Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted

- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
This commit is contained in:
Jaeden Amero 2018-01-26 17:52:01 +00:00
commit 784de59ccd
10 changed files with 942 additions and 134 deletions

View File

@ -41,6 +41,9 @@ Security
* Fix a potential heap buffer overread in ALPN extension parsing * Fix a potential heap buffer overread in ALPN extension parsing
(server-side). Could result in application crash, but only if an ALPN (server-side). Could result in application crash, but only if an ALPN
name larger than 16 bytes had been configured on the server. name larger than 16 bytes had been configured on the server.
* Change default choice of DHE parameters from untrustworthy RFC 5114
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
manner.
Features Features
* Allow comments in test data files. * Allow comments in test data files.
@ -96,6 +99,14 @@ New deprecations
mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
that can return an error code. that can return an error code.
* Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
parameters from RFC 3526 or the newly added parameters from RFC 7919.
* Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc.
Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN
etc.
* Deprecate mbedtls_ssl_conf_dh_param for setting default DHE parameters
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin
accepting DHM parameters in binary form, matching the new constants.
Bugfix Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records

View File

@ -630,6 +630,13 @@
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
* If possible, it is recommended users should consider
* preferring other methods of key exchange.
* See dhm.h for more details.
*
*/ */
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@ -729,6 +736,13 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
* If possible, it is recommended users should consider
* preferring other methods of key exchange.
* See dhm.h for more details.
*
*/ */
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@ -1855,6 +1869,13 @@
* *
* This module is used by the following key exchanges: * This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK * DHE-RSA, DHE-PSK
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
* If possible, it is recommended users should consider
* preferring other methods of key exchange.
* See dhm.h for more details.
*
*/ */
#define MBEDTLS_DHM_C #define MBEDTLS_DHM_C

