Botan 3.0.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

using Format = DL_Group_Format
 
enum  PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }
 

Public Member Functions

void BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format)
 
std::vector< uint8_t > DER_encode (DL_Group_Format format) const
 
 DL_Group ()=default
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
template<typename Alloc >
 DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format)
 
 DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
 DL_Group (std::string_view name)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
bool has_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt inverse_mod_q (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
BigInt mod_q (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
std::string PEM_encode (DL_Group_Format format) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
 
BigInt power_g_p (const BigInt &x) const
 
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
 
size_t q_bits () const
 
size_t q_bytes () const
 
DL_Group_Source source () const
 
BigInt square_mod_q (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_private_element (const BigInt &x) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static DL_Group DL_Group_from_PEM (std::string_view pem)
 
static std::shared_ptr< DL_Group_Data > DL_group_info (std::string_view name)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 44 of file dl_group.h.

Member Typedef Documentation

◆ Format

using Botan::DL_Group::Format = DL_Group_Format

Definition at line 52 of file dl_group.h.

Member Enumeration Documentation

◆ PrimeType

enum Botan::DL_Group::PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 50 of file dl_group.h.

50{ Strong, Prime_Subgroup, DSA_Kosherizer };
Botan::DL_Group::Prime_Subgroup
@ Prime_Subgroup
Definition: dl_group.h:50
Botan::DL_Group::DSA_Kosherizer
@ DSA_Kosherizer
Definition: dl_group.h:50
Botan::DL_Group::Strong
@ Strong
Definition: dl_group.h:50

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value. Use this constructor is you wish to set the groups values from a DER or PEM encoded group.

Referenced by DL_Group_from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( std::string_view  name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group_from_PEM function

Definition at line 209 of file dl_group.cpp.

210 {
211 // Either a name or a PEM block, try name first
212 m_data = DL_group_info(str);
213
214 if(m_data == nullptr)
215 {
216 try
217 {
218 std::string label;
219 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
220 DL_Group_Format format = pem_label_to_dl_format(label);
221
222 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
223 }
224 catch(...) {}
225 }
226
227 if(m_data == nullptr)
228 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", str));
229 }
Botan::DL_Group::DL_group_info
static std::shared_ptr< DL_Group_Data > DL_group_info(std::string_view name)
Definition: dl_named.cpp:13
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:70
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60
Botan::DL_Group_Format
DL_Group_Format
Definition: dl_group.h:28
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:77

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
PrimeType  type,
size_t  pbits,
size_t  qbits = 0 
)

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 260 of file dl_group.cpp.

262 {
263 if(pbits < 1024)
264 throw Invalid_Argument(fmt("DL_Group: requested prime size {} is too small", pbits));
265
266 if(qbits >= pbits)
267 throw Invalid_Argument(fmt("DL_Group: requested q size {} is too big for p {}", qbits, pbits));
268
269 if(type == Strong)
270 {
271 if(qbits != 0 && qbits != pbits - 1)
272 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
273
274 const BigInt p = random_safe_prime(rng, pbits);
275 const BigInt q = (p - 1) / 2;
276
277 /*
278 Always choose a generator that is quadratic reside mod p,
279 this forces g to be a generator of the subgroup of size q.
280 */
281 BigInt g = BigInt::from_word(2);
282 if(jacobi(g, p) != 1)
283 {
284 // prime table does not contain 2
285 for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i)
286 {
287 g = BigInt::from_word(PRIMES[i]);
288 if(jacobi(g, p) == 1)
289 break;
290 }
291 }
292
293 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
294 }
295 else if(type == Prime_Subgroup)
296 {
297 if(qbits == 0)
298 qbits = dl_exponent_size(pbits);
299
300 const BigInt q = random_prime(rng, qbits);
301 Modular_Reducer mod_2q(2*q);
302 BigInt X;
303 BigInt p;
304 while(p.bits() != pbits || !is_prime(p, rng, 128, true))
305 {
306 X.randomize(rng, pbits);
307 p = X - mod_2q.reduce(X) + 1;
308 }
309
310 const BigInt g = make_dsa_generator(p, q);
311 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
312 }
313 else if(type == DSA_Kosherizer)
314 {
315 if(qbits == 0)
316 qbits = ((pbits <= 1024) ? 160 : 256);
317
318 BigInt p, q;
319 generate_dsa_primes(rng, p, q, pbits, qbits);
320 const BigInt g = make_dsa_generator(p, q);
321 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
322 }
323 else
324 {
325 throw Invalid_Argument("DL_Group unknown PrimeType");
326 }
327 }
Botan::BigInt::from_word
static BigInt from_word(word n)
Definition: bigint.cpp:43
X
FE_25519 X
Definition: ge.cpp:26
Botan::random_prime
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition: make_prm.cpp:106
Botan::PRIMES
const uint16_t PRIMES[]
Definition: primes.cpp:12
Botan::PRIME_TABLE_SIZE
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:171
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:370
Botan::generate_dsa_primes
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:50
Botan::dl_exponent_size
size_t dl_exponent_size(size_t bits)
Definition: workfactor.cpp:55
Botan::jacobi
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: numthry.cpp:130
Botan::random_safe_prime
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition: make_prm.cpp:308

