Botan 3.4.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

using Format = DL_Group_Format
 
enum  PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }
 

Public Member Functions

void BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format)
 
std::vector< uint8_t > DER_encode (DL_Group_Format format) const
 
 DL_Group ()=default
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
template<typename Alloc >
 DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format)
 
 DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
 DL_Group (std::string_view name)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
bool has_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt inverse_mod_q (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
BigInt mod_q (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
std::string PEM_encode (DL_Group_Format format) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
 
BigInt power_g_p (const BigInt &x) const
 
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
 
size_t q_bits () const
 
size_t q_bytes () const
 
DL_Group_Source source () const
 
BigInt square_mod_q (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_private_element (const BigInt &x) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static DL_Group DL_Group_from_PEM (std::string_view pem)
 
static std::shared_ptr< DL_Group_Data > DL_group_info (std::string_view name)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 44 of file dl_group.h.

Member Typedef Documentation

◆ Format

using Botan::DL_Group::Format = DL_Group_Format

Definition at line 51 of file dl_group.h.

Member Enumeration Documentation

◆ PrimeType

enum Botan::DL_Group::PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 49 of file dl_group.h.

49{ Strong, Prime_Subgroup, DSA_Kosherizer };
Botan::DL_Group::Prime_Subgroup
@ Prime_Subgroup
Definition dl_group.h:49
Botan::DL_Group::DSA_Kosherizer
@ DSA_Kosherizer
Definition dl_group.h:49
Botan::DL_Group::Strong
@ Strong
Definition dl_group.h:49

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value. Use this constructor is you wish to set the groups values from a DER or PEM encoded group.

Referenced by DL_Group_from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( std::string_view name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group_from_PEM function

Definition at line 176 of file dl_group.cpp.

176 {
177 // Either a name or a PEM block, try name first
178 m_data = DL_group_info(str);
179
180 if(m_data == nullptr) {
181 try {
182 std::string label;
183 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
184 DL_Group_Format format = pem_label_to_dl_format(label);
185
186 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
187 } catch(...) {}
188 }
189
190 if(m_data == nullptr) {
191 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", str));
192 }
193}
Botan::DL_Group::DL_group_info
static std::shared_ptr< DL_Group_Data > DL_group_info(std::string_view name)
Definition dl_named.cpp:13
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::DL_Group_Format
DL_Group_Format
Definition dl_group.h:28
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:75

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
PrimeType type,
size_t pbits,
size_t qbits = 0 )

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 224 of file dl_group.cpp.

224 {
225 if(pbits < 1024) {
226 throw Invalid_Argument(fmt("DL_Group: requested prime size {} is too small", pbits));
227 }
228
229 if(qbits >= pbits) {
230 throw Invalid_Argument(fmt("DL_Group: requested q size {} is too big for p {}", qbits, pbits));
231 }
232
233 if(type == Strong) {
234 if(qbits != 0 && qbits != pbits - 1) {
235 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
236 }
237
238 const BigInt p = random_safe_prime(rng, pbits);
239 const BigInt q = (p - 1) / 2;
240
241 /*
242 Always choose a generator that is quadratic reside mod p,
243 this forces g to be a generator of the subgroup of size q.
244 */
245 BigInt g = BigInt::from_word(2);
246 if(jacobi(g, p) != 1) {
247 // prime table does not contain 2
248 for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i) {
249 g = BigInt::from_word(PRIMES[i]);
250 if(jacobi(g, p) == 1) {
251 break;
252 }
253 }
254 }
255
256 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
257 } else if(type == Prime_Subgroup) {
258 if(qbits == 0) {
259 qbits = dl_exponent_size(pbits);
260 }
261
262 const BigInt q = random_prime(rng, qbits);
263 Modular_Reducer mod_2q(2 * q);
264 BigInt X;
265 BigInt p;
266 while(p.bits() != pbits || !is_prime(p, rng, 128, true)) {
267 X.randomize(rng, pbits);
268 p = X - mod_2q.reduce(X) + 1;
269 }
270
271 const BigInt g = make_dsa_generator(p, q);
272 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
273 } else if(type == DSA_Kosherizer) {
274 if(qbits == 0) {
275 qbits = ((pbits <= 1024) ? 160 : 256);
276 }
277
278 BigInt p, q;
279 generate_dsa_primes(rng, p, q, pbits, qbits);
280 const BigInt g = make_dsa_generator(p, q);
281 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
282 } else {
283 throw Invalid_Argument("DL_Group unknown PrimeType");
284 }
285}
Botan::BigInt::from_word
static BigInt from_word(word n)
Definition bigint.cpp:42
X
FE_25519 X
Definition ge.cpp:25
Botan::random_prime
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition make_prm.cpp:97
Botan::PRIMES
const uint16_t PRIMES[]
Definition primes.cpp:12
Botan::PRIME_TABLE_SIZE
const size_t PRIME_TABLE_SIZE
Definition numthry.h:167
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:357
Botan::generate_dsa_primes
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition dsa_gen.cpp:53
Botan::dl_exponent_size
size_t dl_exponent_size(size_t bits)
Definition workfactor.cpp:52
Botan::jacobi
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition numthry.cpp:116
Botan::random_safe_prime
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition make_prm.cpp:294

