1/*
2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/bn.h>
11#include "crypto/bn_dh.h"
12
13#define COPY_BN(dst, src) (dst != NULL) ? BN_copy(dst, &src) : BN_dup(&src)
14
15
16/*-
17 * "First Oakley Default Group" from RFC2409, section 6.1.
18 *
19 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
20 *
21 * RFC2409 specifies a generator of 2.
22 * RFC2412 specifies a generator of of 22.
23 */
24
25BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
26{
27    static const unsigned char RFC2409_PRIME_768[] = {
28        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
29        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
30        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
31        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
32        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
33        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
34        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
35        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
36        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
37        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
38        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
39        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
40    };
41    return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
42}
43
44/*-
45 * "Second Oakley Default Group" from RFC2409, section 6.2.
46 *
47 * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
48 *
49 * RFC2409 specifies a generator of 2.
50 * RFC2412 specifies a generator of 22.
51 */
52
53BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
54{
55    static const unsigned char RFC2409_PRIME_1024[] = {
56        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
57        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
58        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
59        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
60        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
61        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
62        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
63        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
64        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
65        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
66        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
67        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
68        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
69        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
70        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
71        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
72    };
73    return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
74}
75
76/*-
77 * "1536-bit MODP Group" from RFC3526, Section 2.
78 *
79 * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
80 *
81 * RFC3526 specifies a generator of 2.
82 * RFC2312 specifies a generator of 22.
83 */
84
85#ifndef FIPS_MODULE
86BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
87{
88    return COPY_BN(bn, ossl_bignum_modp_1536_p);
89}
90#endif
91
92/*-
93 * "2048-bit MODP Group" from RFC3526, Section 3.
94 *
95 * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
96 *
97 * RFC3526 specifies a generator of 2.
98 */
99
100BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
101{
102    return COPY_BN(bn, ossl_bignum_modp_2048_p);
103}
104
105/*-
106 * "3072-bit MODP Group" from RFC3526, Section 4.
107 *
108 * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
109 *
110 * RFC3526 specifies a generator of 2.
111 */
112
113BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
114{
115    return COPY_BN(bn, ossl_bignum_modp_3072_p);
116}
117
118/*-
119 * "4096-bit MODP Group" from RFC3526, Section 5.
120 *
121 * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
122 *
123 * RFC3526 specifies a generator of 2.
124 */
125
126BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
127{
128    return COPY_BN(bn, ossl_bignum_modp_4096_p);
129}
130
131/*-
132 * "6144-bit MODP Group" from RFC3526, Section 6.
133 *
134 * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
135 *
136 * RFC3526 specifies a generator of 2.
137 */
138
139BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
140{
141    return COPY_BN(bn, ossl_bignum_modp_6144_p);
142}
143
144/*-
145 * "8192-bit MODP Group" from RFC3526, Section 7.
146 *
147 * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
148 *
149 * RFC3526 specifies a generator of 2.
150 */
151
152BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
153{
154    return COPY_BN(bn, ossl_bignum_modp_8192_p);
155}
156