xref: /openbmc/linux/crypto/dh.c (revision 01ab991f)
1  // SPDX-License-Identifier: GPL-2.0-or-later
2  /*  Diffie-Hellman Key Agreement Method [RFC2631]
3   *
4   * Copyright (c) 2016, Intel Corporation
5   * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
6   */
7  
8  #include <linux/fips.h>
9  #include <linux/module.h>
10  #include <crypto/internal/kpp.h>
11  #include <crypto/kpp.h>
12  #include <crypto/dh.h>
13  #include <crypto/rng.h>
14  #include <linux/mpi.h>
15  
16  struct dh_ctx {
17  	MPI p;	/* Value is guaranteed to be set. */
18  	MPI g;	/* Value is guaranteed to be set. */
19  	MPI xa;	/* Value is guaranteed to be set. */
20  };
21  
22  static void dh_clear_ctx(struct dh_ctx *ctx)
23  {
24  	mpi_free(ctx->p);
25  	mpi_free(ctx->g);
26  	mpi_free(ctx->xa);
27  	memset(ctx, 0, sizeof(*ctx));
28  }
29  
30  /*
31   * If base is g we compute the public key
32   *	ya = g^xa mod p; [RFC2631 sec 2.1.1]
33   * else if base if the counterpart public key we compute the shared secret
34   *	ZZ = yb^xa mod p; [RFC2631 sec 2.1.1]
35   */
36  static int _compute_val(const struct dh_ctx *ctx, MPI base, MPI val)
37  {
38  	/* val = base^xa mod p */
39  	return mpi_powm(val, base, ctx->xa, ctx->p);
40  }
41  
42  static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm)
43  {
44  	return kpp_tfm_ctx(tfm);
45  }
46  
47  static int dh_check_params_length(unsigned int p_len)
48  {
49  	if (fips_enabled)
50  		return (p_len < 2048) ? -EINVAL : 0;
51  
52  	return (p_len < 1536) ? -EINVAL : 0;
53  }
54  
55  static int dh_set_params(struct dh_ctx *ctx, struct dh *params)
56  {
57  	if (dh_check_params_length(params->p_size << 3))
58  		return -EINVAL;
59  
60  	ctx->p = mpi_read_raw_data(params->p, params->p_size);
61  	if (!ctx->p)
62  		return -EINVAL;
63  
64  	ctx->g = mpi_read_raw_data(params->g, params->g_size);
65  	if (!ctx->g)
66  		return -EINVAL;
67  
68  	return 0;
69  }
70  
71  static int dh_set_secret(struct crypto_kpp *tfm, const void *buf,
72  			 unsigned int len)
73  {
74  	struct dh_ctx *ctx = dh_get_ctx(tfm);
75  	struct dh params;
76  
77  	/* Free the old MPI key if any */
78  	dh_clear_ctx(ctx);
79  
80  	if (crypto_dh_decode_key(buf, len, &params) < 0)
81  		goto err_clear_ctx;
82  
83  	if (dh_set_params(ctx, &params) < 0)
84  		goto err_clear_ctx;
85  
86  	ctx->xa = mpi_read_raw_data(params.key, params.key_size);
87  	if (!ctx->xa)
88  		goto err_clear_ctx;
89  
90  	return 0;
91  
92  err_clear_ctx:
93  	dh_clear_ctx(ctx);
94  	return -EINVAL;
95  }
96  
97  /*
98   * SP800-56A public key verification:
99   *
100   * * For the safe-prime groups in FIPS mode, Q can be computed
101   *   trivially from P and a full validation according to SP800-56A
102   *   section 5.6.2.3.1 is performed.
103   *
104   * * For all other sets of group parameters, only a partial validation
105   *   according to SP800-56A section 5.6.2.3.2 is performed.
106   */
107  static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y)
108  {
109  	if (unlikely(!ctx->p))
110  		return -EINVAL;
111  
112  	/*
113  	 * Step 1: Verify that 2 <= y <= p - 2.
