1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Diffie-Hellman Key Agreement Method [RFC2631] 3 * 4 * Copyright (c) 2016, Intel Corporation 5 * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> 6 */ 7 8 #include <linux/fips.h> 9 #include <linux/module.h> 10 #include <crypto/internal/kpp.h> 11 #include <crypto/kpp.h> 12 #include <crypto/dh.h> 13 #include <crypto/rng.h> 14 #include <linux/mpi.h> 15 16 struct dh_ctx { 17 MPI p; /* Value is guaranteed to be set. */ 18 MPI g; /* Value is guaranteed to be set. */ 19 MPI xa; /* Value is guaranteed to be set. */ 20 }; 21 22 static void dh_clear_ctx(struct dh_ctx *ctx) 23 { 24 mpi_free(ctx->p); 25 mpi_free(ctx->g); 26 mpi_free(ctx->xa); 27 memset(ctx, 0, sizeof(*ctx)); 28 } 29 30 /* 31 * If base is g we compute the public key 32 * ya = g^xa mod p; [RFC2631 sec 2.1.1] 33 * else if base if the counterpart public key we compute the shared secret 34 * ZZ = yb^xa mod p; [RFC2631 sec 2.1.1] 35 */ 36 static int _compute_val(const struct dh_ctx *ctx, MPI base, MPI val) 37 { 38 /* val = base^xa mod p */ 39 return mpi_powm(val, base, ctx->xa, ctx->p); 40 } 41 42 static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm) 43 { 44 return kpp_tfm_ctx(tfm); 45 } 46 47 static int dh_check_params_length(unsigned int p_len) 48 { 49 if (fips_enabled) 50 return (p_len < 2048) ? -EINVAL : 0; 51 52 return (p_len < 1536) ? -EINVAL : 0; 53 } 54 55 static int dh_set_params(struct dh_ctx *ctx, struct dh *params) 56 { 57 if (dh_check_params_length(params->p_size << 3)) 58 return -EINVAL; 59 60 ctx->p = mpi_read_raw_data(params->p, params->p_size); 61 if (!ctx->p) 62 return -EINVAL; 63 64 ctx->g = mpi_read_raw_data(params->g, params->g_size); 65 if (!ctx->g) 66 return -EINVAL; 67 68 return 0; 69 } 70 71 static int dh_set_secret(struct crypto_kpp *tfm, const void *buf, 72 unsigned int len) 73 { 74 struct dh_ctx *ctx = dh_get_ctx(tfm); 75 struct dh params; 76 77 /* Free the old MPI key if any */ 78 dh_clear_ctx(ctx); 79 80 if (crypto_dh_decode_key(buf, len, ¶ms) < 0) 81 goto err_clear_ctx; 82 83 if (dh_set_params(ctx, ¶ms) < 0) 84 goto err_clear_ctx; 85 86 ctx->xa = mpi_read_raw_data(params.key, params.key_size); 87 if (!ctx->xa) 88 goto err_clear_ctx; 89 90 return 0; 91 92 err_clear_ctx: 93 dh_clear_ctx(ctx); 94 return -EINVAL; 95 } 96 97 /* 98 * SP800-56A public key verification: 99 * 100 * * For the safe-prime groups in FIPS mode, Q can be computed 101 * trivially from P and a full validation according to SP800-56A 102 * section 5.6.2.3.1 is performed. 103 * 104 * * For all other sets of group parameters, only a partial validation 105 * according to SP800-56A section 5.6.2.3.2 is performed. 106 */ 107 static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) 108 { 109 if (unlikely(!ctx->p)) 110 return -EINVAL; 111 112 /* 113 * Step 1: Verify that 2 <= y <= p - 2. 114 * 115 * The upper limit check is actually y < p instead of y < p - 1 116 * in order to save one mpi_sub_ui() invocation here. Note that 117 * p - 1 is the non-trivial element of the subgroup of order 2 and 118 * thus, the check on y^q below would fail if y == p - 1. 119 */ 120 if (mpi_cmp_ui(y, 1) < 1 || mpi_cmp(y, ctx->p) >= 0) 121 return -EINVAL; 122 123 /* 124 * Step 2: Verify that 1 = y^q mod p 125 * 126 * For the safe-prime groups q = (p - 1)/2. 127 */ 128 if (fips_enabled) { 129 MPI val, q; 130 int ret; 131 132 val = mpi_alloc(0); 133 if (!val) 134 return -ENOMEM; 135 136 q = mpi_alloc(mpi_get_nlimbs(ctx->p)); 137 if (!q) { 138 mpi_free(val); 139 return -ENOMEM; 140 } 141 142 /* 143 * ->p is odd, so no need to explicitly subtract one 144 * from it before shifting to the right. 