View File

@ -2,6 +2,32 @@
* \file dhm.h * \file dhm.h
* *
* \brief Diffie-Hellman-Merkle key exchange * \brief Diffie-Hellman-Merkle key exchange
*
* \warning The security of the DHM key exchange relies on the proper choice
* of prime modulus - optimally, it should be a safe prime. The usage
* of non-safe primes both decreases the difficulty of the underlying
* discrete logarithm problem and can lead to small subgroup attacks
* leaking private exponent bits when invalid public keys are used
* and not detected. This is especially relevant if the same DHM
* parameters are reused for multiple key exchanges as in static DHM,
* while the criticality of small-subgroup attacks is lower for
* ephemeral DHM.
*
* \warning For performance reasons, the code does neither perform primality
* nor safe primality tests, nor the expensive checks for invalid
* subgroups. Moreover, even if these were performed, non-standardized
* primes cannot be trusted because of the possibility of backdoors
* that can't be effectively checked for.
*
* \warning Diffie-Hellman-Merkle is therefore a security risk when not using
* standardized primes generated using a trustworthy ("nothing up
* my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS
* protocol, DH parameters need to be negotiated, so using the default
* primes systematically is not always an option. If possible, use
* Elliptic Curve Diffie-Hellman (ECDH), which has better performance,
* and for which the TLS protocol mandates the use of standard
* parameters.
*
*/ */
/* /*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@ -20,6 +46,7 @@
* limitations under the License. * limitations under the License.
* *
* This file is part of mbed TLS (https://tls.mbed.org) * This file is part of mbed TLS (https://tls.mbed.org)
*
*/ */
#ifndef MBEDTLS_DHM_H #ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H #define MBEDTLS_DHM_H
@ -44,107 +71,7 @@
#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */
#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3500 /**< Setting the modulus and generator failed. */
/**
* RFC 3526 defines a number of standardized Diffie-Hellman groups
* for IKE.
* RFC 5114 defines a number of standardized Diffie-Hellman groups
* that can be used.
*
* Some are included here for convenience.
*
* Included are:
* RFC 3526 3. 2048-bit MODP Group
* RFC 3526 4. 3072-bit MODP Group
* RFC 3526 5. 4096-bit MODP Group
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF"
#define MBEDTLS_DHM_RFC3526_MODP_2048_G "02"
#define MBEDTLS_DHM_RFC3526_MODP_3072_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
#define MBEDTLS_DHM_RFC3526_MODP_3072_G "02"
#define MBEDTLS_DHM_RFC3526_MODP_4096_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
"FFFFFFFFFFFFFFFF"
#define MBEDTLS_DHM_RFC3526_MODP_4096_G "02"
#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
"CF9DE5384E71B81C0AC4DFFE0C10E64F"
#define MBEDTLS_DHM_RFC5114_MODP_2048_G \
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
"F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
"81BC087F2A7065B384B890D3191F2BFA"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -180,7 +107,13 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
* \brief Parse the ServerKeyExchange parameters * \brief Parse the ServerKeyExchange parameters
* *
* \param ctx DHM context * \param ctx DHM context
* \param p &(start of input buffer) * \param p On input, *p must be the start of the input buffer.
* On output, *p is updated to point to the end of the data
* that has been read. On success, this is the first byte
* past the end of the ServerKeyExchange parameters.
* On error, this is the point at which an error has been
* detected, which is usually not useful except to debug
* failures.
* \param end end of buffer * \param end end of buffer
* *
* \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
@ -199,9 +132,17 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \note The destination buffer must be large enough to hold
* the reduced binary presentation of the modulus, the generator
* and the public key, each wrapped with a 2-byte length field.
* It is the responsibility of the caller to ensure that enough
* space is available. Refer to \c mbedtls_mpi_size to computing
* the byte-size of an MPI.
*
* \note This function assumes that ctx->P and ctx->G * \note This function assumes that ctx->P and ctx->G
* have already been properly set (for example * have already been properly set. For that, use
* using mbedtls_mpi_read_string or mbedtls_mpi_read_binary). * \c mbedtls_dhm_set_group below in conjunction with
* \c mbedtls_mpi_read_binary and \c mbedtls_mpi_read_string.
* *
* \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
*/ */
@ -210,6 +151,22 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );
/**
* \brief Set prime modulus and generator
*
* \param ctx DHM context
* \param P MPI holding DHM prime modulus
* \param G MPI holding DHM generator
*
* \note This function can be used to set P, G
* in preparation for \c mbedtls_dhm_make_params.
*
* \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
*/
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G );
/** /**
* \brief Import the peer's public value G^Y * \brief Import the peer's public value G^Y
* *
@ -228,10 +185,16 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
* \param ctx DHM context * \param ctx DHM context
* \param x_size private value size in bytes * \param x_size private value size in bytes
* \param output destination buffer * \param output destination buffer
* \param olen must be at least equal to the size of P, ctx->len * \param olen size of the destination buffer;
* must be at least equal to the size of P, ctx->len
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \note The destination buffer will always be fully written
* so as to contain a big-endian presentation of G^X mod P.
* If it is larger than ctx->len, it will accordingly be
* padded with zero-bytes in the beginning.
*
* \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
*/ */
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
@ -244,7 +207,8 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
* *
* \param ctx DHM context * \param ctx DHM context
* \param output destination buffer * \param output destination buffer
* \param output_size size of the destination buffer * \param output_size size of the destination buffer, must be at
* at least the size of ctx->len
* \param olen on exit, holds the actual number of bytes written * \param olen on exit, holds the actual number of bytes written
* \param f_rng RNG function, for blinding purposes * \param f_rng RNG function, for blinding purposes
* \param p_rng RNG parameter * \param p_rng RNG parameter
@ -321,4 +285,718 @@ int mbedtls_dhm_self_test( int verbose );
} }
#endif #endif
/**
* RFC 3526, RFC 5114 and RFC 7919 standardize a number of
* Diffie-Hellman groups, some of which are included here
* for use within the SSL/TLS module and the user's convenience
* when configuring the Diffie-Hellman parameters by hand
* through \c mbedtls_ssl_conf_dh_param.
*
* Included are:
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
* RFC 3526 3. 2048-bit MODP Group
* RFC 3526 4. 3072-bit MODP Group
* RFC 3526 5. 4096-bit MODP Group
* RFC 7919 A.1 ffdhe2048
* RFC 7919 A.2 ffdhe3072
* RFC 7919 A.3 ffdhe4096
* RFC 7919 A.4 ffdhe6144
* RFC 7919 A.5 ffdhe8192
*
* The constants with suffix "_p" denote the chosen prime moduli, while
* the constants with suffix "_g" denote the chosen generator
* of the associated prime field.
*
* The constants further suffixed with "_bin" are provided in binary format,
* while all other constants represent null-terminated strings holding the
* hexadecimal presentation of the respective numbers.
*
* The primes from RFC 3526 and RFC 7919 have been generating by the following
* trust-worthy procedure:
* - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number
* the first and last 64 bits are all 1, and the remaining N - 128 bits of
* which are 0x7ff...ff.
* - Add the smallest multiple of the first N - 129 bits of the binary expansion
* of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string
* such that the resulting integer is a safe-prime.
* - The result is the respective RFC 3526 / 7919 prime, and the corresponding
* generator is always chosen to be 2 (which is a square for these prime,
* hence the corresponding subgroup has order (p-1)/2 and avoids leaking a
* bit in the private exponent).
*
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
( (mbedtls_deprecated_constant_t) ( VAL ) )
#else
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#endif /* ! MBEDTLS_DEPRECATED_WARNING */
/**
* \warning The origin of the primes in RFC 5114 is not documented and
* their use therefore constitutes a security risk!
*
* \deprecated The hex-encoded primes from RFC 5114 are deprecated and are
* likely to be removed in a future version of the library without
* replacement.
*/
#define MBEDTLS_DHM_RFC5114_MODP_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
"CF9DE5384E71B81C0AC4DFFE0C10E64F" )
#define MBEDTLS_DHM_RFC5114_MODP_2048_G \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \
"F180EB34118E98D119529A45D6F834566E3025E316A330EF" \
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \
"81BC087F2A7065B384B890D3191F2BFA" )
/**
* \deprecated The hex-encoded primes from RFC 3625 are deprecated and
* superseded by the corresponding macros providing them as
* binary constants. Their hex-encoded constants are likely
* to be removed in a future version of the library.
*
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
#define MBEDTLS_DHM_RFC3526_MODP_2048_G \
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
#define MBEDTLS_DHM_RFC3526_MODP_3072_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
#define MBEDTLS_DHM_RFC3526_MODP_3072_G \
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
#define MBEDTLS_DHM_RFC3526_MODP_4096_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
"FFFFFFFFFFFFFFFF" )
#define MBEDTLS_DHM_RFC3526_MODP_4096_G \
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/*
* Trustworthy DHM parameters in binary form
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \
0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \
0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \
0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \
0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \
0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \
0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \
0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \
0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \
0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \
0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \
0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \
0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \
0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \
0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \
0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
#endif /* dhm.h */ #endif /* dhm.h */

