1 /*
2  * Diffie-Hellman groups
3  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto.h"
13 #include "random.h"
14 #include "dh_groups.h"
15 
16 
17 #ifdef ALL_DH_GROUPS
18 
19 /* RFC 4306, B.1. Group 1 - 768 Bit MODP
20  * Generator: 2
21  * Prime: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
22  */
23 static const u8 dh_group1_generator[1] = { 0x02 };
24 static const u8 dh_group1_prime[96] = {
25           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
26           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
27           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
28           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
29           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
30           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
31           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
32           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
33           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
34           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
35           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
36           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
37 };
38 static const u8 dh_group1_order[96] = {
39           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
40           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
41           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
42           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
43           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
44           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
45           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
46           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
47           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
48           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
49           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1D, 0x1B, 0x10,
50           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
51 };
52 
53 /* RFC 4306, B.2. Group 2 - 1024 Bit MODP
54  * Generator: 2
55  * Prime: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }
56  */
57 static const u8 dh_group2_generator[1] = { 0x02 };
58 static const u8 dh_group2_prime[128] = {
59           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
60           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
61           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
62           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
63           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
64           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
65           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
66           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
67           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
68           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
69           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
70           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
71           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
72           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
73           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
74           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
75 };
76 static const u8 dh_group2_order[128] = {
77           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
78           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
79           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
80           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
81           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
82           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
83           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
84           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
85           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
86           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
87           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
88           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
89           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
90           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
91           0x24, 0x94, 0x33, 0x28, 0xF6, 0x73, 0x29, 0xC0,
92           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
93 };
94 
95 #endif /* ALL_DH_GROUPS */
96 
97 /* RFC 3526, 2. Group 5 - 1536 Bit MODP
98  * Generator: 2
99  * Prime: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
100  */
101 static const u8 dh_group5_generator[1] = { 0x02 };
102 static const u8 dh_group5_prime[192] = {
103           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
104           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
105           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
106           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
107           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
108           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
109           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
110           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
111           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
112           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
113           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
114           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
115           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
116           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
117           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
118           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
119           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
120           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
121           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
122           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
123           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
124           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
125           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
126           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
127 };
128 static const u8 dh_group5_order[192] = {
129           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
131           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
132           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
133           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
134           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
135           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
136           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
137           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
138           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
139           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
140           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
141           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
142           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
143           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
144           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
145           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
146           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
147           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
148           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
149           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
150           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
151           0x78, 0xBA, 0x36, 0x04, 0x65, 0x11, 0xB9, 0x93,
152           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
153 };
154 
155 #ifdef ALL_DH_GROUPS
156 
157 /* RFC 3526, 3. Group 14 - 2048 Bit MODP
158  * Generator: 2
159  * Prime: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
160  */
161 static const u8 dh_group14_generator[1] = { 0x02 };
162 static const u8 dh_group14_prime[256] = {
163           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
164           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
165           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
166           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
167           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
168           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
169           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
170           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
171           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
172           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
173           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
174           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
175           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
176           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
177           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
178           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
179           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
180           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
181           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
182           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
183           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
184           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
185           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
186           0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
187           0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
188           0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
189           0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
190           0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
191           0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
192           0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
193           0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
194           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
195 };
196 static const u8 dh_group14_order[256] = {
197           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
198           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
199           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
200           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
201           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
202           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
203           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
204           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
205           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
206           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
207           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
208           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
209           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
210           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
211           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
212           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
213           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
214           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
215           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
216           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
217           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
218           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
219           0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
220           0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
221           0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
222           0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
223           0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
224           0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
225           0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
226           0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
227           0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x56, 0x55, 0x34,
228           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
229 };
230 
231 /* RFC 3526, 4. Group 15 - 3072 Bit MODP
232  * Generator: 2
233  * Prime: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
234  */
235 static const u8 dh_group15_generator[1] = { 0x02 };
236 static const u8 dh_group15_prime[384] = {
237           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
238           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
239           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
240           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
241           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
242           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
243           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
244           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
245           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
246           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
247           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
248           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
249           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
250           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
251           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
252           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
253           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
254           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
255           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
256           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
257           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
258           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
259           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
260           0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
261           0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
262           0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
263           0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
264           0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
265           0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
266           0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
267           0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
