~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/dh.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /*  Diffie-Hellman Key Agreement Method [RFC2631]
  3  *
  4  * Copyright (c) 2016, Intel Corporation
  5  * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
  6  */
  7 
  8 #include <linux/fips.h>
  9 #include <linux/module.h>
 10 #include <crypto/internal/kpp.h>
 11 #include <crypto/kpp.h>
 12 #include <crypto/dh.h>
 13 #include <crypto/rng.h>
 14 #include <linux/mpi.h>
 15 
 16 struct dh_ctx {
 17         MPI p;  /* Value is guaranteed to be set. */
 18         MPI g;  /* Value is guaranteed to be set. */
 19         MPI xa; /* Value is guaranteed to be set. */
 20 };
 21 
 22 static void dh_clear_ctx(struct dh_ctx *ctx)
 23 {
 24         mpi_free(ctx->p);
 25         mpi_free(ctx->g);
 26         mpi_free(ctx->xa);
 27         memset(ctx, 0, sizeof(*ctx));
 28 }
 29 
 30 /*
 31  * If base is g we compute the public key
 32  *      ya = g^xa mod p; [RFC2631 sec 2.1.1]
 33  * else if base if the counterpart public key we compute the shared secret
 34  *      ZZ = yb^xa mod p; [RFC2631 sec 2.1.1]
 35  */
 36 static int _compute_val(const struct dh_ctx *ctx, MPI base, MPI val)
 37 {
 38         /* val = base^xa mod p */
 39         return mpi_powm(val, base, ctx->xa, ctx->p);
 40 }
 41 
 42 static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm)
 43 {
 44         return kpp_tfm_ctx(tfm);
 45 }
 46 
 47 static int dh_check_params_length(unsigned int p_len)
 48 {
 49         if (fips_enabled)
 50                 return (p_len < 2048) ? -EINVAL : 0;
 51 
 52         return (p_len < 1536) ? -EINVAL : 0;
 53 }
 54 
 55 static int dh_set_params(struct dh_ctx *ctx, struct dh *params)
 56 {
 57         if (dh_check_params_length(params->p_size << 3))
 58                 return -EINVAL;
 59 
 60         ctx->p = mpi_read_raw_data(params->p, params->p_size);
 61         if (!ctx->p)
 62                 return -EINVAL;
 63 
 64         ctx->g = mpi_read_raw_data(params->g, params->g_size);
 65         if (!ctx->g)
 66                 return -EINVAL;
 67 
 68         return 0;
 69 }
 70 
 71 static int dh_set_secret(struct crypto_kpp *tfm, const void *buf,
 72                          unsigned int len)
 73 {
 74         struct dh_ctx *ctx = dh_get_ctx(tfm);
 75         struct dh params;
 76 
 77         /* Free the old MPI key if any */
 78         dh_clear_ctx(ctx);
 79 
 80         if (crypto_dh_decode_key(buf, len, &params) < 0)
 81                 goto err_clear_ctx;
 82 
 83         if (dh_set_params(ctx, &params) < 0)
 84                 goto err_clear_ctx;
 85 
 86         ctx->xa = mpi_read_raw_data(params.key, params.key_size);
 87         if (!ctx->xa)
 88                 goto err_clear_ctx;
 89 
 90         return 0;
 91 
 92 err_clear_ctx:
 93         dh_clear_ctx(ctx);
 94         return -EINVAL;
 95 }
 96 
 97 /*
 98  * SP800-56A public key verification:
 99  *
100  * * For the safe-prime groups in FIPS mode, Q can be computed
101  *   trivially from P and a full validation according to SP800-56A
102  *   section 5.6.2.3.1 is performed.
103  *
104  * * For all other sets of group parameters, only a partial validation
105  *   according to SP800-56A section 5.6.2.3.2 is performed.
106  */
107 static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y)
108 {
109         MPI val, q;
110         int ret;
111 
112         if (!fips_enabled)
113                 return 0;
114 
115         if (unlikely(!ctx->p))
116                 return -EINVAL;
117 
118         /*
119          * Step 1: Verify that 2 <= y <= p - 2.
120          *
121          * The upper limit check is actually y < p instead of y < p - 1
122          * in order to save one mpi_sub_ui() invocation here. Note that
123          * p - 1 is the non-trivial element of the subgroup of order 2 and
124          * thus, the check on y^q below would fail if y == p - 1.
125          */
126         if (mpi_cmp_ui(y, 1) < 1 || mpi_cmp(y, ctx->p) >= 0)
127                 return -EINVAL;
128 
129         /*
130          * Step 2: Verify that 1 = y^q mod p
131          *
132          * For the safe-prime groups q = (p - 1)/2.
133          */
134         val = mpi_alloc(0);
135         if (!val)
136                 return -ENOMEM;
137 
138         q = mpi_alloc(mpi_get_nlimbs(ctx->p));
139         if (!q) {
140                 mpi_free(val);
141                 return -ENOMEM;
142         }
143 
144         /*
145          * ->p is odd, so no need to explicitly subtract one
146          * from it before shifting to the right.
147          */
148         mpi_rshift(q, ctx->p, 1);
149 
150         ret = mpi_powm(val, y, q, ctx->p);
151         mpi_free(q);
152         if (ret) {
153                 mpi_free(val);
154                 return ret;
155         }
156 
157         ret = mpi_cmp_ui(val, 1);
158 
159         mpi_free(val);
160 
161         if (ret != 0)
162                 return -EINVAL;
163 
164         return 0;
165 }
166 
167 static int dh_compute_value(struct kpp_request *req)
168 {
169         struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
170         struct dh_ctx *ctx = dh_get_ctx(tfm);
171         MPI base, val = mpi_alloc(0);
172         int ret = 0;
173         int sign;
174 
175         if (!val)
176                 return -ENOMEM;
177 
178         if (unlikely(!ctx->xa)) {
179                 ret = -EINVAL;
180                 goto err_free_val;
181         }
182 
183         if (req->src) {
184                 base = mpi_read_raw_from_sgl(req->src, req->src_len);
185                 if (!base) {
186                         ret = -EINVAL;
187                         goto err_free_val;
188                 }
189                 ret = dh_is_pubkey_valid(ctx, base);
190                 if (ret)
191                         goto err_free_base;
192         } else {
193                 base = ctx->g;
194         }
195 
196         ret = _compute_val(ctx, base, val);
197         if (ret)
198                 goto err_free_base;
199 
200         if (fips_enabled) {
201                 /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
202                 if (req->src) {
203                         MPI pone;
204 
205                         /* z <= 1 */
206                         if (mpi_cmp_ui(val, 1) < 1) {
207                                 ret = -EBADMSG;
208                                 goto err_free_base;
209                         }
210 
211                         /* z == p - 1 */
212                         pone = mpi_alloc(0);
213 
214                         if (!pone) {
215                                 ret = -ENOMEM;
216                                 goto err_free_base;
217                         }
218 
219                         ret = mpi_sub_ui(pone, ctx->p, 1);
220                         if (!ret && !mpi_cmp(pone, val))
221                                 ret = -EBADMSG;
222 
223                         mpi_free(pone);
224 
225                         if (ret)
226                                 goto err_free_base;
227 
228                 /* SP800-56A rev 3 5.6.2.1.3 key check */
229                 } else {
230                         if (dh_is_pubkey_valid(ctx, val)) {
231                                 ret = -EAGAIN;
232                                 goto err_free_val;
233                         }
234                 }
235         }
236 
237         ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);
238         if (ret)
239                 goto err_free_base;
240 
241         if (sign < 0)
242                 ret = -EBADMSG;
243 err_free_base:
244         if (req->src)
245                 mpi_free(base);
246 err_free_val:
247         mpi_free(val);
248         return ret;
249 }
250 
251 static unsigned int dh_max_size(struct crypto_kpp *tfm)
252 {
253         struct dh_ctx *ctx = dh_get_ctx(tfm);
254 
255         return mpi_get_size(ctx->p);
256 }
257 
258 static void dh_exit_tfm(struct crypto_kpp *tfm)
259 {
260         struct dh_ctx *ctx = dh_get_ctx(tfm);
261 
262         dh_clear_ctx(ctx);
263 }
264 
265 static struct kpp_alg dh = {
266         .set_secret = dh_set_secret,
267         .generate_public_key = dh_compute_value,
268         .compute_shared_secret = dh_compute_value,
269         .max_size = dh_max_size,
270         .exit = dh_exit_tfm,
271         .base = {
272                 .cra_name = "dh",
273                 .cra_driver_name = "dh-generic",
274                 .cra_priority = 100,
275                 .cra_module = THIS_MODULE,
276                 .cra_ctxsize = sizeof(struct dh_ctx),
277         },
278 };
279 
280 
281 struct dh_safe_prime {
282         unsigned int max_strength;
283         unsigned int p_size;
284         const char *p;
285 };
286 
287 static const char safe_prime_g[]  = { 2 };
288 
289 struct dh_safe_prime_instance_ctx {
290         struct crypto_kpp_spawn dh_spawn;
291         const struct dh_safe_prime *safe_prime;
292 };
293 
294 struct dh_safe_prime_tfm_ctx {
295         struct crypto_kpp *dh_tfm;
296 };
297 
298 static void dh_safe_prime_free_instance(struct kpp_instance *inst)
299 {
300         struct dh_safe_prime_instance_ctx *ctx = kpp_instance_ctx(inst);
301 
302         crypto_drop_kpp(&ctx->dh_spawn);
303         kfree(inst);
304 }
305 
306 static inline struct dh_safe_prime_instance_ctx *dh_safe_prime_instance_ctx(
307         struct crypto_kpp *tfm)
308 {
309         return kpp_instance_ctx(kpp_alg_instance(tfm));
310 }
311 
312 static int dh_safe_prime_init_tfm(struct crypto_kpp *tfm)
313 {
314         struct dh_safe_prime_instance_ctx *inst_ctx =
315                 dh_safe_prime_instance_ctx(tfm);
316         struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
317 
318         tfm_ctx->dh_tfm = crypto_spawn_kpp(&inst_ctx->dh_spawn);
319         if (IS_ERR(tfm_ctx->dh_tfm))
320                 return PTR_ERR(tfm_ctx->dh_tfm);
321 
322         kpp_set_reqsize(tfm, sizeof(struct kpp_request) +
323                              crypto_kpp_reqsize(tfm_ctx->dh_tfm));
324 
325         return 0;
326 }
327 
328 static void dh_safe_prime_exit_tfm(struct crypto_kpp *tfm)
329 {
330         struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
331 
332         crypto_free_kpp(tfm_ctx->dh_tfm);
333 }
334 
335 static u64 __add_u64_to_be(__be64 *dst, unsigned int n, u64 val)
336 {
337         unsigned int i;
338 
339         for (i = n; val && i > 0; --i) {
340                 u64 tmp = be64_to_cpu(dst[i - 1]);
341 
342                 tmp += val;
343                 val = tmp >= val ? 0 : 1;
344                 dst[i - 1] = cpu_to_be64(tmp);
345         }
346 
347         return val;
348 }
349 
350 static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
351                                        unsigned int *key_size)
352 {
353         unsigned int n, oversampling_size;
354         __be64 *key;
355         int err;
356         u64 h, o;
357 
358         /*
359          * Generate a private key following NIST SP800-56Ar3,
360          * sec. 5.6.1.1.1 and 5.6.1.1.3 resp..
361          *
362          * 5.6.1.1.1: choose key length N such that
363          * 2 * ->max_strength <= N <= log2(q) + 1 = ->p_size * 8 - 1
364          * with q = (p - 1) / 2 for the safe-prime groups.
365          * Choose the lower bound's next power of two for N in order to
366          * avoid excessively large private keys while still
367          * maintaining some extra reserve beyond the bare minimum in
368          * most cases. Note that for each entry in safe_prime_groups[],
369          * the following holds for such N:
370          * - N >= 256, in particular it is a multiple of 2^6 = 64
371          *   bits and
372          * - N < log2(q) + 1, i.e. N respects the upper bound.
373          */
374         n = roundup_pow_of_two(2 * safe_prime->max_strength);
375         WARN_ON_ONCE(n & ((1u << 6) - 1));
376         n >>= 6; /* Convert N into units of u64. */
377 
378         /*
379          * Reserve one extra u64 to hold the extra random bits
380          * required as per 5.6.1.1.3.
381          */
382         oversampling_size = (n + 1) * sizeof(__be64);
383         key = kmalloc(oversampling_size, GFP_KERNEL);
384         if (!key)
385                 return ERR_PTR(-ENOMEM);
386 
387         /*
388          * 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64
389          * random bits and interpret them as a big endian integer.
390          */
391         err = -EFAULT;
392         if (crypto_get_default_rng())
393                 goto out_err;
394 
395         err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
396                                    oversampling_size);
397         crypto_put_default_rng();
398         if (err)
399                 goto out_err;
400 
401         /*
402          * 5.6.1.1.3, step 5 is implicit: 2^N < q and thus,
403          * M = min(2^N, q) = 2^N.
404          *
405          * For step 6, calculate
406          * key = (key[] mod (M - 1)) + 1 = (key[] mod (2^N - 1)) + 1.
407          *
408          * In order to avoid expensive divisions, note that
409          * 2^N mod (2^N - 1) = 1 and thus, for any integer h,
410          * 2^N * h mod (2^N - 1) = h mod (2^N - 1) always holds.
411          * The big endian integer key[] composed of n + 1 64bit words
412          * may be written as key[] = h * 2^N + l, with h = key[0]
413          * representing the 64 most significant bits and l
414          * corresponding to the remaining 2^N bits. With the remark
415          * from above,
416          * h * 2^N + l mod (2^N - 1) = l + h mod (2^N - 1).
417          * As both, l and h are less than 2^N, their sum after
418          * this first reduction is guaranteed to be <= 2^(N + 1) - 2.
419          * Or equivalently, that their sum can again be written as
420          * h' * 2^N + l' with h' now either zero or one and if one,
421          * then l' <= 2^N - 2. Thus, all bits at positions >= N will
422          * be zero after a second reduction:
423          * h' * 2^N + l' mod (2^N - 1) = l' + h' mod (2^N - 1).
424          * At this point, it is still possible that
425          * l' + h' = 2^N - 1, i.e. that l' + h' mod (2^N - 1)
426          * is zero. This condition will be detected below by means of
427          * the final increment overflowing in this case.
428          */
429         h = be64_to_cpu(key[0]);
430         h = __add_u64_to_be(key + 1, n, h);
431         h = __add_u64_to_be(key + 1, n, h);
432         WARN_ON_ONCE(h);
433 
434         /* Increment to obtain the final result. */
435         o = __add_u64_to_be(key + 1, n, 1);
436         /*
437          * The overflow bit o from the increment is either zero or
438          * one. If zero, key[1:n] holds the final result in big-endian
439          * order. If one, key[1:n] is zero now, but needs to be set to
440          * one, c.f. above.
441          */
442         if (o)
443                 key[n] = cpu_to_be64(1);
444 
445         /* n is in units of u64, convert to bytes. */
446         *key_size = n << 3;
447         /* Strip the leading extra __be64, which is (virtually) zero by now. */
448         memmove(key, &key[1], *key_size);
449 
450         return key;
451 
452 out_err:
453         kfree_sensitive(key);
454         return ERR_PTR(err);
455 }
456 
457 static int dh_safe_prime_set_secret(struct crypto_kpp *tfm, const void *buffer,
458                                     unsigned int len)
459 {
460         struct dh_safe_prime_instance_ctx *inst_ctx =
461                 dh_safe_prime_instance_ctx(tfm);
462         struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
463         struct dh params = {};
464         void *buf = NULL, *key = NULL;
465         unsigned int buf_size;
466         int err;
467 
468         if (buffer) {
469                 err = __crypto_dh_decode_key(buffer, len, &params);
470                 if (err)
471                         return err;
472                 if (params.p_size || params.g_size)
473                         return -EINVAL;
474         }
475 
476         params.p = inst_ctx->safe_prime->p;
477         params.p_size = inst_ctx->safe_prime->p_size;
478         params.g = safe_prime_g;
479         params.g_size = sizeof(safe_prime_g);
480 
481         if (!params.key_size) {
482                 key = dh_safe_prime_gen_privkey(inst_ctx->safe_prime,
483                                                 &params.key_size);
484                 if (IS_ERR(key))
485                         return PTR_ERR(key);
486                 params.key = key;
487         }
488 
489         buf_size = crypto_dh_key_len(&params);
490         buf = kmalloc(buf_size, GFP_KERNEL);
491         if (!buf) {
492                 err = -ENOMEM;
493                 goto out;
494         }
495 
496         err = crypto_dh_encode_key(buf, buf_size, &params);
497         if (err)
498                 goto out;
499 
500         err = crypto_kpp_set_secret(tfm_ctx->dh_tfm, buf, buf_size);
501 out:
502         kfree_sensitive(buf);
503         kfree_sensitive(key);
504         return err;
505 }
506 
507 static void dh_safe_prime_complete_req(void *data, int err)
508 {
509         struct kpp_request *req = data;
510 
511         kpp_request_complete(req, err);
512 }
513 
514 static struct kpp_request *dh_safe_prime_prepare_dh_req(struct kpp_request *req)
515 {
516         struct dh_safe_prime_tfm_ctx *tfm_ctx =
517                 kpp_tfm_ctx(crypto_kpp_reqtfm(req));
518         struct kpp_request *dh_req = kpp_request_ctx(req);
519 
520         kpp_request_set_tfm(dh_req, tfm_ctx->dh_tfm);
521         kpp_request_set_callback(dh_req, req->base.flags,
522                                  dh_safe_prime_complete_req, req);
523 
524         kpp_request_set_input(dh_req, req->src, req->src_len);
525         kpp_request_set_output(dh_req, req->dst, req->dst_len);
526 
527         return dh_req;
528 }
529 
530 static int dh_safe_prime_generate_public_key(struct kpp_request *req)
531 {
532         struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
533 
534         return crypto_kpp_generate_public_key(dh_req);
535 }
536 
537 static int dh_safe_prime_compute_shared_secret(struct kpp_request *req)
538 {
539         struct kpp_request *dh_req = dh_safe_prime_prepare_dh_req(req);
540 
541         return crypto_kpp_compute_shared_secret(dh_req);
542 }
543 
544 static unsigned int dh_safe_prime_max_size(struct crypto_kpp *tfm)
545 {
546         struct dh_safe_prime_tfm_ctx *tfm_ctx = kpp_tfm_ctx(tfm);
547 
548         return crypto_kpp_maxsize(tfm_ctx->dh_tfm);
549 }
550 
551 static int __maybe_unused __dh_safe_prime_create(
552         struct crypto_template *tmpl, struct rtattr **tb,
553         const struct dh_safe_prime *safe_prime)
554 {
555         struct kpp_instance *inst;
556         struct dh_safe_prime_instance_ctx *ctx;
557         const char *dh_name;
558         struct kpp_alg *dh_alg;
559         u32 mask;
560         int err;
561 
562         err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_KPP, &mask);
563         if (err)
564                 return err;
565 
566         dh_name = crypto_attr_alg_name(tb[1]);
567         if (IS_ERR(dh_name))
568                 return PTR_ERR(dh_name);
569 
570         inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
571         if (!inst)
572                 return -ENOMEM;
573 
574         ctx = kpp_instance_ctx(inst);
575 
576         err = crypto_grab_kpp(&ctx->dh_spawn, kpp_crypto_instance(inst),
577                               dh_name, 0, mask);
578         if (err)
579                 goto err_free_inst;
580 
581         err = -EINVAL;
582         dh_alg = crypto_spawn_kpp_alg(&ctx->dh_spawn);
583         if (strcmp(dh_alg->base.cra_name, "dh"))
584                 goto err_free_inst;
585 
586         ctx->safe_prime = safe_prime;
587 
588         err = crypto_inst_setname(kpp_crypto_instance(inst),
589                                   tmpl->name, &dh_alg->base);
590         if (err)
591                 goto err_free_inst;
592 
593         inst->alg.set_secret = dh_safe_prime_set_secret;
594         inst->alg.generate_public_key = dh_safe_prime_generate_public_key;
595         inst->alg.compute_shared_secret = dh_safe_prime_compute_shared_secret;
596         inst->alg.max_size = dh_safe_prime_max_size;
597         inst->alg.init = dh_safe_prime_init_tfm;
598         inst->alg.exit = dh_safe_prime_exit_tfm;
599         inst->alg.base.cra_priority = dh_alg->base.cra_priority;
600         inst->alg.base.cra_module = THIS_MODULE;
601         inst->alg.base.cra_ctxsize = sizeof(struct dh_safe_prime_tfm_ctx);
602 
603         inst->free = dh_safe_prime_free_instance;
604 
605         err = kpp_register_instance(tmpl, inst);
606         if (err)
607                 goto err_free_inst;
608 
609         return 0;
610 
611 err_free_inst:
612         dh_safe_prime_free_instance(inst);
613 
614         return err;
615 }
616 
617 #ifdef CONFIG_CRYPTO_DH_RFC7919_GROUPS
618 
619 static const struct dh_safe_prime ffdhe2048_prime = {
620         .max_strength = 112,
621         .p_size = 256,
622         .p =
623         "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
624         "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
625         "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
626         "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
627         "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
628         "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
629         "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
630         "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
631         "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
632         "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
633         "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
634         "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
635         "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
636         "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
637         "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
638         "\x88\x6b\x42\x38\x61\x28\x5c\x97\xff\xff\xff\xff\xff\xff\xff\xff",
639 };
640 
641 static const struct dh_safe_prime ffdhe3072_prime = {
642         .max_strength = 128,
643         .p_size = 384,
644         .p =
645         "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
646         "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
647         "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
648         "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
649         "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
650         "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
651         "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
652         "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
653         "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
654         "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
655         "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
656         "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
657         "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
658         "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
659         "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
660         "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
661         "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
662         "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
663         "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
664         "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
665         "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
666         "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
667         "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
668         "\x25\xe4\x1d\x2b\x66\xc6\x2e\x37\xff\xff\xff\xff\xff\xff\xff\xff",
669 };
670 
671 static const struct dh_safe_prime ffdhe4096_prime = {
672         .max_strength = 152,
673         .p_size = 512,
674         .p =
675         "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
676         "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
677         "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
678         "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
679         "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
680         "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
681         "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
682         "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
683         "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
684         "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
685         "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
686         "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
687         "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
688         "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
689         "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
690         "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
691         "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
692         "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
693         "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
694         "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
695         "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
696         "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
697         "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
698         "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
699         "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
700         "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
701         "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
702         "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
703         "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
704         "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
705         "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
706         "\xc6\x8a\x00\x7e\x5e\x65\x5f\x6a\xff\xff\xff\xff\xff\xff\xff\xff",
707 };
708 
709 static const struct dh_safe_prime ffdhe6144_prime = {
710         .max_strength = 176,
711         .p_size = 768,
712         .p =
713         "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
714         "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
715         "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
716         "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
717         "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
718         "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
719         "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
720         "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
721         "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
722         "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
723         "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
724         "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
725         "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
726         "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
727         "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
728         "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
729         "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
730         "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
731         "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
732         "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
733         "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
734         "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
735         "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
736         "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
737         "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
738         "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
739         "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
740         "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
741         "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
742         "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
743         "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
744         "\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
745         "\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
746         "\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
747         "\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
748         "\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
749         "\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
750         "\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
751         "\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
752         "\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
753         "\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
754         "\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
755         "\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
756         "\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
757         "\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
758         "\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
759         "\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
760         "\xa4\x0e\x32\x9c\xd0\xe4\x0e\x65\xff\xff\xff\xff\xff\xff\xff\xff",
761 };
762 
763 static const struct dh_safe_prime ffdhe8192_prime = {
764         .max_strength = 200,
765         .p_size = 1024,
766         .p =
767         "\xff\xff\xff\xff\xff\xff\xff\xff\xad\xf8\x54\x58\xa2\xbb\x4a\x9a"
768         "\xaf\xdc\x56\x20\x27\x3d\x3c\xf1\xd8\xb9\xc5\x83\xce\x2d\x36\x95"
769         "\xa9\xe1\x36\x41\x14\x64\x33\xfb\xcc\x93\x9d\xce\x24\x9b\x3e\xf9"
770         "\x7d\x2f\xe3\x63\x63\x0c\x75\xd8\xf6\x81\xb2\x02\xae\xc4\x61\x7a"
771         "\xd3\xdf\x1e\xd5\xd5\xfd\x65\x61\x24\x33\xf5\x1f\x5f\x06\x6e\xd0"
772         "\x85\x63\x65\x55\x3d\xed\x1a\xf3\xb5\x57\x13\x5e\x7f\x57\xc9\x35"
773         "\x98\x4f\x0c\x70\xe0\xe6\x8b\x77\xe2\xa6\x89\xda\xf3\xef\xe8\x72"
774         "\x1d\xf1\x58\xa1\x36\xad\xe7\x35\x30\xac\xca\x4f\x48\x3a\x79\x7a"
775         "\xbc\x0a\xb1\x82\xb3\x24\xfb\x61\xd1\x08\xa9\x4b\xb2\xc8\xe3\xfb"
776         "\xb9\x6a\xda\xb7\x60\xd7\xf4\x68\x1d\x4f\x42\xa3\xde\x39\x4d\xf4"
777         "\xae\x56\xed\xe7\x63\x72\xbb\x19\x0b\x07\xa7\xc8\xee\x0a\x6d\x70"
778         "\x9e\x02\xfc\xe1\xcd\xf7\xe2\xec\xc0\x34\x04\xcd\x28\x34\x2f\x61"
779         "\x91\x72\xfe\x9c\xe9\x85\x83\xff\x8e\x4f\x12\x32\xee\xf2\x81\x83"
780         "\xc3\xfe\x3b\x1b\x4c\x6f\xad\x73\x3b\xb5\xfc\xbc\x2e\xc2\x20\x05"
781         "\xc5\x8e\xf1\x83\x7d\x16\x83\xb2\xc6\xf3\x4a\x26\xc1\xb2\xef\xfa"
782         "\x88\x6b\x42\x38\x61\x1f\xcf\xdc\xde\x35\x5b\x3b\x65\x19\x03\x5b"
783         "\xbc\x34\xf4\xde\xf9\x9c\x02\x38\x61\xb4\x6f\xc9\xd6\xe6\xc9\x07"
784         "\x7a\xd9\x1d\x26\x91\xf7\xf7\xee\x59\x8c\xb0\xfa\xc1\x86\xd9\x1c"
785         "\xae\xfe\x13\x09\x85\x13\x92\x70\xb4\x13\x0c\x93\xbc\x43\x79\x44"
786         "\xf4\xfd\x44\x52\xe2\xd7\x4d\xd3\x64\xf2\xe2\x1e\x71\xf5\x4b\xff"
787         "\x5c\xae\x82\xab\x9c\x9d\xf6\x9e\xe8\x6d\x2b\xc5\x22\x36\x3a\x0d"
788         "\xab\xc5\x21\x97\x9b\x0d\xea\xda\x1d\xbf\x9a\x42\xd5\xc4\x48\x4e"
789         "\x0a\xbc\xd0\x6b\xfa\x53\xdd\xef\x3c\x1b\x20\xee\x3f\xd5\x9d\x7c"
790         "\x25\xe4\x1d\x2b\x66\x9e\x1e\xf1\x6e\x6f\x52\xc3\x16\x4d\xf4\xfb"
791         "\x79\x30\xe9\xe4\xe5\x88\x57\xb6\xac\x7d\x5f\x42\xd6\x9f\x6d\x18"
792         "\x77\x63\xcf\x1d\x55\x03\x40\x04\x87\xf5\x5b\xa5\x7e\x31\xcc\x7a"
793         "\x71\x35\xc8\x86\xef\xb4\x31\x8a\xed\x6a\x1e\x01\x2d\x9e\x68\x32"
794         "\xa9\x07\x60\x0a\x91\x81\x30\xc4\x6d\xc7\x78\xf9\x71\xad\x00\x38"
795         "\x09\x29\x99\xa3\x33\xcb\x8b\x7a\x1a\x1d\xb9\x3d\x71\x40\x00\x3c"
796         "\x2a\x4e\xce\xa9\xf9\x8d\x0a\xcc\x0a\x82\x91\xcd\xce\xc9\x7d\xcf"
797         "\x8e\xc9\xb5\x5a\x7f\x88\xa4\x6b\x4d\xb5\xa8\x51\xf4\x41\x82\xe1"
798         "\xc6\x8a\x00\x7e\x5e\x0d\xd9\x02\x0b\xfd\x64\xb6\x45\x03\x6c\x7a"
799         "\x4e\x67\x7d\x2c\x38\x53\x2a\x3a\x23\xba\x44\x42\xca\xf5\x3e\xa6"
800         "\x3b\xb4\x54\x32\x9b\x76\x24\xc8\x91\x7b\xdd\x64\xb1\xc0\xfd\x4c"
801         "\xb3\x8e\x8c\x33\x4c\x70\x1c\x3a\xcd\xad\x06\x57\xfc\xcf\xec\x71"
802         "\x9b\x1f\x5c\x3e\x4e\x46\x04\x1f\x38\x81\x47\xfb\x4c\xfd\xb4\x77"
803         "\xa5\x24\x71\xf7\xa9\xa9\x69\x10\xb8\x55\x32\x2e\xdb\x63\x40\xd8"
804         "\xa0\x0e\xf0\x92\x35\x05\x11\xe3\x0a\xbe\xc1\xff\xf9\xe3\xa2\x6e"
805         "\x7f\xb2\x9f\x8c\x18\x30\x23\xc3\x58\x7e\x38\xda\x00\x77\xd9\xb4"
806         "\x76\x3e\x4e\x4b\x94\xb2\xbb\xc1\x94\xc6\x65\x1e\x77\xca\xf9\x92"
807         "\xee\xaa\xc0\x23\x2a\x28\x1b\xf6\xb3\xa7\x39\xc1\x22\x61\x16\x82"
808         "\x0a\xe8\xdb\x58\x47\xa6\x7c\xbe\xf9\xc9\x09\x1b\x46\x2d\x53\x8c"
809         "\xd7\x2b\x03\x74\x6a\xe7\x7f\x5e\x62\x29\x2c\x31\x15\x62\xa8\x46"
810         "\x50\x5d\xc8\x2d\xb8\x54\x33\x8a\xe4\x9f\x52\x35\xc9\x5b\x91\x17"
811         "\x8c\xcf\x2d\xd5\xca\xce\xf4\x03\xec\x9d\x18\x10\xc6\x27\x2b\x04"
812         "\x5b\x3b\x71\xf9\xdc\x6b\x80\xd6\x3f\xdd\x4a\x8e\x9a\xdb\x1e\x69"
813         "\x62\xa6\x95\x26\xd4\x31\x61\xc1\xa4\x1d\x57\x0d\x79\x38\xda\xd4"
814         "\xa4\x0e\x32\x9c\xcf\xf4\x6a\xaa\x36\xad\x00\x4c\xf6\x00\xc8\x38"
815         "\x1e\x42\x5a\x31\xd9\x51\xae\x64\xfd\xb2\x3f\xce\xc9\x50\x9d\x43"
816         "\x68\x7f\xeb\x69\xed\xd1\xcc\x5e\x0b\x8c\xc3\xbd\xf6\x4b\x10\xef"
817         "\x86\xb6\x31\x42\xa3\xab\x88\x29\x55\x5b\x2f\x74\x7c\x93\x26\x65"
818         "\xcb\x2c\x0f\x1c\xc0\x1b\xd7\x02\x29\x38\x88\x39\xd2\xaf\x05\xe4"
819         "\x54\x50\x4a\xc7\x8b\x75\x82\x82\x28\x46\xc0\xba\x35\xc3\x5f\x5c"
820         "\x59\x16\x0c\xc0\x46\xfd\x82\x51\x54\x1f\xc6\x8c\x9c\x86\xb0\x22"
821         "\xbb\x70\x99\x87\x6a\x46\x0e\x74\x51\xa8\xa9\x31\x09\x70\x3f\xee"
822         "\x1c\x21\x7e\x6c\x38\x26\xe5\x2c\x51\xaa\x69\x1e\x0e\x42\x3c\xfc"
823         "\x99\xe9\xe3\x16\x50\xc1\x21\x7b\x62\x48\x16\xcd\xad\x9a\x95\xf9"
824         "\xd5\xb8\x01\x94\x88\xd9\xc0\xa0\xa1\xfe\x30\x75\xa5\x77\xe2\x31"
825         "\x83\xf8\x1d\x4a\x3f\x2f\xa4\x57\x1e\xfc\x8c\xe0\xba\x8a\x4f\xe8"
826         "\xb6\x85\x5d\xfe\x72\xb0\xa6\x6e\xde\xd2\xfb\xab\xfb\xe5\x8a\x30"
827         "\xfa\xfa\xbe\x1c\x5d\x71\xa8\x7e\x2f\x74\x1e\xf8\xc1\xfe\x86\xfe"
828         "\xa6\xbb\xfd\xe5\x30\x67\x7f\x0d\x97\xd1\x1d\x49\xf7\xa8\x44\x3d"
829         "\x08\x22\xe5\x06\xa9\xf4\x61\x4e\x01\x1e\x2a\x94\x83\x8f\xf8\x8c"
830         "\xd6\x8c\x8b\xb7\xc5\xc6\x42\x4c\xff\xff\xff\xff\xff\xff\xff\xff",
831 };
832 
833 static int dh_ffdhe2048_create(struct crypto_template *tmpl,
834                                struct rtattr **tb)
835 {
836         return  __dh_safe_prime_create(tmpl, tb, &ffdhe2048_prime);
837 }
838 
839 static int dh_ffdhe3072_create(struct crypto_template *tmpl,
840                                struct rtattr **tb)
841 {
842         return  __dh_safe_prime_create(tmpl, tb, &ffdhe3072_prime);
843 }
844 
845 static int dh_ffdhe4096_create(struct crypto_template *tmpl,
846                                struct rtattr **tb)
847 {
848         return  __dh_safe_prime_create(tmpl, tb, &ffdhe4096_prime);
849 }
850 
851 static int dh_ffdhe6144_create(struct crypto_template *tmpl,
852                                struct rtattr **tb)
853 {
854         return  __dh_safe_prime_create(tmpl, tb, &ffdhe6144_prime);
855 }
856 
857 static int dh_ffdhe8192_create(struct crypto_template *tmpl,
858                                struct rtattr **tb)
859 {
860         return  __dh_safe_prime_create(tmpl, tb, &ffdhe8192_prime);
861 }
862 
863 static struct crypto_template crypto_ffdhe_templates[] = {
864         {
865                 .name = "ffdhe2048",
866                 .create = dh_ffdhe2048_create,
867                 .module = THIS_MODULE,
868         },
869         {
870                 .name = "ffdhe3072",
871                 .create = dh_ffdhe3072_create,
872                 .module = THIS_MODULE,
873         },
874         {
875                 .name = "ffdhe4096",
876                 .create = dh_ffdhe4096_create,
877                 .module = THIS_MODULE,
878         },
879         {
880                 .name = "ffdhe6144",
881                 .create = dh_ffdhe6144_create,
882                 .module = THIS_MODULE,
883         },
884         {
885                 .name = "ffdhe8192",
886                 .create = dh_ffdhe8192_create,
887                 .module = THIS_MODULE,
888         },
889 };
890 
891 #else /* ! CONFIG_CRYPTO_DH_RFC7919_GROUPS */
892 
893 static struct crypto_template crypto_ffdhe_templates[] = {};
894 
895 #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */
896 
897 
898 static int __init dh_init(void)
899 {
900         int err;
901 
902         err = crypto_register_kpp(&dh);
903         if (err)
904                 return err;
905 
906         err = crypto_register_templates(crypto_ffdhe_templates,
907                                         ARRAY_SIZE(crypto_ffdhe_templates));
908         if (err) {
909                 crypto_unregister_kpp(&dh);
910                 return err;
911         }
912 
913         return 0;
914 }
915 
916 static void __exit dh_exit(void)
917 {
918         crypto_unregister_templates(crypto_ffdhe_templates,
919                                     ARRAY_SIZE(crypto_ffdhe_templates));
920         crypto_unregister_kpp(&dh);
921 }
922 
923 subsys_initcall(dh_init);
924 module_exit(dh_exit);
925 MODULE_ALIAS_CRYPTO("dh");
926 MODULE_LICENSE("GPL");
927 MODULE_DESCRIPTION("DH generic algorithm");
928 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php