xref: /openbmc/linux/crypto/dh.c (revision f5c27da4)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*  Diffie-Hellman Key Agreement Method [RFC2631]
3  *
4  * Copyright (c) 2016, Intel Corporation
5  * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
6  */
7 
8 #include <linux/fips.h>
9 #include <linux/module.h>
10 #include <crypto/internal/kpp.h>
11 #include <crypto/kpp.h>
12 #include <crypto/dh.h>
13 #include <crypto/rng.h>
14 #include <linux/mpi.h>
15 
16 struct dh_ctx {
17 	MPI p;	/* Value is guaranteed to be set. */
18 	MPI g;	/* Value is guaranteed to be set. */
19 	MPI xa;	/* Value is guaranteed to be set. */
20 };
21 
22 static void dh_clear_ctx(struct dh_ctx *ctx)
23 {
24 	mpi_free(ctx->p);
25 	mpi_free(ctx->g);
26 	mpi_free(ctx->xa);
27 	memset(ctx, 0, sizeof(*ctx));
28 }
29 
30 /*
31  * If base is g we compute the public key
32  *	ya = g^xa mod p; [RFC2631 sec 2.1.1]
33  * else if base if the counterpart public key we compute the shared secret
34  *	ZZ = yb^xa mod p; [RFC2631 sec 2.1.1]
35  */
36 static int _compute_val(const struct dh_ctx *ctx, MPI base, MPI val)
37 {
38 	/* val = base^xa mod p */
39 	return mpi_powm(val, base, ctx->xa, ctx->p);
40 }
41 
42 static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm)
43 {
44 	return kpp_tfm_ctx(tfm);
45 }
46 
47 static int dh_check_params_length(unsigned int p_len)
48 {
49 	if (fips_enabled)
50 		return (p_len < 2048) ? -EINVAL : 0;
51 
52 	return (p_len < 1536) ? -EINVAL : 0;
53 }
54 
55 static int dh_set_params(struct dh_ctx *ctx, struct dh *params)
56 {
57 	if (dh_check_params_length(params->p_size << 3))
58 		return -EINVAL;
59 
60 	ctx->p = mpi_read_raw_data(params->p, params->p_size);
61 	if (!ctx->p)
62 		return -EINVAL;
63 
64 	ctx->g = mpi_read_raw_data(params->g, params->g_size);
65 	if (!ctx->g)
66 		return -EINVAL;
67 
68 	return 0;
69 }
70 
71 static int dh_set_secret(struct crypto_kpp *tfm, const void *buf,
72 			 unsigned int len)
73 {
74 	struct dh_ctx *ctx = dh_get_ctx(tfm);
75 	struct dh params;
76 
77 	/* Free the old MPI key if any */
78 	dh_clear_ctx(ctx);
79 
80 	if (crypto_dh_decode_key(buf, len, &params) < 0)
81 		goto err_clear_ctx;
82 
83 	if (dh_set_params(ctx, &params) < 0)
84 		goto err_clear_ctx;
85 
86 	ctx->xa = mpi_read_raw_data(params.key, params.key_size);
87 	if (!ctx->xa)
88 		goto err_clear_ctx;
89 
90 	return 0;
91 
92 err_clear_ctx:
93 	dh_clear_ctx(ctx);
94 	return -EINVAL;
95 }
96 
97 /*
98  * SP800-56A public key verification:
99  *
100  * * For the safe-prime groups in FIPS mode, Q can be computed
101  *   trivially from P and a full validation according to SP800-56A
102  *   section 5.6.2.3.1 is performed.
103  *
104  * * For all other sets of group parameters, only a partial validation
105  *   according to SP800-56A section 5.6.2.3.2 is performed.
106  */
107 static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y)
108 {
109 	if (unlikely(!ctx->p))
110 		return -EINVAL;
111 
112 	/*
113 	 * Step 1: Verify that 2 <= y <= p - 2.