268           0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
269           0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
270           0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
271           0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
272           0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
273           0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
274           0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
275           0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
276           0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
277           0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
278           0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
279           0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
280           0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
281           0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
282           0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
283           0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
284           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
285 };
286 static const u8 dh_group15_order[384] = {
287           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
288           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
289           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
290           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
291           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
292           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
293           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
294           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
295           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
296           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
297           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
298           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
299           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
300           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
301           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
302           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
303           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
304           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
305           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
306           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
307           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
308           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
309           0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
310           0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
311           0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
312           0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
313           0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
314           0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
315           0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
316           0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
317           0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16,
318           0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19,
319           0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32,
320           0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85,
321           0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E,
322           0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63,
323           0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB,
324           0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE,
325           0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35,
326           0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32,
327           0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32,
328           0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06,
329           0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6,
330           0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71,
331           0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98,
332           0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47,
333           0x25, 0xC1, 0x68, 0x90, 0x54, 0x9D, 0x69, 0x65,
334           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
335 };
336 
337 /* RFC 3526, 5. Group 16 - 4096 Bit MODP
338  * Generator: 2
339  * Prime: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
340  */
341 static const u8 dh_group16_generator[1] = { 0x02 };
342 static const u8 dh_group16_prime[512] = {
343           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
344           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
345           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
346           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
347           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
348           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
349           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
350           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
351           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
352           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
353           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
354           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
355           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
356           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
357           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
358           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
359           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
360           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
361           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
362           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
363           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
364           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
365           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
366           0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
367           0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
368           0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
369           0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
370           0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
371           0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
372           0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
373           0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
374           0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
375           0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
376           0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
377           0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
378           0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
379           0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
380           0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
381           0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
382           0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
383           0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
384           0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
385           0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
386           0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
387           0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
388           0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
389           0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
390           0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
391           0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
392           0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
393           0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
394           0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
395           0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
396           0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
397           0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
398           0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
399           0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
400           0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
401           0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
402           0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
403           0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
404           0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
405           0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
406           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
407 };
408 static const u8 dh_group16_order[512] = {
409           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
410           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
411           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
412           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
413           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
414           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
415           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
416           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
417           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
418           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
419           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
420           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
421           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
422           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
423           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
424           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
425           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
426           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
427           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
428           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
429           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
430           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
431           0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
432           0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
433           0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
434           0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
435           0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
436           0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
437           0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
438           0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
439           0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16,
440           0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19,
441           0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32,
442           0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85,
443           0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E,
444           0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63,
445           0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB,
446           0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE,
447           0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35,
448           0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32,
449           0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32,
450           0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06,
451           0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6,
452           0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71,
453           0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98,
454           0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47,
455           0x25, 0xC1, 0x68, 0x90, 0x54, 0x90, 0x84, 0x00,
456           0x8D, 0x39, 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B,
457           0xC4, 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93,
458           0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, 0x1E,
459           0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, 0x85, 0xED,
460           0x12, 0xC1, 0xF4, 0xE5, 0x15, 0x6A, 0x26, 0x74,
461           0x6D, 0xDD, 0xE1, 0x6D, 0x82, 0x6F, 0x47, 0x7C,
462           0x97, 0x47, 0x7E, 0x0A, 0x0F, 0xDF, 0x65, 0x53,
463           0x14, 0x3E, 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E,
464           0xCC, 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1,
465           0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, 0xF6,
466           0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, 0x6B, 0xD7,
467           0xDC, 0x0D, 0xEE, 0xBB, 0x10, 0xB8, 0x24, 0x0E,
468           0x68, 0x03, 0x48, 0x93, 0xEA, 0xD8, 0x2D, 0x54,
469           0xC9, 0xDA, 0x75, 0x4C, 0x46, 0xC7, 0xEE, 0xE0,
470           0xC3, 0x7F, 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47,
471           0xA6, 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC,
472           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
473 };
474 
475 /* RFC 3526, 6. Group 17 - 6144 Bit MODP
476  * Generator: 2
477  * Prime: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
478  */
479 static const u8 dh_group17_generator[1] = { 0x02 };
480 static const u8 dh_group17_prime[768] = {
481           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
482           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
483           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
484           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
485           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
486           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
487           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
488           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
489           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
490           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
491           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
492           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
493           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
494           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
495           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
496           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
497           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