View File

@ -1700,18 +1700,50 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG]) * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
* *
* \param conf SSL configuration * \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
* *
* \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin.
*
* \return 0 if successful * \return 0 if successful
*/ */
int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ); MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
const char *dhm_P,
const char *dhm_G );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the Diffie-Hellman public P and G values
* from big-endian binary presentations.
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
*
* \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
* \param P_len Length of DHM modulus
* \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
* \param G_len Length of DHM generator
*
* \return 0 if successful
*/
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
const unsigned char *dhm_P, size_t P_len,
const unsigned char *dhm_G, size_t G_len );
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,

View File

@ -191,10 +191,15 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
/* /*
* export P, G, GX * export P, G, GX
*/ */
#define DHM_MPI_EXPORT(X,n) \ #define DHM_MPI_EXPORT( X, n ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \ do { \
*p++ = (unsigned char)( n >> 8 ); \ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
*p++ = (unsigned char)( n ); p += n; p + 2, \
( n ) ) ); \
*p++ = (unsigned char)( ( n ) >> 8 ); \
*p++ = (unsigned char)( ( n ) ); \
p += ( n ); \
} while( 0 )
n1 = mbedtls_mpi_size( &ctx->P ); n1 = mbedtls_mpi_size( &ctx->P );
n2 = mbedtls_mpi_size( &ctx->G ); n2 = mbedtls_mpi_size( &ctx->G );
@ -205,7 +210,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
DHM_MPI_EXPORT( &ctx->G , n2 ); DHM_MPI_EXPORT( &ctx->G , n2 );
DHM_MPI_EXPORT( &ctx->GX, n3 ); DHM_MPI_EXPORT( &ctx->GX, n3 );
*olen = p - output; *olen = p - output;
ctx->len = n1; ctx->len = n1;
@ -217,6 +222,28 @@ cleanup:
return( 0 ); return( 0 );
} }
/*
* Set prime modulus and generator
*/
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G )
{
int ret;
if( ctx == NULL || P == NULL || G == NULL )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
{
return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );
}
ctx->len = mbedtls_mpi_size( &ctx->P );
return( 0 );
}
/* /*
* Import the peer's public value G^Y * Import the peer's public value G^Y
*/ */
@ -404,10 +431,11 @@ cleanup:
*/ */
void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
{ {
mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
} }