114 	 *
115 	 * The upper limit check is actually y < p instead of y < p - 1
116 	 * in order to save one mpi_sub_ui() invocation here. Note that
117 	 * p - 1 is the non-trivial element of the subgroup of order 2 and
118 	 * thus, the check on y^q below would fail if y == p - 1.
119 	 */
120 	if (mpi_cmp_ui(y, 1) < 1 || mpi_cmp(y, ctx->p) >= 0)
121 		return -EINVAL;
122 
123 	/*
124 	 * Step 2: Verify that 1 = y^q mod p
125 	 *
126 	 * For the safe-prime groups q = (p - 1)/2.
127 	 */
128 	if (fips_enabled) {
129 		MPI val, q;
130 		int ret;
131 
132 		val = mpi_alloc(0);
133 		if (!val)
134 			return -ENOMEM;
135 
136 		q = mpi_alloc(mpi_get_nlimbs(ctx->p));
137 		if (!q) {
138 			mpi_free(val);
139 			return -ENOMEM;
140 		}
141 
142 		/*
143 		 * ->p is odd, so no need to explicitly subtract one
144 		 * from it before shifting to the right.
145 		 */
146 		mpi_rshift(q, ctx->p, 1);
147 
148 		ret = mpi_powm(val, y, q, ctx->p);
149 		mpi_free(q);
150 		if (ret) {
151 			mpi_free(val);
152 			return ret;
153 		}
154 
155 		ret = mpi_cmp_ui(val, 1);
156 
157 		mpi_free(val);
158 
159 		if (ret != 0)
160 			return -EINVAL;
161 	}
162 
163 	return 0;
164 }
165 
166 static int dh_compute_value(struct kpp_request *req)
167 {
168 	struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
169 	struct dh_ctx *ctx = dh_get_ctx(tfm);
170 	MPI base, val = mpi_alloc(0);
171 	int ret = 0;
172 	int sign;
173 
174 	if (!val)
175 		return -ENOMEM;
176 
177 	if (unlikely(!ctx->xa)) {
178 		ret = -EINVAL;
179 		goto err_free_val;
180 	}
181 
182 	if (req->src) {
183 		base = mpi_read_raw_from_sgl(req->src, req->src_len);
184 		if (!base) {
185 			ret = -EINVAL;
186 			goto err_free_val;
187 		}
188 		ret = dh_is_pubkey_valid(ctx, base);
189 		if (ret)
190 			goto err_free_base;
191 	} else {
192 		base = ctx->g;
193 	}
194 
195 	ret = _compute_val(ctx, base, val);
196 	if (ret)
197 		goto err_free_base;
198 
199 	if (fips_enabled) {
200 		/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
201 		if (req->src) {
202 			MPI pone;
203 
204 			/* z <= 1 */
205 			if (mpi_cmp_ui(val, 1) < 1) {
206 				ret = -EBADMSG;
207 				goto err_free_base;
208 			}
209 
210 			/* z == p - 1 */
211 			pone = mpi_alloc(0);
212 
213 			if (!pone) {
214 				ret = -ENOMEM;
215 				goto err_free_base;
216 			}
217 
218 			ret = mpi_sub_ui(pone, ctx->p, 1);
219 			if (!ret && !mpi_cmp(pone, val))
220 				ret = -EBADMSG;
221 
222 			mpi_free(pone);
223 
224 			if (ret)
225 				goto err_free_base;
226 
227 		/* SP800-56A rev 3 5.6.2.1.3 key check */
228 		} else {
229 			if (dh_is_pubkey_valid(ctx, val)) {
230 				ret = -EAGAIN;
231 				goto err_free_val;
232 			}
233 		}
234 	}
235 
236 	ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);
237 	if (ret)
238 		goto err_free_base;
239 
240 	if (sign < 0)
241 		ret = -EBADMSG;
242 err_free_base:
243 	if (req->src)
244 		mpi_free(base);
245 err_free_val:
246 	mpi_free(val);
247 	return ret;
248 }
249 
250 static unsigned int dh_max_size(struct crypto_kpp *tfm)
251 {
252 	struct dh_ctx *ctx = dh_get_ctx(tfm);
253 
254 	return mpi_get_size(ctx->p);
255 }
256 
257 static void dh_exit_tfm(struct crypto_kpp *tfm)
258 {
259 	struct dh_ctx *ctx = dh_get_ctx(tfm);
260 
261 	dh_clear_ctx(ctx);
262 }
263 
264 static struct kpp_alg dh = {
265 	.set_secret = dh_set_secret,
266 	.generate_public_key = dh_compute_value,
267 	.compute_shared_secret = dh_compute_value,
268 	.max_size = dh_max_size,
269 	.exit = dh_exit_tfm,
270 	.base = {
271 		.cra_name = "dh",
272 		.cra_driver_name = "dh-generic",
273 		.cra_priority = 100,
274 		.cra_module = THIS_MODULE,
275 		.cra_ctxsize = sizeof(struct dh_ctx),
276 	},
277 };
278 
279 
280 struct dh_safe_prime {
281 	unsigned int max_strength;
282 	unsigned int p_size;
283 	const char *p;
284 };
285 
286 static const char safe_prime_g[]  = { 2 };
287 
288 struct dh_safe_prime_instance_ctx {
289 	struct crypto_kpp_spawn dh_spawn;
290 	const struct dh_safe_prime *safe_prime;
291 };
292 
293 struct dh_safe_prime_tfm_ctx {
294 	struct crypto_kpp *dh_tfm;
295 };
296 
297 static void dh_safe_prime_free_instance(struct kpp_instance *inst)
298 {
299 	struct dh_safe_prime_instance_ctx *ctx = kpp_instance_ctx(inst);
300 
301 	crypto_drop_kpp(&ctx->dh_spawn);
302 	kfree(inst);
303 }
304 
305 static inline struct dh_safe_prime_instance_ctx *dh_safe_prime_instance_ctx(
306 	struct crypto_kpp *tfm)
307 {
308 	return kpp_instance_ctx(kpp_alg_instance(tfm));
309 }
310 
311 static int dh_safe_prime_init_tfm(struct crypto_kpp *tfm)
312 {
313 	struct dh_safe_prime_instance_ctx *inst_ctx =
314 		dh_safe_prime_instance_ctx(tfm);
315 	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
316 
317 	tfm_ctx->dh_tfm = crypto_spawn_kpp(&inst_ctx->dh_spawn);
318 	if (IS_ERR(tfm_ctx->dh_tfm))
319 		return PTR_ERR(tfm_ctx->dh_tfm);
320 
321 	return 0;
322 }
323 
324 static void dh_safe_prime_exit_tfm(struct crypto_kpp *tfm)
325 {
326 	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
327 
328 	crypto_free_kpp(tfm_ctx->dh_tfm);
329 }
330 
331 static u64 __add_u64_to_be(__be64 *dst, unsigned int n, u64 val)
332 {
333 	unsigned int i;
334 
335 	for (i = n; val && i > 0; --i) {
336 		u64 tmp = be64_to_cpu(dst[i - 1]);
337 
338 		tmp += val;
339 		val = tmp >= val ? 0 : 1;
340 		dst[i - 1] = cpu_to_be64(tmp);
341 	}
342 
343 	return val;
344 }
345 
346 static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
347 				       unsigned int *key_size)
348 {
349 	unsigned int n, oversampling_size;
350 	__be64 *key;
351 	int err;
352 	u64 h, o;
353 
354 	/*
355 	 * Generate a private key following NIST SP800-56Ar3,
356 	 * sec. 5.6.1.1.1 and 5.6.1.1.3 resp..
357 	 *
358 	 * 5.6.1.1.1: choose key length N such that
359 	 * 2 * ->max_strength <= N <= log2(q) + 1 = ->p_size * 8 - 1
360 	 * with q = (p - 1) / 2 for the safe-prime groups.