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::PRIME_TABLE_SIZE, Botan::PRIMES, Botan::random_prime(), Botan::random_safe_prime(), Botan::BigInt::randomize(), Botan::RandomlyGenerated, Botan::Modular_Reducer::reduce(), and X.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
const std::vector< uint8_t > & seed,
size_t pbits = 1024,
size_t qbits = 0 )

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 290 of file dl_group.cpp.

290 {
291 BigInt p, q;
292
293 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) {
294 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
295 }
296
297 BigInt g = make_dsa_generator(p, q);
298
299 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
300}

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 305 of file dl_group.cpp.

305 {
306 m_data = std::make_shared<DL_Group_Data>(p, BigInt::zero(), g, DL_Group_Source::ExternalSource);
307}
Botan::BigInt::zero
static BigInt zero()
Definition bigint.h:46

References Botan::ExternalSource, and Botan::BigInt::zero().

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & q,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 312 of file dl_group.cpp.

312 {
313 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
314}

References Botan::ExternalSource.

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t ber[],
size_t ber_len,
DL_Group_Format format )

Decode a BER-encoded DL group param

Definition at line 582 of file dl_group.cpp.

582 {
583 m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
584}

References Botan::ExternalSource.

◆ DL_Group() [8/8]

template<typename Alloc >
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > & ber,
DL_Group_Format format )
inline

Decode a BER-encoded DL group param

Definition at line 123 of file dl_group.h.

123 :
124 DL_Group(ber.data(), ber.size(), format) {}
Botan::DL_Group::DL_Group
DL_Group()=default

Member Function Documentation

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > & ber,
DL_Group_Format format )

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 586 of file dl_group.cpp.

586 {
587 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
588}

References Botan::ExternalSource.

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( DL_Group_Format format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 544 of file dl_group.cpp.

544 {
545 if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3)) {
546 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
547 }
548
549 std::vector<uint8_t> output;
550 DER_Encoder der(output);
551
552 if(format == DL_Group_Format::ANSI_X9_57) {
553 der.start_sequence().encode(get_p()).encode(get_q()).encode(get_g()).end_cons();
554 } else if(format == DL_Group_Format::ANSI_X9_42) {
555 der.start_sequence().encode(get_p()).encode(get_g()).encode(get_q()).end_cons();
556 } else if(format == DL_Group_Format::PKCS_3) {
557 der.start_sequence().encode(get_p()).encode(get_g()).end_cons();
558 } else {
559 throw Invalid_Argument("Unknown DL_Group encoding");
560 }
561
562 return output;
563}
Botan::DL_Group::get_p
const BigInt & get_p() const
Definition dl_group.cpp:426
Botan::DL_Group::get_g
const BigInt & get_g() const
Definition dl_group.cpp:433
Botan::DL_Group::get_q
const BigInt & get_q() const
Definition dl_group.cpp:440

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by PEM_encode().

