Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

using Format = DL_Group_Format
 
enum  PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }
 

Public Member Functions

void BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format)
 
std::vector< uint8_t > DER_encode (DL_Group_Format format) const
 
 DL_Group ()=default
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
 DL_Group (const std::string &name)
 
template<typename Alloc >
 DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format)
 
 DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt inverse_mod_q (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
BigInt mod_q (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
std::string PEM_encode (DL_Group_Format format) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
 
BigInt power_g_p (const BigInt &x) const
 
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
 
size_t q_bits () const
 
size_t q_bytes () const
 
DL_Group_Source source () const
 
BigInt square_mod_q (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static DL_Group DL_Group_from_PEM (const std::string &pem)
 
static std::shared_ptr< DL_Group_Data > DL_group_info (const std::string &name)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 43 of file dl_group.h.

Member Typedef Documentation

◆ Format

Definition at line 51 of file dl_group.h.

Member Enumeration Documentation

◆ PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 49 of file dl_group.h.

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value. Use this constructor is you wish to set the groups values from a DER or PEM encoded group.

Referenced by DL_Group_from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( const std::string &  name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group_from_PEM function

Definition at line 207 of file dl_group.cpp.

208 {
209 // Either a name or a PEM block, try name first
210 m_data = DL_group_info(str);
211
212 if(m_data == nullptr)
213 {
214 try
215 {
216 std::string label;
217 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
218 DL_Group_Format format = pem_label_to_dl_format(label);
219
220 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
221 }
222 catch(...) {}
223 }
224
225 if(m_data == nullptr)
226 throw Invalid_Argument("DL_Group: Unknown group " + str);
227 }
static std::shared_ptr< DL_Group_Data > DL_group_info(const std::string &name)
Definition: dl_named.cpp:13
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:66
DL_Group_Format
Definition: dl_group.h:27
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
PrimeType  type,
size_t  pbits,
size_t  qbits = 0 
)

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 258 of file dl_group.cpp.

260 {
261 if(pbits < 1024)
262 throw Invalid_Argument("DL_Group: prime size " + std::to_string(pbits) + " is too small");
263
264 if(type == Strong)
265 {
266 if(qbits != 0 && qbits != pbits - 1)
267 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
268
269 const BigInt p = random_safe_prime(rng, pbits);
270 const BigInt q = (p - 1) / 2;
271
272 /*
273 Always choose a generator that is quadratic reside mod p,
274 this forces g to be a generator of the subgroup of size q.
275 */
276 BigInt g = BigInt::from_word(2);
277 if(jacobi(g, p) != 1)
278 {
279 // prime table does not contain 2
280 for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i)
281 {
283 if(jacobi(g, p) == 1)
284 break;
285 }
286 }
287
288 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
289 }
290 else if(type == Prime_Subgroup)
291 {
292 if(qbits == 0)
293 qbits = dl_exponent_size(pbits);
294
295 const BigInt q = random_prime(rng, qbits);
296 Modular_Reducer mod_2q(2*q);
297 BigInt X;
298 BigInt p;
299 while(p.bits() != pbits || !is_prime(p, rng, 128, true))
300 {
301 X.randomize(rng, pbits);
302 p = X - mod_2q.reduce(X) + 1;
303 }
304
305 const BigInt g = make_dsa_generator(p, q);
306 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
307 }
308 else if(type == DSA_Kosherizer)
309 {
310 if(qbits == 0)
311 qbits = ((pbits <= 1024) ? 160 : 256);
312
313 BigInt p, q;
314 generate_dsa_primes(rng, p, q, pbits, qbits);
315 const BigInt g = make_dsa_generator(p, q);
316 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
317 }
318 else
319 {
320 throw Invalid_Argument("DL_Group unknown PrimeType");
321 }
322 }
static BigInt from_word(word n)
Definition: bigint.cpp:43
fe X
Definition: ge.cpp:26
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition: make_prm.cpp:106
const uint16_t PRIMES[]
Definition: primes.cpp:12
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:171
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:370
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:40
size_t dl_exponent_size(size_t bits)
Definition: workfactor.cpp:55
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: numthry.cpp:130
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition: make_prm.cpp:308
MechanismType type

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::PRIME_TABLE_SIZE, Botan::PRIMES, Botan::random_prime(), Botan::random_safe_prime(), Botan::RandomlyGenerated, Botan::Modular_Reducer::reduce(), Strong, Botan::ASN1::to_string(), type, and X.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
const std::vector< uint8_t > &  seed,
size_t  pbits = 1024,
size_t  qbits = 0 
)

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 327 of file dl_group.cpp.