498           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
499           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
500           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
501           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
502           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
503           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
504           0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
505           0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
506           0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
507           0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
508           0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
509           0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
510           0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
511           0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
512           0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
513           0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
514           0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
515           0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
516           0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
517           0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
518           0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
519           0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
520           0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
521           0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
522           0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
523           0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
524           0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
525           0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
526           0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
527           0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
528           0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
529           0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
530           0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
531           0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
532           0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
533           0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
534           0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
535           0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
536           0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
537           0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
538           0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
539           0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
540           0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
541           0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
542           0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
543           0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
544           0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
545           0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
546           0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
547           0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
548           0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
549           0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
550           0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
551           0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
552           0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
553           0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
554           0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
555           0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
556           0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
557           0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
558           0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
559           0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
560           0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
561           0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
562           0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
563           0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
564           0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
565           0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
566           0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
567           0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
568           0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
569           0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
570           0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
571           0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
572           0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
573           0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
574           0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
575           0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
576           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
577 };
578 static const u8 dh_group17_order[768] = {
579           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
580           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
581           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
582           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
583           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
584           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
585           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
586           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
587           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
588           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
589           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
590           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
591           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
592           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
593           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
594           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
595           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
596           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
597           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
598           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
599           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
600           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
601           0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
602           0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
603           0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
604           0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
605           0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
606           0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
607           0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
608           0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
609           0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16,
610           0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19,
611           0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32,
612           0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85,
613           0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E,
614           0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63,
615           0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB,
616           0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE,
617           0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35,
618           0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32,
619           0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32,
620           0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06,
621           0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6,
622           0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71,
623           0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98,
624           0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47,
625           0x25, 0xC1, 0x68, 0x90, 0x54, 0x90, 0x84, 0x00,
626           0x8D, 0x39, 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B,
627           0xC4, 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93,
628           0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, 0x1E,
629           0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, 0x85, 0xED,
630           0x12, 0xC1, 0xF4, 0xE5, 0x15, 0x6A, 0x26, 0x74,
631           0x6D, 0xDD, 0xE1, 0x6D, 0x82, 0x6F, 0x47, 0x7C,
632           0x97, 0x47, 0x7E, 0x0A, 0x0F, 0xDF, 0x65, 0x53,
633           0x14, 0x3E, 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E,
634           0xCC, 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1,
635           0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, 0xF6,
636           0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, 0x6B, 0xD7,
637           0xDC, 0x0D, 0xEE, 0xBB, 0x10, 0xB8, 0x24, 0x0E,
638           0x68, 0x03, 0x48, 0x93, 0xEA, 0xD8, 0x2D, 0x54,
639           0xC9, 0xDA, 0x75, 0x4C, 0x46, 0xC7, 0xEE, 0xE0,
640           0xC3, 0x7F, 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47,
641           0xA6, 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49,
642           0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, 0x13,
643           0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, 0x23, 0x6F,
644           0x64, 0xBA, 0x8F, 0x3B, 0x1E, 0xDD, 0x1B, 0xDE,
645           0xFC, 0x7F, 0xCA, 0x03, 0x56, 0xCF, 0x29, 0x87,
646           0x72, 0xED, 0x9C, 0x17, 0xA0, 0x98, 0x00, 0xD7,
647           0x58, 0x35, 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18,
648           0x8B, 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C,
649           0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, 0x76,
650           0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, 0x5D, 0x8D,
651           0xED, 0xBF, 0x8A, 0x23, 0xF3, 0x66, 0x12, 0xA5,
652           0x99, 0x90, 0x28, 0xA8, 0x95, 0xEB, 0xD7, 0xA1,
653           0x37, 0xDC, 0x7A, 0x00, 0x9B, 0xC6, 0x69, 0x5F,
654           0xAC, 0xC1, 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76,
655           0x78, 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81,
656           0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, 0x7B,
657           0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, 0x06, 0x41,
658           0x5A, 0xD4, 0x20, 0x18, 0xC8, 0x05, 0x8E, 0x4F,
659           0x2C, 0xF3, 0xE4, 0xBF, 0xDF, 0x63, 0xF4, 0x79,
660           0x91, 0xD4, 0xBD, 0x3F, 0x1B, 0x66, 0x44, 0x5F,
661           0x07, 0x8E, 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62,
662           0xA5, 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55,
663           0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, 0xEC,
664           0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, 0x1B, 0xF0,
665           0x53, 0xCB, 0x8A, 0xF7, 0x79, 0x4D, 0xF1, 0x94,
666           0x03, 0x50, 0xEA, 0xC5, 0xDB, 0xE2, 0xED, 0x3B,
667           0x7A, 0xA8, 0x55, 0x1E, 0xC5, 0x0F, 0xDF, 0xF8,
668           0x75, 0x8C, 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE,
669           0x6D, 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19,
670           0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, 0x34,
671           0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, 0x30, 0x77,
672           0x09, 0x5F, 0x96, 0xAD, 0x85, 0xBA, 0x3A, 0x6B,
673           0x73, 0x4A, 0x7C, 0x8F, 0x36, 0xE6, 0x20, 0x12,
674           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
675 };
676 
677 /* RFC 3526, 7. Group 18 - 8192 Bit MODP
678  * Generator: 2
679  * Prime: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
680  */
681 static const u8 dh_group18_generator[1] = { 0x02 };
682 static const u8 dh_group18_prime[1024] = {
683           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
684           0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
685           0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
686           0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
687           0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
688           0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
689           0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
690           0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
691           0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
692           0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
693           0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
694           0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
695           0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
696           0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
697           0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
698           0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
699           0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
700           0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
701           0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
702           0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
703           0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
704           0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
705           0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
706           0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
707           0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
708           0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
709           0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
710           0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
711           0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
712           0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
713           0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
714           0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
715           0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
716           0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
717           0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
718           0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
719           0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
720           0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