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::PRIME_TABLE_SIZE, Botan::PRIMES, Botan::random_prime(), Botan::random_safe_prime(), Botan::RandomlyGenerated, Botan::Modular_Reducer::reduce(), and X.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
const std::vector< uint8_t > &  seed,
size_t  pbits = 1024,
size_t  qbits = 0 
)

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 332 of file dl_group.cpp.

335 {
336 BigInt p, q;
337
338 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed))
339 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
340
341 BigInt g = make_dsa_generator(p, q);
342
343 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
344 }

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 349 of file dl_group.cpp.

350 {
351 m_data = std::make_shared<DL_Group_Data>(p, BigInt::zero(), g, DL_Group_Source::ExternalSource);
352 }
Botan::BigInt::zero
static BigInt zero()
Definition: bigint.h:45

References Botan::ExternalSource, and Botan::BigInt::zero().

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt q,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 357 of file dl_group.cpp.

358 {
359 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
360 }

References Botan::ExternalSource.

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t  ber[],
size_t  ber_len,
DL_Group_Format  format 
)

Decode a BER-encoded DL group param

Definition at line 677 of file dl_group.cpp.

678 {
679 m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
680 }

References Botan::ExternalSource.

◆ DL_Group() [8/8]

template<typename Alloc >
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > &  ber,
DL_Group_Format  format 
)
inline

Decode a BER-encoded DL group param

Definition at line 127 of file dl_group.h.

127 :
128 DL_Group(ber.data(), ber.size(), format) {}
Botan::DL_Group::DL_Group
DL_Group()=default

Member Function Documentation

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > &  ber,
DL_Group_Format  format 
)

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 682 of file dl_group.cpp.

683 {
684 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
685 }

References Botan::ExternalSource.

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( DL_Group_Format  format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 623 of file dl_group.cpp.

624 {
625 if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3))
626 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
627
628 std::vector<uint8_t> output;
629 DER_Encoder der(output);
630
631 if(format == DL_Group_Format::ANSI_X9_57)
632 {
633 der.start_sequence()
634 .encode(get_p())
635 .encode(get_q())
636 .encode(get_g())
637 .end_cons();
638 }
639 else if(format == DL_Group_Format::ANSI_X9_42)
640 {
641 der.start_sequence()
642 .encode(get_p())
643 .encode(get_g())
644 .encode(get_q())
645 .end_cons();
646 }
647 else if(format == DL_Group_Format::PKCS_3)
648 {
649 der.start_sequence()
650 .encode(get_p())
651 .encode(get_g())
652 .end_cons();
653 }
654 else
655 throw Invalid_Argument("Unknown DL_Group encoding");
656
657 return output;
658 }
Botan::DL_Group::get_p
const BigInt & get_p() const
Definition: dl_group.cpp:480
Botan::DL_Group::get_g
const BigInt & get_g() const
Definition: dl_group.cpp:488
Botan::DL_Group::get_q
const BigInt & get_q() const
Definition: dl_group.cpp:496

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by PEM_encode().