330 {
331 BigInt p, q;
332
333 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed))
334 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
335
336 BigInt g = make_dsa_generator(p, q);
337
338 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
339 }

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 344 of file dl_group.cpp.

345 {
346 m_data = std::make_shared<DL_Group_Data>(p, BigInt::zero(), g, DL_Group_Source::ExternalSource);
347 }
static BigInt zero()
Definition: bigint.h:45

References Botan::ExternalSource, and Botan::BigInt::zero().

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt q,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 352 of file dl_group.cpp.

353 {
354 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
355 }

References Botan::ExternalSource.

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t  ber[],
size_t  ber_len,
DL_Group_Format  format 
)

Decode a BER-encoded DL group param

Definition at line 648 of file dl_group.cpp.

649 {
650 m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
651 }

References Botan::ExternalSource.

◆ DL_Group() [8/8]

template<typename Alloc >
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > &  ber,
DL_Group_Format  format 
)
inline

Decode a BER-encoded DL group param

Definition at line 126 of file dl_group.h.

126 :
127 DL_Group(ber.data(), ber.size(), format) {}
DL_Group()=default

Member Function Documentation

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > &  ber,
DL_Group_Format  format 
)

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 653 of file dl_group.cpp.

654 {
655 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
656 }

References Botan::ExternalSource.

Referenced by Botan::DL_Scheme_PrivateKey::DL_Scheme_PrivateKey().

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( DL_Group_Format  format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 594 of file dl_group.cpp.

595 {
596 if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3))
597 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
598
599 std::vector<uint8_t> output;
600 DER_Encoder der(output);
601
602 if(format == DL_Group_Format::ANSI_X9_57)
603 {
604 der.start_sequence()
605 .encode(get_p())
606 .encode(get_q())
607 .encode(get_g())
608 .end_cons();
609 }
610 else if(format == DL_Group_Format::ANSI_X9_42)
611 {
612 der.start_sequence()
613 .encode(get_p())
614 .encode(get_g())
615 .encode(get_q())
616 .end_cons();
617 }
618 else if(format == DL_Group_Format::PKCS_3)
619 {
620 der.start_sequence()
621 .encode(get_p())
622 .encode(get_g())
623 .end_cons();
624 }
625 else
626 throw Invalid_Argument("Unknown DL_Group encoding");
627
628 return output;
629 }
const BigInt & get_p() const
Definition: dl_group.cpp:461
const BigInt & get_g() const
Definition: dl_group.cpp:469
const BigInt & get_q() const
Definition: dl_group.cpp:477

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), and PEM_encode().

◆ DL_Group_from_PEM()

DL_Group Botan::DL_Group::DL_Group_from_PEM ( const std::string &  pem)
static

Definition at line 659 of file dl_group.cpp.

660 {
661 std::string label;
662 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
663 DL_Group_Format format = pem_label_to_dl_format(label);
664 return DL_Group(ber, format);
665 }

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( const std::string &  name)
static

Definition at line 13 of file dl_named.cpp.

