Add DH AlgorithmParameters, AlgorithmParameterGenerator, KeyFactory, and related fixes

.github/workflows/windows-vs.yml

@@ -274,7 +274,7 @@ jobs:
           $content = Get-Content $userSettingsPath -Raw
           Write-Output "Original file size: $($content.Length) characters"
 
-          $newDefines = "#define WOLFSSL_KEY_GEN`n#define HAVE_CRL`n#define OPENSSL_ALL`n#define WOLFSSL_SHA224`n`n"
+          $newDefines = "#define WOLFSSL_KEY_GEN`n#define HAVE_CRL`n#define OPENSSL_ALL`n#define WOLFSSL_SHA224`n#define HAVE_FFDHE_2048`n#define HAVE_FFDHE_3072`n#define HAVE_FFDHE_4096`n#define HAVE_FFDHE_Q`n#define WOLFSSL_VALIDATE_FFC_IMPORT`n`n"
 
           # Try multiple possible insertion points
           $insertPoints = @(

CLAUDE.md

@@ -11,7 +11,9 @@
 - Keep lines under 80 characters maximum length
 - MUST only use multi-line comments, no "//" style ones
 - MUST remove all trailing white space
-- Use 4 spaces for one tab, no hard tabs
+- MUST use 4 spaces for one tab, no hard tabs
+- MUST use XMALLOC/XFREE for memory allocation instead of malloc/free
+- MUST cast XMALLOC back to type being allocated
 
 # Source Code Organization
 - The source code is organized into the following directories:

IDE/Android/app/src/main/cpp/CMakeLists.txt

@@ -65,6 +65,7 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
                 -DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
                 -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
                 -DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
+                -DWOLFSSL_KEY_GEN
                 -DWOLFSSL_CUSTOM_CONFIG
 
                 # For gethostbyname()

README_JCE.md

@@ -185,6 +185,7 @@ The JCE provider currently supports the following algorithms:
 
     KeyFactory
         EC
+        DH (aliases: DiffieHellman, 1.2.840.113549.1.3.1)
 
     CertPathValidator Class
         PKIX
@@ -205,9 +206,13 @@ The JCE provider currently supports the following algorithms:
 
     AlgorithmParameters
         AES
+        DH
         GCM
         RSASSA-PSS
 
+    AlgorithmParameterGenerator
+        DH
+
 ### SecureRandom.getInstanceStrong()
 
 When registered as the highest priority security provider, wolfJCE will provide

jni/jni_aesccm.c

@@ -194,7 +194,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmEncrypt
 
     /* in can be NULL if inLen is 0 - case with only AAD to gen tag */
     if ((inLen != 0 && in == NULL) || nonce == NULL || authTag == NULL ||
-         nonceSz < 7 || nonceSz > 13 || authTagSz > WC_AES_BLOCK_SIZE) {
+         nonceSz < 7 || nonceSz > 13 || authTagSz > AES_BLOCK_SIZE) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -327,7 +327,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmDecrypt
 
     /* in can be NULL if inLen is 0 - case with only AAD to verify tag */
     if ((inLen != 0 && in == NULL) || nonce == NULL || authTag == NULL ||
-        nonceSz < 7 || nonceSz > 13 || authTagSz > WC_AES_BLOCK_SIZE) {
+        nonceSz < 7 || nonceSz > 13 || authTagSz > AES_BLOCK_SIZE) {
         ret = BAD_FUNC_ARG;
     }
 

jni/jni_aesgcm.c

@@ -193,7 +193,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmEncrypt
     }
 
     /* in may be null, users might only pass in AAD to generate tag */
-    if (authTagSz > WC_AES_BLOCK_SIZE || iv == NULL || ivSz == 0 ||
+    if (authTagSz > AES_BLOCK_SIZE || iv == NULL || ivSz == 0 ||
         ((authTagSz > 0) && (authTag == NULL)) ||
         ((authInSz > 0) && (authIn == NULL))) {
         ret = BAD_FUNC_ARG;
@@ -329,7 +329,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmDecrypt
     /* If inLen is non-zero, both in and out must be set. If inLen is 0,
      * in and out are don't cares, as this is the GMAC case */
     if (iv == NULL || ivSz == 0 || (inLen != 0 && in == NULL) ||
-        authTag == NULL || (authTagSz > WC_AES_BLOCK_SIZE) || authTagSz == 0) {
+        authTag == NULL || (authTagSz > AES_BLOCK_SIZE) || authTagSz == 0) {
         ret = BAD_FUNC_ARG;
     }