Initial version of Crypto Simplified Interface (CSI).

This is a code base that intends on providing a simplified interface for
mid-level cryptographic operations. In due course various applications and
libraries will be able to benefit from a clean and robust API, rather than
using libcrypto or other similar APIs directly.

Discussed at length with deraadt@, djm@, markus@, beck@ and others.

9 files changed, 1305 insertions, 0 deletions

diff --git a/lib/libcsi/Makefile b/lib/libcsi/Makefile
new file mode 100644
index 00000000000..0a98ea61b49
--- /dev/null
+++ b/lib/libcsi/Makefile
@@ -0,0 +1,49 @@
+#	$OpenBSD: Makefile,v 1.1 2018/06/02 17:40:33 jsing Exp $
+
+.include <bsd.own.mk>
+.ifndef NOMAN
+#SUBDIR=	man
+.endif
+
+CFLAGS+= -Wall -Wimplicit -Wundef
+.if ${COMPILER_VERSION:L} == "clang"
+CFLAGS+= -Werror
+.endif
+CFLAGS+= -DLIBRESSL_INTERNAL
+CFLAGS+= -I ${.CURDIR}
+
+CLEANFILES= ${VERSION_SCRIPT}
+
+WARNINGS= Yes
+
+LIB=	csi
+
+DPADD=	${LIBCRYPTO}
+
+LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
+
+VERSION_SCRIPT=	Symbols.map
+SYMBOL_LIST=	${.CURDIR}/Symbols.list
+
+HDRS=	csi.h
+
+SRCS=	csi.c \
+	csi_dh.c \
+	csi_dh_groups.c \
+	csi_util.c
+
+#includes:
+#	@cd ${.CURDIR}; for i in $(HDRS); do \
+#	    j="cmp -s $$i ${DESTDIR}/usr/include/$$i || \
+#	    ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+#		${DESTDIR}/usr/include/"; \
+#	    echo $$j; \
+#	    eval "$$j"; \
+#	done;
+
+${VERSION_SCRIPT}: ${SYMBOL_LIST}
+	{ printf '{\n\tglobal:\n'; \
+	  sed '/^[._a-zA-Z]/s/$$/;/; s/^/		/' ${SYMBOL_LIST}; \
+	  printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+
+.include <bsd.lib.mk>
diff --git a/lib/libcsi/Symbols.list b/lib/libcsi/Symbols.list
new file mode 100644
index 00000000000..fec2a96fb1a
--- /dev/null
+++ b/lib/libcsi/Symbols.list
@@ -0,0 +1,23 @@
+csi_dh_derive_shared_key
+csi_dh_error
+csi_dh_error_code
+csi_dh_free
+csi_dh_generate_keys
+csi_dh_modp_group1
+csi_dh_modp_group14
+csi_dh_modp_group15
+csi_dh_modp_group16
+csi_dh_modp_group17
+csi_dh_modp_group18
+csi_dh_modp_group2
+csi_dh_modp_group5
+csi_dh_new
+csi_dh_params
+csi_dh_params_free
+csi_dh_peer_public_key
+csi_dh_public_free
+csi_dh_public_key
+csi_dh_set_params
+csi_dh_set_peer_public
+csi_dh_shared_free
+csi_dh_size_bits
diff --git a/lib/libcsi/csi.c b/lib/libcsi/csi.c
new file mode 100644
index 00000000000..c63c4005f48
--- /dev/null
+++ b/lib/libcsi/csi.c
@@ -0,0 +1,93 @@
+/* $OpenBSD: csi.c,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2014, 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <errno.h>
+#include <string.h>
+
+#include <csi.h>
+
+#include "csi_internal.h"
+
+void
+csi_err_clear(struct csi_err *err)
+{
+	err->code = 0;
+	err->errnum = 0;
+	free(err->msg);
+	err->msg = NULL;
+}
+
+static int
+csi_err_vset(struct csi_err *err, u_int code, int errnum, const char *fmt, va_list ap)
+{
+	char *errmsg = NULL;
+	int rv = -1;
+
+	csi_err_clear(err);
+
+	err->code = code;
+	err->errnum = errnum;
+
+	if (vasprintf(&errmsg, fmt, ap) == -1) {
+		errmsg = NULL;
+		goto err;
+	}
+
+	if (errnum == -1) {
+		err->msg = errmsg;
+		return (0);
+	}
+
+	if (asprintf(&err->msg, "%s: %s", errmsg, strerror(errnum)) == -1) {
+		err->msg = NULL;
+		goto err;
+	}
+	rv = 0;
+
+ err:
+	free(errmsg);
+
+	return (rv);
+}
+
+int
+csi_err_set(struct csi_err *err, u_int code, const char *fmt, ...)
+{
+	va_list ap;
+	int errnum, rv;
+
+	errnum = errno;
+
+	va_start(ap, fmt);
+	rv = csi_err_vset(err, code, errnum, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+csi_err_setx(struct csi_err *err, u_int code, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	rv = csi_err_vset(err, code, -1, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
diff --git a/lib/libcsi/csi.h b/lib/libcsi/csi.h
new file mode 100644
index 00000000000..c5fbad99914
--- /dev/null
+++ b/lib/libcsi/csi.h
@@ -0,0 +1,96 @@
+/* $OpenBSD: csi.h,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_CSI_H
+#define HEADER_CSI_H
+
+#include <sys/types.h>
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CSI_ERR_MEM	1	/* Out of memory. */
+#define CSI_ERR_INVAL	2	/* Invalid argument. */
+#define CSI_ERR_CRYPTO	3	/* Crypto failure. */
+
+/*
+ * Primitives.
