diff --git a/certs/dh4096.der b/certs/dh4096.der new file mode 100644 index 00000000000..34eaab8487d Binary files /dev/null and b/certs/dh4096.der differ diff --git a/certs/dh4096.pem b/certs/dh4096.pem new file mode 100644 index 00000000000..9c42d8cb671 --- /dev/null +++ b/certs/dh4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA6Q4+eU/JsqCx2y8eJCGQXFCkNNuZkKz3vy8BS6yHcLrs0WTeBMr8 ++VFpHreZ4rQN2114ODhBBehnSGVUcczJqpUe1L+8yl3CnJ5+XpRbL2By7etUDEgr +IXRNNwRaL4skStvu+qmUE49SShuu5sh/mQkjhInpplOCtgNtOF0u6wvw5qqxi1H8 +1hP7IMvfeZfbVXTCIejbjGqVLVGRp6E8m+/1Q6ymac5mXNWx+LrUhiUpLg4jBdp8 +fMJ7yLV5hG1oLYJKNZ/cDmMrWF80fqhzzkRTEePbRvo6w9pjpWVWmaWRJ9bn3y3v +oIG2BzrGwSuhOnS06eEvayvk8Ji+b8u7ro3SfhtvuvKyuLFdnnkZ95SywRdem7MF +Z21cYmSoK7A2PflMZVPuLlVpzBz1lty+YF437tRjllGXlhQ8Yb9TqiS1JFsmZ60C +Z7jTBW6kj0aRnYSmLESfLRgvc6XlxNlP2Z/1wMVI6CMyxErO/zsWh4WlHyKoC5GX +JJUHyHPSsAH4IKmra3F5JPN5tZsA9fmuI6zq4UiIKFPgyHYprj4lnxzFioYzAiGr +pRDwBxtWj838h54u0ESYRJmzwhTO2JPq0YI8G0nobwSy9a+bN33l4Fbp7gBYJRYj +w47wueKYXfJPXMMnKmd9Q/Y2dtQsfhaAy/EH3Ln181a98PwAeABWtDsCAQI= +-----END DH PARAMETERS----- diff --git a/certs/include.am b/certs/include.am index e5c09d7102b..45193b5ae2e 100644 --- a/certs/include.am +++ b/certs/include.am @@ -50,6 +50,7 @@ EXTRA_DIST += \ certs/ecc-privOnlyKey.pem \ certs/ecc-privOnlyCert.pem \ certs/dh3072.pem \ + certs/dh4096.pem \ certs/client-cert-ext.pem EXTRA_DIST += \ @@ -61,6 +62,7 @@ EXTRA_DIST += \ certs/client-keyPub.der \ certs/dh2048.der \ certs/dh3072.der \ + certs/dh4096.der \ certs/rsa2048.der \ certs/rsa-pub-2048.pem \ certs/rsa3072.der \ diff --git a/gencertbuf.pl b/gencertbuf.pl index 433be1e7084..6b71fffad5b 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -93,6 +93,7 @@ [ "./certs/4096/client-key.der", "client_key_der_4096" ], [ "./certs/4096/client-keyPub.der", "client_keypub_der_4096" ], [ "./certs/4096/client-cert.der", "client_cert_der_4096" ], + [ "./certs/dh4096.der", "dh_key_der_4096" ], ); # ---------------------------------------------------------------------------- diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 6b43ab110b8..f79f7c86feb 100755 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -587,8 +587,8 @@ static const char* bench_result_words1[][4] = { defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static const char* bench_desc_words[][9] = { /* 0 1 2 3 4 5 6 7 8 */ @@ -729,8 +729,8 @@ static const char* bench_desc_words[][9] = { #endif #if defined(BENCH_ASYM) -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static const char* bench_result_words2[][5] = { { "ops took", "sec" , "avg" , "ops/sec", NULL }, /* 0 English */ #ifndef NO_MULTIBYTE_PRINT @@ -1260,8 +1260,8 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, } #ifdef BENCH_ASYM -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) || \ - !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ + defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) static void bench_stats_asym_finish(const char* algo, int strength, const char* desc, int doAsync, int count, double start, int ret) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 78dfd397819..f46407c7226 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1227,6 +1227,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } #endif /* WC_RSA_PSS */ +#endif /* !WC_NO_RNG */ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng) @@ -1250,7 +1251,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); } else { -#ifndef