14 {
15 /* TLS FFDHE groups */
16
17 if(name == "ffdhe/ietf/2048")
18 {
19 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
20 "0x2");
21 }
22
23 if(name == "ffdhe/ietf/3072")
24 {
25 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
26 "0x2");
27 }
28
29 if(name == "ffdhe/ietf/4096")
30 {
31 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
32 "0x2");
33 }
34
35 if(name == "ffdhe/ietf/6144")
36 {
37 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
38 "0x2");
39 }
40
41 if(name == "ffdhe/ietf/8192")
42 {
43 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF",
44 "0x2");
45 }
46
47 /* IETF IPsec groups */
48
49 if(name == "modp/ietf/1024")
50 {
51 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
52 "0x2");
53 }
54
55 if(name == "modp/ietf/1536")
56 {
57 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
58 "0x2");
59 }
60
61 if(name == "modp/ietf/2048")
62 {
63 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
64 "0x2");
65 }
66
67 if(name == "modp/ietf/3072")
68 {
69 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
70 "0x2");
71 }
72
73 if(name == "modp/ietf/4096")
74 {
75 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
76 "0x2");
77 }
78
79 if(name == "modp/ietf/6144")
80 {
81 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
82 "0x2");
83 }
84
85 if(name == "modp/ietf/8192")
86 {
87 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
88 "0x2");
89 }
90
91 /* SRP groups
92
93 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
94 of subgroup of size q, so set q == 0 to bypass generator check
95
96 Missing q doesn't matter for SRP, and nothing but SRP should be
97 using these parameters.
98 */
99
100 if(name == "modp/srp/1024")
101 {
102 return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
103 "0",
104 "0x2");
105 }
106
107 if(name == "modp/srp/1536")
108 {
109 return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
110 "0",
111 "0x2");
112 }
113
114 if(name == "modp/srp/2048")
115 {
116 return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
117 "0",
118 "0x2");
119 }
120
121 if(name == "modp/srp/3072")
122 {
123 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
124 "0",
125 "0x5");
126 }
127
128 if(name == "modp/srp/4096")
129 {
130 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
131 "0",
132 "0x5");
133 }
134
135 if(name == "modp/srp/6144")
136 {
137 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
138 "0",
139 "0x5");
140 }
141
142 if(name == "modp/srp/8192")
143 {
144 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
145 "0",
146 "0x13");
147 }
148
149 /* DSA groups */
150
151 if(name == "dsa/jce/1024")
152 {
153 return load_DL_group_info("0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
154 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
155 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
156 }
157
158 if(name == "dsa/botan/2048")
159 {
160 return load_DL_group_info("0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
161 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
162 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
163 }
164
165 if(name == "dsa/botan/3072")
166 {
167 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B",
168 "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B",
169 "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
170 }
171
172 return std::shared_ptr<DL_Group_Data>();
173 }
std::string name

References name.

Referenced by DL_Group().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 509 of file dl_group.cpp.

510 {
511 return data().estimated_strength();
512 }

Referenced by Botan::DL_Scheme_PublicKey::estimated_strength().

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 514 of file dl_group.cpp.

515 {
516 return data().exponent_bits();
517 }

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 469 of file dl_group.cpp.

470 {
471 return data().g();
472 }

Referenced by DER_encode(), multi_exponentiate(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 461 of file dl_group.cpp.

462 {
463 return data().p();
464 }

Referenced by DER_encode(), inverse_mod_p(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), verify_element_pair(), verify_group(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 477 of file dl_group.cpp.

478 {
479 return data().q();
480 }

Referenced by DER_encode(), Botan::DSA_PrivateKey::DSA_PrivateKey(), inverse_mod_q(), verify_group(), and verify_public_element().

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt x) const

Return the inverse of x mod p

Definition at line 519 of file dl_group.cpp.

520 {
521 // precompute??
522 return inverse_mod(x, get_p());
523 }
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: mod_inv.cpp:177

References get_p(), and Botan::inverse_mod().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 535 of file dl_group.cpp.

536 {
537 data().assert_q_is_set("inverse_mod_q");
538 // precompute??
539 return inverse_mod(x, get_q());
540 }

References get_q(), and Botan::inverse_mod().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 525 of file dl_group.cpp.

526 {
527 return data().mod_p(x);
528 }

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 542 of file dl_group.cpp.

543 {
544 data().assert_q_is_set("mod_q");
545 return data().mod_q(x);
546 }

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 482 of file dl_group.cpp.

483 {
484 return data().monty_params_p();
485 }

Referenced by multi_exponentiate().

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 566 of file dl_group.cpp.

567 {
568 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z);
569 }
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition: dl_group.cpp:482
BigInt monty_multi_exp(const std::shared_ptr< const Montgomery_Params > &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition: monty_exp.cpp:174

References get_g(), Botan::monty_multi_exp(), and monty_params_p().

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 530 of file dl_group.cpp.

531 {
532 return data().multiply_mod_p(x, y);
533 }

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 548 of file dl_group.cpp.

549 {
550 data().assert_q_is_set("multiply_mod_q");
551 return data().multiply_mod_q(x, y);
552 }

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 554 of file dl_group.cpp.

555 {
556 data().assert_q_is_set("multiply_mod_q");
557 return data().multiply_mod_q(data().multiply_mod_q(x, y), z);
558 }
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition: dl_group.cpp:548

References multiply_mod_q().

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 487 of file dl_group.cpp.

488 {
489 return data().p_bits();
490 }

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::DL_Scheme_PublicKey::key_length(), and Botan::srp6_client_agree().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 492 of file dl_group.cpp.

493 {
494 return data().p_bytes();
495 }

Referenced by Botan::srp6_client_agree().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( DL_Group_Format  format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 634 of file dl_group.cpp.