◆ DL_Group_from_PEM()

DL_Group Botan::DL_Group::DL_Group_from_PEM ( std::string_view  pem)
static

Definition at line 688 of file dl_group.cpp.

689 {
690 std::string label;
691 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
692 DL_Group_Format format = pem_label_to_dl_format(label);
693 return DL_Group(ber, format);
694 }

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( std::string_view  name)
static

Definition at line 13 of file dl_named.cpp.

14 {
15 /* TLS FFDHE groups */
16
17 if(name == "ffdhe/ietf/2048")
18 {
19 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
20 "0x2");
21 }
22
23 if(name == "ffdhe/ietf/3072")
24 {
25 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
26 "0x2");
27 }
28
29 if(name == "ffdhe/ietf/4096")
30 {
31 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
32 "0x2");
33 }
34
35 if(name == "ffdhe/ietf/6144")
36 {
37 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
38 "0x2");
39 }
40
41 if(name == "ffdhe/ietf/8192")
42 {
43 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF",
44 "0x2");
45 }
46
47 /* IETF IPsec groups */
48
49 if(name == "modp/ietf/1024")
50 {
51 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
52 "0x2");
53 }
54
55 if(name == "modp/ietf/1536")
56 {
57 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
58 "0x2");
59 }
60
61 if(name == "modp/ietf/2048")
62 {
63 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
64 "0x2");
65 }
66
67 if(name == "modp/ietf/3072")
68 {
69 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
70 "0x2");
71 }
72
73 if(name == "modp/ietf/4096")
74 {
75 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
76 "0x2");
77 }
78
79 if(name == "modp/ietf/6144")
80 {
81 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
82 "0x2");
83 }
84
85 if(name == "modp/ietf/8192")
86 {
87 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
88 "0x2");
89 }
90
91 /* SRP groups
92
93 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
94 of subgroup of size q, so set q == 0 to bypass generator check
95
96 Missing q doesn't matter for SRP, and nothing but SRP should be
97 using these parameters.
98 */
99
100 if(name == "modp/srp/1024")
101 {
102 return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
103 "0",
104 "0x2");
105 }
106
107 if(name == "modp/srp/1536")
108 {
109 return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
110 "0",
111 "0x2");
112 }
113
114 if(name == "modp/srp/2048")
115 {
116 return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
117 "0",
118 "0x2");
119 }
120
121 if(name == "modp/srp/3072")
122 {
123 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
124 "0",
125 "0x5");
126 }
127
128 if(name == "modp/srp/4096")
129 {
130 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
131 "0",
132 "0x5");
133 }
134
135 if(name == "modp/srp/6144")
136 {
137 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
138 "0",
139 "0x5");
140 }
141
142 if(name == "modp/srp/8192")
143 {
144 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
145 "0",
146 "0x13");
147 }
148
149 /* DSA groups */
150
151 if(name == "dsa/jce/1024")
152 {
153 return load_DL_group_info("0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
154 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
155 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
156 }
157
158 if(name == "dsa/botan/2048")
159 {
160 return load_DL_group_info("0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
161 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
162 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
163 }
164
165 if(name == "dsa/botan/3072")
166 {
167 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B",
168 "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B",
169 "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
170 }
171
172 return std::shared_ptr<DL_Group_Data>();
173 }
name
std::string name
Definition: commoncrypto_hash.cpp:24

References name.

Referenced by DL_Group().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 533 of file dl_group.cpp.

534 {
535 return data().estimated_strength();
536 }

Referenced by Botan::DL_PublicKey::estimated_strength().

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 538 of file dl_group.cpp.

539 {
540 return data().exponent_bits();
541 }

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 488 of file dl_group.cpp.

489 {
490 return data().g();
491 }

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), multi_exponentiate(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 480 of file dl_group.cpp.

481 {
482 return data().p();
483 }

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), inverse_mod_p(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), Botan::SRP6_Server_Session::step2(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 496 of file dl_group.cpp.

497 {
498 return data().q();
499 }

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().

◆ has_q()

bool Botan::DL_Group::has_q ( ) const

Return if the q value is set

Definition at line 506 of file dl_group.cpp.

507 {
508 return data().q_is_set();
509 }

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt x) const

Return the inverse of x mod p

Definition at line 543 of file dl_group.cpp.

544 {
545 // precompute??
546 return inverse_mod(x, get_p());
547 }
Botan::inverse_mod
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: mod_inv.cpp:177

References get_p(), and Botan::inverse_mod().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 559 of file dl_group.cpp.

560 {
561 data().assert_q_is_set("inverse_mod_q");
562 // precompute??
563 return inverse_mod(x, get_q());
564 }

References get_q(), and Botan::inverse_mod().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 549 of file dl_group.cpp.

550 {
551 return data().mod_p(x);
552 }

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 566 of file dl_group.cpp.

567 {
568 data().assert_q_is_set("mod_q");
569 return data().mod_q(x);
570 }

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 501 of file dl_group.cpp.

502 {
503 return data().monty_params_p();
504 }

Referenced by multi_exponentiate().

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 590 of file dl_group.cpp.

591 {
592 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z);
593 }
y
static SIMD_4x64 y
Definition: argon2_avx2.cpp:135
Botan::DL_Group::monty_params_p
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition: dl_group.cpp:501
Botan::monty_multi_exp
BigInt monty_multi_exp(const std::shared_ptr< const Montgomery_Params > &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition: monty_exp.cpp:174

References get_g(), Botan::monty_multi_exp(), monty_params_p(), and y.

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 554 of file dl_group.cpp.

555 {
556 return data().multiply_mod_p(x, y);
557 }

References y.

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step2().

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 572 of file dl_group.cpp.

573 {
574 data().assert_q_is_set("multiply_mod_q");
575 return data().multiply_mod_q(x, y);
576 }

References y.

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 578 of file dl_group.cpp.

579 {
580 data().assert_q_is_set("multiply_mod_q");
581 return data().multiply_mod_q(data().multiply_mod_q(x, y), z);
582 }
Botan::DL_Group::multiply_mod_q
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition: dl_group.cpp:572

References multiply_mod_q(), and y.

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 511 of file dl_group.cpp.

512 {
513 return data().p_bits();
514 }

Referenced by Botan::DL_PublicKey::p_bits(), power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::SRP6_Server_Session::step1(), and Botan::SRP6_Server_Session::step2().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 516 of file dl_group.cpp.

517 {
518 return data().p_bytes();
519 }

Referenced by botan_srp6_group_size(), Botan::DL_PublicKey::public_key_as_bytes(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and Botan::SRP6_Server_Session::step2().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( DL_Group_Format  format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 663 of file dl_group.cpp.

664 {
665 const std::vector<uint8_t> encoding = DER_encode(format);
666
667 if(format == DL_Group_Format::PKCS_3)
668 return PEM_Code::encode(encoding, "DH PARAMETERS");
669 else if(format == DL_Group_Format::ANSI_X9_57)
670 return PEM_Code::encode(encoding, "DSA PARAMETERS");
671 else if(format == DL_Group_Format::ANSI_X9_42)
672 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
673 else
674 throw Invalid_Argument("Unknown DL_Group encoding");
675 }
Botan::DL_Group::DER_encode
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition: dl_group.cpp:623
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition: pem.cpp:42

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

◆ power_b_p() [1/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt b,
const BigInt x 
) const

Modular exponentiation

Parameters
bthe base
xthe exponent
Returns
(b^x) % p

Definition at line 605 of file dl_group.cpp.

606 {
607 return this->power_b_p(b, x, data().p_bits());
608 }
Botan::DL_Group::p_bits
size_t p_bits() const
Definition: dl_group.cpp:511
Botan::DL_Group::power_b_p
BigInt power_b_p(const BigInt &b, const BigInt &x, size_t max_x_bits) const
Definition: dl_group.cpp:610

References p_bits(), and power_b_p().

◆ power_b_p() [2/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt b,
const BigInt x,
size_t  max_x_bits 
) const

Modular exponentiation

Parameters
bthe base
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(b^x) % p

Definition at line 610 of file dl_group.cpp.

611 {
612 return data().power_b_p(b, x, max_x_bits);
613 }

Referenced by power_b_p(), Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step2().

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x) const

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 595 of file dl_group.cpp.

596 {
597 return data().power_g_p(x, x.bits());
598 }

References Botan::BigInt::bits().

Referenced by Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::SRP6_Server_Session::step1(), and verify_element_pair().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x,
size_t  max_x_bits 
) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 600 of file dl_group.cpp.

601 {
602 return data().power_g_p(x, max_x_bits);
603 }

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 521 of file dl_group.cpp.

522 {
523 data().assert_q_is_set("q_bits");
524 return data().q_bits();
525 }

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 527 of file dl_group.cpp.

528 {
529 data().assert_q_is_set("q_bytes");
530 return data().q_bytes();
531 }

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 615 of file dl_group.cpp.

616 {
617 return data().source();
618 }

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 584 of file dl_group.cpp.

585 {
586 data().assert_q_is_set("square_mod_q");
587 return data().square_mod_q(x);
588 }

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt y,
const BigInt x 
) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 401 of file dl_group.cpp.

402 {
403 const BigInt& p = get_p();
404
405 if(y <= 1 || y >= p || x <= 1 || x >= p)
406 return false;
407
408 if(y != this->power_g_p(x))
409 return false;
410
411 return true;
412 }
Botan::DL_Group::power_g_p
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:595

References get_p(), power_g_p(), and y.

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator rng,
bool  strong = true 
) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 417 of file dl_group.cpp.

419 {
420 const bool from_builtin = (source() == DL_Group_Source::Builtin);
421
422 if(!strong && from_builtin)
423 return true;
424
425 const BigInt& p = get_p();
426 const BigInt& q = get_q();
427 const BigInt& g = get_g();
428
429 if(g < 2 || p < 3 || q < 0)
430 return false;
431
432 const size_t test_prob = 128;
433 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
434
435 if(!is_prime(p, rng, test_prob, is_randomly_generated))
436 {
437 return false;
438 }
439
440 if(q != 0)
441 {
442 if((p - 1) % q != 0)
443 {
444 return false;
445 }
446 if(data().power_g_p_vartime(q) != 1)
447 {
448 return false;
449 }
450 if(!is_prime(q, rng, test_prob, is_randomly_generated))
451 {
452 return false;
453 }
454 }
455 else
456 {
457 if(!from_builtin && !is_randomly_generated)
458 {
459 // If we got this p,g from some unknown source, try to verify
460 // that the group order is not too absurdly small.
461
462 const size_t upper_bound = strong ? 1000 : 100;
463
464 for(size_t i = 2; i != upper_bound; ++i)
465 {
466 if(data().power_g_p_vartime(BigInt::from_word(i)) == 1)
467 {
468 return false;
469 }
470 }
471 }
472 }
473
474 return true;
475 }
Botan::DL_Group::source
DL_Group_Source source() const
Definition: dl_group.cpp:615

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::DL_PublicKey::check_key(), Botan::DL_PrivateKey::check_key(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ verify_private_element()

bool Botan::DL_Group::verify_private_element ( const BigInt x) const

Verify a private element

Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q

Definition at line 387 of file dl_group.cpp.

388 {
389 const BigInt& p = get_p();
390 const BigInt& q = get_q();
391
392 if(x <= 1 || x >= p)
393 return false;
394
395 if(q > 0 && x > q)
396 return false;
397
398 return true;
399 }

References get_p(), and get_q().

Referenced by Botan::DL_PrivateKey::check_key().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 370 of file dl_group.cpp.

371 {
372 const BigInt& p = get_p();
373 const BigInt& q = get_q();
374
375 if(y <= 1 || y >= p)
376 return false;
377
378 if(q.is_zero() == false)
379 {
380 if(data().power_b_p_vartime(y, q) != 1)
381 return false;
382 }
383
384 return true;
385 }

References get_p(), get_q(), Botan::BigInt::is_zero(), and y.

Referenced by Botan::DL_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.6