114  	 *
115  	 * The upper limit check is actually y < p instead of y < p - 1
116  	 * in order to save one mpi_sub_ui() invocation here. Note that
117  	 * p - 1 is the non-trivial element of the subgroup of order 2 and
118  	 * thus, the check on y^q below would fail if y == p - 1.
119  	 */
120  	if (mpi_cmp_ui(y, 1) < 1 || mpi_cmp(y, ctx->p) >= 0)
121  		return -EINVAL;
122  
123  	/*
124  	 * Step 2: Verify that 1 = y^q mod p
125  	 *
126  	 * For the safe-prime groups q = (p - 1)/2.
127  	 */
128  	if (fips_enabled) {
129  		MPI val, q;
130  		int ret;
131  
132  		val = mpi_alloc(0);
133  		if (!val)
134  			return -ENOMEM;
135  
136  		q = mpi_alloc(mpi_get_nlimbs(ctx->p));
137  		if (!q) {
138  			mpi_free(val);
139  			return -ENOMEM;
140  		}
141  
142  		/*
143  		 * ->p is odd, so no need to explicitly subtract one
144  		 * from it before shifting to the right.
145  		 */
146  		mpi_rshift(q, ctx->p, 1);
147  
148  		ret = mpi_powm(val, y, q, ctx->p);
149  		mpi_free(q);
150  		if (ret) {
151  			mpi_free(val);
152  			return ret;
153  		}
154  
155  		ret = mpi_cmp_ui(val, 1);
156  
157  		mpi_free(val);
158  
159  		if (ret != 0)
160  			return -EINVAL;
161  	}
162  
163  	return 0;
164  }
165  
166  static int dh_compute_value(struct kpp_request *req)
167  {
168  	struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
169  	struct dh_ctx *ctx = dh_get_ctx(tfm);
170  	MPI base, val = mpi_alloc(0);
171  	int ret = 0;
172  	int sign;
173  
174  	if (!val)
175  		return -ENOMEM;
176  
177  	if (unlikely(!ctx->xa)) {
178  		ret = -EINVAL;
179  		goto err_free_val;
180  	}
181  
182  	if (req->src) {
183  		base = mpi_read_raw_from_sgl(req->src, req->src_len);
184  		if (!base) {
185  			ret = -EINVAL;
186  			goto err_free_val;
187  		}
188  		ret = dh_is_pubkey_valid(ctx, base);
189  		if (ret)
190  			goto err_free_base;
191  	} else {
192  		base = ctx->g;
193  	}
194  
195  	ret = _compute_val(ctx, base, val);
196  	if (ret)
197  		goto err_free_base;
198  
199  	if (fips_enabled) {
200  		/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
201  		if (req->src) {
202  			MPI pone;
203  
204  			/* z <= 1 */
205  			if (mpi_cmp_ui(val, 1) < 1) {
206  				ret = -EBADMSG;
207  				goto err_free_base;
208  			}
209  
210  			/* z == p - 1 */
211  			pone = mpi_alloc(0);
212  
213  			if (!pone) {
214  				ret = -ENOMEM;
215  				goto err_free_base;
216  			}
217  
218  			ret = mpi_sub_ui(pone, ctx->p, 1);
219  			if (!ret && !mpi_cmp(pone, val))
220  				ret = -EBADMSG;
221  
222  			mpi_free(pone);
223  
224  			if (ret)
225  				goto err_free_base;
226  
227  		/* SP800-56A rev 3 5.6.2.1.3 key check */
228  		} else {
229  			if (dh_is_pubkey_valid(ctx, val)) {
230  				ret = -EAGAIN;
231  				goto err_free_val;
232  			}
233  		}
234  	}
235  
236  	ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);
237  	if (ret)
238  		goto err_free_base;
239  
240  	if (sign < 0)
241  		ret = -EBADMSG;
242  err_free_base:
243  	if (req->src)
244  		mpi_free(base);
245  err_free_val:
246  	mpi_free(val);
247  	return ret;
248  }
249  
250  static unsigned int dh_max_size(struct crypto_kpp *tfm)
251  {
252  	struct dh_ctx *ctx = dh_get_ctx(tfm);
253  
254  	return mpi_get_size(ctx->p);
255  }
256  
257  static void dh_exit_tfm(struct crypto_kpp *tfm)
258  {
259  	struct dh_ctx *ctx = dh_get_ctx(tfm);
260  
261  	dh_clear_ctx(ctx);
262  }
263  
264  static struct kpp_alg dh = {
265  	.set_secret = dh_set_secret,
266  	.generate_public_key = dh_compute_value,
267  	.compute_shared_secret = dh_compute_value,
268  	.max_size = dh_max_size,
269  	.exit = dh_exit_tfm,
270  	.base = {
271  		.cra_name = "dh",
272  		.cra_driver_name = "dh-generic",
273  		.cra_priority = 100,
274  		.cra_module = THIS_MODULE,
275  		.cra_ctxsize = sizeof(struct dh_ctx),
276  	},
277  };
278  
279  
280  struct dh_safe_prime {
281  	unsigned int max_strength;
282  	unsigned int p_size;
283  	const char *p;
284  };
285  
286  static const char safe_prime_g[]  = { 2 };
287  
288  struct dh_safe_prime_instance_ctx {
289  	struct crypto_kpp_spawn dh_spawn;
290  	const struct dh_safe_prime *safe_prime;
291  };
292  
293  struct dh_safe_prime_tfm_ctx {
294  	struct crypto_kpp *dh_tfm;
295  };
296  
297  static void dh_safe_prime_free_instance(struct kpp_instance *inst)
298  {
299  	struct dh_safe_prime_instance_ctx *ctx = kpp_instance_ctx(inst);
300  
301  	crypto_drop_kpp(&ctx->dh_spawn);
302  	kfree(inst);
303  }
304  
305  static inline struct dh_safe_prime_instance_ctx *dh_safe_prime_instance_ctx(
306  	struct crypto_kpp *tfm)
307  {
308  	return kpp_instance_ctx(kpp_alg_instance(tfm));
309  }
310  
311  static int dh_safe_prime_init_tfm(struct crypto_kpp *tfm)
312  {
313  	struct dh_safe_prime_instance_ctx *inst_ctx =
314  		dh_safe_prime_instance_ctx(tfm);
315  	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
316  
317  	tfm_ctx->dh_tfm = crypto_spawn_kpp(&inst_ctx->dh_spawn);
318  	if (IS_ERR(tfm_ctx->dh_tfm))
319  		return PTR_ERR(tfm_ctx->dh_tfm);
320  
321  	return 0;
322  }
323  
324  static void dh_safe_prime_exit_tfm(struct crypto_kpp *tfm)
325  {
326  	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
327  
328  	crypto_free_kpp(tfm_ctx->dh_tfm);
329  }
330  
331  static u64 __add_u64_to_be(__be64 *dst, unsigned int n, u64 val)
332  {
333  	unsigned int i;
334  
335  	for (i = n; val && i > 0; --i) {
336  		u64 tmp = be64_to_cpu(dst[i - 1]);
337  
338  		tmp += val;
339  		val = tmp >= val ? 0 : 1;
340  		dst[i - 1] = cpu_to_be64(tmp);
341  	}
342  
343  	return val;
344  }
345  
346  static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
347  				       unsigned int *key_size)
348  {
349  	unsigned int n, oversampling_size;
350  	__be64 *key;
351  	int err;
352  	u64 h, o;
353  
354  	/*
355  	 * Generate a private key following NIST SP800-56Ar3,
356  	 * sec. 5.6.1.1.1 and 5.6.1.1.3 resp..
357  	 *
358  	 * 5.6.1.1.1: choose key length N such that
359  	 * 2 * ->max_strength <= N <= log2(q) + 1 = ->p_size * 8 - 1
360  	 * with q = (p - 1) / 2 for the safe-prime groups.