◆ DL_Group_from_PEM()

DL_Group Botan::DL_Group::DL_Group_from_PEM ( std::string_view pem)
static

Definition at line 591 of file dl_group.cpp.

591 {
592 std::string label;
593 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
594 DL_Group_Format format = pem_label_to_dl_format(label);
595 return DL_Group(ber, format);
596}

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( std::string_view name)
static

Definition at line 13 of file dl_named.cpp.

13 {
14 /* TLS FFDHE groups */
15
16 if(name == "ffdhe/ietf/2048") {
17 return load_DL_group_info(
18 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
19 "0x2");
20 }
21
22 if(name == "ffdhe/ietf/3072") {
23 return load_DL_group_info(
24 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
25 "0x2");
26 }
27
28 if(name == "ffdhe/ietf/4096") {
29 return load_DL_group_info(
30 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
31 "0x2");
32 }
33
34 if(name == "ffdhe/ietf/6144") {
35 return load_DL_group_info(
36 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
37 "0x2");
38 }
39
40 if(name == "ffdhe/ietf/8192") {
41 return load_DL_group_info(
42 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", "0x2");
43 }
44
45 /* IETF IPsec groups */
46
47 if(name == "modp/ietf/1024") {
48 return load_DL_group_info(
49 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
50 "0x2");
51 }
52
53 if(name == "modp/ietf/1536") {
54 return load_DL_group_info(
55 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
56 "0x2");
57 }
58
59 if(name == "modp/ietf/2048") {
60 return load_DL_group_info(
61 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
62 "0x2");
63 }
64
65 if(name == "modp/ietf/3072") {
66 return load_DL_group_info(
67 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
68 "0x2");
69 }
70
71 if(name == "modp/ietf/4096") {
72 return load_DL_group_info(
73 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
74 "0x2");
75 }
76
77 if(name == "modp/ietf/6144") {
78 return load_DL_group_info(
79 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
80 "0x2");
81 }
82
83 if(name == "modp/ietf/8192") {
84 return load_DL_group_info(
85 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0x2");
86 }
87
88 /* SRP groups
89
90 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
91 of subgroup of size q, so set q == 0 to bypass generator check
92
93 Missing q doesn't matter for SRP, and nothing but SRP should be
94 using these parameters.
95 */
96
97 if(name == "modp/srp/1024") {
98 return load_DL_group_info(
99 "0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
100 "0",
101 "0x2");
102 }
103
104 if(name == "modp/srp/1536") {
105 return load_DL_group_info(
106 "0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
107 "0",
108 "0x2");
109 }
110
111 if(name == "modp/srp/2048") {
112 return load_DL_group_info(
113 "0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
114 "0",
115 "0x2");
116 }
117
118 if(name == "modp/srp/3072") {
119 return load_DL_group_info(
120 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
121 "0",
122 "0x5");
123 }
124
125 if(name == "modp/srp/4096") {
126 return load_DL_group_info(
127 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
128 "0",
129 "0x5");
130 }
131
132 if(name == "modp/srp/6144") {
133 return load_DL_group_info(
134 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
135 "0",
136 "0x5");
137 }
138
139 if(name == "modp/srp/8192") {
140 return load_DL_group_info(
141 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0", "0x13");
142 }
143
144 /* DSA groups */
145
146 if(name == "dsa/jce/1024") {
147 return load_DL_group_info(
148 "0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
149 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
150 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
151 }
152
153 if(name == "dsa/botan/2048") {
154 return load_DL_group_info(
155 "0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
156 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
157 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
158 }
159
160 if(name == "dsa/botan/3072") {
161 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
162 }
163
164 return std::shared_ptr<DL_Group_Data>();
165}
name
std::string name
Definition commoncrypto_hash.cpp:24

References name.

Referenced by DL_Group().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 470 of file dl_group.cpp.

470 {
471 return data().estimated_strength();
472}

Referenced by Botan::DL_PublicKey::estimated_strength().

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 474 of file dl_group.cpp.

474 {
475 return data().exponent_bits();
476}

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 433 of file dl_group.cpp.

433 {
434 return data().g();
435}

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), multi_exponentiate(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 426 of file dl_group.cpp.

