1 /*
2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/bn.h>
11 #include "crypto/bn_dh.h"
12
13 #define COPY_BN(dst, src) (dst != NULL) ? BN_copy(dst, &src) : BN_dup(&src)
14
15
16 /*-
17 * "First Oakley Default Group" from RFC2409, section 6.1.
18 *
19 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
20 *
21 * RFC2409 specifies a generator of 2.
22 * RFC2412 specifies a generator of of 22.
23 */
24
BN_get_rfc2409_prime_768(BIGNUM * bn)25 BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
26 {
27 static const unsigned char RFC2409_PRIME_768[] = {
28 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
29 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
30 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
31 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
32 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
33 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
34 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
35 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
36 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
37 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
38 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
39 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
40 };
41 return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
42 }
43
44 /*-
45 * "Second Oakley Default Group" from RFC2409, section 6.2.
46 *
47 * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
48 *
49 * RFC2409 specifies a generator of 2.
50 * RFC2412 specifies a generator of 22.
51 */
52
BN_get_rfc2409_prime_1024(BIGNUM * bn)53 BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
54 {
55 static const unsigned char RFC2409_PRIME_1024[] = {
56 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
57 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
58 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
59 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
60 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
61 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
62 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
63 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
64 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
65 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
66 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
67 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
68 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
69 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
70 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
71 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
72 };
73 return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
74 }
75
76 /*-
77 * "1536-bit MODP Group" from RFC3526, Section 2.
78 *
79 * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
80 *
81 * RFC3526 specifies a generator of 2.
82 * RFC2312 specifies a generator of 22.
83 */
84
BN_get_rfc3526_prime_1536(BIGNUM * bn)85 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
86 {
87 return COPY_BN(bn, ossl_bignum_modp_1536_p);
88 }
89
90 /*-
91 * "2048-bit MODP Group" from RFC3526, Section 3.
92 *
93 * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
94 *
95 * RFC3526 specifies a generator of 2.
96 */
97
BN_get_rfc3526_prime_2048(BIGNUM * bn)98 BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
99 {
100 return COPY_BN(bn, ossl_bignum_modp_2048_p);
101 }
102
103 /*-
104 * "3072-bit MODP Group" from RFC3526, Section 4.
105 *
106 * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
107 *
108 * RFC3526 specifies a generator of 2.
109 */
110
BN_get_rfc3526_prime_3072(BIGNUM * bn)111 BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
112 {
113 return COPY_BN(bn, ossl_bignum_modp_3072_p);
114 }
115
116 /*-
117 * "4096-bit MODP Group" from RFC3526, Section 5.
118 *
119 * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
120 *
121 * RFC3526 specifies a generator of 2.
122 */
123
BN_get_rfc3526_prime_4096(BIGNUM * bn)124 BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
125 {
126 return COPY_BN(bn, ossl_bignum_modp_4096_p);
127 }
128
129 /*-
130 * "6144-bit MODP Group" from RFC3526, Section 6.
131 *
132 * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
133 *
134 * RFC3526 specifies a generator of 2.
135 */
136
BN_get_rfc3526_prime_6144(BIGNUM * bn)137 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
138 {
139 return COPY_BN(bn, ossl_bignum_modp_6144_p);
140 }
141
142 /*-
143 * "8192-bit MODP Group" from RFC3526, Section 7.
144 *
145 * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
146 *
147 * RFC3526 specifies a generator of 2.
148 */
149
BN_get_rfc3526_prime_8192(BIGNUM * bn)150 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
151 {
152 return COPY_BN(bn, ossl_bignum_modp_8192_p);
153 }
154