > ssl->arrays->preMasterSz) {
word32 diff = params->p_len - ssl->arrays->preMasterSz;
XMEMMOVE(ssl->arrays->preMasterSecret + diff,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
XMEMSET(ssl->arrays->preMasterSecret, 0, diff);
ssl->arrays->preMasterSz = params->p_len;
}
ssl->options.dhKeySz = (word16)params->p_len;
#else
if (pSz > ssl->arrays->preMasterSz) {
word32 diff = pSz - ssl->arrays->preMasterSz;
XMEMMOVE(ssl->arrays->preMasterSecret + diff, XMEMMOVE(ssl->arrays->preMasterSecret + diff,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
XMEMSET(ssl->arrays->preMasterSecret, 0, diff); XMEMSET(ssl->arrays->preMasterSecret, 0, diff);
ssl->arrays->preMasterSz = ssl->options.dhKeySz; ssl->arrays->preMasterSz = pSz;
} }
ssl->options.dhKeySz = pSz;
#endif
/* done with key share, release resources */ wc_FreeDhKey(dhKey);
if (dhKey) #ifdef WOLFSSL_SMALL_STACK
wc_FreeDhKey(dhKey); XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
if (keyShareEntry->key) { #endif
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL; keyShareEntry->key = NULL;
} }
if (keyShareEntry->privKey != NULL) { XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); keyShareEntry->pubKey = NULL;
keyShareEntry->privKey = NULL;
}
if (keyShareEntry->pubKey != NULL) {
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = NULL;
}
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->ke = NULL; keyShareEntry->ke = NULL;
return ret;
#else #else
(void)ssl; (void)ssl;
(void)keyShareEntry; (void)keyShareEntry;
ret = PEER_KEY_ERROR; return PEER_KEY_ERROR;
#endif #endif
return ret;
} }
/* Process the X25519 key share extension on the client side. /* Process the X25519 key share extension on the client side.

13
wolfcrypt/benchmark/benchmark.c
View File

@@ -5072,8 +5072,8 @@ void bench_dh(int doAsync)
word32 pubSz2 = BENCH_DH_KEY_SIZE; word32 pubSz2 = BENCH_DH_KEY_SIZE;
word32 privSz2 = BENCH_DH_PRIV_SIZE; word32 privSz2 = BENCH_DH_PRIV_SIZE;
word32 agreeSz[BENCH_MAX_PENDING]; word32 agreeSz[BENCH_MAX_PENDING];
#ifdef HAVE_FFDHE_2048 #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)
const DhParams *params = NULL; int paramName = 0;
#endif #endif
DECLARE_ARRAY(pub, byte, BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); DECLARE_ARRAY(pub, byte, BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT);
@@ -5112,13 +5112,13 @@ void bench_dh(int doAsync)
} }
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
else if (use_ffdhe == 2048) { else if (use_ffdhe == 2048) {
params = wc_Dh_ffdhe2048_Get(); paramName = WC_FFDHE_2048;
dhKeySz = 2048; dhKeySz = 2048;
} }
#endif #endif
#ifdef HAVE_FFDHE_3072 #ifdef HAVE_FFDHE_3072
else if (use_ffdhe == 3072) { else if (use_ffdhe == 3072) {
params = wc_Dh_ffdhe3072_Get(); paramName = WC_FFDHE_3072;
dhKeySz = 3072; dhKeySz = 3072;
} }
#endif #endif
@@ -5151,9 +5151,8 @@ void bench_dh(int doAsync)
#endif #endif
} }
#if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)
else if (params != NULL) { else if (paramName != 0) {
ret = wc_DhSetKey(&dhKey[i], params->p, params->p_len, params->g, ret = wc_DhSetNamedKey(&dhKey[i], paramName);
params->g_len);
} }
#endif #endif
if (ret != 0) { if (ret != 0) {

390
wolfcrypt/src/dh.c
View File

@@ -148,6 +148,7 @@ static const byte dh_ffdhe2048_q[] = {