635 {
636 const std::vector<uint8_t> encoding = DER_encode(format);
637
638 if(format == DL_Group_Format::PKCS_3)
639 return PEM_Code::encode(encoding, "DH PARAMETERS");
640 else if(format == DL_Group_Format::ANSI_X9_57)
641 return PEM_Code::encode(encoding, "DSA PARAMETERS");
642 else if(format == DL_Group_Format::ANSI_X9_42)
643 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
644 else
645 throw Invalid_Argument("Unknown DL_Group encoding");
646 }
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition: dl_group.cpp:594
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:41

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

◆ power_b_p()

BigInt Botan::DL_Group::power_b_p ( const BigInt b,
const BigInt x,
size_t  max_x_bits 
) const

Modular exponentiation

Parameters
bthe base
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(b^x) % p

Definition at line 581 of file dl_group.cpp.

582 {
583 return data().power_b_p(b, x, max_x_bits);
584 }
PolynomialVector b
Definition: kyber.cpp:821

References b.

Referenced by Botan::srp6_client_agree().

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x) const

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 571 of file dl_group.cpp.

572 {
573 return data().power_g_p(x, x.bits());
574 }

References Botan::BigInt::bits().

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::generate_srp6_verifier(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and verify_element_pair().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x,
size_t  max_x_bits 
) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 576 of file dl_group.cpp.

577 {
578 return data().power_g_p(x, max_x_bits);
579 }

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 497 of file dl_group.cpp.

498 {
499 data().assert_q_is_set("q_bits");
500 return data().q_bits();
501 }

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey().

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 503 of file dl_group.cpp.

504 {
505 data().assert_q_is_set("q_bytes");
506 return data().q_bytes();
507 }

Referenced by Botan::DSA_PublicKey::DSA_PublicKey().

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 586 of file dl_group.cpp.

587 {
588 return data().source();
589 }

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 560 of file dl_group.cpp.

561 {
562 data().assert_q_is_set("square_mod_q");
563 return data().square_mod_q(x);
564 }

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt y,
const BigInt x 
) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 382 of file dl_group.cpp.

383 {
384 const BigInt& p = get_p();
385
386 if(y <= 1 || y >= p || x <= 1 || x >= p)
387 return false;
388
389 if(y != this->power_g_p(x))
390 return false;
391
392 return true;
393 }
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:571

References get_p(), and power_g_p().

Referenced by Botan::DL_Scheme_PrivateKey::check_key().

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator rng,
bool  strong = true 
) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 398 of file dl_group.cpp.

400 {
401 const bool from_builtin = (source() == DL_Group_Source::Builtin);
402
403 if(!strong && from_builtin)
404 return true;
405
406 const BigInt& p = get_p();
407 const BigInt& q = get_q();
408 const BigInt& g = get_g();
409
410 if(g < 2 || p < 3 || q < 0)
411 return false;
412
413 const size_t test_prob = 128;
414 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
415
416 if(!is_prime(p, rng, test_prob, is_randomly_generated))
417 {
418 return false;
419 }
420
421 if(q != 0)
422 {
423 if((p - 1) % q != 0)
424 {
425 return false;
426 }
427 if(data().power_g_p_vartime(q) != 1)
428 {
429 return false;
430 }
431 if(!is_prime(q, rng, test_prob, is_randomly_generated))
432 {
433 return false;
434 }
435 }
436 else
437 {
438 if(!from_builtin && !is_randomly_generated)
439 {
440 // If we got this p,g from some unknown source, try to verify
441 // that the group order is not too absurdly small.
442
443 const size_t upper_bound = strong ? 1000 : 100;
444
445 for(size_t i = 2; i != upper_bound; ++i)
446 {
447 if(data().power_g_p_vartime(BigInt::from_word(i)) == 1)
448 {
449 return false;
450 }
451 }
452 }
453 }
454
455 return true;
456 }
DL_Group_Source source() const
Definition: dl_group.cpp:586

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::DL_Scheme_PublicKey::check_key(), Botan::DL_Scheme_PrivateKey::check_key(), and Botan::TLS::Callbacks::tls_dh_agree().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 365 of file dl_group.cpp.

366 {
367 const BigInt& p = get_p();
368 const BigInt& q = get_q();
369
370 if(y <= 1 || y >= p)
371 return false;
372
373 if(q.is_zero() == false)
374 {
375 if(data().power_b_p_vartime(y, q) != 1)
376 return false;
377 }
378
379 return true;
380 }

References get_p(), get_q(), and Botan::BigInt::is_zero().

Referenced by Botan::DL_Scheme_PublicKey::check_key().


The documentation for this class was generated from the following files: