diff --git a/certs/dh4096.der b/certs/dh4096.der new file mode 100644 index 000000000..34eaab848 Binary files /dev/null and b/certs/dh4096.der differ diff --git a/certs/dh4096.pem b/certs/dh4096.pem new file mode 100644 index 000000000..9c42d8cb6 --- /dev/null +++ b/certs/dh4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA6Q4+eU/JsqCx2y8eJCGQXFCkNNuZkKz3vy8BS6yHcLrs0WTeBMr8 ++VFpHreZ4rQN2114ODhBBehnSGVUcczJqpUe1L+8yl3CnJ5+XpRbL2By7etUDEgr +IXRNNwRaL4skStvu+qmUE49SShuu5sh/mQkjhInpplOCtgNtOF0u6wvw5qqxi1H8 +1hP7IMvfeZfbVXTCIejbjGqVLVGRp6E8m+/1Q6ymac5mXNWx+LrUhiUpLg4jBdp8 +fMJ7yLV5hG1oLYJKNZ/cDmMrWF80fqhzzkRTEePbRvo6w9pjpWVWmaWRJ9bn3y3v +oIG2BzrGwSuhOnS06eEvayvk8Ji+b8u7ro3SfhtvuvKyuLFdnnkZ95SywRdem7MF +Z21cYmSoK7A2PflMZVPuLlVpzBz1lty+YF437tRjllGXlhQ8Yb9TqiS1JFsmZ60C +Z7jTBW6kj0aRnYSmLESfLRgvc6XlxNlP2Z/1wMVI6CMyxErO/zsWh4WlHyKoC5GX +JJUHyHPSsAH4IKmra3F5JPN5tZsA9fmuI6zq4UiIKFPgyHYprj4lnxzFioYzAiGr +pRDwBxtWj838h54u0ESYRJmzwhTO2JPq0YI8G0nobwSy9a+bN33l4Fbp7gBYJRYj +w47wueKYXfJPXMMnKmd9Q/Y2dtQsfhaAy/EH3Ln181a98PwAeABWtDsCAQI= +-----END DH PARAMETERS----- diff --git a/certs/include.am b/certs/include.am index e5c09d710..45193b5ae 100644 --- a/certs/include.am +++ b/certs/include.am @@ -50,6 +50,7 @@ EXTRA_DIST += \ certs/ecc-privOnlyKey.pem \ certs/ecc-privOnlyCert.pem \ certs/dh3072.pem \ + certs/dh4096.pem \ certs/client-cert-ext.pem EXTRA_DIST += \ @@ -61,6 +62,7 @@ EXTRA_DIST += \ certs/client-keyPub.der \ certs/dh2048.der \ certs/dh3072.der \ + certs/dh4096.der \ certs/rsa2048.der \ certs/rsa-pub-2048.pem \ certs/rsa3072.der \ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 6b43ab110..f79f7c86f 100755 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -587,8 +587,8 @@ static const char* bench_result_words1[][4] = { defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static const char* bench_desc_words[][9] = { /* 0 1 2 3 4 5 6 7 8 */ @@ -729,8 +729,8 @@ static const char* bench_desc_words[][9] = { #endif #if defined(BENCH_ASYM) -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static const char* bench_result_words2[][5] = { { "ops took", "sec" , "avg" , "ops/sec", NULL }, /* 0 English */ #ifndef NO_MULTIBYTE_PRINT @@ -1260,8 +1260,8 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, } #ifdef BENCH_ASYM -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static void bench_stats_asym_finish(const char* algo, int strength, const char* desc, int doAsync, int count, double start, int ret) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 78dfd3978..f46407c72 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1227,6 +1227,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } #endif /* WC_RSA_PSS */ +#endif /* !WC_NO_RNG */ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng) @@ -1250,7 +1251,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); } else { -#ifndef WOLFSSL_RSA_VERIFY_ONLY +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WC_NO_RNG) /* pad with non-zero random bytes */ word32 padLen, i; int ret; @@ -1281,7 +1282,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, return 0; } -#endif /* !WC_NO_RNG */ /* helper function to direct which padding is used */ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, @@ -1293,13 +1293,13 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, switch (padType) { -#ifndef WC_NO_RNG case WC_RSA_PKCSV15_PAD: /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/ ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen, padValue, rng); break; +#ifndef WC_NO_RNG #ifndef WC_NO_RSA_OAEP case WC_RSA_OAEP_PAD: WOLFSSL_MSG("wolfSSL Using RSA OAEP padding"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c31a77c36..3caa00fe2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10290,6 +10290,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #endif /* !NO_RSA && !NO_ASN */ #endif /* !USE_CERT_BUFFER_* */ #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ !defined(NO_ASN) #ifndef NO_DH static const char* dhKey = CERT_ROOT "dh2048.der"; @@ -12824,7 +12825,8 @@ int rsa_test(void) || defined(WOLFSSL_PUBLIC_MP) word32 idx = 0; #endif -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP) +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) const char* inStr = "Everyone gets Friday off."; word32 inLen = (word32)XSTRLEN((char*)inStr); const word32 outSz = RSA_TEST_BYTES; @@ -12846,7 +12848,8 @@ int rsa_test(void) DecodedCert cert; #endif -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP) +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); @@ -13142,7 +13145,7 @@ int rsa_test(void) #endif #ifndef WOLFSSL_RSA_VERIFY_ONLY - #ifndef WC_NO_RSA_OAEP + #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) /* OAEP padding testing */ #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ (!defined(HAVE_FIPS) || \ @@ -13448,7 +13451,7 @@ int rsa_test(void) TEST_SLEEP(); #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ - #endif /* WC_NO_RSA_OAEP */ + #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ #endif /* WOLFSSL_RSA_VERIFY_ONLY */ #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ @@ -14334,12 +14337,21 @@ int dh_test(void) word32 bytes; word32 idx = 0, privSz, pubSz, privSz2, pubSz2; byte tmp[1024]; +#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) byte priv[256]; byte pub[256]; byte priv2[256]; byte pub2[256]; byte agree[256]; byte agree2[256]; +#else + byte priv[512]; + byte pub[512]; + byte priv2[512]; + byte pub2[512]; + byte agree[512]; + byte agree2[512]; +#endif word32 agreeSz = (word32)sizeof(agree); word32 agreeSz2 = (word32)sizeof(agree2); DhKey key; @@ -14353,6 +14365,12 @@ int dh_test(void) #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); bytes = (size_t)sizeof_dh_key_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); + bytes = (size_t)sizeof_dh_key_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); + bytes = (size_t)sizeof_dh_key_der_4096; #elif defined(NO_ASN) /* don't use file, no DER parsing */ #elif !defined(NO_FILESYSTEM) diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 734f0a1c0..a5102fe4e 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -3190,6 +3190,69 @@ static const unsigned char client_cert_der_4096[] = }; static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); +#ifndef NO_DH + +/* ./certs/dh4096.der, 4096-bit */ +static const unsigned char dh_key_der_4096[] = +{ + 0x30, 0x82, 0x02, 0x08, 0x02, 0x82, 0x02, 0x01, 0x00, 0xe9, + 0x0e, 0x3e, 0x79, 0x4f, 0xc9, 0xb2, 0xa0, 0xb1, 0xdb, 0x2f, + 0x1e, 0x24, 0x21, 0x90, 0x5c, 0x50, 0xa4, 0x34, 0xdb, 0x99, + 0x90, 0xac, 0xf7, 0xbf, 0x2f, 0x01, 0x4b, 0xac, 0x87, 0x70, + 0xba, 0xec, 0xd1, 0x64, 0xde, 0x04, 0xca, 0xfc, 0xf9, 0x51, + 0x69, 0x1e, 0xb7, 0x99, 0xe2, 0xb4, 0x0d, 0xdb, 0x5d, 0x78, + 0x38, 0x38, 0x41, 0x05, 0xe8, 0x67, 0x48, 0x65, 0x54, 0x71, + 0xcc, 0xc9, 0xaa, 0x95, 0x1e, 0xd4, 0xbf, 0xbc, 0xca, 0x5d, + 0xc2, 0x9c, 0x9e, 0x7e, 0x5e, 0x94, 0x5b, 0x2f, 0x60, 0x72, + 0xed, 0xeb, 0x54, 0x0c, 0x48, 0x2b, 0x21, 0x74, 0x4d, 0x37, + 0x04, 0x5a, 0x2f, 0x8b, 0x24, 0x4a, 0xdb, 0xee, 0xfa, 0xa9, + 0x94, 0x13, 0x8f, 0x52, 0x4a, 0x1b, 0xae, 0xe6, 0xc8, 0x7f, + 0x99, 0x09, 0x23, 0x84, 0x89, 0xe9, 0xa6, 0x53, 0x82, 0xb6, + 0x03, 0x6d, 0x38, 0x5d, 0x2e, 0xeb, 0x0b, 0xf0, 0xe6, 0xaa, + 0xb1, 0x8b, 0x51, 0xfc, 0xd6, 0x13, 0xfb, 0x20, 0xcb, 0xdf, + 0x79, 0x97, 0xdb, 0x55, 0x74, 0xc2, 0x21, 0xe8, 0xdb, 0x8c, + 0x6a, 0x95, 0x2d, 0x51, 0x91, 0xa7, 0xa1, 0x3c, 0x9b, 0xef, + 0xf5, 0x43, 0xac, 0xa6, 0x69, 0xce, 0x66, 0x5c, 0xd5, 0xb1, + 0xf8, 0xba, 0xd4, 0x86, 0x25, 0x29, 0x2e, 0x0e, 0x23, 0x05, + 0xda, 0x7c, 0x7c, 0xc2, 0x7b, 0xc8, 0xb5, 0x79, 0x84, 0x6d, + 0x68, 0x2d, 0x82, 0x4a, 0x35, 0x9f, 0xdc, 0x0e, 0x63, 0x2b, + 0x58, 0x5f, 0x34, 0x7e, 0xa8, 0x73, 0xce, 0x44, 0x53, 0x11, + 0xe3, 0xdb, 0x46, 0xfa, 0x3a, 0xc3, 0xda, 0x63, 0xa5, 0x65, + 0x56, 0x99, 0xa5, 0x91, 0x27, 0xd6, 0xe7, 0xdf, 0x2d, 0xef, + 0xa0, 0x81, 0xb6, 0x07, 0x3a, 0xc6, 0xc1, 0x2b, 0xa1, 0x3a, + 0x74, 0xb4, 0xe9, 0xe1, 0x2f, 0x6b, 0x2b, 0xe4, 0xf0, 0x98, + 0xbe, 0x6f, 0xcb, 0xbb, 0xae, 0x8d, 0xd2, 0x7e, 0x1b, 0x6f, + 0xba, 0xf2, 0xb2, 0xb8, 0xb1, 0x5d, 0x9e, 0x79, 0x19, 0xf7, + 0x94, 0xb2, 0xc1, 0x17, 0x5e, 0x9b, 0xb3, 0x05, 0x67, 0x6d, + 0x5c, 0x62, 0x64, 0xa8, 0x2b, 0xb0, 0x36, 0x3d, 0xf9, 0x4c, + 0x65, 0x53, 0xee, 0x2e, 0x55, 0x69, 0xcc, 0x1c, 0xf5, 0x96, + 0xdc, 0xbe, 0x60, 0x5e, 0x37, 0xee, 0xd4, 0x63, 0x96, 0x51, + 0x97, 0x96, 0x14, 0x3c, 0x61, 0xbf, 0x53, 0xaa, 0x24, 0xb5, + 0x24, 0x5b, 0x26, 0x67, 0xad, 0x02, 0x67, 0xb8, 0xd3, 0x05, + 0x6e, 0xa4, 0x8f, 0x46, 0x91, 0x9d, 0x84, 0xa6, 0x2c, 0x44, + 0x9f, 0x2d, 0x18, 0x2f, 0x73, 0xa5, 0xe5, 0xc4, 0xd9, 0x4f, + 0xd9, 0x9f, 0xf5, 0xc0, 0xc5, 0x48, 0xe8, 0x23, 0x32, 0xc4, + 0x4a, 0xce, 0xff, 0x3b, 0x16, 0x87, 0x85, 0xa5, 0x1f, 0x22, + 0xa8, 0x0b, 0x91, 0x97, 0x24, 0x95, 0x07, 0xc8, 0x73, 0xd2, + 0xb0, 0x01, 0xf8, 0x20, 0xa9, 0xab, 0x6b, 0x71, 0x79, 0x24, + 0xf3, 0x79, 0xb5, 0x9b, 0x00, 0xf5, 0xf9, 0xae, 0x23, 0xac, + 0xea, 0xe1, 0x48, 0x88, 0x28, 0x53, 0xe0, 0xc8, 0x76, 0x29, + 0xae, 0x3e, 0x25, 0x9f, 0x1c, 0xc5, 0x8a, 0x86, 0x33, 0x02, + 0x21, 0xab, 0xa5, 0x10, 0xf0, 0x07, 0x1b, 0x56, 0x8f, 0xcd, + 0xfc, 0x87, 0x9e, 0x2e, 0xd0, 0x44, 0x98, 0x44, 0x99, 0xb3, + 0xc2, 0x14, 0xce, 0xd8, 0x93, 0xea, 0xd1, 0x82, 0x3c, 0x1b, + 0x49, 0xe8, 0x6f, 0x04, 0xb2, 0xf5, 0xaf, 0x9b, 0x37, 0x7d, + 0xe5, 0xe0, 0x56, 0xe9, 0xee, 0x00, 0x58, 0x25, 0x16, 0x23, + 0xc3, 0x8e, 0xf0, 0xb9, 0xe2, 0x98, 0x5d, 0xf2, 0x4f, 0x5c, + 0xc3, 0x27, 0x2a, 0x67, 0x7d, 0x43, 0xf6, 0x36, 0x76, 0xd4, + 0x2c, 0x7e, 0x16, 0x80, 0xcb, 0xf1, 0x07, 0xdc, 0xb9, 0xf5, + 0xf3, 0x56, 0xbd, 0xf0, 0xfc, 0x00, 0x78, 0x00, 0x56, 0xb4, + 0x3b, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096); + +#endif /* !NO_DH */ + #endif /* USE_CERT_BUFFERS_4096 */ #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)