426 {
427 return data().p();
428}

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), inverse_mod_p(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), Botan::SRP6_Server_Session::step2(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 440 of file dl_group.cpp.

440 {
441 return data().q();
442}

Referenced by DER_encode(), Botan::DL_PublicKey::get_int_field(), Botan::DL_PrivateKey::get_int_field(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().

◆ has_q()

bool Botan::DL_Group::has_q ( ) const

Return if the q value is set

Definition at line 448 of file dl_group.cpp.

448 {
449 return data().q_is_set();
450}

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey(), and Botan::DSA_PrivateKey::DSA_PrivateKey().

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt & x) const

Return the inverse of x mod p

Definition at line 478 of file dl_group.cpp.

478 {
479 // precompute??
480 return inverse_mod(x, get_p());
481}
Botan::inverse_mod
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition mod_inv.cpp:178

References get_p(), and Botan::inverse_mod().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt & x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 491 of file dl_group.cpp.

491 {
492 data().assert_q_is_set("inverse_mod_q");
493 // precompute??
494 return inverse_mod(x, get_q());
495}

References get_q(), and Botan::inverse_mod().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt & x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 483 of file dl_group.cpp.

483 {
484 return data().mod_p(x);
485}

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt & x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 497 of file dl_group.cpp.

497 {
498 data().assert_q_is_set("mod_q");
499 return data().mod_q(x);
500}

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 444 of file dl_group.cpp.

444 {
445 return data().monty_params_p();
446}

Referenced by multi_exponentiate().

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 517 of file dl_group.cpp.

517 {
518 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z);
519}
Botan::DL_Group::monty_params_p
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition dl_group.cpp:444
Botan::monty_multi_exp
BigInt monty_multi_exp(const std::shared_ptr< const Montgomery_Params > &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition monty_exp.cpp:158

References get_g(), Botan::monty_multi_exp(), and monty_params_p().

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 487 of file dl_group.cpp.

487 {
488 return data().multiply_mod_p(x, y);
489}

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step2().

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 502 of file dl_group.cpp.

502 {
503 data().assert_q_is_set("multiply_mod_q");
504 return data().multiply_mod_q(x, y);
505}

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 507 of file dl_group.cpp.

507 {
508 data().assert_q_is_set("multiply_mod_q");
509 return data().multiply_mod_q(data().multiply_mod_q(x, y), z);
510}
Botan::DL_Group::multiply_mod_q
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition dl_group.cpp:502

References multiply_mod_q().

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 452 of file dl_group.cpp.

452 {
453 return data().p_bits();
454}

Referenced by Botan::DL_PublicKey::p_bits(), power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::SRP6_Server_Session::step1(), and Botan::SRP6_Server_Session::step2().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 456 of file dl_group.cpp.

456 {
457 return data().p_bytes();
458}

Referenced by botan_srp6_group_size(), Botan::DL_PublicKey::public_key_as_bytes(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and Botan::SRP6_Server_Session::step2().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( DL_Group_Format format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 568 of file dl_group.cpp.

568 {
569 const std::vector<uint8_t> encoding = DER_encode(format);
570
571 if(format == DL_Group_Format::PKCS_3) {
572 return PEM_Code::encode(encoding, "DH PARAMETERS");
573 } else if(format == DL_Group_Format::ANSI_X9_57) {
574 return PEM_Code::encode(encoding, "DSA PARAMETERS");
575 } else if(format == DL_Group_Format::ANSI_X9_42) {
576 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
577 } else {
578 throw Invalid_Argument("Unknown DL_Group encoding");
579 }
580}
Botan::DL_Group::DER_encode
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition dl_group.cpp:544
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

◆ power_b_p() [1/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
Returns
(b^x) % p

Definition at line 529 of file dl_group.cpp.

529 {
530 return this->power_b_p(b, x, data().p_bits());
531}
Botan::DL_Group::p_bits
size_t p_bits() const
Definition dl_group.cpp:452
Botan::DL_Group::power_b_p
BigInt power_b_p(const BigInt &b, const BigInt &x, size_t max_x_bits) const
Definition dl_group.cpp:533

References p_bits(), and power_b_p().