721           0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
722           0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
723           0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
724           0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
725           0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
726           0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
727           0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
728           0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
729           0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
730           0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
731           0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
732           0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
733           0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
734           0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
735           0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
736           0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
737           0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
738           0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
739           0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
740           0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
741           0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
742           0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
743           0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
744           0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
745           0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
746           0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
747           0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
748           0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
749           0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
750           0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
751           0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
752           0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
753           0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
754           0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
755           0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
756           0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
757           0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
758           0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
759           0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
760           0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
761           0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
762           0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
763           0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
764           0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
765           0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
766           0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
767           0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
768           0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
769           0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
770           0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
771           0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
772           0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
773           0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
774           0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
775           0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
776           0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
777           0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
778           0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
779           0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
780           0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
781           0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
782           0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
783           0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
784           0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
785           0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
786           0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
787           0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
788           0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
789           0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
790           0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
791           0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
792           0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
793           0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
794           0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
795           0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
796           0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
797           0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
798           0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
799           0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
800           0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
801           0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
802           0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
803           0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
804           0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
805           0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
806           0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
807           0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
808           0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
809           0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
810           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
811 };
812 static const u8 dh_group18_order[1024] = {
813           0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
814           0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
815           0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
816           0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
817           0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
818           0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
819           0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
820           0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
821           0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
822           0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
823           0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
824           0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
825           0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
826           0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
827           0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
828           0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
829           0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
830           0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
831           0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
832           0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
833           0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
834           0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
835           0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
836           0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
837           0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
838           0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
839           0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
840           0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
841           0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
842           0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
843           0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16,
844           0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19,
845           0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32,
846           0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85,
847           0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E,
848           0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63,
849           0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB,
850           0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE,
851           0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35,
852           0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32,
853           0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32,
854           0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06,
855           0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6,
856           0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71,
857           0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98,
858           0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47,
859           0x25, 0xC1, 0x68, 0x90, 0x54, 0x90, 0x84, 0x00,
860           0x8D, 0x39, 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B,
861           0xC4, 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93,
862           0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, 0x1E,
863           0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, 0x85, 0xED,
864           0x12, 0xC1, 0xF4, 0xE5, 0x15, 0x6A, 0x26, 0x74,
865           0x6D, 0xDD, 0xE1, 0x6D, 0x82, 0x6F, 0x47, 0x7C,
866           0x97, 0x47, 0x7E, 0x0A, 0x0F, 0xDF, 0x65, 0x53,
867           0x14, 0x3E, 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E,
868           0xCC, 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1,
869           0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, 0xF6,
870           0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, 0x6B, 0xD7,
871           0xDC, 0x0D, 0xEE, 0xBB, 0x10, 0xB8, 0x24, 0x0E,
872           0x68, 0x03, 0x48, 0x93, 0xEA, 0xD8, 0x2D, 0x54,
873           0xC9, 0xDA, 0x75, 0x4C, 0x46, 0xC7, 0xEE, 0xE0,
874           0xC3, 0x7F, 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47,
875           0xA6, 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49,
876           0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, 0x13,
877           0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, 0x23, 0x6F,
878           0x64, 0xBA, 0x8F, 0x3B, 0x1E, 0xDD, 0x1B, 0xDE,
879           0xFC, 0x7F, 0xCA, 0x03, 0x56, 0xCF, 0x29, 0x87,
880           0x72, 0xED, 0x9C, 0x17, 0xA0, 0x98, 0x00, 0xD7,
881           0x58, 0x35, 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18,
882           0x8B, 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C,
883           0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, 0x76,
884           0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, 0x5D, 0x8D,
885           0xED, 0xBF, 0x8A, 0x23, 0xF3, 0x66, 0x12, 0xA5,
886           0x99, 0x90, 0x28, 0xA8, 0x95, 0xEB, 0xD7, 0xA1,
887           0x37, 0xDC, 0x7A, 0x00, 0x9B, 0xC6, 0x69, 0x5F,
888           0xAC, 0xC1, 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76,
889           0x78, 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81,
890           0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, 0x7B,
891           0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, 0x06, 0x41,
892           0x5A, 0xD4, 0x20, 0x18, 0xC8, 0x05, 0x8E, 0x4F,
893           0x2C, 0xF3, 0xE4, 0xBF, 0xDF, 0x63, 0xF4, 0x79,
894           0x91, 0xD4, 0xBD, 0x3F, 0x1B, 0x66, 0x44, 0x5F,
895           0x07, 0x8E, 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62,
896           0xA5, 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55,
897           0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, 0xEC,
898           0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, 0x1B, 0xF0,
899           0x53, 0xCB, 0x8A, 0xF7, 0x79, 0x4D, 0xF1, 0x94,
900           0x03, 0x50, 0xEA, 0xC5, 0xDB, 0xE2, 0xED, 0x3B,
901           0x7A, 0xA8, 0x55, 0x1E, 0xC5, 0x0F, 0xDF, 0xF8,
902           0x75, 0x8C, 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE,
903           0x6D, 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19,
904           0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, 0x34,
905           0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, 0x30, 0x77,
906           0x09, 0x5F, 0x96, 0xAD, 0x85, 0xBA, 0x3A, 0x6B,
907           0x73, 0x4A, 0x7C, 0x8F, 0x36, 0xDF, 0x08, 0xAC,
908           0xBA, 0x51, 0xC9, 0x37, 0x89, 0x7F, 0x72, 0xF2,
909           0x1C, 0x3B, 0xBE, 0x5B, 0x54, 0x99, 0x6F, 0xC6,
910           0x6C, 0x5F, 0x62, 0x68, 0x39, 0xDC, 0x98, 0xDD,
911           0x1D, 0xE4, 0x19, 0x5B, 0x46, 0xCE, 0xE9, 0x80,
912           0x3A, 0x0F, 0xD3, 0xDF, 0xC5, 0x7E, 0x23, 0xF6,
913           0x92, 0xBB, 0x7B, 0x49, 0xB5, 0xD2, 0x12, 0x33,
914           0x1D, 0x55, 0xB1, 0xCE, 0x2D, 0x72, 0x7A, 0xB4,
915           0x1A, 0x11, 0xDA, 0x3A, 0x15, 0xF8, 0xE4, 0xBC,
916           0x11, 0xC7, 0x8B, 0x65, 0xF1, 0xCE, 0xB2, 0x96,
917           0xF1, 0xFE, 0xDC, 0x5F, 0x7E, 0x42, 0x45, 0x6C,
918           0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xBE, 0x03,
919           0x89, 0xF5, 0xAB, 0xD4, 0x0D, 0x11, 0xF8, 0x63,
920           0x9A, 0x39, 0xFE, 0x32, 0x36, 0x75, 0x18, 0x35,
921           0xA5, 0xE5, 0xE4, 0x43, 0x17, 0xC1, 0xC2, 0xEE,
922           0xFD, 0x4E, 0xA5, 0xBF, 0xD1, 0x60, 0x43, 0xF4,
923           0x3C, 0xB4, 0x19, 0x81, 0xF6, 0xAD, 0xEE, 0x9D,
924           0x03, 0x15, 0x9E, 0x7A, 0xD9, 0xD1, 0x3C, 0x53,
925           0x36, 0x95, 0x09, 0xFC, 0x1F, 0xA2, 0x7C, 0x16,
926           0xEF, 0x98, 0x87, 0x70, 0x3A, 0x55, 0xB5, 0x1B,
927           0x22, 0xCB, 0xF4, 0x4C, 0xD0, 0x12, 0xAE, 0xE0,
928           0xB2, 0x79, 0x8E, 0x62, 0x84, 0x23, 0x42, 0x8E,
929           0xFC, 0xD5, 0xA4, 0x0C, 0xAE, 0xF6, 0xBF, 0x50,
930           0xD8, 0xEA, 0x88, 0x5E, 0xBF, 0x73, 0xA6, 0xB9,
931           0xFD, 0x79, 0xB5, 0xE1, 0x8F, 0x67, 0xD1, 0x34,
932           0x1A, 0xC8, 0x23, 0x7A, 0x75, 0xC3, 0xCF, 0xC9,
933           0x20, 0x04, 0xA1, 0xC5, 0xA4, 0x0E, 0x36, 0x6B,
934           0xC4, 0x4D, 0x00, 0x17, 0x6A, 0xF7, 0x1C, 0x15,
935           0xE4, 0x8C, 0x86, 0xD3, 0x7E, 0x01, 0x37, 0x23,
936           0xCA, 0xAC, 0x72, 0x23, 0xAB, 0x3B, 0xF4, 0xD5,
937           0x4F, 0x18, 0x28, 0x71, 0x3B, 0x2B, 0x4A, 0x6F,
938           0xE4, 0x0F, 0xAB, 0x74, 0x40, 0x5C, 0xB7, 0x38,
939           0xB0, 0x64, 0xC0, 0x6E, 0xCC, 0x76, 0xE9, 0xEF,
940           0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
941 };
942 
943 /*
944  * RFC 5114, 2.1.