361  	 * Choose the lower bound's next power of two for N in order to
362  	 * avoid excessively large private keys while still
363  	 * maintaining some extra reserve beyond the bare minimum in
364  	 * most cases. Note that for each entry in safe_prime_groups[],
365  	 * the following holds for such N:
366  	 * - N >= 256, in particular it is a multiple of 2^6 = 64
367  	 *   bits and
368  	 * - N < log2(q) + 1, i.e. N respects the upper bound.
369  	 */
370  	n = roundup_pow_of_two(2 * safe_prime->max_strength);
371  	WARN_ON_ONCE(n & ((1u << 6) - 1));
372  	n >>= 6; /* Convert N into units of u64. */
373  
374  	/*
375  	 * Reserve one extra u64 to hold the extra random bits
376  	 * required as per 5.6.1.1.3.
377  	 */
378  	oversampling_size = (n + 1) * sizeof(__be64);
379  	key = kmalloc(oversampling_size, GFP_KERNEL);
380  	if (!key)
381  		return ERR_PTR(-ENOMEM);
382  
383  	/*
384  	 * 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64
385  	 * random bits and interpret them as a big endian integer.
386  	 */
387  	err = -EFAULT;
388  	if (crypto_get_default_rng())
389  		goto out_err;
390  
391  	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
392  				   oversampling_size);
393  	crypto_put_default_rng();
394  	if (err)
395  		goto out_err;
396  
397  	/*
398  	 * 5.6.1.1.3, step 5 is implicit: 2^N < q and thus,
399  	 * M = min(2^N, q) = 2^N.
400  	 *
401  	 * For step 6, calculate
402  	 * key = (key[] mod (M - 1)) + 1 = (key[] mod (2^N - 1)) + 1.
403  	 *
404  	 * In order to avoid expensive divisions, note that
405  	 * 2^N mod (2^N - 1) = 1 and thus, for any integer h,
406  	 * 2^N * h mod (2^N - 1) = h mod (2^N - 1) always holds.
407  	 * The big endian integer key[] composed of n + 1 64bit words
408  	 * may be written as key[] = h * 2^N + l, with h = key[0]
409  	 * representing the 64 most significant bits and l
410  	 * corresponding to the remaining 2^N bits. With the remark
411  	 * from above,
412  	 * h * 2^N + l mod (2^N - 1) = l + h mod (2^N - 1).
413  	 * As both, l and h are less than 2^N, their sum after
414  	 * this first reduction is guaranteed to be <= 2^(N + 1) - 2.
415  	 * Or equivalently, that their sum can again be written as
416  	 * h' * 2^N + l' with h' now either zero or one and if one,
417  	 * then l' <= 2^N - 2. Thus, all bits at positions >= N will
418  	 * be zero after a second reduction:
419  	 * h' * 2^N + l' mod (2^N - 1) = l' + h' mod (2^N - 1).
420  	 * At this point, it is still possible that
421  	 * l' + h' = 2^N - 1, i.e. that l' + h' mod (2^N - 1)
422  	 * is zero. This condition will be detected below by means of
423  	 * the final increment overflowing in this case.
424  	 */
425  	h = be64_to_cpu(key[0]);
426  	h = __add_u64_to_be(key + 1, n, h);
427  	h = __add_u64_to_be(key + 1, n, h);
428  	WARN_ON_ONCE(h);
429  
430  	/* Increment to obtain the final result. */
431  	o = __add_u64_to_be(key + 1, n, 1);
432  	/*
433  	 * The overflow bit o from the increment is either zero or
434  	 * one. If zero, key[1:n] holds the final result in big-endian
435  	 * order. If one, key[1:n] is zero now, but needs to be set to
436  	 * one, c.f. above.