145 */ 146 mpi_rshift(q, ctx->p, 1); 147 148 ret = mpi_powm(val, y, q, ctx->p); 149 mpi_free(q); 150 if (ret) { 151 mpi_free(val); 152 return ret; 153 } 154 155 ret = mpi_cmp_ui(val, 1); 156 157 mpi_free(val); 158 159 if (ret != 0) 160 return -EINVAL; 161 } 162 163 return 0; 164 } 165 166 static int dh_compute_value(struct kpp_request *req) 167 { 168 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 169 struct dh_ctx *ctx = dh_get_ctx(tfm); 170 MPI base, val = mpi_alloc(0); 171 int ret = 0; 172 int sign; 173 174 if (!val) 175 return -ENOMEM; 176 177 if (unlikely(!ctx->xa)) { 178 ret = -EINVAL; 179 goto err_free_val; 180 } 181 182 if (req->src) { 183 base = mpi_read_raw_from_sgl(req->src, req->src_len); 184 if (!base) { 185 ret = -EINVAL; 186 goto err_free_val; 187 } 188 ret = dh_is_pubkey_valid(ctx, base); 189 if (ret) 190 goto err_free_base; 191 } else { 192 base = ctx->g; 193 } 194 195 ret = _compute_val(ctx, base, val); 196 if (ret) 197 goto err_free_base; 198 199 if (fips_enabled) { 200 /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ 201 if (req->src) { 202 MPI pone; 203 204 /* z <= 1 */ 205 if (mpi_cmp_ui(val, 1) < 1) { 206 ret = -EBADMSG; 207 goto err_free_base; 208 } 209 210 /* z == p - 1 */ 211 pone = mpi_alloc(0); 212 213 if (!pone) { 214 ret = -ENOMEM; 215 goto err_free_base; 216 } 217 218 ret = mpi_sub_ui(pone, ctx->p, 1); 219 if (!ret && !mpi_cmp(pone, val)) 220 ret = -EBADMSG; 221 222 mpi_free(pone); 223 224 if (ret) 225 goto err_free_base; 226 227 /* SP800-56A rev 3 5.6.2.1.3 key check */ 228 } else { 229 if (dh_is_pubkey_valid(ctx, val)) { 230 ret = -EAGAIN; 231 goto err_free_val; 232 } 233 } 234 } 235 236 ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign); 237 if (ret) 238 goto err_free_base; 239 240 if (sign < 0) 241 ret = -EBADMSG; 242 err_free_base: 243 if (req->src) 244 mpi_free(base); 245 err_free_val: 246 mpi_free(val); 247 return ret; 248 } 249 250 static unsigned int dh_max_size(struct crypto_kpp *tfm) 251 { 252 struct dh_ctx *ctx = dh_get_ctx(tfm); 253 254 return mpi_get_size(ctx->p); 255 } 256 257 static void dh_exit_tfm(struct crypto_kpp *tfm) 258 { 259 struct dh_ctx *ctx = dh_get_ctx(tfm); 260 261 dh_clear_ctx(ctx); 262 } 263 264 static struct kpp_alg dh = { 265 .set_secret = dh_set_secret, 266 .generate_public_key = dh_compute_value, 267 .compute_shared_secret = dh_compute_value, 268 .max_size = dh_max_size, 269 .exit = dh_exit_tfm, 270 .base = { 271 .cra_name = "dh", 272 .cra_driver_name = "dh-generic", 273 .cra_priority = 100, 274 .cra_module = THIS_MODULE, 275 .cra_ctxsize = sizeof(struct dh_ctx), 276 }, 277 }; 278 279 280 struct dh_safe_prime { 281 unsigned int max_strength; 282 unsigned int p_size; 283 const char *p; 284 }; 285 286 static const char safe_prime_g[] = { 2 }; 287 288 struct dh_safe_prime_instance_ctx { 289 struct crypto_kpp_spawn dh_spawn; 290 const struct dh_safe_prime *safe_prime; 291 }; 292 293 struct dh_safe_prime_tfm_ctx { 294 struct crypto_kpp *dh_tfm; 295 }; 296 297 static void dh_safe_prime_free_instance(struct kpp_instance *inst) 298 { 299 struct dh_safe_prime_instance_ctx *ctx = kpp_instance_ctx(inst); 300 301 crypto_drop_kpp(&ctx->dh_spawn); 302 kfree(inst); 303 } 304 305 static inline struct dh_safe_prime_instance_ctx *dh_safe_prime_instance_ctx( 306 struct crypto_kpp *tfm) 307 { 308 return kpp_instance_ctx(kpp_alg_instance(tfm)); 309 } 310 311 static inline struct kpp_alg *dh_safe_prime_dh_alg( 312 struct dh_safe_prime_tfm_ctx *ctx) 313 { 314 return crypto_kpp_alg(ctx->dh_tfm); 315 } 316 317 static int dh_safe_prime_init_tfm(struct crypto_kpp *tfm) 318 { 319 struct dh_safe_prime_instance_ctx *inst_ctx = 320 dh_safe_prime_instance_ctx(tfm); 321 struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm); 322 323 tfm_ctx->dh_tfm = crypto_spawn_kpp(&inst_ctx->dh_spawn); 324 if (IS_ERR(tfm_ctx->dh_tfm)) 325 return PTR_ERR(tfm_ctx->dh_tfm); 326 327 return 0; 328 } 329 330 static void dh_safe_prime_exit_tfm(struct crypto_kpp *tfm) 331 { 332 struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm); 333 334 crypto_free_kpp(tfm_ctx->dh_tfm); 335 } 336 337 static u64 __add_u64_to_be(__be64 *dst, unsigned int n, u64 val) 338 { 339 unsigned int i; 340 341 for (i = n; val && i > 0; --i) { 342 u64 tmp = be64_to_cpu(dst[i - 1]); 343 344 tmp += val; 345 val = tmp >= val ? 