View File

@ -234,6 +234,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" );
if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) )
mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" ); mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" );
if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) )
mbedtls_snprintf( buf, buflen, "DHM - Setting the modulus and generator failed" );
#endif /* MBEDTLS_DHM_C */ #endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)

View File

@ -2945,10 +2945,11 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
* opaque dh_Ys<1..2^16-1>; * opaque dh_Ys<1..2^16-1>;
* } ServerDHParams; * } ServerDHParams;
*/ */
if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 || if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx,
( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 ) &ssl->conf->dhm_P,
&ssl->conf->dhm_G ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret );
return( ret ); return( ret );
} }

View File

@ -6161,6 +6161,8 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
{ {
int ret; int ret;
@ -6175,6 +6177,24 @@ int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, cons
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_DEPRECATED_REMOVED */
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
const unsigned char *dhm_P, size_t P_len,
const unsigned char *dhm_G, size_t G_len )
{
int ret;
if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
{
mbedtls_mpi_free( &conf->dhm_P );
mbedtls_mpi_free( &conf->dhm_G );
return( ret );
}
return( 0 );
}
int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
{ {
@ -7602,9 +7622,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
if( endpoint == MBEDTLS_SSL_IS_SERVER ) if( endpoint == MBEDTLS_SSL_IS_SERVER )
{ {
if( ( ret = mbedtls_ssl_conf_dh_param( conf, const unsigned char dhm_p[] =
MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) const unsigned char dhm_g[] =
MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
dhm_p, sizeof( dhm_p ),
dhm_g, sizeof( dhm_g ) ) ) != 0 )
{ {
return( ret ); return( ret );
} }

View File

@ -658,14 +658,22 @@ int main( int argc, char *argv[] )
if( todo.dhm ) if( todo.dhm )
{ {
int dhm_sizes[] = { 2048, 3072 }; int dhm_sizes[] = { 2048, 3072 };
const char *dhm_P[] = { const unsigned char dhm_P_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
MBEDTLS_DHM_RFC3526_MODP_3072_P, const unsigned char dhm_P_3072[] =
}; MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
const char *dhm_G[] = { const unsigned char dhm_G_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_G, MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
MBEDTLS_DHM_RFC3526_MODP_3072_G, const unsigned char dhm_G_3072[] =
}; MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
const size_t dhm_P_size[] = { sizeof( dhm_P_2048 ),
sizeof( dhm_P_3072 ) };
const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
const size_t dhm_G_size[] = { sizeof( dhm_G_2048 ),
sizeof( dhm_G_3072 ) };
mbedtls_dhm_context dhm; mbedtls_dhm_context dhm;
size_t olen; size_t olen;
@ -673,8 +681,10 @@ int main( int argc, char *argv[] )
{ {
mbedtls_dhm_init( &dhm ); mbedtls_dhm_init( &dhm );
if( mbedtls_mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 || if( mbedtls_mpi_read_binary( &dhm.P, dhm_P[i],
mbedtls_mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 ) dhm_P_size[i] ) != 0 ||
mbedtls_mpi_read_binary( &dhm.G, dhm_G[i],
dhm_G_size[i] ) != 0 )
{ {
mbedtls_exit( 1 ); mbedtls_exit( 1 );
} }

View File

@ -3082,7 +3082,7 @@ run_test "DHM parameters: reference" \
debug_level=3" \ debug_level=3" \
0 \ 0 \
-c "value of 'DHM: P ' (2048 bits)" \ -c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2048 bits)" -c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \ run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \ "$P_SRV dhm_file=data_files/dhparams.pem" \