437  	 */
438  	if (o)
439  		key[n] = cpu_to_be64(1);
440  
441  	/* n is in units of u64, convert to bytes. */
442  	*key_size = n << 3;
443  	/* Strip the leading extra __be64, which is (virtually) zero by now. */
444  	memmove(key, &key[1], *key_size);
445  
446  	return key;
447  
448  out_err:
449  	kfree_sensitive(key);
450  	return ERR_PTR(err);
451  }
452  
453  static int dh_safe_prime_set_secret(struct crypto_kpp *tfm, const void *buffer,
454  				    unsigned int len)
455  {
456  	struct dh_safe_prime_instance_ctx *inst_ctx =
457  		dh_safe_prime_instance_ctx(tfm);
458  	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
459  	struct dh params = {};
460  	void *buf = NULL, *key = NULL;
461  	unsigned int buf_size;
462  	int err;
463  
464  	if (buffer) {
465  		err = __crypto_dh_decode_key(buffer, len, &params);
466  		if (err)
467  			return err;
468  		if (params.p_size || params.g_size)
469  			return -EINVAL;
470  	}
471  
472  	params.p = inst_ctx->safe_prime->p;
473  	params.p_size = inst_ctx->safe_prime->p_size;
474  	params.g = safe_prime_g;
475  	params.g_size = sizeof(safe_prime_g);
476  
477  	if (!params.key_size) {
478  		key = dh_safe_prime_gen_privkey(inst_ctx->safe_prime,
479  						&params.key_size);
480  		if (IS_ERR(key))
481  			return PTR_ERR(key);
482  		params.key = key;
483  	}
484  
485  	buf_size = crypto_dh_key_len(&params);
486  	buf = kmalloc(buf_size, GFP_KERNEL);
487  	if (!buf) {
488  		err = -ENOMEM;
489  		goto out;
490  	}
491  
492  	err = crypto_dh_encode_key(buf, buf_size, &params);
493  	if (err)
494  		goto out;
495  
496  	err = crypto_kpp_set_secret(tfm_ctx->dh_tfm, buf, buf_size);
497  out:
498  	kfree_sensitive(buf);
499  	kfree_sensitive(key);
500  	return err;
501  }
502  
503  static void dh_safe_prime_complete_req(struct crypto_async_request *dh_req,
504  				       int err)
505  {
506  	struct kpp_request *req = dh_req->data;
507  
508  	kpp_request_complete(req, err);
509  }
510  
511  static struct kpp_request *dh_safe_prime_prepare_dh_req(struct kpp_request *req)
512  {
513  	struct dh_safe_prime_tfm_ctx *tfm_ctx =
514  		kpp_tfm_ctx(crypto_kpp_reqtfm(req));
515  	struct kpp_request *dh_req = kpp_request_ctx(req);
516  
517  	kpp_request_set_tfm(dh_req, tfm_ctx->dh_tfm);
518  	kpp_request_set_callback(dh_req, req->base.flags,
519  				 dh_safe_prime_complete_req, req);
520  
521  	kpp_request_set_input(dh_req, req->src, req->src_len);
522  	kpp_request_set_output(dh_req, req->dst, req->dst_len);
523  
524  	return dh_req;
525  }
526  
527  static int dh_safe_prime_generate_public_key(struct kpp_request *req)
528  {
529  	struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
530  
531  	return crypto_kpp_generate_public_key(dh_req);
532  }
533  
534  static int dh_safe_prime_compute_shared_secret(struct kpp_request *req)
535  {
536  	struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
537  
538  	return crypto_kpp_compute_shared_secret(dh_req);
539  }
540  
541  static unsigned int dh_safe_prime_max_size(struct crypto_kpp *tfm)
542  {
543  	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
544  
545  	return crypto_kpp_maxsize(tfm_ctx->dh_tfm);
546  }
547  
548  static int __maybe_unused __dh_safe_prime_create(
549  	struct crypto_template *tmpl, struct rtattr **tb,
550  	const struct dh_safe_prime *safe_prime)
551  {
552  	struct kpp_instance *inst;
553  	struct dh_safe_prime_instance_ctx *ctx;
554  	const char *dh_name;
555  	struct kpp_alg *dh_alg;
556  	u32 mask;
557  	int err;
558  
559  	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_KPP, &mask);
560  	if (err)
561  		return err;
562  
563  	dh_name = crypto_attr_alg_name(tb[1]);
564  	if (IS_ERR(dh_name))
565  		return PTR_ERR(dh_name);
566  
567  	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
568  	if (!inst)
569  		return -ENOMEM;
570  
571  	ctx = kpp_instance_ctx(inst);
572  
573  	err = crypto_grab_kpp(&ctx->dh_spawn, kpp_crypto_instance(inst),
574  			      dh_name, 0, mask);
575  	if (err)
576  		goto err_free_inst;
577  
578  	err = -EINVAL;
579  	dh_alg = crypto_spawn_kpp_alg(&ctx->dh_spawn);
580  	if (strcmp(dh_alg->base.cra_name, "dh"))
581  		goto err_free_inst;
582  
583  	ctx->safe_prime = safe_prime;
584  
585  	err = crypto_inst_setname(kpp_crypto_instance(inst),
586  				  tmpl->name, &dh_alg->base);
587  	if (err)
588  		goto err_free_inst;
589  
590  	inst->alg.set_secret = dh_safe_prime_set_secret;
591  	inst->alg.generate_public_key = dh_safe_prime_generate_public_key;
592  	inst->alg.compute_shared_secret = dh_safe_prime_compute_shared_secret;
593  	inst->alg.max_size = dh_safe_prime_max_size;
594  	inst->alg.init = dh_safe_prime_init_tfm;
595  	inst->alg.exit = dh_safe_prime_exit_tfm;
596  	inst->alg.reqsize = sizeof(struct kpp_request) + dh_alg->reqsize;
597  	inst->alg.base.cra_priority = dh_alg->base.cra_priority;
598  	inst->alg.base.cra_module = THIS_MODULE;
599  	inst->alg.base.cra_ctxsize = sizeof(struct dh_safe_prime_tfm_ctx);