0 : 1; 346 dst[i - 1] = cpu_to_be64(tmp); 347 } 348 349 return val; 350 } 351 352 static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime, 353 unsigned int *key_size) 354 { 355 unsigned int n, oversampling_size; 356 __be64 *key; 357 int err; 358 u64 h, o; 359 360 /* 361 * Generate a private key following NIST SP800-56Ar3, 362 * sec. 5.6.1.1.1 and 5.6.1.1.3 resp.. 363 * 364 * 5.6.1.1.1: choose key length N such that 365 * 2 * ->max_strength <= N <= log2(q) + 1 = ->p_size * 8 - 1 366 * with q = (p - 1) / 2 for the safe-prime groups. 367 * Choose the lower bound's next power of two for N in order to 368 * avoid excessively large private keys while still 369 * maintaining some extra reserve beyond the bare minimum in 370 * most cases. Note that for each entry in safe_prime_groups[], 371 * the following holds for such N: 372 * - N >= 256, in particular it is a multiple of 2^6 = 64 373 * bits and 374 * - N < log2(q) + 1, i.e. N respects the upper bound. 375 */ 376 n = roundup_pow_of_two(2 * safe_prime->max_strength); 377 WARN_ON_ONCE(n & ((1u << 6) - 1)); 378 n >>= 6; /* Convert N into units of u64. */ 379 380 /* 381 * Reserve one extra u64 to hold the extra random bits 382 * required as per 5.6.1.1.3. 383 */ 384 oversampling_size = (n + 1) * sizeof(__be64); 385 key = kmalloc(oversampling_size, GFP_KERNEL); 386 if (!key) 387 return ERR_PTR(-ENOMEM); 388 389 /* 390 * 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64 391 * random bits and interpret them as a big endian integer. 392 */ 393 err = -EFAULT; 394 if (crypto_get_default_rng()) 395 goto out_err; 396 397 err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key, 398 oversampling_size); 399 crypto_put_default_rng(); 400 if (err) 401 goto out_err; 402 403 /* 404 * 5.6.1.1.3, step 5 is implicit: 2^N < q and thus, 405 * M = min(2^N, q) = 2^N. 406 * 407 * For step 6, calculate 408 * key = (key[] mod (M - 1)) + 1 = (key[] mod (2^N - 1)) + 1. 409 * 410 * In order to avoid expensive divisions, note that 411 * 2^N mod (2^N - 1) = 1 and thus, for any integer h, 412 * 2^N * h mod (2^N - 1) = h mod (2^N - 1) always holds. 413 * The big endian integer key[] composed of n + 1 64bit words 414 * may be written as key[] = h * 2^N + l, with h = key[0] 415 * representing the 64 most significant bits and l 416 * corresponding to the remaining 2^N bits. With the remark 417 * from above, 418 * h * 2^N + l mod (2^N - 1) = l + h mod (2^N - 1). 419 * As both, l and h are less than 2^N, their sum after 420 * this first reduction is guaranteed to be <= 2^(N + 1) - 2. 421 * Or equivalently, that their sum can again be written as 422 * h' * 2^N + l' with h' now either zero or one and if one, 423 * then l' <= 2^N - 2. Thus, all bits at positions >= N will 424 * be zero after a second reduction: 425 * h' * 2^N + l' mod (2^N - 1) = l' + h' mod (2^N - 1). 426 * At this point, it is still possible that 427 * l' + h' = 2^N - 1, i.e. that l' + h' mod (2^N - 1) 428 * is zero. This condition will be detected below by means of 429 * the final increment overflowing in this case. 430 */ 431 h = be64_to_cpu(key[0]); 432 h = __add_u64_to_be(key + 1, n, h); 433 h = __add_u64_to_be(key + 1, n, h); 434 WARN_ON_ONCE(h); 435 436 /* Increment to obtain the final result. */ 437 o = __add_u64_to_be(key + 1, n, 1); 438 /* 439 * The overflow bit o from the increment is either zero or 440 * one. If zero, key[1:n] holds the final result in big-endian 441 * order. If one, key[1:n] is zero now, but needs to be set to 442 * one, c.f. above. 