+ */
+struct csi_integer {
+	const uint8_t *data;
+	size_t len;
+};
+
+/*
+ * Diffie-Hellman Key Exchange.
+ */
+
+struct csi_dh;
+
+struct csi_dh_params {
+	struct csi_integer g;
+	struct csi_integer p;
+};
+
+struct csi_dh_public {
+	struct csi_integer key;
+};
+
+struct csi_dh_shared {
+	struct csi_integer key;
+};
+
+struct csi_dh *csi_dh_new(void);
+void csi_dh_free(struct csi_dh *_cdh);
+u_int csi_dh_size_bits(struct csi_dh *_cdh);
+
+const char *csi_dh_error(struct csi_dh *_cdh);
+int csi_dh_error_code(struct csi_dh *_cdh);
+
+int csi_dh_set_params(struct csi_dh *_cdh, struct csi_dh_params *_params);
+int csi_dh_set_peer_public(struct csi_dh *_cdh, struct csi_dh_public *_peer);
+int csi_dh_generate_keys(struct csi_dh *_cdh, size_t _length,
+    struct csi_dh_public **_public);
+int csi_dh_derive_shared_key(struct csi_dh *_cdh,
+    struct csi_dh_shared **_secret);
+
+struct csi_dh_params *csi_dh_params(struct csi_dh *_cdh);
+struct csi_dh_public *csi_dh_public_key(struct csi_dh *_cdh);
+struct csi_dh_public *csi_dh_peer_public_key(struct csi_dh *_cdh);
+
+void csi_dh_params_free(struct csi_dh_params *_cdhp);
+void csi_dh_public_free(struct csi_dh_public *_cdhp);
+void csi_dh_shared_free(struct csi_dh_shared *_cdhs);
+
+struct csi_dh_params *csi_dh_params_modp_group1(void);
+struct csi_dh_params *csi_dh_params_modp_group2(void);
+struct csi_dh_params *csi_dh_params_modp_group5(void);
+struct csi_dh_params *csi_dh_params_modp_group14(void);
+struct csi_dh_params *csi_dh_params_modp_group15(void);
+struct csi_dh_params *csi_dh_params_modp_group16(void);
+struct csi_dh_params *csi_dh_params_modp_group17(void);
+struct csi_dh_params *csi_dh_params_modp_group18(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CSI_H */
diff --git a/lib/libcsi/csi_dh.c b/lib/libcsi/csi_dh.c
new file mode 100644
index 00000000000..39f18423c4a
--- /dev/null
+++ b/lib/libcsi/csi_dh.c
@@ -0,0 +1,310 @@
+/* $OpenBSD: csi_dh.c,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+#include <csi.h>
+
+#include "csi_internal.h"
+
+struct csi_dh *
+csi_dh_new()
+{
+	return calloc(1, sizeof(struct csi_dh));
+}
+
+static void
+csi_dh_reset(struct csi_dh *cdh)
+{
+	DH_free(cdh->dh);
+	cdh->dh = NULL;
+
+	BN_free(cdh->peer_pubkey);
+	cdh->peer_pubkey = NULL;
+
+	csi_err_clear(&cdh->err);
+}
+
+void
+csi_dh_free(struct csi_dh *cdh)
+{
+	if (cdh == NULL)
+		return;
+
+	csi_dh_reset(cdh);
+
+	freezero(cdh, sizeof(*cdh));
+}
+
+const char *
+csi_dh_error(struct csi_dh *cdh)
+{
+	return cdh->err.msg;
+}
+
+int
+csi_dh_error_code(struct csi_dh *cdh)
+{
+	return cdh->err.code;
+}
+
+static int
+csi_dh_init(struct csi_dh *cdh)
+{
+	csi_dh_reset(cdh);
+
+	if ((cdh->dh = DH_new()) == NULL) {
+		csi_err_setx(&cdh->err, CSI_ERR_MEM, "out of memory");
+		return -1;
+	}
+
+	return 0;
+}
+
+struct csi_dh_params *
+csi_dh_params_dup(struct csi_dh_params *cdhp)
+{
+	struct csi_dh_params *ncdhp = NULL;
+
+	if ((ncdhp = calloc(1, sizeof(*ncdhp))) == NULL)
+		goto err;
+
+	if ((ncdhp->p.data = malloc(cdhp->p.len)) == NULL)
+		goto err;
+	ncdhp->p.len = cdhp->p.len;
+	memcpy((uint8_t *)ncdhp->p.data, cdhp->p.data, cdhp->p.len);
+
+	if ((ncdhp->g.data = malloc(cdhp->g.len)) == NULL)
+		goto err;
+	ncdhp->g.len = cdhp->g.len;
+	memcpy((uint8_t *)ncdhp->g.data, cdhp->g.data, cdhp->g.len);
+
+	return ncdhp;
+
+ err:
+	csi_dh_params_free(ncdhp);
+
+	return NULL;
+}
+
+void
+csi_dh_params_free(struct csi_dh_params *cdhp)
+{
+	if (cdhp == NULL)
+		return;
+
+	free((uint8_t *)cdhp->p.data);
+	free((uint8_t *)cdhp->g.data);
+	free(cdhp);
+}
+
+void
+csi_dh_public_free(struct csi_dh_public *cdhp)
+{
+	if (cdhp == NULL)
+		return;
+
+	free((uint8_t *)cdhp->key.data);
+	free(cdhp);
+}
+
+void
+csi_dh_shared_free(struct csi_dh_shared *cdhs)
+{
+	if (cdhs == NULL)
+		return;
+
+	freezero((uint8_t *)cdhs->key.data, cdhs->key.len);