600  
601  	inst->free = dh_safe_prime_free_instance;
602  
603  	err = kpp_register_instance(tmpl, inst);
604  	if (err)
605  		goto err_free_inst;
606  
607  	return 0;
608  
609  err_free_inst:
610  	dh_safe_prime_free_instance(inst);
611  
612  	return err;
613  }
614  
615  #ifdef CONFIG_CRYPTO_DH_RFC7919_GROUPS
616  
617  static const struct dh_safe_prime ffdhe2048_prime = {
618  	.max_strength = 112,
619  	.p_size = 256,
620  	.p =
621  	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
622  	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
623  	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
624  	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
625  	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
626  	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
627  	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
628  	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
629  	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
630  	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
631  	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
632  	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
633  	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
634  	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
635  	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
636  	"\x88\x6b\x42\x38\x61\x28\x5c\x97\xff\xff\xff\xff\xff\xff\xff\xff",
637  };
638  
639  static const struct dh_safe_prime ffdhe3072_prime = {
640  	.max_strength = 128,
641  	.p_size = 384,
642  	.p =
643  	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
644  	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
645  	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
646  	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
647  	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
648  	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
649  	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
650  	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
651  	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
652  	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
653  	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
654  	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
655  	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
656  	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
657  	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
658  	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
659  	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
660  	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
661  	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
662  	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
663  	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
664  	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
665  	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
666  	"\x25\xe4\x1d\x2b\x66\xc6\x2e\x37\xff\xff\xff\xff\xff\xff\xff\xff",
667  };
668  
669  static const struct dh_safe_prime ffdhe4096_prime = {
670  	.max_strength = 152,
671  	.p_size = 512,
672  	.p =
673  	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
674  	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
675  	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
676  	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
677  	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
678  	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
679  	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
680  	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
681  	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
682  	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
683  	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
684  	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
685  	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
686  	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
687  	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
688  	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
689  	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
690  	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
691  	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
692  	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
693  	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
694  	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
695  	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
696  	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
697  	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
698  	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
699  	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
700  	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
701  	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
702  	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