443 */ 444 if (o) 445 key[n] = cpu_to_be64(1); 446 447 /* n is in units of u64, convert to bytes. */ 448 *key_size = n << 3; 449 /* Strip the leading extra __be64, which is (virtually) zero by now. */ 450 memmove(key, &key[1], *key_size); 451 452 return key; 453 454 out_err: 455 kfree_sensitive(key); 456 return ERR_PTR(err); 457 } 458 459 static int dh_safe_prime_set_secret(struct crypto_kpp *tfm, const void *buffer, 460 unsigned int len) 461 { 462 struct dh_safe_prime_instance_ctx *inst_ctx = 463 dh_safe_prime_instance_ctx(tfm); 464 struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm); 465 struct dh params = {}; 466 void *buf = NULL, *key = NULL; 467 unsigned int buf_size; 468 int err; 469 470 if (buffer) { 471 err = __crypto_dh_decode_key(buffer, len, ¶ms); 472 if (err) 473 return err; 474 if (params.p_size || params.g_size) 475 return -EINVAL; 476 } 477 478 params.p = inst_ctx->safe_prime->p; 479 params.p_size = inst_ctx->safe_prime->p_size; 480 params.g = safe_prime_g; 481 params.g_size = sizeof(safe_prime_g); 482 483 if (!params.key_size) { 484 key = dh_safe_prime_gen_privkey(inst_ctx->safe_prime, 485 ¶ms.key_size); 486 if (IS_ERR(key)) 487 return PTR_ERR(key); 488 params.key = key; 489 } 490 491 buf_size = crypto_dh_key_len(¶ms); 492 buf = kmalloc(buf_size, GFP_KERNEL); 493 if (!buf) { 494 err = -ENOMEM; 495 goto out; 496 } 497 498 err = crypto_dh_encode_key(buf, buf_size, ¶ms); 499 if (err) 500 goto out; 501 502 err = crypto_kpp_set_secret(tfm_ctx->dh_tfm, buf, buf_size); 503 out: 504 kfree_sensitive(buf); 505 kfree_sensitive(key); 506 return err; 507 } 508 509 static void dh_safe_prime_complete_req(struct crypto_async_request *dh_req, 510 int err) 511 { 512 struct kpp_request *req = dh_req->data; 513 514 kpp_request_complete(req, err); 515 } 516 517 static struct kpp_request *dh_safe_prime_prepare_dh_req(struct kpp_request *req) 518 { 519 struct dh_safe_prime_tfm_ctx *tfm_ctx = 520 kpp_tfm_ctx(crypto_kpp_reqtfm(req)); 521 struct kpp_request *dh_req = kpp_request_ctx(req); 522 523 kpp_request_set_tfm(dh_req, tfm_ctx->dh_tfm); 524 kpp_request_set_callback(dh_req, req->base.flags, 525 dh_safe_prime_complete_req, req); 526 527 kpp_request_set_input(dh_req, req->src, req->src_len); 528 kpp_request_set_output(dh_req, req->dst, req->dst_len); 529 530 return dh_req; 531 } 532 533 static int dh_safe_prime_generate_public_key(struct kpp_request *req) 534 { 535 struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req); 536 537 return crypto_kpp_generate_public_key(dh_req); 538 } 539 540 static int dh_safe_prime_compute_shared_secret(struct kpp_request *req) 541 { 542 struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req); 543 544 return crypto_kpp_compute_shared_secret(dh_req); 545 } 546 547 static unsigned int dh_safe_prime_max_size(struct crypto_kpp *tfm) 548 { 549 struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm); 550 551 return crypto_kpp_maxsize(tfm_ctx->dh_tfm); 552 } 553 554 static int __maybe_unused __dh_safe_prime_create( 555 struct crypto_template *tmpl, struct rtattr **tb, 556 const struct dh_safe_prime *safe_prime) 557 { 558 struct kpp_instance *inst; 559 struct dh_safe_prime_instance_ctx *ctx; 560 const char *dh_name; 561 struct kpp_alg *dh_alg; 562 u32 mask; 563 int err; 564 565 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_KPP, &mask); 566 if (err) 567 return err; 568 569 dh_name = crypto_attr_alg_name(tb[1]); 570 if (IS_ERR(dh_name)) 571 return PTR_ERR(dh_name); 572 573 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 574 if (!inst) 575 return -ENOMEM; 576 577 ctx = kpp_instance_ctx(inst); 578 579 err = crypto_grab_kpp(&ctx->dh_spawn, kpp_crypto_instance(inst), 580 dh_name, 0, mask); 581 if (err) 582 goto err_free_inst; 583 584 err = -EINVAL; 585 dh_alg = crypto_spawn_kpp_alg(&ctx->dh_spawn); 586 if (strcmp(dh_alg->base.cra_name, "dh")) 587 goto err_free_inst; 588 589 ctx->safe_prime = safe_prime; 590 591 err = crypto_inst_setname(kpp_crypto_instance(inst), 592 tmpl->name, &dh_alg->base); 593 if (err) 594 goto err_free_inst; 595 596 inst->alg.set_secret = dh_safe_prime_set_secret; 597 inst->alg.generate_public_key = dh_safe_prime_generate_public_key; 598 inst->alg.compute_shared_secret = dh_safe_prime_compute_shared_secret; 599 inst->alg.max_size = dh_safe_prime_max_size; 600 inst->alg.init = dh_safe_prime_init_tfm; 601 inst->alg.exit = dh_safe_prime_exit_tfm; 602 inst->alg.reqsize = sizeof(struct kpp_request) + dh_alg->reqsize; 603 inst->alg.base.cra_priority = dh_alg->base.cra_priority; 604 inst->alg.base.cra_module = THIS_MODULE; 605 inst->alg.base.cra_ctxsize = sizeof(struct dh_safe_prime_tfm_ctx); 606 607 inst->free = dh_safe_prime_free_instance; 608 609 err = kpp_register_instance(tmpl, inst); 610 if (err) 611 goto err_free_inst; 612 613 return 0; 614 615 err_free_inst: 616 dh_safe_prime_free_instance(inst); 617 618 return err; 619 } 620 621 #ifdef CONFIG_CRYPTO_DH_RFC7919_GROUPS 622 623 static const struct dh_safe_prime ffdhe2048_prime = { 624 .max_strength = 112, 625 .p_size = 256, 626 .p = 627 "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a" 628 "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95" 629 "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9" 630 "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a" 631 "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0" 632 "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35" 633 "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72" 634 "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a" 635 "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb" 636 "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4" 637 "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70" 638 "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61" 639 "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83" 640 "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05" 641 "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa" 642 "\x88\x6b\x42\x38\x61\x28\x5c\x97\xff\xff\xff\xff\xff\xff\xff\xff", 643 }; 644 645 static const struct dh_safe_prime ffdhe3072_prime = { 646 .max_strength = 128, 647 .p_size = 384, 648 .p = 649 "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a" 650 "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95" 651 "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9" 652 "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a" 653 "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0" 654 "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35" 655 "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72" 656 "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a" 657 "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb" 658 "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4" 659 "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70" 660 "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61" 661 "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83" 662 "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05" 663 "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa" 664 "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b" 665 "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07" 666 "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c" 667 "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44" 668 "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff" 669 "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d" 670 "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e" 671 "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c" 672 "\x25\xe4\x1d\x2b\x66\xc6\x2e\x37\xff\xff\xff\xff\xff\xff\xff\xff", 673 }; 674 675 static const struct dh_safe_prime ffdhe4096_prime = { 676 .max_strength = 152, 677 .p_size = 512, 678 .p = 679 "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a" 680 "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95" 681 "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9" 682 "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a" 683 "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0" 684 "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35" 685 "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72" 686 "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a" 687 "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb" 688 "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4" 689 "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70" 690 "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61" 691 "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83" 692 "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05" 693 "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa" 694 "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b" 695 "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07" 696 "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c" 697 "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44" 698 "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff" 699 "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d" 700 "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e" 701 "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c" 702 "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb" 703 "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18" 704 "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a" 705 "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32" 706 "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38" 707 "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c" 708 "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf" 709 "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1" 710 "\xc6\x8a\x00\x7e\x5e\x65\x5f\x6a\xff\xff\xff\xff\xff\xff\xff\xff", 711 }; 712 713 static const struct dh_safe_prime ffdhe6144_prime = { 714 .max_strength = 176, 715 .p_size = 768, 716 .p = 717 "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a" 718 "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95" 719 "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9" 720 "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a" 721 "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0" 722 "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35" 723 "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72" 724 "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a" 725 "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb" 726 "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4" 727 "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70" 728 "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61" 729 "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83" 730 "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05" 731 "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa" 732 "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b" 733 "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07" 734 "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c" 735 "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44" 736 "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff" 737 "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d" 738 "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e" 739 "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c" 740 "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb" 741 "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18" 742 "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a" 743 "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32" 744 "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38" 745 "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c" 