◆ power_b_p() [2/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(b^x) % p

Definition at line 533 of file dl_group.cpp.

533 {
534 return data().power_b_p(b, x, max_x_bits);
535}

Referenced by power_b_p(), Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step2().

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x) const

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 521 of file dl_group.cpp.

521 {
522 return data().power_g_p(x, x.bits());
523}

References Botan::BigInt::bits().

Referenced by Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::SRP6_Server_Session::step1(), and verify_element_pair().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 525 of file dl_group.cpp.

525 {
526 return data().power_g_p(x, max_x_bits);
527}

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 460 of file dl_group.cpp.

460 {
461 data().assert_q_is_set("q_bits");
462 return data().q_bits();
463}

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 465 of file dl_group.cpp.

465 {
466 data().assert_q_is_set("q_bytes");
467 return data().q_bytes();
468}

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 537 of file dl_group.cpp.

537 {
538 return data().source();
539}

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt & x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 512 of file dl_group.cpp.

512 {
513 data().assert_q_is_set("square_mod_q");
514 return data().square_mod_q(x);
515}

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt & y,
const BigInt & x ) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 356 of file dl_group.cpp.

356 {
357 const BigInt& p = get_p();
358
359 if(y <= 1 || y >= p || x <= 1 || x >= p) {
360 return false;
361 }
362
363 if(y != this->power_g_p(x)) {
364 return false;
365 }
366
367 return true;
368}
Botan::DL_Group::power_g_p
BigInt power_g_p(const BigInt &x) const
Definition dl_group.cpp:521

References get_p(), and power_g_p().

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = true ) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 373 of file dl_group.cpp.

373 {
374 const bool from_builtin = (source() == DL_Group_Source::Builtin);
375
376 if(!strong && from_builtin) {
377 return true;
378 }
379
380 const BigInt& p = get_p();
381 const BigInt& q = get_q();
382 const BigInt& g = get_g();
383
384 if(g < 2 || p < 3 || q < 0) {
385 return false;
386 }
387
388 const size_t test_prob = 128;
389 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
390
391 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
392 return false;
393 }
394
395 if(q != 0) {
396 if((p - 1) % q != 0) {
397 return false;
398 }
399 if(data().power_g_p_vartime(q) != 1) {
400 return false;
401 }
402 if(!is_prime(q, rng, test_prob, is_randomly_generated)) {
403 return false;
404 }
405 } else {
406 if(!from_builtin && !is_randomly_generated) {
407 // If we got this p,g from some unknown source, try to verify
408 // that the group order is not too absurdly small.
409
410 const size_t upper_bound = strong ? 1000 : 100;
411
412 for(size_t i = 2; i != upper_bound; ++i) {
413 if(data().power_g_p_vartime(BigInt::from_word(i)) == 1) {
414 return false;
415 }
416 }
417 }
418 }
419
420 return true;
421}
Botan::DL_Group::source
DL_Group_Source source() const
Definition dl_group.cpp:537

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::DL_PublicKey::check_key(), Botan::DL_PrivateKey::check_key(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ verify_private_element()

bool Botan::DL_Group::verify_private_element ( const BigInt & x) const

Verify a private element

Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q

Definition at line 341 of file dl_group.cpp.

341 {
342 const BigInt& p = get_p();
343 const BigInt& q = get_q();
344
345 if(x <= 1 || x >= p) {
346 return false;
347 }
348
349 if(q > 0 && x > q) {
350 return false;
351 }
352
353 return true;
354}

References get_p(), and get_q().

Referenced by Botan::DL_PrivateKey::check_key().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt & y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 324 of file dl_group.cpp.

324 {
325 const BigInt& p = get_p();
326 const BigInt& q = get_q();
327
328 if(y <= 1 || y >= p) {
329 return false;
330 }
331
332 if(q.is_zero() == false) {
333 if(data().power_b_p_vartime(y, q) != 1) {
334 return false;
335 }
336 }
337
338 return true;
339}

References get_p(), get_q(), and Botan::BigInt::is_zero().

Referenced by Botan::DL_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.10.0