WOLFSSL_RSA_VERIFY_ONLY +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WC_NO_RNG) /* pad with non-zero random bytes */ word32 padLen, i; int ret; @@ -1281,7 +1282,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, return 0; } -#endif /* !WC_NO_RNG */ /* helper function to direct which padding is used */ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, @@ -1293,13 +1293,13 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, switch (padType) { -#ifndef WC_NO_RNG case WC_RSA_PKCSV15_PAD: /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/ ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen, padValue, rng); break; +#ifndef WC_NO_RNG #ifndef WC_NO_RSA_OAEP case WC_RSA_OAEP_PAD: WOLFSSL_MSG("wolfSSL Using RSA OAEP padding"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c31a77c3647..3caa00fe2e9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10290,6 +10290,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #endif /* !NO_RSA && !NO_ASN */ #endif /* !USE_CERT_BUFFER_* */ #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ !defined(NO_ASN) #ifndef NO_DH static const char* dhKey = CERT_ROOT "dh2048.der"; @@ -12824,7 +12825,8 @@ int rsa_test(void) || defined(WOLFSSL_PUBLIC_MP) word32 idx = 0; #endif -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP) +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) const char* inStr = "Everyone gets Friday off."; word32 inLen = (word32)XSTRLEN((char*)inStr); const word32 outSz = RSA_TEST_BYTES; @@ -12846,7 +12848,8 @@ int rsa_test(void) DecodedCert cert; #endif -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP) +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); @@ -13142,7 +13145,7 @@ int rsa_test(void) #endif #ifndef WOLFSSL_RSA_VERIFY_ONLY - #ifndef WC_NO_RSA_OAEP + #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) /* OAEP padding testing */ #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ (!defined(HAVE_FIPS) || \ @@ -13448,7 +13451,7 @@ int rsa_test(void) TEST_SLEEP(); #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ - #endif /* WC_NO_RSA_OAEP */ + #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ #endif /* WOLFSSL_RSA_VERIFY_ONLY */ #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ @@ -14334,12 +14337,21 @@ int dh_test(void) word32 bytes; word32 idx = 0, privSz, pubSz, privSz2, pubSz2; byte tmp[1024]; +#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) byte priv[256]; byte pub[256]; byte priv2[256]; byte pub2[256]; byte agree[256]; byte agree2[256]; +#else + byte priv[512]; + byte pub[512]; + byte priv2[512]; + byte pub2[512]; + byte agree[512]; + byte agree2[512]; +#endif word32 agreeSz = (word32)sizeof(agree); word32 agreeSz2 = (word32)sizeof(agree2); DhKey key; @@ -14353,6 +14365,12 @@ int dh_test(void) #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); bytes = (size_t)sizeof_dh_key_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); + bytes = (size_t)sizeof_dh_key_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); + bytes = (size_t)sizeof_dh_key_der_4096; #elif defined(NO_ASN) /* don't use file, no DER parsing */ #elif !defined(NO_FILESYSTEM) diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 734f0a1c0cb..6562e9f6e74 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -3190,6 +3190,65 @@ static const unsigned char client_cert_der_4096[] = }; static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); +/* ./certs/dh4096.der, 4096-bit */ +static const unsigned char dh_key_der_4096[] = +{ + 0x30, 0x82, 0x02, 0x08, 0x02, 0x82, 0x02, 0x01, 0x00, 0xE9, + 0x0E, 0x3E, 0x79, 0x4F, 0xC9, 0xB2, 0xA0, 0xB1, 0xDB, 0x2F, + 0x1E, 0x24, 0x21, 0x90, 0x5C, 0x50, 0xA4, 0x34, 0xDB, 0x99, + 0x90, 0xAC, 0xF7, 0xBF, 0x2F, 0x01, 0x4B, 0xAC, 0x87, 0x70, + 0xBA, 0xEC, 0xD1, 0x64, 0xDE, 0x04, 0xCA, 0xFC, 0xF9, 0x51, + 0x69, 0x1E, 0xB7, 0x99, 0xE2, 0xB4, 0x0D, 0xDB, 0x5D, 0x78, + 0x38, 0x38, 0x41, 0x05, 0xE8, 0x67, 0x48, 0x65, 0x54, 0x71, + 0xCC, 0xC9, 0xAA, 0x95, 0x1E, 0xD4, 0xBF, 0xBC, 0xCA, 0x5D, + 0xC2, 0x9C, 0x9E, 0x7E, 0x5E, 0x94, 0x5B, 0x2F, 0x60, 0x72, + 0xED, 0xEB, 0x54, 0x0C, 0x48, 0x2B, 0x21, 0x74, 0x4D, 0x37, + 0x04, 0x5A, 0x2F, 0x8B, 0x24, 0x4A, 0xDB, 0xEE, 0xFA, 0xA9, + 0x94, 0x13, 0x8F, 0x52, 0x4A, 0x1B, 0xAE, 0xE6, 0xC8, 0x7F, + 0x99, 0x09, 0x23, 0x84, 0x89, 0xE9, 0xA6, 0x53, 0x82, 0xB6, + 0x03, 0x6D, 0x38, 0x5D, 0x2E, 0xEB, 0x0B, 0xF0, 0xE6, 0xAA, + 0xB1, 0x8B, 0x51, 0xFC, 0xD6, 0x13, 0xFB, 0x20, 0xCB, 0xDF, + 0x79, 0x97, 0xDB, 0x55, 0x74, 0xC2, 0x21, 0xE8, 0xDB, 0x8C, + 0x6A, 0x95, 0x2D, 0x51, 0x91, 0xA7, 0xA1, 0x3C, 0x9B, 0xEF, + 0xF5, 0x43, 0xAC, 0xA6, 0x69, 0xCE, 0x66, 0x5C, 0xD5, 0xB1, + 0xF8, 0xBA, 0xD4, 0x86, 0x25, 0x29, 0x2E, 0x0E, 0x23, 0x05, + 0xDA, 0x7C, 0x7C, 0xC2, 0x7B, 0xC8, 0xB5, 0x79, 0x84, 0x6D, + 0x68, 0x2D, 0x82, 0x4A, 0x35, 0x9F, 0xDC, 0x0E, 0x63, 0x2B, + 0x58, 0x5F, 0x34, 0x7E, 0xA8, 0x73, 0xCE, 0x44, 0x53, 0x11, + 0xE3, 0xDB, 0x46, 0xFA, 0x3A, 0xC3, 0xDA, 0x63, 0xA5, 0x65, + 0x56, 0x99, 0xA5, 0x91, 0x27, 0xD6, 0xE7, 0xDF, 0x2D, 0xEF, + 0xA0, 0x81, 0xB6, 0x07, 0x3A, 0xC6, 0xC1, 0x2B, 0xA1, 0x3A, + 0x74, 0xB4, 0xE9, 0xE1, 0x2F, 0x6B, 0x2B, 0xE4, 0xF0, 0x98, + 0xBE, 0x6F, 0xCB, 0xBB, 0xAE, 0x8D, 0xD2, 0x7E, 0x1B, 0x6F, + 0xBA, 0xF2, 0xB2, 0xB8, 0xB1, 0x5D, 0x9E, 0x79, 0x19, 0xF7, + 0x94, 0xB2, 0xC1, 0x17, 0x5E, 0x9B, 0xB3, 0x05, 0x67, 0x6D, + 0x5C, 0x62, 0x64, 0xA8, 0x2B, 0xB0, 0x36, 0x3D, 0xF9, 0x4C, + 0x65, 0x53, 0xEE, 0x2E, 0x55, 0x69, 0xCC, 0x1C, 0xF5, 0x96, + 0xDC, 0xBE, 0x60, 0x5E, 0x37, 0xEE, 0xD4, 0x63, 0x96, 0x51, + 0x97, 0x96, 0x14, 0x3C, 0x61, 0xBF, 0x53, 0xAA, 0x24, 0xB5, + 0x24, 0x5B, 0x26, 0x67, 0xAD, 0x02, 0x67, 0xB8, 0xD3, 0x05, + 0x6E, 0xA4, 0x8F, 0x46, 0x91, 0x9D, 0x84, 0xA6, 0x2C, 0x44, + 0x9F, 0x2D, 0x18, 0x2F, 0x73, 0xA5, 0xE5, 0xC4, 0xD9, 0x4F, + 0xD9, 0x9F, 0xF5, 0xC0, 0xC5, 0x48, 0xE8, 0x23, 0x32, 0xC4, + 0x4A, 0xCE, 0xFF, 0x3B, 0x16, 0x87, 0x85, 0xA5, 0x1F, 0x22, + 0xA8, 0x0B, 0x91, 0x97, 0x24, 0x95, 0x07, 0xC8, 0x73, 0xD2, + 0xB0, 0x01, 0xF8, 0x20, 0xA9, 0xAB, 0x6B, 0x71, 0x79, 0x24, + 0xF3, 0x79, 0xB5, 0x9B, 0x00, 0xF5, 0xF9, 0xAE, 0x23, 0xAC, + 0xEA, 0xE1, 0x48, 0x88, 0x28, 0x53, 0xE0, 0xC8, 0x76, 0x29, + 0xAE, 0x3E, 0x25, 0x9F, 0x1C, 0xC5, 0x8A, 0x86, 0x33, 0x02, + 0x21, 0xAB, 0xA5, 0x10, 0xF0, 0x07, 0x1B, 0x56, 0x8F, 0xCD, + 0xFC, 0x87, 0x9E, 0x2E, 0xD0, 0x44, 0x98, 0x44, 0x99, 0xB3, + 0xC2, 0x14, 0xCE, 0xD8, 0x93, 0xEA, 0xD1, 0x82, 0x3C, 0x1B, + 0x49, 0xE8, 0x6F, 0x04, 0xB2, 0xF5, 0xAF, 0x9B, 0x37, 0x7D, + 0xE5, 0xE0, 0x56, 0xE9, 0xEE, 0x00, 0x58, 0x25, 0x16, 0x23, + 0xC3, 0x8E, 0xF0, 0xB9, 0xE2, 0x98, 0x5D, 0xF2, 0x4F, 0x5C, + 0xC3, 0x27, 0x2A, 0x67, 0x7D, 0x43, 0xF6, 0x36, 0x76, 0xD4, + 0x2C, 0x7E, 0x16, 0x80, 0xCB, 0xF1, 0x07, 0xDC, 0xB9, 0xF5, + 0xF3, 0x56, 0xBD, 0xF0, 0xFC, 0x00, 0x78, 0x00, 0x56, 0xB4, + 0x3B, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096); + #endif /* USE_CERT_BUFFERS_4096 */ #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)