}; };
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* wc_Dh_ffdhe2048_Get(void) const DhParams* wc_Dh_ffdhe2048_Get(void)
{ {
static const DhParams ffdhe2048 = { static const DhParams ffdhe2048 = {
@@ -160,6 +161,7 @@ const DhParams* wc_Dh_ffdhe2048_Get(void)
return &ffdhe2048; return &ffdhe2048;
} }
#endif #endif
#endif
#ifdef HAVE_FFDHE_3072 #ifdef HAVE_FFDHE_3072
static const byte dh_ffdhe3072_p[] = { static const byte dh_ffdhe3072_p[] = {
@@ -266,6 +268,7 @@ static const byte dh_ffdhe3072_q[] = {
}; };
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* wc_Dh_ffdhe3072_Get(void) const DhParams* wc_Dh_ffdhe3072_Get(void)
{ {
static const DhParams ffdhe3072 = { static const DhParams ffdhe3072 = {
@@ -278,6 +281,7 @@ const DhParams* wc_Dh_ffdhe3072_Get(void)
return &ffdhe3072; return &ffdhe3072;
} }
#endif #endif
#endif
#ifdef HAVE_FFDHE_4096 #ifdef HAVE_FFDHE_4096
static const byte dh_ffdhe4096_p[] = { static const byte dh_ffdhe4096_p[] = {
@@ -416,6 +420,7 @@ static const byte dh_ffdhe4096_q[] = {
}; };
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* wc_Dh_ffdhe4096_Get(void) const DhParams* wc_Dh_ffdhe4096_Get(void)
{ {
static const DhParams ffdhe4096 = { static const DhParams ffdhe4096 = {
@@ -428,6 +433,7 @@ const DhParams* wc_Dh_ffdhe4096_Get(void)
return &ffdhe4096; return &ffdhe4096;
} }
#endif #endif
#endif
#ifdef HAVE_FFDHE_6144 #ifdef HAVE_FFDHE_6144
static const byte dh_ffdhe6144_p[] = { static const byte dh_ffdhe6144_p[] = {
@@ -630,6 +636,7 @@ static const byte dh_ffdhe6144_q[] = {
}; };
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* wc_Dh_ffdhe6144_Get(void) const DhParams* wc_Dh_ffdhe6144_Get(void)
{ {
static const DhParams ffdhe6144 = { static const DhParams ffdhe6144 = {
@@ -642,6 +649,7 @@ const DhParams* wc_Dh_ffdhe6144_Get(void)
return &ffdhe6144; return &ffdhe6144;
} }
#endif #endif
#endif
#ifdef HAVE_FFDHE_8192 #ifdef HAVE_FFDHE_8192
static const byte dh_ffdhe8192_p[] = { static const byte dh_ffdhe8192_p[] = {
@@ -908,6 +916,7 @@ static const byte dh_ffdhe8192_q[] = {
}; };
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
#ifdef HAVE_PUBLIC_FFDHE
const DhParams* wc_Dh_ffdhe8192_Get(void) const DhParams* wc_Dh_ffdhe8192_Get(void)
{ {
static const DhParams ffdhe8192 = { static const DhParams ffdhe8192 = {
@@ -920,6 +929,7 @@ const DhParams* wc_Dh_ffdhe8192_Get(void)
return &ffdhe8192; return &ffdhe8192;
} }
#endif #endif
#endif
int wc_InitDhKey_ex(DhKey* key, void* heap, int devId) int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
{ {
@@ -2391,6 +2401,386 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL); return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
} }
int wc_DhSetNamedKey(DhKey* key, int name)
{
const byte* p = NULL;
const byte* g = NULL;
const byte* q = NULL;
word32 pSz = 0, gSz = 0, qSz = 0;
switch (name) {
#ifdef HAVE_FFDHE_2048
case WC_FFDHE_2048:
p = dh_ffdhe2048_p;
pSz = sizeof(dh_ffdhe2048_p);
g = dh_ffdhe2048_g;
gSz = sizeof(dh_ffdhe2048_g);
#ifdef HAVE_FFDHE_Q
q = dh_ffdhe2048_q;
qSz = sizeof(dh_ffdhe2048_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case WC_FFDHE_3072:
p = dh_ffdhe3072_p;
pSz = sizeof(dh_ffdhe3072_p);
g = dh_ffdhe3072_g;
gSz = sizeof(dh_ffdhe3072_g);