746 "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf" 747 "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1" 748 "\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a" 749 "\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6" 750 "\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c" 751 "\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71" 752 "\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77" 753 "\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8" 754 "\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e" 755 "\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4" 756 "\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92" 757 "\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82" 758 "\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c" 759 "\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46" 760 "\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17" 761 "\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04" 762 "\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69" 763 "\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4" 764 "\xa4\x0e\x32\x9c\xd0\xe4\x0e\x65\xff\xff\xff\xff\xff\xff\xff\xff", 765 }; 766 767 static const struct dh_safe_prime ffdhe8192_prime = { 768 .max_strength = 200, 769 .p_size = 1024, 770 .p = 771 "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a" 772 "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95" 773 "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9" 774 "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a" 775 "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0" 776 "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35" 777 "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72" 778 "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a" 779 "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb" 780 "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4" 781 "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70" 782 "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61" 783 "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83" 784 "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05" 785 "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa" 786 "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b" 787 "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07" 788 "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c" 789 "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44" 790 "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff" 791 "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d" 792 "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e" 793 "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c" 794 "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb" 795 "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18" 796 "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a" 797 "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32" 798 "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38" 799 "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c" 800 "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf" 801 "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1" 802 "\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a" 803 "\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6" 804 "\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c" 805 "\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71" 806 "\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77" 807 "\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8" 808 "\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e" 809 "\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4" 810 "\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92" 811 "\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82" 812 "\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c" 813 "\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46" 814 "\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17" 815 "\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04" 816 "\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69" 817 "\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4" 818 "\xa4\x0e\x32\x9c\xcf\xf4\x6a\xaa\x36\xad\x00\x4c\xf6\x00\xc8\x38" 819 "\x1e\x42\x5a\x31\xd9\x51\xae\x64\xfd\xb2\x3f\xce\xc9\x50\x9d\x43" 820 "\x68\x7f\xeb\x69\xed\xd1\xcc\x5e\x0b\x8c\xc3\xbd\xf6\x4b\x10\xef" 821 "\x86\xb6\x31\x42\xa3\xab\x88\x29\x55\x5b\x2f\x74\x7c\x93\x26\x65" 822 "\xcb\x2c\x0f\x1c\xc0\x1b\xd7\x02\x29\x38\x88\x39\xd2\xaf\x05\xe4" 823 "\x54\x50\x4a\xc7\x8b\x75\x82\x82\x28\x46\xc0\xba\x35\xc3\x5f\x5c" 824 "\x59\x16\x0c\xc0\x46\xfd\x82\x51\x54\x1f\xc6\x8c\x9c\x86\xb0\x22" 825 "\xbb\x70\x99\x87\x6a\x46\x0e\x74\x51\xa8\xa9\x31\x09\x70\x3f\xee" 826 "\x1c\x21\x7e\x6c\x38\x26\xe5\x2c\x51\xaa\x69\x1e\x0e\x42\x3c\xfc" 827 "\x99\xe9\xe3\x16\x50\xc1\x21\x7b\x62\x48\x16\xcd\xad\x9a\x95\xf9" 828 "\xd5\xb8\x01\x94\x88\xd9\xc0\xa0\xa1\xfe\x30\x75\xa5\x77\xe2\x31" 829 "\x83\xf8\x1d\x4a\x3f\x2f\xa4\x57\x1e\xfc\x8c\xe0\xba\x8a\x4f\xe8" 830 "\xb6\x85\x5d\xfe\x72\xb0\xa6\x6e\xde\xd2\xfb\xab\xfb\xe5\x8a\x30" 831 "\xfa\xfa\xbe\x1c\x5d\x71\xa8\x7e\x2f\x74\x1e\xf8\xc1\xfe\x86\xfe" 832 "\xa6\xbb\xfd\xe5\x30\x67\x7f\x0d\x97\xd1\x1d\x49\xf7\xa8\x44\x3d" 833 "\x08\x22\xe5\x06\xa9\xf4\x61\x4e\x01\x1e\x2a\x94\x83\x8f\xf8\x8c" 834 "\xd6\x8c\x8b\xb7\xc5\xc6\x42\x4c\xff\xff\xff\xff\xff\xff\xff\xff", 835 }; 836 837 static int dh_ffdhe2048_create(struct crypto_template *tmpl, 838 struct rtattr **tb) 839 { 840 return __dh_safe_prime_create(tmpl, tb, &ffdhe2048_prime); 841 } 842 843 static int dh_ffdhe3072_create(struct crypto_template *tmpl, 844 struct rtattr **tb) 845 { 846 return __dh_safe_prime_create(tmpl, tb, &ffdhe3072_prime); 847 } 848 849 static int dh_ffdhe4096_create(struct crypto_template *tmpl, 850 struct rtattr **tb) 851 { 852 return __dh_safe_prime_create(tmpl, tb, &ffdhe4096_prime); 853 } 854 855 static int dh_ffdhe6144_create(struct crypto_template *tmpl, 856 struct rtattr **tb) 857 { 858 return __dh_safe_prime_create(tmpl, tb, &ffdhe6144_prime); 859 } 860 861 static int dh_ffdhe8192_create(struct crypto_template *tmpl, 862 struct rtattr **tb) 863 { 864 return __dh_safe_prime_create(tmpl, tb, &ffdhe8192_prime); 865 } 866 867 static struct crypto_template crypto_ffdhe_templates[] = { 868 { 869 .name = "ffdhe2048", 870 .create = dh_ffdhe2048_create, 871 .module = THIS_MODULE, 872 }, 873 { 874 .name = "ffdhe3072", 875 .create = dh_ffdhe3072_create, 876 .module = THIS_MODULE, 877 }, 878 { 879 .name = "ffdhe4096", 880 .create = dh_ffdhe4096_create, 881 .module = THIS_MODULE, 882 }, 883 { 884 .name = "ffdhe6144", 885 .create = dh_ffdhe6144_create, 886 .module = THIS_MODULE, 887 }, 888 { 889 .name = "ffdhe8192", 890 .create = dh_ffdhe8192_create, 891 .module = THIS_MODULE, 892 }, 893 }; 894 895 #else /* ! CONFIG_CRYPTO_DH_RFC7919_GROUPS */ 896 897 static struct crypto_template crypto_ffdhe_templates[] = {}; 898 899 #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */ 900 901 902 static int dh_init(void) 903 { 904 int err; 905 906 err = crypto_register_kpp(&dh); 907 if (err) 908 return err; 909 910 err = crypto_register_templates(crypto_ffdhe_templates, 911 ARRAY_SIZE(crypto_ffdhe_templates)); 912 if (err) { 913 crypto_unregister_kpp(&dh); 914 return err; 915 } 916 917 return 0; 918 } 919 920 static void dh_exit(void) 921 { 922 crypto_unregister_templates(crypto_ffdhe_templates, 923 ARRAY_SIZE(crypto_ffdhe_templates)); 924 crypto_unregister_kpp(&dh); 925 } 926 927 subsys_initcall(dh_init); 928 module_exit(dh_exit); 929 MODULE_ALIAS_CRYPTO("dh"); 930 MODULE_LICENSE("GPL"); 931 MODULE_DESCRIPTION("DH generic algorithm"); 932