945  * Group 22 - 1024-bit MODP Group with 160-bit Prime Order Subgroup
946  */
947 static const u8 dh_group22_generator[] = {
948           0xA4, 0xD1, 0xCB, 0xD5, 0xC3, 0xFD, 0x34, 0x12,
949           0x67, 0x65, 0xA4, 0x42, 0xEF, 0xB9, 0x99, 0x05,
950           0xF8, 0x10, 0x4D, 0xD2, 0x58, 0xAC, 0x50, 0x7F,
951           0xD6, 0x40, 0x6C, 0xFF, 0x14, 0x26, 0x6D, 0x31,
952           0x26, 0x6F, 0xEA, 0x1E, 0x5C, 0x41, 0x56, 0x4B,
953           0x77, 0x7E, 0x69, 0x0F, 0x55, 0x04, 0xF2, 0x13,
954           0x16, 0x02, 0x17, 0xB4, 0xB0, 0x1B, 0x88, 0x6A,
955           0x5E, 0x91, 0x54, 0x7F, 0x9E, 0x27, 0x49, 0xF4,
956           0xD7, 0xFB, 0xD7, 0xD3, 0xB9, 0xA9, 0x2E, 0xE1,
957           0x90, 0x9D, 0x0D, 0x22, 0x63, 0xF8, 0x0A, 0x76,
958           0xA6, 0xA2, 0x4C, 0x08, 0x7A, 0x09, 0x1F, 0x53,
959           0x1D, 0xBF, 0x0A, 0x01, 0x69, 0xB6, 0xA2, 0x8A,
960           0xD6, 0x62, 0xA4, 0xD1, 0x8E, 0x73, 0xAF, 0xA3,
961           0x2D, 0x77, 0x9D, 0x59, 0x18, 0xD0, 0x8B, 0xC8,
962           0x85, 0x8F, 0x4D, 0xCE, 0xF9, 0x7C, 0x2A, 0x24,
963           0x85, 0x5E, 0x6E, 0xEB, 0x22, 0xB3, 0xB2, 0xE5
964 };
965 static const u8 dh_group22_prime[] = {
966           0xB1, 0x0B, 0x8F, 0x96, 0xA0, 0x80, 0xE0, 0x1D,
967           0xDE, 0x92, 0xDE, 0x5E, 0xAE, 0x5D, 0x54, 0xEC,
968           0x52, 0xC9, 0x9F, 0xBC, 0xFB, 0x06, 0xA3, 0xC6,
969           0x9A, 0x6A, 0x9D, 0xCA, 0x52, 0xD2, 0x3B, 0x61,
970           0x60, 0x73, 0xE2, 0x86, 0x75, 0xA2, 0x3D, 0x18,
971           0x98, 0x38, 0xEF, 0x1E, 0x2E, 0xE6, 0x52, 0xC0,
972           0x13, 0xEC, 0xB4, 0xAE, 0xA9, 0x06, 0x11, 0x23,
973           0x24, 0x97, 0x5C, 0x3C, 0xD4, 0x9B, 0x83, 0xBF,
974           0xAC, 0xCB, 0xDD, 0x7D, 0x90, 0xC4, 0xBD, 0x70,
975           0x98, 0x48, 0x8E, 0x9C, 0x21, 0x9A, 0x73, 0x72,
976           0x4E, 0xFF, 0xD6, 0xFA, 0xE5, 0x64, 0x47, 0x38,
977           0xFA, 0xA3, 0x1A, 0x4F, 0xF5, 0x5B, 0xCC, 0xC0,
978           0xA1, 0x51, 0xAF, 0x5F, 0x0D, 0xC8, 0xB4, 0xBD,
979           0x45, 0xBF, 0x37, 0xDF, 0x36, 0x5C, 0x1A, 0x65,
980           0xE6, 0x8C, 0xFD, 0xA7, 0x6D, 0x4D, 0xA7, 0x08,
981           0xDF, 0x1F, 0xB2, 0xBC, 0x2E, 0x4A, 0x43, 0x71
982 };
983 static const u8 dh_group22_order[] = {
984           0xF5, 0x18, 0xAA, 0x87, 0x81, 0xA8, 0xDF, 0x27,
985           0x8A, 0xBA, 0x4E, 0x7D, 0x64, 0xB7, 0xCB, 0x9D,
986           0x49, 0x46, 0x23, 0x53
987 };
988 
989 /*
990  * RFC 5114, 2.2.