#ifdef HAVE_FFDHE_Q
q = dh_ffdhe3072_q;
qSz = sizeof(dh_ffdhe3072_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case WC_FFDHE_4096:
p = dh_ffdhe4096_p;
pSz = sizeof(dh_ffdhe4096_p);
g = dh_ffdhe4096_g;
gSz = sizeof(dh_ffdhe4096_g);
#ifdef HAVE_FFDHE_Q
q = dh_ffdhe4096_q;
qSz = sizeof(dh_ffdhe4096_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
case WC_FFDHE_6144:
p = dh_ffdhe6144_p;
pSz = sizeof(dh_ffdhe6144_p);
g = dh_ffdhe6144_g;
gSz = sizeof(dh_ffdhe6144_g);
#ifdef HAVE_FFDHE_Q
q = dh_ffdhe6144_q;
qSz = sizeof(dh_ffdhe6144_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
case WC_FFDHE_8192:
p = dh_ffdhe8192_p;
pSz = sizeof(dh_ffdhe8192_p);
g = dh_ffdhe8192_g;
gSz = sizeof(dh_ffdhe8192_g);
#ifdef HAVE_FFDHE_Q
q = dh_ffdhe8192_q;
qSz = sizeof(dh_ffdhe8192_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_8192 */
default:
return BAD_FUNC_ARG;
}
return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
}
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
#define HAVE_FIPS_V5
#endif
word32 wc_DhGetNamedKeyMinSize(int name)
{
int size;
switch (name) {
#ifdef HAVE_FFDHE_2048
case WC_FFDHE_2048:
#ifndef HAVE_FIPS_V5
size = 29;
#else
size = 256;
#endif
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case WC_FFDHE_3072:
#ifndef HAVE_FIPS_V5
size = 34;
#else
size = 384;
#endif
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case WC_FFDHE_4096:
#ifndef HAVE_FIPS_V5
size = 39;
#else
size = 512;
#endif
break;
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
case WC_FFDHE_6144:
#ifndef HAVE_FIPS_V5
size = 768;
#else
size = 256;
#endif
break;
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
case WC_FFDHE_8192:
#ifndef HAVE_FIPS_V5
size = 52;
#else
size = 1024;
#endif
break;
#endif /* HAVE_FFDHE_8192 */
default:
size = 0;
}
return size;
}
#ifdef HAVE_FIPS_V5
#undef HAVE_FIPS_V5
#endif
/* Returns 1: params match
* 0: params differ */
int wc_DhCmpNamedKey(int name, int noQ,
const byte* p, word32 pSz,
const byte* g, word32 gSz,
const byte* q, word32 qSz)
{
const byte* pCmp = NULL;
const byte* qCmp = NULL;
const byte* gCmp = NULL;
word32 pCmpSz = 0, qCmpSz = 0, gCmpSz = 0;
int cmp = 0;
switch (name) {
#ifdef HAVE_FFDHE_2048
case WC_FFDHE_2048:
pCmp = dh_ffdhe2048_p;
pCmpSz = sizeof(dh_ffdhe2048_p);
gCmp = dh_ffdhe2048_g;
gCmpSz = sizeof(dh_ffdhe2048_g);
#ifdef HAVE_FFDHE_Q
qCmp = dh_ffdhe2048_q;
qCmpSz = sizeof(dh_ffdhe2048_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case WC_FFDHE_3072:
pCmp = dh_ffdhe3072_p;
pCmpSz = sizeof(dh_ffdhe3072_p);
gCmp = dh_ffdhe3072_g;
gCmpSz = sizeof(dh_ffdhe3072_g);
#ifdef HAVE_FFDHE_Q
qCmp = dh_ffdhe3072_q;
qCmpSz = sizeof(dh_ffdhe3072_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case WC_FFDHE_4096:
pCmp = dh_ffdhe4096_p;
pCmpSz = sizeof(dh_ffdhe4096_p);
gCmp = dh_ffdhe4096_g;
gCmpSz = sizeof(dh_ffdhe4096_g);
#ifdef HAVE_FFDHE_Q
qCmp = dh_ffdhe4096_q;
qCmpSz = sizeof(dh_ffdhe4096_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
case WC_FFDHE_6144:
pCmp = dh_ffdhe6144_p;
pCmpSz = sizeof(dh_ffdhe6144_p);
gCmp = dh_ffdhe6144_g;
gCmpSz = sizeof(dh_ffdhe6144_g);
#ifdef HAVE_FFDHE_Q
qCmp = dh_ffdhe6144_q;
qCmpSz = sizeof(dh_ffdhe6144_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
case WC_FFDHE_8192:
pCmp = dh_ffdhe8192_p;
pCmpSz = sizeof(dh_ffdhe8192_p);
gCmp = dh_ffdhe8192_g;
gCmpSz = sizeof(dh_ffdhe8192_g);
#ifdef HAVE_FFDHE_Q
qCmp = dh_ffdhe8192_q;
qCmpSz = sizeof(dh_ffdhe8192_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_8192 */
default:
return 0;
}
cmp = (pSz == pCmpSz) && (gSz == gCmpSz) &&
(noQ || ((qSz == qCmpSz) && XMEMCMP(q, qCmp, qCmpSz))) &&
(XMEMCMP(p, pCmp, pCmpSz) == 0) &&
(XMEMCMP(g, gCmp, gCmpSz) == 0);
return cmp;
}
int wc_DhGetNamedKeyParamSize(int name, word32* p, word32* g, word32* q)
{
word32 pSz = 0, gSz = 0, qSz = 0;
switch (name) {
#ifdef HAVE_FFDHE_2048
case WC_FFDHE_2048:
pSz = sizeof(dh_ffdhe2048_p);
gSz = sizeof(dh_ffdhe2048_g);
#ifdef HAVE_FFDHE_Q
qSz = sizeof(dh_ffdhe2048_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case WC_FFDHE_3072:
pSz = sizeof(dh_ffdhe3072_p);
gSz = sizeof(dh_ffdhe3072_g);
#ifdef HAVE_FFDHE_Q
qSz = sizeof(dh_ffdhe3072_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case WC_FFDHE_4096:
pSz = sizeof(dh_ffdhe4096_p);
gSz = sizeof(dh_ffdhe4096_g);
#ifdef HAVE_FFDHE_Q
qSz = sizeof(dh_ffdhe4096_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
case WC_FFDHE_6144:
pSz = sizeof(dh_ffdhe6144_p);
gSz = sizeof(dh_ffdhe6144_g);
#ifdef HAVE_FFDHE_Q
qSz = sizeof(dh_ffdhe6144_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
case WC_FFDHE_8192:
pSz = sizeof(dh_ffdhe8192_p);
gSz = sizeof(dh_ffdhe8192_g);
#ifdef HAVE_FFDHE_Q
qSz = sizeof(dh_ffdhe8192_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_8192 */
default:
break;
}
if (p != NULL) *p = pSz;
if (g != NULL) *g = gSz;
if (q != NULL) *q = qSz;
return 0;
}
int wc_DhCopyNamedKey(int name,
byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz)
{
const byte* pC = NULL;
const byte* gC = NULL;
const byte* qC = NULL;
word32 pCSz = 0, gCSz = 0, qCSz = 0;
switch (name) {
#ifdef HAVE_FFDHE_2048
case WC_FFDHE_2048:
pC = dh_ffdhe2048_p;
pCSz = sizeof(dh_ffdhe2048_p);
gC = dh_ffdhe2048_g;
gCSz = sizeof(dh_ffdhe2048_g);
#ifdef HAVE_FFDHE_Q
qC = dh_ffdhe2048_q;
qCSz = sizeof(dh_ffdhe2048_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case WC_FFDHE_3072:
pC = dh_ffdhe3072_p;
pCSz = sizeof(dh_ffdhe3072_p);
gC = dh_ffdhe3072_g;
gCSz = sizeof(dh_ffdhe3072_g);
#ifdef HAVE_FFDHE_Q
qC = dh_ffdhe3072_q;
qCSz = sizeof(dh_ffdhe3072_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case WC_FFDHE_4096:
pC = dh_ffdhe4096_p;
pCSz = sizeof(dh_ffdhe4096_p);
gC = dh_ffdhe4096_g;
gCSz = sizeof(dh_ffdhe4096_g);
#ifdef HAVE_FFDHE_Q
qC = dh_ffdhe4096_q;
qCSz = sizeof(dh_ffdhe4096_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_4096 */
#ifdef HAVE_FFDHE_6144
case WC_FFDHE_6144:
pC = dh_ffdhe6144_p;
pCSz = sizeof(dh_ffdhe6144_p);
gC = dh_ffdhe6144_g;
gCSz = sizeof(dh_ffdhe6144_g);
#ifdef HAVE_FFDHE_Q
qC = dh_ffdhe6144_q;
qCSz = sizeof(dh_ffdhe6144_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_6144 */
#ifdef HAVE_FFDHE_8192
case WC_FFDHE_8192:
pC = dh_ffdhe8192_p;
pCSz = sizeof(dh_ffdhe8192_p);
gC = dh_ffdhe8192_g;
gCSz = sizeof(dh_ffdhe8192_g);
#ifdef HAVE_FFDHE_Q
qC = dh_ffdhe8192_q;
qCSz = sizeof(dh_ffdhe8192_q);
#endif /* HAVE_FFDHE_Q */
break;
#endif /* HAVE_FFDHE_8192 */
default:
break;
}
if (p != NULL && pC != NULL)
XMEMCPY(p, pC, pCSz);
if (pSz != NULL)
*pSz = pCSz;