361 	 * Choose the lower bound's next power of two for N in order to
362 	 * avoid excessively large private keys while still
363 	 * maintaining some extra reserve beyond the bare minimum in
364 	 * most cases. Note that for each entry in safe_prime_groups[],
365 	 * the following holds for such N:
366 	 * - N >= 256, in particular it is a multiple of 2^6 = 64
367 	 *   bits and
368 	 * - N < log2(q) + 1, i.e. N respects the upper bound.
369 	 */
370 	n = roundup_pow_of_two(2 * safe_prime->max_strength);
371 	WARN_ON_ONCE(n & ((1u << 6) - 1));
372 	n >>= 6; /* Convert N into units of u64. */
373 
374 	/*
375 	 * Reserve one extra u64 to hold the extra random bits
376 	 * required as per 5.6.1.1.3.
377 	 */
378 	oversampling_size = (n + 1) * sizeof(__be64);
379 	key = kmalloc(oversampling_size, GFP_KERNEL);
380 	if (!key)
381 		return ERR_PTR(-ENOMEM);
382 
383 	/*
384 	 * 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64
385 	 * random bits and interpret them as a big endian integer.
386 	 */
387 	err = -EFAULT;
388 	if (crypto_get_default_rng())
389 		goto out_err;
390 
391 	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
392 				   oversampling_size);
393 	crypto_put_default_rng();
394 	if (err)
395 		goto out_err;
396 
397 	/*
398 	 * 5.6.1.1.3, step 5 is implicit: 2^N < q and thus,
399 	 * M = min(2^N, q) = 2^N.
400 	 *
401 	 * For step 6, calculate
402 	 * key = (key[] mod (M - 1)) + 1 = (key[] mod (2^N - 1)) + 1.
403 	 *
404 	 * In order to avoid expensive divisions, note that
405 	 * 2^N mod (2^N - 1) = 1 and thus, for any integer h,
406 	 * 2^N * h mod (2^N - 1) = h mod (2^N - 1) always holds.
407 	 * The big endian integer key[] composed of n + 1 64bit words
408 	 * may be written as key[] = h * 2^N + l, with h = key[0]
409 	 * representing the 64 most significant bits and l
410 	 * corresponding to the remaining 2^N bits. With the remark
411 	 * from above,
412 	 * h * 2^N + l mod (2^N - 1) = l + h mod (2^N - 1).
413 	 * As both, l and h are less than 2^N, their sum after
414 	 * this first reduction is guaranteed to be <= 2^(N + 1) - 2.
415 	 * Or equivalently, that their sum can again be written as
416 	 * h' * 2^N + l' with h' now either zero or one and if one,
417 	 * then l' <= 2^N - 2. Thus, all bits at positions >= N will
418 	 * be zero after a second reduction:
419 	 * h' * 2^N + l' mod (2^N - 1) = l' + h' mod (2^N - 1).
420 	 * At this point, it is still possible that
421 	 * l' + h' = 2^N - 1, i.e. that l' + h' mod (2^N - 1)
422 	 * is zero. This condition will be detected below by means of
423 	 * the final increment overflowing in this case.
424 	 */
425 	h = be64_to_cpu(key[0]);
426 	h = __add_u64_to_be(key + 1, n, h);
427 	h = __add_u64_to_be(key + 1, n, h);
428 	WARN_ON_ONCE(h);
429 
430 	/* Increment to obtain the final result. */
431 	o = __add_u64_to_be(key + 1, n, 1);
432 	/*
433 	 * The overflow bit o from the increment is either zero or
434 	 * one. If zero, key[1:n] holds the final result in big-endian
435 	 * order. If one, key[1:n] is zero now, but needs to be set to
436 	 * one, c.f. above.
437 	 */
438 	if (o)
439 		key[n] = cpu_to_be64(1);
440 
441 	/* n is in units of u64, convert to bytes. */
442 	*key_size = n << 3;
443 	/* Strip the leading extra __be64, which is (virtually) zero by now. */
444 	memmove(key, &key[1], *key_size);
445 
446 	return key;
447 
448 out_err:
449 	kfree_sensitive(key);
450 	return ERR_PTR(err);
451 }
452 
453 static int dh_safe_prime_set_secret(struct crypto_kpp *tfm, const void *buffer,
454 				    unsigned int len)
455 {
456 	struct dh_safe_prime_instance_ctx *inst_ctx =
457 		dh_safe_prime_instance_ctx(tfm);
458 	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
459 	struct dh params = {};
460 	void *buf = NULL, *key = NULL;
461 	unsigned int buf_size;
462 	int err;
463 
464 	if (buffer) {
465 		err = __crypto_dh_decode_key(buffer, len, &params);
466 		if (err)
467 			return err;
468 		if (params.p_size || params.g_size)
469 			return -EINVAL;
470 	}
471 
472 	params.p = inst_ctx->safe_prime->p;
473 	params.p_size = inst_ctx->safe_prime->p_size;
474 	params.g = safe_prime_g;
475 	params.g_size = sizeof(safe_prime_g);
476 
477 	if (!params.key_size) {
478 		key = dh_safe_prime_gen_privkey(inst_ctx->safe_prime,
479 						&params.key_size);
480 		if (IS_ERR(key))
481 			return PTR_ERR(key);
482 		params.key = key;
483 	}
484 
485 	buf_size = crypto_dh_key_len(&params);
486 	buf = kmalloc(buf_size, GFP_KERNEL);
487 	if (!buf) {
488 		err = -ENOMEM;
489 		goto out;
490 	}
491 
492 	err = crypto_dh_encode_key(buf, buf_size, &params);
493 	if (err)
494 		goto out;
495 
496 	err = crypto_kpp_set_secret(tfm_ctx->dh_tfm, buf, buf_size);
497 out:
498 	kfree_sensitive(buf);
499 	kfree_sensitive(key);
500 	return err;
501 }
502 
503 static void dh_safe_prime_complete_req(struct crypto_async_request *dh_req,
504 				       int err)
505 {
506 	struct kpp_request *req = dh_req->data;
507 
508 	kpp_request_complete(req, err);
509 }
510 
511 static struct kpp_request *dh_safe_prime_prepare_dh_req(struct kpp_request *req)
512 {
513 	struct dh_safe_prime_tfm_ctx *tfm_ctx =
514 		kpp_tfm_ctx(crypto_kpp_reqtfm(req));
515 	struct kpp_request *dh_req = kpp_request_ctx(req);
516 
517 	kpp_request_set_tfm(dh_req, tfm_ctx->dh_tfm);
518 	kpp_request_set_callback(dh_req, req->base.flags,
519 				 dh_safe_prime_complete_req, req);
520 
521 	kpp_request_set_input(dh_req, req->src, req->src_len);
522 	kpp_request_set_output(dh_req, req->dst, req->dst_len);
523 
524 	return dh_req;
525 }
526 
527 static int dh_safe_prime_generate_public_key(struct kpp_request *req)
528 {
529 	struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
530 
531 	return crypto_kpp_generate_public_key(dh_req);
532 }
533 
534 static int dh_safe_prime_compute_shared_secret(struct kpp_request *req)
535 {
536 	struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
537 
538 	return crypto_kpp_compute_shared_secret(dh_req);
539 }
540 
541 static unsigned int dh_safe_prime_max_size(struct crypto_kpp *tfm)
542 {
543 	struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
544 
545 	return crypto_kpp_maxsize(tfm_ctx->dh_tfm);
546 }
547 
548 static int __maybe_unused __dh_safe_prime_create(
549 	struct crypto_template *tmpl, struct rtattr **tb,
550 	const struct dh_safe_prime *safe_prime)
551 {
552 	struct kpp_instance *inst;
553 	struct dh_safe_prime_instance_ctx *ctx;
554 	const char *dh_name;
555 	struct kpp_alg *dh_alg;
556 	u32 mask;
557 	int err;
558 
559 	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_KPP, &mask);
560 	if (err)
561 		return err;
562 
563 	dh_name = crypto_attr_alg_name(tb[1]);
564 	if (IS_ERR(dh_name))
565 		return PTR_ERR(dh_name);
566 
567 	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
568 	if (!inst)
569 		return -ENOMEM;
570 
571 	ctx = kpp_instance_ctx(inst);
572 
573 	err = crypto_grab_kpp(&ctx->dh_spawn, kpp_crypto_instance(inst),
574 			      dh_name, 0, mask);
575 	if (err)
576 		goto err_free_inst;
577 
578 	err = -EINVAL;
579 	dh_alg = crypto_spawn_kpp_alg(&ctx->dh_spawn);
580 	if (strcmp(dh_alg->base.cra_name, "dh"))
581 		goto err_free_inst;
582 
583 	ctx->safe_prime = safe_prime;
584 
585 	err = crypto_inst_setname(kpp_crypto_instance(inst),
586 				  tmpl->name, &dh_alg->base);
587 	if (err)
588 		goto err_free_inst;
589 
590 	inst->alg.set_secret = dh_safe_prime_set_secret;
591 	inst->alg.generate_public_key = dh_safe_prime_generate_public_key;
592 	inst->alg.compute_shared_secret = dh_safe_prime_compute_shared_secret;
593 	inst->alg.max_size = dh_safe_prime_max_size;
594 	inst->alg.init = dh_safe_prime_init_tfm;
595 	inst->alg.exit = dh_safe_prime_exit_tfm;
596 	inst->alg.reqsize = sizeof(struct kpp_request) + dh_alg->reqsize;
597 	inst->alg.base.cra_priority = dh_alg->base.cra_priority;
598 	inst->alg.base.cra_module = THIS_MODULE;
599 	inst->alg.base.cra_ctxsize = sizeof(struct dh_safe_prime_tfm_ctx);
600 