991  * Group 23 - 2048-bit MODP Group with 224-bit Prime Order Subgroup
992  */
993 static const u8 dh_group23_generator[] = {
994           0xAC, 0x40, 0x32, 0xEF, 0x4F, 0x2D, 0x9A, 0xE3,
995           0x9D, 0xF3, 0x0B, 0x5C, 0x8F, 0xFD, 0xAC, 0x50,
996           0x6C, 0xDE, 0xBE, 0x7B, 0x89, 0x99, 0x8C, 0xAF,
997           0x74, 0x86, 0x6A, 0x08, 0xCF, 0xE4, 0xFF, 0xE3,
998           0xA6, 0x82, 0x4A, 0x4E, 0x10, 0xB9, 0xA6, 0xF0,
999           0xDD, 0x92, 0x1F, 0x01, 0xA7, 0x0C, 0x4A, 0xFA,
1000           0xAB, 0x73, 0x9D, 0x77, 0x00, 0xC2, 0x9F, 0x52,
1001           0xC5, 0x7D, 0xB1, 0x7C, 0x62, 0x0A, 0x86, 0x52,
1002           0xBE, 0x5E, 0x90, 0x01, 0xA8, 0xD6, 0x6A, 0xD7,
1003           0xC1, 0x76, 0x69, 0x10, 0x19, 0x99, 0x02, 0x4A,
1004           0xF4, 0xD0, 0x27, 0x27, 0x5A, 0xC1, 0x34, 0x8B,
1005           0xB8, 0xA7, 0x62, 0xD0, 0x52, 0x1B, 0xC9, 0x8A,
1006           0xE2, 0x47, 0x15, 0x04, 0x22, 0xEA, 0x1E, 0xD4,
1007           0x09, 0x93, 0x9D, 0x54, 0xDA, 0x74, 0x60, 0xCD,
1008           0xB5, 0xF6, 0xC6, 0xB2, 0x50, 0x71, 0x7C, 0xBE,
1009           0xF1, 0x80, 0xEB, 0x34, 0x11, 0x8E, 0x98, 0xD1,
1010           0x19, 0x52, 0x9A, 0x45, 0xD6, 0xF8, 0x34, 0x56,
1011           0x6E, 0x30, 0x25, 0xE3, 0x16, 0xA3, 0x30, 0xEF,
1012           0xBB, 0x77, 0xA8, 0x6F, 0x0C, 0x1A, 0xB1, 0x5B,
1013           0x05, 0x1A, 0xE3, 0xD4, 0x28, 0xC8, 0xF8, 0xAC,
1014           0xB7, 0x0A, 0x81, 0x37, 0x15, 0x0B, 0x8E, 0xEB,
1015           0x10, 0xE1, 0x83, 0xED, 0xD1, 0x99, 0x63, 0xDD,
1016           0xD9, 0xE2, 0x63, 0xE4, 0x77, 0x05, 0x89, 0xEF,
1017           0x6A, 0xA2, 0x1E, 0x7F, 0x5F, 0x2F, 0xF3, 0x81,
1018           0xB5, 0x39, 0xCC, 0xE3, 0x40, 0x9D, 0x13, 0xCD,
1019           0x56, 0x6A, 0xFB, 0xB4, 0x8D, 0x6C, 0x01, 0x91,
1020           0x81, 0xE1, 0xBC, 0xFE, 0x94, 0xB3, 0x02, 0x69,
1021           0xED, 0xFE, 0x72, 0xFE, 0x9B, 0x6A, 0xA4, 0xBD,
1022           0x7B, 0x5A, 0x0F, 0x1C, 0x71, 0xCF, 0xFF, 0x4C,
1023           0x19, 0xC4, 0x18, 0xE1, 0xF6, 0xEC, 0x01, 0x79,
1024           0x81, 0xBC, 0x08, 0x7F, 0x2A, 0x70, 0x65, 0xB3,
1025           0x84, 0xB8, 0x90, 0xD3, 0x19, 0x1F, 0x2B, 0xFA
1026 };
1027 static const u8 dh_group23_prime[] = {
1028           0xAD, 0x10, 0x7E, 0x1E, 0x91, 0x23, 0xA9, 0xD0,
1029           0xD6, 0x60, 0xFA, 0xA7, 0x95, 0x59, 0xC5, 0x1F,
1030           0xA2, 0x0D, 0x64, 0xE5, 0x68, 0x3B, 0x9F, 0xD1,
1031           0xB5, 0x4B, 0x15, 0x97, 0xB6, 0x1D, 0x0A, 0x75,
1032           0xE6, 0xFA, 0x14, 0x1D, 0xF9, 0x5A, 0x56, 0xDB,
1033           0xAF, 0x9A, 0x3C, 0x40, 0x7B, 0xA1, 0xDF, 0x15,
1034           0xEB, 0x3D, 0x68, 0x8A, 0x30, 0x9C, 0x18, 0x0E,
1035           0x1D, 0xE6, 0xB8, 0x5A, 0x12, 0x74, 0xA0, 0xA6,
1036           0x6D, 0x3F, 0x81, 0x52, 0xAD, 0x6A, 0xC2, 0x12,
1037           0x90, 0x37, 0xC9, 0xED, 0xEF, 0xDA, 0x4D, 0xF8,
1038           0xD9, 0x1E, 0x8F, 0xEF, 0x55, 0xB7, 0x39, 0x4B,
1039           0x7A, 0xD5, 0xB7, 0xD0, 0xB6, 0xC1, 0x22, 0x07,
1040           0xC9, 0xF9, 0x8D, 0x11, 0xED, 0x34, 0xDB, 0xF6,
1041           0xC6, 0xBA, 0x0B, 0x2C, 0x8B, 0xBC, 0x27, 0xBE,
1042           0x6A, 0x00, 0xE0, 0xA0, 0xB9, 0xC4, 0x97, 0x08,
1043           0xB3, 0xBF, 0x8A, 0x31, 0x70, 0x91, 0x88, 0x36,
1044           0x81, 0x28, 0x61, 0x30, 0xBC, 0x89, 0x85, 0xDB,
1045           0x16, 0x02, 0xE7, 0x14, 0x41, 0x5D, 0x93, 0x30,
1046           0x27, 0x82, 0x73, 0xC7, 0xDE, 0x31, 0xEF, 0xDC,
1047           0x73, 0x10, 0xF7, 0x12, 0x1F, 0xD5, 0xA0, 0x74,
1048           0x15, 0x98, 0x7D, 0x9A, 0xDC, 0x0A, 0x48, 0x6D,
1049           0xCD, 0xF9, 0x3A, 0xCC, 0x44, 0x32, 0x83, 0x87,
1050           0x31, 0x5D, 0x75, 0xE1, 0x98, 0xC6, 0x41, 0xA4,
1051           0x80, 0xCD, 0x86, 0xA1, 0xB9, 0xE5, 0x87, 0xE8,
1052           0xBE, 0x60, 0xE6, 0x9C, 0xC9, 0x28, 0xB2, 0xB9,
1053           0xC5, 0x21, 0x72, 0xE4, 0x13, 0x04, 0x2E, 0x9B,
1054           0x23, 0xF1, 0x0B, 0x0E, 0x16, 0xE7, 0x97, 0x63,
1055           0xC9, 0xB5, 0x3D, 0xCF, 0x4B, 0xA8, 0x0A, 0x29,
1056           0xE3, 0xFB, 0x73, 0xC1, 0x6B, 0x8E, 0x75, 0xB9,
1057           0x7E, 0xF3, 0x63, 0xE2, 0xFF, 0xA3, 0x1F, 0x71,
1058           0xCF, 0x9D, 0xE5, 0x38, 0x4E, 0x71, 0xB8, 0x1C,
1059           0x0A, 0xC4, 0xDF, 0xFE, 0x0C, 0x10, 0xE6, 0x4F
1060 };
1061 static const u8 dh_group23_order[] = {
1062           0x80, 0x1C, 0x0D, 0x34, 0xC5, 0x8D, 0x93, 0xFE,
1063           0x99, 0x71, 0x77, 0x10, 0x1F, 0x80, 0x53, 0x5A,
1064           0x47, 0x38, 0xCE, 0xBC, 0xBF, 0x38, 0x9A, 0x99,
1065           0xB3, 0x63, 0x71, 0xEB
1066 };
1067 
1068 /*
1069  * RFC 5114, 2.3.
1070  * Group 24 - 2048-bit MODP Group with 256-bit Prime Order Subgroup
1071  */
1072 static const u8 dh_group24_generator[] = {
1073           0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B,