+	freezero(cdhs, sizeof(*cdhs));
+}
+
+int
+csi_dh_set_params(struct csi_dh *cdh, struct csi_dh_params *params)
+{
+	if (csi_dh_init(cdh) == -1)
+		goto err;
+
+	if (csi_integer_to_bn(&cdh->err, "p", &params->p,
+	    &cdh->dh->p) == -1)
+		goto err;
+	if (csi_integer_to_bn(&cdh->err, "g", &params->g,
+	    &cdh->dh->g) == -1)
+		goto err;
+
+	return 0;
+
+ err:
+	return -1;
+}
+
+int
+csi_dh_set_peer_public(struct csi_dh *cdh, struct csi_dh_public *peer)
+{
+	BIGNUM *ppk = NULL;
+
+	if (cdh->dh == NULL) {
+		csi_err_setx(&cdh->err, CSI_ERR_INVAL, "no params set");
+		goto err;
+	}
+
+	if (csi_integer_to_bn(&cdh->err, "key", &peer->key, &ppk) == -1)
+		goto err;
+
+	cdh->peer_pubkey = ppk;
+
+	return 0;
+
+ err:
+	BN_clear_free(ppk);
+
+	return -1;
+}
+
+struct csi_dh_params *
+csi_dh_params(struct csi_dh *cdh)
+{
+	struct csi_dh_params *cdhp;
+
+	if ((cdhp = calloc(1, sizeof(*cdhp))) == NULL)
+		goto errmem;
+	if (csi_bn_to_integer(&cdh->err, cdh->dh->p, &cdhp->p) != 0)
+		goto err;
+	if (csi_bn_to_integer(&cdh->err, cdh->dh->g, &cdhp->g) != 0)
+		goto err;
+
+	return cdhp;
+
+ errmem:
+	csi_err_setx(&cdh->err, CSI_ERR_MEM, "out of memory");
+ err:
+	csi_dh_params_free(cdhp);
+
+	return NULL;
+}
+
+struct csi_dh_public *
+csi_dh_public_key(struct csi_dh *cdh)
+{
+	struct csi_dh_public *cdhp;
+
+	if ((cdhp = calloc(1, sizeof(*cdhp))) == NULL)
+		goto errmem;
+	if (csi_bn_to_integer(&cdh->err, cdh->dh->pub_key, &cdhp->key) != 0)
+		goto err;
+
+	return cdhp;
+
+ errmem:
+	csi_err_setx(&cdh->err, CSI_ERR_MEM, "out of memory");
+ err:
+	csi_dh_public_free(cdhp);
+
+	return NULL;
+}
+
+struct csi_dh_public *
+csi_dh_peer_public_key(struct csi_dh *cdh)
+{
+	struct csi_dh_public *cdhp;
+
+	if ((cdhp = calloc(1, sizeof(*cdhp))) == NULL)
+		goto errmem;
+	if (csi_bn_to_integer(&cdh->err, cdh->peer_pubkey, &cdhp->key) != 0)
+		goto err;
+
+	return cdhp;
+
+ errmem:
+	csi_err_setx(&cdh->err, CSI_ERR_MEM, "out of memory");
+ err:
+	csi_dh_public_free(cdhp);
+
+	return NULL;
+}
+
+int
+csi_dh_generate_keys(struct csi_dh *cdh, size_t length,
+    struct csi_dh_public **public)
+{
+	if (cdh->dh == NULL) {
+		csi_err_setx(&cdh->err, CSI_ERR_INVAL, "no params set");
+		goto err;
+	}
+
+	if (!DH_generate_key(cdh->dh)) {
+		csi_err_setx(&cdh->err, CSI_ERR_CRYPTO, "dh generation failed");
+		goto err;
+	}
+
+	if (public != NULL) {
+		csi_dh_public_free(*public);
+		if ((*public = csi_dh_public_key(cdh)) == NULL)
+			goto err;
+	}
+
+	return 0;
+
+ err:
+	return -1;
+}
+
+int
+csi_dh_derive_shared_key(struct csi_dh *cdh, struct csi_dh_shared **cdhs)
+{
+	struct csi_dh_shared *dhs = NULL;
+	uint8_t *key = NULL;
+	size_t key_len = 0;
+	int len;
+
+	csi_dh_shared_free(*cdhs);
+	*cdhs = NULL;
+
+	if (cdh->dh == NULL) {
+		csi_err_setx(&cdh->err, CSI_ERR_INVAL, "no params set");
+		goto err;
+	}
+
+	if ((len = DH_size(cdh->dh)) <= 0) {
+		csi_err_setx(&cdh->err, CSI_ERR_INVAL, "invalid dh size %i", len);
+		goto err;
+	}
+	key_len = (size_t)len;
+	if ((key = calloc(1, key_len)) == NULL)
+		goto errmem;
+	if (DH_compute_key(key, cdh->peer_pubkey, cdh->dh) != len) {
+		csi_err_setx(&cdh->err, CSI_ERR_CRYPTO, "failed to derive key");
+		goto err;
+	}
+
+	if ((dhs = calloc(1, sizeof(*dhs))) == NULL)
+		goto errmem;
+	dhs->key.data = key;
+	dhs->key.len = key_len;
+
+	*cdhs = dhs;
+
+	return 0;
+
+ errmem:
+	csi_err_setx(&cdh->err, CSI_ERR_MEM, "out of memory");
+ err:
+	return -1;
+}
diff --git a/lib/libcsi/csi_dh_groups.c b/lib/libcsi/csi_dh_groups.c
new file mode 100644
index 00000000000..f78efca032c
--- /dev/null
+++ b/lib/libcsi/csi_dh_groups.c
@@ -0,0 +1,594 @@
+/* $OpenBSD: csi_dh_groups.c,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <csi.h>
+
+#include "csi_internal.h"
+
+static uint8_t dh_group_generator_2[] = {0x02};
+
+/*
+ * MODP Group 1 (768 bits) - RFC 2409 section 6.1.
+ */
+static uint8_t dh_modp_group1_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x3a, 0x36, 0x20,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group1 = {
+	.p.data = dh_modp_group1_prime,
+	.p.len = sizeof(dh_modp_group1_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group1()
+{
+	return csi_dh_params_dup(&dh_modp_group1);
+}
+
+/*
+ * MODP Group 2 (1024 bits) - RFC 2409 section 6.2.
+ */
+static uint8_t dh_modp_group2_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group2 = {
+	.p.data = dh_modp_group2_prime,
+	.p.len = sizeof(dh_modp_group2_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group2()
+{
+	return csi_dh_params_dup(&dh_modp_group2);
+}
+
+/*
+ * MODP Group 5 (1536 bits) - RFC 3526 section 2.
+ */
+static uint8_t dh_modp_group5_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x23, 0x73, 0x27,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group5 = {
+	.p.data = dh_modp_group5_prime,
+	.p.len = sizeof(dh_modp_group5_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group5()
+{
+	return csi_dh_params_dup(&dh_modp_group5);
+}
+
+/*
+ * MODP Group 14 (2048 bits) - RFC 3526 section 3.
+ */
+static uint8_t dh_modp_group14_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xac, 0xaa, 0x68,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group14 = {
+	.p.data = dh_modp_group14_prime,
+	.p.len = sizeof(dh_modp_group14_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group14()
+{
+	return csi_dh_params_dup(&dh_modp_group14);
+}
+
+/*
+ * MODP Group 15 (3072 bits) - RFC 3526 section 4.
+ */
+static uint8_t dh_modp_group15_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d,
+	0xad, 0x33, 0x17, 0x0d, 0x04, 0x50, 0x7a, 0x33,
+	0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64,
+	0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a,
+	0x8a, 0xea, 0x71, 0x57, 0x5d, 0x06, 0x0c, 0x7d,
+	0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7,
+	0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7,
+	0x1e, 0x8c, 0x94, 0xe0, 0x4a, 0x25, 0x61, 0x9d,
+	0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b,
+	0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64,
+	0xd8, 0x76, 0x02, 0x73, 0x3e, 0xc8, 0x6a, 0x64,
+	0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c,
+	0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c,
+	0x77, 0x09, 0x88, 0xc0, 0xba, 0xd9, 0x46, 0xe2,
+	0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31,
+	0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e,
+	0x4b, 0x82, 0xd1, 0x20, 0xa9, 0x3a, 0xd2, 0xca,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group15 = {
+	.p.data = dh_modp_group15_prime,
+	.p.len = sizeof(dh_modp_group15_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group15()
+{
+	return csi_dh_params_dup(&dh_modp_group15);
+}
+
+/*
+ * MODP Group 16 (4096 bits) - RFC 3526 section 5.
+ */
+static uint8_t dh_modp_group16_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d,
+	0xad, 0x33, 0x17, 0x0d, 0x04, 0x50, 0x7a, 0x33,
+	0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64,
+	0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a,
+	0x8a, 0xea, 0x71, 0x57, 0x5d, 0x06, 0x0c, 0x7d,
+	0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7,
+	0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7,
+	0x1e, 0x8c, 0x94, 0xe0, 0x4a, 0x25, 0x61, 0x9d,
+	0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b,
+	0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64,
+	0xd8, 0x76, 0x02, 0x73, 0x3e, 0xc8, 0x6a, 0x64,
+	0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c,
+	0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c,
+	0x77, 0x09, 0x88, 0xc0, 0xba, 0xd9, 0x46, 0xe2,
+	0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31,
+	0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e,
+	0x4b, 0x82, 0xd1, 0x20, 0xa9, 0x21, 0x08, 0x01,
+	0x1a, 0x72, 0x3c, 0x12, 0xa7, 0x87, 0xe6, 0xd7,
+	0x88, 0x71, 0x9a, 0x10, 0xbd, 0xba, 0x5b, 0x26,
+	0x99, 0xc3, 0x27, 0x18, 0x6a, 0xf4, 0xe2, 0x3c,
+	0x1a, 0x94, 0x68, 0x34, 0xb6, 0x15, 0x0b, 0xda,
+	0x25, 0x83, 0xe9, 0xca, 0x2a, 0xd4, 0x4c, 0xe8,
+	0xdb, 0xbb, 0xc2, 0xdb, 0x04, 0xde, 0x8e, 0xf9,
+	0x2e, 0x8e, 0xfc, 0x14, 0x1f, 0xbe, 0xca, 0xa6,
+	0x28, 0x7c, 0x59, 0x47, 0x4e, 0x6b, 0xc0, 0x5d,
+	0x99, 0xb2, 0x96, 0x4f, 0xa0, 0x90, 0xc3, 0xa2,
+	0x23, 0x3b, 0xa1, 0x86, 0x51, 0x5b, 0xe7, 0xed,
+	0x1f, 0x61, 0x29, 0x70, 0xce, 0xe2, 0xd7, 0xaf,
+	0xb8, 0x1b, 0xdd, 0x76, 0x21, 0x70, 0x48, 0x1c,
+	0xd0, 0x06, 0x91, 0x27, 0xd5, 0xb0, 0x5a, 0xa9,
+	0x93, 0xb4, 0xea, 0x98, 0x8d, 0x8f, 0xdd, 0xc1,
+	0x86, 0xff, 0xb7, 0xdc, 0x90, 0xa6, 0xc0, 0x8f,
+	0x4d, 0xf4, 0x35, 0xc9, 0x34, 0x06, 0x31, 0x99,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group16 = {
+	.p.data = dh_modp_group16_prime,
+	.p.len = sizeof(dh_modp_group16_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group16()
+{
+	return &dh_modp_group16;
+}
+
+/*
+ * MODP Group 17 (6144 bits) - RFC 3526 section 6.
+ */
+static uint8_t dh_modp_group17_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d,
+	0xad, 0x33, 0x17, 0x0d, 0x04, 0x50, 0x7a, 0x33,
+	0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64,
+	0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a,
+	0x8a, 0xea, 0x71, 0x57, 0x5d, 0x06, 0x0c, 0x7d,
+	0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7,
+	0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7,
+	0x1e, 0x8c, 0x94, 0xe0, 0x4a, 0x25, 0x61, 0x9d,
+	0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b,
+	0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64,
+	0xd8, 0x76, 0x02, 0x73, 0x3e, 0xc8, 0x6a, 0x64,
+	0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c,
+	0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c,
+	0x77, 0x09, 0x88, 0xc0, 0xba, 0xd9, 0x46, 0xe2,
+	0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31,
+	0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e,
+	0x4b, 0x82, 0xd1, 0x20, 0xa9, 0x21, 0x08, 0x01,
+	0x1a, 0x72, 0x3c, 0x12, 0xa7, 0x87, 0xe6, 0xd7,
+	0x88, 0x71, 0x9a, 0x10, 0xbd, 0xba, 0x5b, 0x26,
+	0x99, 0xc3, 0x27, 0x18, 0x6a, 0xf4, 0xe2, 0x3c,
+	0x1a, 0x94, 0x68, 0x34, 0xb6, 0x15, 0x0b, 0xda,
+	0x25, 0x83, 0xe9, 0xca, 0x2a, 0xd4, 0x4c, 0xe8,
+	0xdb, 0xbb, 0xc2, 0xdb, 0x04, 0xde, 0x8e, 0xf9,
+	0x2e, 0x8e, 0xfc, 0x14, 0x1f, 0xbe, 0xca, 0xa6,
+	0x28, 0x7c, 0x59, 0x47, 0x4e, 0x6b, 0xc0, 0x5d,
+	0x99, 0xb2, 0x96, 0x4f, 0xa0, 0x90, 0xc3, 0xa2,
+	0x23, 0x3b, 0xa1, 0x86, 0x51, 0x5b, 0xe7, 0xed,
+	0x1f, 0x61, 0x29, 0x70, 0xce, 0xe2, 0xd7, 0xaf,
+	0xb8, 0x1b, 0xdd, 0x76, 0x21, 0x70, 0x48, 0x1c,
+	0xd0, 0x06, 0x91, 0x27, 0xd5, 0xb0, 0x5a, 0xa9,
+	0x93, 0xb4, 0xea, 0x98, 0x8d, 0x8f, 0xdd, 0xc1,
+	0x86, 0xff, 0xb7, 0xdc, 0x90, 0xa6, 0xc0, 0x8f,
+	0x4d, 0xf4, 0x35, 0xc9, 0x34, 0x02, 0x84, 0x92,
+	0x36, 0xc3, 0xfa, 0xb4, 0xd2, 0x7c, 0x70, 0x26,
+	0xc1, 0xd4, 0xdc, 0xb2, 0x60, 0x26, 0x46, 0xde,
+	0xc9, 0x75, 0x1e, 0x76, 0x3d, 0xba, 0x37, 0xbd,
+	0xf8, 0xff, 0x94, 0x06, 0xad, 0x9e, 0x53, 0x0e,
+	0xe5, 0xdb, 0x38, 0x2f, 0x41, 0x30, 0x01, 0xae,
+	0xb0, 0x6a, 0x53, 0xed, 0x90, 0x27, 0xd8, 0x31,
+	0x17, 0x97, 0x27, 0xb0, 0x86, 0x5a, 0x89, 0x18,
+	0xda, 0x3e, 0xdb, 0xeb, 0xcf, 0x9b, 0x14, 0xed,
+	0x44, 0xce, 0x6c, 0xba, 0xce, 0xd4, 0xbb, 0x1b,
+	0xdb, 0x7f, 0x14, 0x47, 0xe6, 0xcc, 0x25, 0x4b,
+	0x33, 0x20, 0x51, 0x51, 0x2b, 0xd7, 0xaf, 0x42,
+	0x6f, 0xb8, 0xf4, 0x01, 0x37, 0x8c, 0xd2, 0xbf,
+	0x59, 0x83, 0xca, 0x01, 0xc6, 0x4b, 0x92, 0xec,
+	0xf0, 0x32, 0xea, 0x15, 0xd1, 0x72, 0x1d, 0x03,
+	0xf4, 0x82, 0xd7, 0xce, 0x6e, 0x74, 0xfe, 0xf6,
+	0xd5, 0x5e, 0x70, 0x2f, 0x46, 0x98, 0x0c, 0x82,
+	0xb5, 0xa8, 0x40, 0x31, 0x90, 0x0b, 0x1c, 0x9e,
+	0x59, 0xe7, 0xc9, 0x7f, 0xbe, 0xc7, 0xe8, 0xf3,
+	0x23, 0xa9, 0x7a, 0x7e, 0x36, 0xcc, 0x88, 0xbe,
+	0x0f, 0x1d, 0x45, 0xb7, 0xff, 0x58, 0x5a, 0xc5,
+	0x4b, 0xd4, 0x07, 0xb2, 0x2b, 0x41, 0x54, 0xaa,
+	0xcc, 0x8f, 0x6d, 0x7e, 0xbf, 0x48, 0xe1, 0xd8,
+	0x14, 0xcc, 0x5e, 0xd2, 0x0f, 0x80, 0x37, 0xe0,
+	0xa7, 0x97, 0x15, 0xee, 0xf2, 0x9b, 0xe3, 0x28,
+	0x06, 0xa1, 0xd5, 0x8b, 0xb7, 0xc5, 0xda, 0x76,
+	0xf5, 0x50, 0xaa, 0x3d, 0x8a, 0x1f, 0xbf, 0xf0,
+	0xeb, 0x19, 0xcc, 0xb1, 0xa3, 0x13, 0xd5, 0x5c,
+	0xda, 0x56, 0xc9, 0xec, 0x2e, 0xf2, 0x96, 0x32,
+	0x38, 0x7f, 0xe8, 0xd7, 0x6e, 0x3c, 0x04, 0x68,
+	0x04, 0x3e, 0x8f, 0x66, 0x3f, 0x48, 0x60, 0xee,
+	0x12, 0xbf, 0x2d, 0x5b, 0x0b, 0x74, 0x74, 0xd6,
+	0xe6, 0x94, 0xf9, 0x1e, 0x6d, 0xcc, 0x40, 0x24,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group17 = {
+	.p.data = dh_modp_group17_prime,
+	.p.len = sizeof(dh_modp_group17_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group17()
+{
+	return &dh_modp_group17;
+}
+
+/*
+ * MODP Group 18 (8192 bits) - RFC 3526 section 7.
+ */
+static uint8_t dh_modp_group18_prime[] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d,
+	0xad, 0x33, 0x17, 0x0d, 0x04, 0x50, 0x7a, 0x33,
+	0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64,
+	0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a,
+	0x8a, 0xea, 0x71, 0x57, 0x5d, 0x06, 0x0c, 0x7d,
+	0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7,
+	0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7,
+	0x1e, 0x8c, 0x94, 0xe0, 0x4a, 0x25, 0x61, 0x9d,
+	0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b,
+	0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64,
+	0xd8, 0x76, 0x02, 0x73, 0x3e, 0xc8, 0x6a, 0x64,
+	0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c,
+	0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c,
+	0x77, 0x09, 0x88, 0xc0, 0xba, 0xd9, 0x46, 0xe2,
+	0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31,
+	0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e,
+	0x4b, 0x82, 0xd1, 0x20, 0xa9, 0x21, 0x08, 0x01,
+	0x1a, 0x72, 0x3c, 0x12, 0xa7, 0x87, 0xe6, 0xd7,
+	0x88, 0x71, 0x9a, 0x10, 0xbd, 0xba, 0x5b, 0x26,
+	0x99, 0xc3, 0x27, 0x18, 0x6a, 0xf4, 0xe2, 0x3c,
+	0x1a, 0x94, 0x68, 0x34, 0xb6, 0x15, 0x0b, 0xda,
+	0x25, 0x83, 0xe9, 0xca, 0x2a, 0xd4, 0x4c, 0xe8,
+	0xdb, 0xbb, 0xc2, 0xdb, 0x04, 0xde, 0x8e, 0xf9,
+	0x2e, 0x8e, 0xfc, 0x14, 0x1f, 0xbe, 0xca, 0xa6,
+	0x28, 0x7c, 0x59, 0x47, 0x4e, 0x6b, 0xc0, 0x5d,
+	0x99, 0xb2, 0x96, 0x4f, 0xa0, 0x90, 0xc3, 0xa2,
+	0x23, 0x3b, 0xa1, 0x86, 0x51, 0x5b, 0xe7, 0xed,
+	0x1f, 0x61, 0x29, 0x70, 0xce, 0xe2, 0xd7, 0xaf,
+	0xb8, 0x1b, 0xdd, 0x76, 0x21, 0x70, 0x48, 0x1c,
+	0xd0, 0x06, 0x91, 0x27, 0xd5, 0xb0, 0x5a, 0xa9,
+	0x93, 0xb4, 0xea, 0x98, 0x8d, 0x8f, 0xdd, 0xc1,
+	0x86, 0xff, 0xb7, 0xdc, 0x90, 0xa6, 0xc0, 0x8f,
+	0x4d, 0xf4, 0x35, 0xc9, 0x34, 0x02, 0x84, 0x92,
+	0x36, 0xc3, 0xfa, 0xb4, 0xd2, 0x7c, 0x70, 0x26,
+	0xc1, 0xd4, 0xdc, 0xb2, 0x60, 0x26, 0x46, 0xde,
+	0xc9, 0x75, 0x1e, 0x76, 0x3d, 0xba, 0x37, 0xbd,
+	0xf8, 0xff, 0x94, 0x06, 0xad, 0x9e, 0x53, 0x0e,
+	0xe5, 0xdb, 0x38, 0x2f, 0x41, 0x30, 0x01, 0xae,
+	0xb0, 0x6a, 0x53, 0xed, 0x90, 0x27, 0xd8, 0x31,
+	0x17, 0x97, 0x27, 0xb0, 0x86, 0x5a, 0x89, 0x18,
+	0xda, 0x3e, 0xdb, 0xeb, 0xcf, 0x9b, 0x14, 0xed,
+	0x44, 0xce, 0x6c, 0xba, 0xce, 0xd4, 0xbb, 0x1b,
+	0xdb, 0x7f, 0x14, 0x47, 0xe6, 0xcc, 0x25, 0x4b,
+	0x33, 0x20, 0x51, 0x51, 0x2b, 0xd7, 0xaf, 0x42,
+	0x6f, 0xb8, 0xf4, 0x01, 0x37, 0x8c, 0xd2, 0xbf,
+	0x59, 0x83, 0xca, 0x01, 0xc6, 0x4b, 0x92, 0xec,
+	0xf0, 0x32, 0xea, 0x15, 0xd1, 0x72, 0x1d, 0x03,
+	0xf4, 0x82, 0xd7, 0xce, 0x6e, 0x74, 0xfe, 0xf6,
+	0xd5, 0x5e, 0x70, 0x2f, 0x46, 0x98, 0x0c, 0x82,
+	0xb5, 0xa8, 0x40, 0x31, 0x90, 0x0b, 0x1c, 0x9e,
+	0x59, 0xe7, 0xc9, 0x7f, 0xbe, 0xc7, 0xe8, 0xf3,
+	0x23, 0xa9, 0x7a, 0x7e, 0x36, 0xcc, 0x88, 0xbe,
+	0x0f, 0x1d, 0x45, 0xb7, 0xff, 0x58, 0x5a, 0xc5,
+	0x4b, 0xd4, 0x07, 0xb2, 0x2b, 0x41, 0x54, 0xaa,
+	0xcc, 0x8f, 0x6d, 0x7e, 0xbf, 0x48, 0xe1, 0xd8,
+	0x14, 0xcc, 0x5e, 0xd2, 0x0f, 0x80, 0x37, 0xe0,
+	0xa7, 0x97, 0x15, 0xee, 0xf2, 0x9b, 0xe3, 0x28,
+	0x06, 0xa1, 0xd5, 0x8b, 0xb7, 0xc5, 0xda, 0x76,
+	0xf5, 0x50, 0xaa, 0x3d, 0x8a, 0x1f, 0xbf, 0xf0,
+	0xeb, 0x19, 0xcc, 0xb1, 0xa3, 0x13, 0xd5, 0x5c,
+	0xda, 0x56, 0xc9, 0xec, 0x2e, 0xf2, 0x96, 0x32,
+	0x38, 0x7f, 0xe8, 0xd7, 0x6e, 0x3c, 0x04, 0x68,
+	0x04, 0x3e, 0x8f, 0x66, 0x3f, 0x48, 0x60, 0xee,
+	0x12, 0xbf, 0x2d, 0x5b, 0x0b, 0x74, 0x74, 0xd6,
+	0xe6, 0x94, 0xf9, 0x1e, 0x6d, 0xbe, 0x11, 0x59,
+	0x74, 0xa3, 0x92, 0x6f, 0x12, 0xfe, 0xe5, 0xe4,
+	0x38, 0x77, 0x7c, 0xb6, 0xa9, 0x32, 0xdf, 0x8c,
+	0xd8, 0xbe, 0xc4, 0xd0, 0x73, 0xb9, 0x31, 0xba,
+	0x3b, 0xc8, 0x32, 0xb6, 0x8d, 0x9d, 0xd3, 0x00,
+	0x74, 0x1f, 0xa7, 0xbf, 0x8a, 0xfc, 0x47, 0xed,
+	0x25, 0x76, 0xf6, 0x93, 0x6b, 0xa4, 0x24, 0x66,
+	0x3a, 0xab, 0x63, 0x9c, 0x5a, 0xe4, 0xf5, 0x68,
+	0x34, 0x23, 0xb4, 0x74, 0x2b, 0xf1, 0xc9, 0x78,
+	0x23, 0x8f, 0x16, 0xcb, 0xe3, 0x9d, 0x65, 0x2d,
+	0xe3, 0xfd, 0xb8, 0xbe, 0xfc, 0x84, 0x8a, 0xd9,
+	0x22, 0x22, 0x2e, 0x04, 0xa4, 0x03, 0x7c, 0x07,
+	0x13, 0xeb, 0x57, 0xa8, 0x1a, 0x23, 0xf0, 0xc7,
+	0x34, 0x73, 0xfc, 0x64, 0x6c, 0xea, 0x30, 0x6b,
+	0x4b, 0xcb, 0xc8, 0x86, 0x2f, 0x83, 0x85, 0xdd,
+	0xfa, 0x9d, 0x4b, 0x7f, 0xa2, 0xc0, 0x87, 0xe8,
+	0x79, 0x68, 0x33, 0x03, 0xed, 0x5b, 0xdd, 0x3a,
+	0x06, 0x2b, 0x3c, 0xf5, 0xb3, 0xa2, 0x78, 0xa6,
+	0x6d, 0x2a, 0x13, 0xf8, 0x3f, 0x44, 0xf8, 0x2d,
+	0xdf, 0x31, 0x0e, 0xe0, 0x74, 0xab, 0x6a, 0x36,
+	0x45, 0x97, 0xe8, 0x99, 0xa0, 0x25, 0x5d, 0xc1,
+	0x64, 0xf3, 0x1c, 0xc5, 0x08, 0x46, 0x85, 0x1d,
+	0xf9, 0xab, 0x48, 0x19, 0x5d, 0xed, 0x7e, 0xa1,
+	0xb1, 0xd5, 0x10, 0xbd, 0x7e, 0xe7, 0x4d, 0x73,
+	0xfa, 0xf3, 0x6b, 0xc3, 0x1e, 0xcf, 0xa2, 0x68,
+	0x35, 0x90, 0x46, 0xf4, 0xeb, 0x87, 0x9f, 0x92,
+	0x40, 0x09, 0x43, 0x8b, 0x48, 0x1c, 0x6c, 0xd7,
+	0x88, 0x9a, 0x00, 0x2e, 0xd5, 0xee, 0x38, 0x2b,
+	0xc9, 0x19, 0x0d, 0xa6, 0xfc, 0x02, 0x6e, 0x47,
+	0x95, 0x58, 0xe4, 0x47, 0x56, 0x77, 0xe9, 0xaa,
+	0x9e, 0x30, 0x50, 0xe2, 0x76, 0x56, 0x94, 0xdf,
+	0xc8, 0x1f, 0x56, 0xe8, 0x80, 0xb9, 0x6e, 0x71,
+	0x60, 0xc9, 0x80, 0xdd, 0x98, 0xed, 0xd3, 0xdf,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static struct csi_dh_params dh_modp_group18 = {
+	.p.data = dh_modp_group18_prime,
+	.p.len = sizeof(dh_modp_group18_prime),
+	.g.data = dh_group_generator_2,
+	.g.len = sizeof(dh_group_generator_2),
+};
+
+struct csi_dh_params *
+csi_dh_params_modp_group18()
+{
+	return csi_dh_params_dup(&dh_modp_group18);