if (g != NULL && gC != NULL)
XMEMCPY(g, gC, gCSz);
if (gSz != NULL)
*gSz = gCSz;
if (q != NULL && qC != NULL)
XMEMCPY(q, qC, qCSz);
if (qSz != NULL)
*qSz = qCSz;
return 0;
}
#ifdef WOLFSSL_KEY_GEN #ifdef WOLFSSL_KEY_GEN
/* modulus_size in bits */ /* modulus_size in bits */

11
wolfcrypt/test/test.c
View File

@@ -16326,7 +16326,7 @@ static int dh_test_check_pubvalue(void)
#endif #endif
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params) static int dh_ffdhe_test(WC_RNG *rng, int name)
{ {
int ret; int ret;
word32 privSz, pubSz, privSz2, pubSz2; word32 privSz, pubSz, privSz2, pubSz2;
@@ -16381,13 +16381,12 @@ static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
ERROR_OUT(-8052, done); ERROR_OUT(-8052, done);
} }
ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len); ret = wc_DhSetNamedKey(key, name);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-8053, done); ERROR_OUT(-8053, done);
} }
ret = wc_DhSetKey(key2, params->p, params->p_len, params->g, ret = wc_DhSetNamedKey(key2, name);
params->g_len);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-8054, done); ERROR_OUT(-8054, done);
} }
@@ -16809,12 +16808,12 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
/* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */ /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get()); ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
if (ret != 0) if (ret != 0)
ERROR_OUT(-8126, done); ERROR_OUT(-8126, done);
#endif #endif
#ifdef HAVE_FFDHE_3072 #ifdef HAVE_FFDHE_3072
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get()); ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
if (ret != 0) if (ret != 0)
ERROR_OUT(-8127, done); ERROR_OUT(-8127, done);
#endif #endif

20
wolfssl/wolfcrypt/dh.h
View File

@@ -83,6 +83,15 @@ struct DhKey {
#define WC_DH_TYPE_DEFINED #define WC_DH_TYPE_DEFINED
#endif #endif
enum {
WC_FFDHE_2048 = 256,
WC_FFDHE_3072 = 257,
WC_FFDHE_4096 = 258,
WC_FFDHE_6144 = 259,
WC_FFDHE_8192 = 260,
};
#ifdef HAVE_PUBLIC_FFDHE
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void); WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
#endif #endif
@@ -98,6 +107,7 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void);
#ifdef HAVE_FFDHE_8192 #ifdef HAVE_FFDHE_8192
WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void); WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
#endif #endif
#endif
WOLFSSL_API int wc_InitDhKey(DhKey* key); WOLFSSL_API int wc_InitDhKey(DhKey* key);
WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
@@ -116,6 +126,16 @@ WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g
word32 gSz); word32 gSz);
WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz); const byte* g, word32 gSz, const byte* q, word32 qSz);
WOLFSSL_API int wc_DhSetNamedKey(DhKey* key, int name);
WOLFSSL_API int wc_DhGetNamedKeyParamSize(int name,
word32* p, word32* g, word32* q);
WOLFSSL_API word32 wc_DhGetNamedKeyMinSize(int name);
WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
const byte* p, word32 pSz,
const byte* g, word32 gSz,
const byte* q, word32 qSz);
WOLFSSL_API int wc_DhCopyNamedKey(int name,
byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
#ifdef WOLFSSL_DH_EXTRA #ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,