1074           0x2E, 0x77, 0x50, 0x66, 0x60, 0xED, 0xBD, 0x48,
1075           0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
1076           0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25,
1077           0x10, 0xDB, 0xC1, 0x50, 0x77, 0xBE, 0x46, 0x3F,
1078           0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
1079           0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1,
1080           0xBC, 0x37, 0x73, 0xBF, 0x7E, 0x8C, 0x6F, 0x62,
1081           0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
1082           0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65,
1083           0x01, 0x96, 0xF9, 0x31, 0xC7, 0x7A, 0x57, 0xF2,
1084           0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
1085           0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62,
1086           0x8A, 0xC3, 0x76, 0xD2, 0x82, 0xD6, 0xED, 0x38,
1087           0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
1088           0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93,
1089           0xB5, 0x04, 0x5A, 0xF2, 0x76, 0x71, 0x64, 0xE1,
1090           0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
1091           0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80,
1092           0xD0, 0x52, 0xB9, 0x85, 0xD1, 0x82, 0xEA, 0x0A,
1093           0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
1094           0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9,
1095           0xB7, 0xD2, 0xBB, 0xD2, 0xDF, 0x01, 0x61, 0x99,
1096           0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
1097           0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37,
1098           0x7F, 0xD0, 0x28, 0x37, 0x0D, 0xF9, 0x2B, 0x52,
1099           0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
1100           0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3,
1101           0x2F, 0x63, 0x07, 0x84, 0x90, 0xF0, 0x0E, 0xF8,
1102           0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
1103           0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82,
1104           0x66, 0x4B, 0x4C, 0x0F, 0x6C, 0xC4, 0x16, 0x59
1105 };
1106 static const u8 dh_group24_prime[] = {
1107           0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C,
1108           0xFF, 0xBB, 0xD1, 0x9C, 0x65, 0x19, 0x59, 0x99,
1109           0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
1110           0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00,
1111           0xE0, 0x0D, 0xF8, 0xF1, 0xD6, 0x19, 0x57, 0xD4,
1112           0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
1113           0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA,
1114           0x3B, 0xF4, 0x29, 0x6D, 0x83, 0x0E, 0x9A, 0x7C,
1115           0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
1116           0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED,
1117           0x91, 0xF9, 0xE6, 0x72, 0x5B, 0x47, 0x58, 0xC0,
1118           0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
1119           0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88,
1120           0xB9, 0x41, 0xF5, 0x4E, 0xB1, 0xE5, 0x9B, 0xB8,
1121           0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
1122           0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76,
1123           0xB6, 0x3A, 0xCA, 0xE1, 0xCA, 0xA6, 0xB7, 0x90,
1124           0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
1125           0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB,
1126           0x3A, 0xD8, 0x34, 0x77, 0x96, 0x52, 0x4D, 0x8E,
1127           0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
1128           0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25,
1129           0x1C, 0xCA, 0xCB, 0x83, 0xE6, 0xB4, 0x86, 0xF6,
1130           0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
1131           0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56,
1132           0xDE, 0xD4, 0x01, 0x0A, 0xBD, 0x0B, 0xE6, 0x21,
1133           0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
1134           0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03,
1135           0xA4, 0xB5, 0x43, 0x30, 0xC1, 0x98, 0xAF, 0x12,
1136           0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
1137           0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA,
1138           0xDB, 0x09, 0x4A, 0xE9, 0x1E, 0x1A, 0x15, 0x97
1139 };
1140 static const u8 dh_group24_order[] = {
1141           0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97,
1142           0xB4, 0x47, 0x99, 0x76, 0x40, 0x12, 0x9D, 0xA2,
1143           0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
1144           0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
1145 };
1146 