601 	inst->free = dh_safe_prime_free_instance;
602 
603 	err = kpp_register_instance(tmpl, inst);
604 	if (err)
605 		goto err_free_inst;
606 
607 	return 0;
608 
609 err_free_inst:
610 	dh_safe_prime_free_instance(inst);
611 
612 	return err;
613 }
614 
615 #ifdef CONFIG_CRYPTO_DH_RFC7919_GROUPS
616 
617 static const struct dh_safe_prime ffdhe2048_prime = {
618 	.max_strength = 112,
619 	.p_size = 256,
620 	.p =
621 	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
622 	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
623 	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
624 	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
625 	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
626 	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
627 	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
628 	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
629 	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
630 	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
631 	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
632 	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
633 	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
634 	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
635 	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
636 	"\x88\x6b\x42\x38\x61\x28\x5c\x97\xff\xff\xff\xff\xff\xff\xff\xff",
637 };
638 
639 static const struct dh_safe_prime ffdhe3072_prime = {
640 	.max_strength = 128,
641 	.p_size = 384,
642 	.p =
643 	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
644 	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
645 	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
646 	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
647 	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
648 	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
649 	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
650 	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
651 	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
652 	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
653 	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
654 	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
655 	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
656 	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
657 	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
658 	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
659 	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
660 	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
661 	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
662 	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
663 	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
664 	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
665 	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
666 	"\x25\xe4\x1d\x2b\x66\xc6\x2e\x37\xff\xff\xff\xff\xff\xff\xff\xff",
667 };
668 
669 static const struct dh_safe_prime ffdhe4096_prime = {
670 	.max_strength = 152,
671 	.p_size = 512,
672 	.p =
673 	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
674 	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
675 	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
676 	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
677 	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
678 	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
679 	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
680 	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
681 	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
682 	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
683 	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
684 	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
685 	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
686 	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
687 	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
688 	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
689 	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
690 	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
691 	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
692 	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
693 	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
694 	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
695 	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
696 	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
697 	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
698 	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
699 	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
700 	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
701 	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
702 	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
703 	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
704 	"\xc6\x8a\x00\x7e\x5e\x65\x5f\x6a\xff\xff\xff\xff\xff\xff\xff\xff",
705 };
706 
707 static const struct dh_safe_prime ffdhe6144_prime = {
708 	.max_strength = 176,
709 	.p_size = 768,
710 	.p =
711 	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
712 	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
713 	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
714 	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
715 	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
716 	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
717 	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
718 	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
719 	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
720 	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
721 	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
722 	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
723 	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
724 	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
725 	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
726 	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
727 	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
728 	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
729 	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
730 	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
731 	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
732 	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
733 	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
734 	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
735 	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
736 	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
737 	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
738 	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
739 	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
740 	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
741 	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
742 	"\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
743 	"\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
744 	"\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
745 	"\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
746 	"\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
747 	"\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
748 	"\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
749 	"\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
750 	"\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
751 	"\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
752 	"\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
753 	"\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
754 	"\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
755 	"\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
756 	"\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
757 	"\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
758 	"\xa4\x0e\x32\x9c\xd0\xe4\x0e\x65\xff\xff\xff\xff\xff\xff\xff\xff",
759 };
760 
761 static const struct dh_safe_prime ffdhe8192_prime = {
762 	.max_strength = 200,
763 	.p_size = 1024,
764 	.p =
765 	"\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
766 	"\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
767 	"\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
768 	"\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
769 	"\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
770 	"\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
771 	"\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
772 	"\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
773 	"\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
774 	"\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
775 	"\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
776 	"\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
777 	"\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
778 	"\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
779 	"\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
780 	"\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
781 	"\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
782 	"\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
783 	"\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
784 	"\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
785 	"\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
786 	"\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
787 	"\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
788 	"\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
789 	"\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
790 	"\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
791 	"\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
792 	"\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
793 	"\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
794 	"\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
795 	"\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
796 	"\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
797 	"\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
798 	"\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
799 	"\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
800 	"\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
801 	"\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
802 	"\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
803 	"\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
804 	"\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
805 	"\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
806 	"\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
807 	"\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
808 	"\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
809 	"\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
810 	"\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
811 	"\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
812 	"\xa4\x0e\x32\x9c\xcf\xf4\x6a\xaa\x36\xad\x00\x4c\xf6\x00\xc8\x38"
813 	"\x1e\x42\x5a\x31\xd9\x51\xae\x64\xfd\xb2\x3f\xce\xc9\x50\x9d\x43"
814 	"\x68\x7f\xeb\x69\xed\xd1\xcc\x5e\x0b\x8c\xc3\xbd\xf6\x4b\x10\xef"
815 	"\x86\xb6\x31\x42\xa3\xab\x88\x29\x55\x5b\x2f\x74\x7c\x93\x26\x65"
816 	"\xcb\x2c\x0f\x1c\xc0\x1b\xd7\x02\x29\x38\x88\x39\xd2\xaf\x05\xe4"
817 	"\x54\x50\x4a\xc7\x8b\x75\x82\x82\x28\x46\xc0\xba\x35\xc3\x5f\x5c"
818 	"\x59\x16\x0c\xc0\x46\xfd\x82\x51\x54\x1f\xc6\x8c\x9c\x86\xb0\x22"
819 	"\xbb\x70\x99\x87\x6a\x46\x0e\x74\x51\xa8\xa9\x31\x09\x70\x3f\xee"
820 	"\x1c\x21\x7e\x6c\x38\x26\xe5\x2c\x51\xaa\x69\x1e\x0e\x42\x3c\xfc"
821 	"\x99\xe9\xe3\x16\x50\xc1\x21\x7b\x62\x48\x16\xcd\xad\x9a\x95\xf9"
822 	"\xd5\xb8\x01\x94\x88\xd9\xc0\xa0\xa1\xfe\x30\x75\xa5\x77\xe2\x31"
823 	"\x83\xf8\x1d\x4a\x3f\x2f\xa4\x57\x1e\xfc\x8c\xe0\xba\x8a\x4f\xe8"
824 	"\xb6\x85\x5d\xfe\x72\xb0\xa6\x6e\xde\xd2\xfb\xab\xfb\xe5\x8a\x30"
825 	"\xfa\xfa\xbe\x1c\x5d\x71\xa8\x7e\x2f\x74\x1e\xf8\xc1\xfe\x86\xfe"
826 	"\xa6\xbb\xfd\xe5\x30\x67\x7f\x0d\x97\xd1\x1d\x49\xf7\xa8\x44\x3d"
827 	"\x08\x22\xe5\x06\xa9\xf4\x61\x4e\x01\x1e\x2a\x94\x83\x8f\xf8\x8c"
828 	"\xd6\x8c\x8b\xb7\xc5\xc6\x42\x4c\xff\xff\xff\xff\xff\xff\xff\xff",
829 };
830 
831 static int dh_ffdhe2048_create(struct crypto_template *tmpl,
832 			       struct rtattr **tb)
833 {
834 	return  __dh_safe_prime_create(tmpl, tb, &ffdhe2048_prime);
835 }
836 
837 static int dh_ffdhe3072_create(struct crypto_template *tmpl,
838 			       struct rtattr **tb)
839 {
840 	return  __dh_safe_prime_create(tmpl, tb, &ffdhe3072_prime);
841 }
842 
843 static int dh_ffdhe4096_create(struct crypto_template *tmpl,
844 			       struct rtattr **tb)
845 {
846 	return  __dh_safe_prime_create(tmpl, tb, &ffdhe4096_prime);
847 }
848 
849 static int dh_ffdhe6144_create(struct crypto_template *tmpl,
850 			       struct rtattr **tb)
851 {
852 	return  __dh_safe_prime_create(tmpl, tb, &ffdhe6144_prime);
853 }
854 
855 static int dh_ffdhe8192_create(struct crypto_template *tmpl,
856 			       struct rtattr **tb)
857 {
858 	return  __dh_safe_prime_create(tmpl, tb, &ffdhe8192_prime);
859 }
860 
861 static struct crypto_template crypto_ffdhe_templates[] = {
862 	{
863 		.name = "ffdhe2048",
864 		.create = dh_ffdhe2048_create,
865 		.module = THIS_MODULE,
866 	},
867 	{
868 		.name = "ffdhe3072",
869 		.create = dh_ffdhe3072_create,
870 		.module = THIS_MODULE,
871 	},
872 	{
873 		.name = "ffdhe4096",
874 		.create = dh_ffdhe4096_create,
875 		.module = THIS_MODULE,
876 	},
877 	{
878 		.name = "ffdhe6144",
879 		.create = dh_ffdhe6144_create,
880 		.module = THIS_MODULE,
881 	},
882 	{
883 		.name = "ffdhe8192",
884 		.create = dh_ffdhe8192_create,
885 		.module = THIS_MODULE,
886 	},
887 };
888 
889 #else /* ! CONFIG_CRYPTO_DH_RFC7919_GROUPS */
890 
891 static struct crypto_template crypto_ffdhe_templates[] = {};
892 
893 #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */
894 
895 
896 static int __init dh_init(void)
897 {
898 	int err;
899 
900 	err = crypto_register_kpp(&dh);
901 	if (err)
902 		return err;
903 
904 	err = crypto_register_templates(crypto_ffdhe_templates,
905 					ARRAY_SIZE(crypto_ffdhe_templates));
906 	if (err) {
907 		crypto_unregister_kpp(&dh);
908 		return err;
909 	}
910 
911 	return 0;
912 }
913 
914 static void __exit dh_exit(void)
915 {
916 	crypto_unregister_templates(crypto_ffdhe_templates,
917 				    ARRAY_SIZE(crypto_ffdhe_templates));
918 	crypto_unregister_kpp(&dh);
919 }
920 
921 subsys_initcall(dh_init);
922 module_exit(dh_exit);
923 MODULE_ALIAS_CRYPTO("dh");
924 MODULE_LICENSE("GPL");
925 MODULE_DESCRIPTION("DH generic algorithm");
926