703  	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
704  	"\xc6\x8a\x00\x7e\x5e\x65\x5f\x6a\xff\xff\xff\xff\xff\xff\xff\xff",
705  };
706  
707  static const struct dh_safe_prime ffdhe6144_prime = {
708  	.max_strength = 176,
709  	.p_size = 768,
710  	.p =
711  	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
712  	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
713  	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
714  	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
715  	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
716  	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
717  	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
718  	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
719  	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
720  	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
721  	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
722  	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
723  	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
724  	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
725  	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
726  	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
727  	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
728  	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
729  	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
730  	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
731  	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
732  	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
733  	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
734  	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
735  	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
736  	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
737  	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
738  	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
739  	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
740  	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
741  	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
742  	"\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
743  	"\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
744  	"\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
745  	"\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
746  	"\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
747  	"\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
748  	"\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
749  	"\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
750  	"\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
751  	"\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
752  	"\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
753  	"\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
754  	"\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
755  	"\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
756  	"\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
757  	"\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
758  	"\xa4\x0e\x32\x9c\xd0\xe4\x0e\x65\xff\xff\xff\xff\xff\xff\xff\xff",
759  };
760  
761  static const struct dh_safe_prime ffdhe8192_prime = {
762  	.max_strength = 200,
763  	.p_size = 1024,
764  	.p =
765  	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
766  	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
767  	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
768  	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
769  	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
770  	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
771  	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
772  	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
773  	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
774  	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
775  	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
776  	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
777  	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
778  	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
779  	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
780  	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
781  	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
782  	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
783  	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
784  	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
785  	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
786  	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
787  	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
788  	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
789  	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
790  	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
791  	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
792  	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