+}
diff --git a/lib/libcsi/csi_internal.h b/lib/libcsi/csi_internal.h
new file mode 100644
index 00000000000..946d52d3522
--- /dev/null
+++ b/lib/libcsi/csi_internal.h
@@ -0,0 +1,59 @@
+/* $OpenBSD: csi_internal.h,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_CSI_INTERNAL_H
+#define HEADER_CSI_INTERNAL_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+__BEGIN_HIDDEN_DECLS
+
+#define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))
+
+#define CSI_MAX_BIGNUM_BYTES		(16384 / 8)
+#define CSI_MIN_DH_LENGTH		256
+
+struct csi_err {
+	u_int code;
+	int errnum;
+	char *msg;
+};
+
+struct csi_dh{
+	struct csi_err err;
+	DH *dh;
+	BIGNUM *peer_pubkey;
+};
+
+void csi_err_clear(struct csi_err *_err);
+int csi_err_set(struct csi_err *_err, u_int _code, const char *_fmt, ...);
+int csi_err_setx(struct csi_err *_err, u_int _code, const char *_fmt, ...);
+
+int csi_integer_to_bn(struct csi_err *_err, const char *_field,
+    struct csi_integer *_value, BIGNUM **_bn);
+int csi_bn_to_integer(struct csi_err *_err, BIGNUM *_bn,
+    struct csi_integer *_integer);
+
+struct csi_dh_params *csi_dh_params_dup(struct csi_dh_params *_cdhp);
+
+__END_HIDDEN_DECLS
+
+#endif /* HEADER_CSI_INTERNAL_H */
diff --git a/lib/libcsi/csi_util.c b/lib/libcsi/csi_util.c
new file mode 100644
index 00000000000..a0f06f9999c
--- /dev/null
+++ b/lib/libcsi/csi_util.c
@@ -0,0 +1,79 @@
+/* $OpenBSD: csi_util.c,v 1.1 2018/06/02 17:40:33 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+
+#include <openssl/bn.h>
+
+#include "csi.h"
+#include "csi_internal.h"
+
+int
+csi_integer_to_bn(struct csi_err *err, const char *field,
+    struct csi_integer *integer, BIGNUM **bn)
+{
+	BN_clear_free(*bn);
+	*bn = NULL;
+
+	if (integer->len > CSI_MAX_BIGNUM_BYTES) {
+		csi_err_setx(err, CSI_ERR_INVAL, "%s too large", field);
+                goto err;
+	}
+	if ((*bn = BN_bin2bn(integer->data, integer->len, NULL)) == NULL) {
+		csi_err_setx(err, CSI_ERR_MEM, "out of memory");
+		goto err;
+	}
+	return 0;
+
+ err:
+	return -1;
+}
+
+int
+csi_bn_to_integer(struct csi_err *err, BIGNUM *bn, struct csi_integer *integer)
+{
+	uint8_t *b = NULL;
+	int len = 0;
+
+	freezero((uint8_t *)integer->data, integer->len);
+	integer->data = NULL;
+	integer->len = 0;
+
+	len = BN_num_bytes(bn);
+        if (len < 0 || len > CSI_MAX_BIGNUM_BYTES) {
+		csi_err_setx(err, CSI_ERR_INVAL,
+		    "invalid bignum length %i", len);
+                goto err;
+	}
+	/* XXX - prepend zero to avoid interpretation as negative? */
+	if ((b = calloc(1, len)) == NULL)
+		goto errmem;
+        if (BN_bn2bin(bn, b) != len)
+                goto errmem;
+
+	integer->data = b;
+	integer->len = (size_t)len;
+
+	return 0;
+
+ errmem:
+	csi_err_setx(err, CSI_ERR_MEM, "out of memory");
+ err:
+	freezero(b, len);
+
+	return -1;
+}
diff --git a/lib/libcsi/shlib_version b/lib/libcsi/shlib_version
new file mode 100644
index 00000000000..1edea46de91
--- /dev/null
+++ b/lib/libcsi/shlib_version
@@ -0,0 +1,2 @@
+major=1
+minor=0