1147 #endif /* ALL_DH_GROUPS */
1148 
1149 
1150 #define DH_GROUP(id,safe) \
1151 { id, dh_group ## id ## _generator, sizeof(dh_group ## id ## _generator), \
1152 dh_group ## id ## _prime, sizeof(dh_group ## id ## _prime), \
1153 dh_group ## id ## _order, sizeof(dh_group ## id ## _order), safe }
1154 
1155 
1156 static const struct dh_group dh_groups[] = {
1157           DH_GROUP(5, 1),
1158 #ifdef ALL_DH_GROUPS
1159           DH_GROUP(1, 1),
1160           DH_GROUP(2, 1),
1161           DH_GROUP(14, 1),
1162           DH_GROUP(15, 1),
1163           DH_GROUP(16, 1),
1164           DH_GROUP(17, 1),
1165           DH_GROUP(18, 1),
1166           DH_GROUP(22, 0),
1167           DH_GROUP(23, 0),
1168           DH_GROUP(24, 0)
1169 #endif /* ALL_DH_GROUPS */
1170 };
1171 
1172 #define NUM_DH_GROUPS ARRAY_SIZE(dh_groups)
1173 
1174 
dh_groups_get(int id)1175 const struct dh_group * dh_groups_get(int id)
1176 {
1177           size_t i;
1178 
1179           for (i = 0; i < NUM_DH_GROUPS; i++) {
1180                     if (dh_groups[i].id == id)
1181                               return &dh_groups[i];
1182           }
1183           return NULL;
1184 }
1185 
1186 
1187 /**
1188  * dh_init - Initialize Diffie-Hellman handshake
1189  * @dh: Selected Diffie-Hellman group
1190  * @priv: Pointer for returning Diffie-Hellman private key
1191  * Returns: Diffie-Hellman public value
1192  */
dh_init(const struct dh_group * dh,struct wpabuf ** priv)1193 struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
1194 {
1195           struct wpabuf *pv;
1196           size_t pv_len;
1197 
1198           if (dh == NULL)
1199                     return NULL;
1200 
1201           wpabuf_clear_free(*priv);
1202           *priv = wpabuf_alloc(dh->prime_len);
1203           if (*priv == NULL)
1204                     return NULL;
1205 
1206           pv_len = dh->prime_len;
1207           pv = wpabuf_alloc(pv_len);
1208           if (pv == NULL) {
1209                     wpabuf_clear_free(*priv);
1210                     *priv = NULL;
1211                     return NULL;
1212           }
1213           if (crypto_dh_init(*dh->generator, dh->prime, dh->prime_len,
1214                                  wpabuf_mhead(*priv), wpabuf_mhead(pv)) < 0) {
1215                     wpabuf_clear_free(pv);
1216                     wpa_printf(MSG_INFO, "DH: crypto_dh_init failed");
1217                     wpabuf_clear_free(*priv);
1218                     *priv = NULL;
1219                     return NULL;
1220           }
1221           wpabuf_put(*priv, dh->prime_len);
1222           wpabuf_put(pv, dh->prime_len);
1223           wpa_hexdump_buf_key(MSG_DEBUG, "DH: private value", *priv);
1224           wpa_hexdump_buf(MSG_DEBUG, "DH: public value", pv);
1225 
1226           return pv;
1227 }
1228 
1229 
1230 /**
1231  * dh_derive_shared - Derive shared Diffie-Hellman key
1232  * @peer_public: Diffie-Hellman public value from peer
1233  * @own_private: Diffie-Hellman private key from dh_init()
1234  * @dh: Selected Diffie-Hellman group
1235  * Returns: Diffie-Hellman shared key
1236  */
dh_derive_shared(const struct wpabuf * peer_public,const struct wpabuf * own_private,const struct dh_group * dh)1237 struct wpabuf * dh_derive_shared(const struct wpabuf *peer_public,
1238                                          const struct wpabuf *own_private,
1239                                          const struct dh_group *dh)
1240 {
1241           struct wpabuf *shared;
1242           size_t shared_len;
1243 
1244           if (dh == NULL || peer_public == NULL || own_private == NULL)
1245                     return NULL;
1246 
1247           shared_len = dh->prime_len;
1248           shared = wpabuf_alloc(shared_len);
1249           if (shared == NULL)
1250                     return NULL;
1251           if (crypto_dh_derive_secret(*dh->generator, dh->prime, dh->prime_len,
1252                                             dh->order, dh->order_len,
1253                                             wpabuf_head(own_private),
1254                                             wpabuf_len(own_private),
1255                                             wpabuf_head(peer_public),
1256                                             wpabuf_len(peer_public),
1257                                             wpabuf_mhead(shared), &shared_len) < 0) {
1258                     wpabuf_clear_free(shared);
1259                     wpa_printf(MSG_INFO, "DH: crypto_dh_derive_secret failed");
1260                     return NULL;
1261           }
1262           wpabuf_put(shared, shared_len);
1263           wpa_hexdump_buf_key(MSG_DEBUG, "DH: shared key", shared);
1264 
1265           return shared;
1266 }
1267