793  	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
794  	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
795  	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
796  	"\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
797  	"\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
798  	"\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
799  	"\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
800  	"\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
801  	"\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
802  	"\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
803  	"\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
804  	"\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
805  	"\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
806  	"\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
807  	"\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
808  	"\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
809  	"\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
810  	"\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
811  	"\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
812  	"\xa4\x0e\x32\x9c\xcf\xf4\x6a\xaa\x36\xad\x00\x4c\xf6\x00\xc8\x38"
813  	"\x1e\x42\x5a\x31\xd9\x51\xae\x64\xfd\xb2\x3f\xce\xc9\x50\x9d\x43"
814  	"\x68\x7f\xeb\x69\xed\xd1\xcc\x5e\x0b\x8c\xc3\xbd\xf6\x4b\x10\xef"
815  	"\x86\xb6\x31\x42\xa3\xab\x88\x29\x55\x5b\x2f\x74\x7c\x93\x26\x65"
816  	"\xcb\x2c\x0f\x1c\xc0\x1b\xd7\x02\x29\x38\x88\x39\xd2\xaf\x05\xe4"
817  	"\x54\x50\x4a\xc7\x8b\x75\x82\x82\x28\x46\xc0\xba\x35\xc3\x5f\x5c"
818  	"\x59\x16\x0c\xc0\x46\xfd\x82\x51\x54\x1f\xc6\x8c\x9c\x86\xb0\x22"
819  	"\xbb\x70\x99\x87\x6a\x46\x0e\x74\x51\xa8\xa9\x31\x09\x70\x3f\xee"
820  	"\x1c\x21\x7e\x6c\x38\x26\xe5\x2c\x51\xaa\x69\x1e\x0e\x42\x3c\xfc"
821  	"\x99\xe9\xe3\x16\x50\xc1\x21\x7b\x62\x48\x16\xcd\xad\x9a\x95\xf9"
822  	"\xd5\xb8\x01\x94\x88\xd9\xc0\xa0\xa1\xfe\x30\x75\xa5\x77\xe2\x31"
823  	"\x83\xf8\x1d\x4a\x3f\x2f\xa4\x57\x1e\xfc\x8c\xe0\xba\x8a\x4f\xe8"
824  	"\xb6\x85\x5d\xfe\x72\xb0\xa6\x6e\xde\xd2\xfb\xab\xfb\xe5\x8a\x30"
825  	"\xfa\xfa\xbe\x1c\x5d\x71\xa8\x7e\x2f\x74\x1e\xf8\xc1\xfe\x86\xfe"
826  	"\xa6\xbb\xfd\xe5\x30\x67\x7f\x0d\x97\xd1\x1d\x49\xf7\xa8\x44\x3d"
827  	"\x08\x22\xe5\x06\xa9\xf4\x61\x4e\x01\x1e\x2a\x94\x83\x8f\xf8\x8c"
828  	"\xd6\x8c\x8b\xb7\xc5\xc6\x42\x4c\xff\xff\xff\xff\xff\xff\xff\xff",
829  };
830  
831  static int dh_ffdhe2048_create(struct crypto_template *tmpl,
832  			       struct rtattr **tb)
833  {
834  	return  __dh_safe_prime_create(tmpl, tb, &ffdhe2048_prime);
835  }
836  
837  static int dh_ffdhe3072_create(struct crypto_template *tmpl,
838  			       struct rtattr **tb)
839  {
840  	return  __dh_safe_prime_create(tmpl, tb, &ffdhe3072_prime);
841  }
842  
843  static int dh_ffdhe4096_create(struct crypto_template *tmpl,
844  			       struct rtattr **tb)
845  {
846  	return  __dh_safe_prime_create(tmpl, tb, &ffdhe4096_prime);
847  }
848  
849  static int dh_ffdhe6144_create(struct crypto_template *tmpl,
850  			       struct rtattr **tb)
851  {
852  	return  __dh_safe_prime_create(tmpl, tb, &ffdhe6144_prime);
853  }
854  
855  static int dh_ffdhe8192_create(struct crypto_template *tmpl,
856  			       struct rtattr **tb)
857  {
858  	return  __dh_safe_prime_create(tmpl, tb, &ffdhe8192_prime);
859  }
860  
861  static struct crypto_template crypto_ffdhe_templates[] = {
862  	{
863  		.name = "ffdhe2048",
864  		.create = dh_ffdhe2048_create,
865  		.module = THIS_MODULE,
866  	},
867  	{
868  		.name = "ffdhe3072",
869  		.create = dh_ffdhe3072_create,
870  		.module = THIS_MODULE,
871  	},
872  	{
873  		.name = "ffdhe4096",
874  		.create = dh_ffdhe4096_create,
875  		.module = THIS_MODULE,
876  	},
877  	{
878  		.name = "ffdhe6144",
879  		.create = dh_ffdhe6144_create,
880  		.module = THIS_MODULE,
881  	},
882  	{
883  		.name = "ffdhe8192",
884  		.create = dh_ffdhe8192_create,
885  		.module = THIS_MODULE,
886  	},
887  };
888  
889  #else /* ! CONFIG_CRYPTO_DH_RFC7919_GROUPS */
890  
891  static struct crypto_template crypto_ffdhe_templates[] = {};
892  
893  #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */
894  
895  
896  static int __init dh_init(void)
897  {
898  	int err;
899  
900  	err = crypto_register_kpp(&dh);
901  	if (err)
902  		return err;
903  
904  	err = crypto_register_templates(crypto_ffdhe_templates,
905  					ARRAY_SIZE(crypto_ffdhe_templates));
906  	if (err) {
907  		crypto_unregister_kpp(&dh);
908  		return err;
909  	}
910  
911  	return 0;
912  }
913  
914  static void __exit dh_exit(void)
915  {
916  	crypto_unregister_templates(crypto_ffdhe_templates,
917  				    ARRAY_SIZE(crypto_ffdhe_templates));
918  	crypto_unregister_kpp(&dh);
919  }
920  
921  subsys_initcall(dh_init);
922  module_exit(dh_exit);
923  MODULE_ALIAS_CRYPTO("dh");
924  MODULE_LICENSE("GPL");
925  MODULE_DESCRIPTION("DH generic algorithm");
926