Botan::DL_Group Class Reference

#include <dl_group.h>

Public Types
using	Format = DL_Group_Format
enum	PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }

Public Member Functions
const Barrett_Reduction &	_reducer_mod_p () const
void	BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format)
std::vector< uint8_t >	DER_encode (DL_Group_Format format) const
	DL_Group ()=default
	DL_Group (const BigInt &p, const BigInt &g)
	DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
template<typename Alloc>
	DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format)
	DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format)
	DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
	DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
	DL_Group (std::string_view name)
size_t	estimated_strength () const
size_t	exponent_bits () const
const BigInt &	get_g () const
const BigInt &	get_p () const
const BigInt &	get_q () const
bool	has_q () const
BigInt	inverse_mod_p (const BigInt &x) const
BigInt	inverse_mod_q (const BigInt &x) const
BigInt	mod_p (const BigInt &x) const
BigInt	mod_q (const BigInt &x) const
std::shared_ptr< const Montgomery_Params >	monty_params_p () const
BigInt	multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
BigInt	multiply_mod_p (const BigInt &x, const BigInt &y) const
BigInt	multiply_mod_q (const BigInt &x, const BigInt &y) const
BigInt	multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
size_t	p_bits () const
size_t	p_bytes () const
std::string	PEM_encode (DL_Group_Format format) const
BigInt	power_b_p (const BigInt &b, const BigInt &x) const
BigInt	power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
BigInt	power_g_p (const BigInt &x) const
BigInt	power_g_p (const BigInt &x, size_t max_x_bits) const
size_t	q_bits () const
size_t	q_bytes () const
DL_Group_Source	source () const
BigInt	square_mod_q (const BigInt &x) const
bool	verify_element_pair (const BigInt &y, const BigInt &x) const
bool	verify_group (RandomNumberGenerator &rng, bool strong=true) const
bool	verify_private_element (const BigInt &x) const
bool	verify_public_element (const BigInt &y) const

Static Public Member Functions
static DL_Group	DL_Group_from_PEM (std::string_view pem)
static std::shared_ptr< DL_Group_Data >	DL_group_info (std::string_view name)
static DL_Group	from_name (std::string_view name)
static DL_Group	from_PEM (std::string_view pem)

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 46 of file dl_group.h.

Member Typedef Documentation

Format

using Botan::DL_Group::Format = DL_Group_Format

Definition at line 53 of file dl_group.h.

Member Enumeration Documentation

PrimeType

enum Botan::DL_Group::PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong
Prime_Subgroup
DSA_Kosherizer

Definition at line 51 of file dl_group.h.

{ Strong, Prime_Subgroup, DSA_Kosherizer };

Constructor & Destructor Documentation

DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )

default

Construct a DL group with uninitialized internal value.

References BOTAN_DEPRECATED, DL_Group(), from_name(), and from_PEM().

Referenced by BER_decode(), DL_Group(), DL_Group(), DL_Group_from_PEM(), from_name(), and from_PEM().

DL_Group() [2/8]

Botan::DL_Group::DL_Group ( std::string_view name )

explicit

Construct a DL group that is registered in the configuration.

Parameters

name	the name of the group, for example "modp/ietf/3072"

Warning

This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group::from_PEM or DL_Group::from_name

Definition at line 193 of file dl_group.cpp.

                                     {
   // Either a name or a PEM block, try name first
   m_data = DL_group_info(str);
 
   if(m_data == nullptr) {
      try {
         std::string label;
         const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
         DL_Group_Format format = pem_label_to_dl_format(label);
 
         m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
      } catch(...) {}
   }
 
   if(m_data == nullptr) {
      throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", str));
   }
}

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().

DL_Group() [3/8]

Botan::DL_Group::DL_Group	(	RandomNumberGenerator &	rng,
		PrimeType	type,
		size_t	pbits,
		size_t	qbits = 0 )

Create a new group randomly.

Parameters

rng	the random number generator to use
type	specifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbits	the number of bits of p
qbits	the number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 262 of file dl_group.cpp.

                                                                                         {
   if(pbits < 1024) {
      throw Invalid_Argument(fmt("DL_Group: requested prime size {} is too small", pbits));
   }
 
   if(qbits >= pbits) {
      throw Invalid_Argument(fmt("DL_Group: requested q size {} is too big for p {}", qbits, pbits));
   }
 
   if(type == Strong) {
      if(qbits != 0 && qbits != pbits - 1) {
         throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
      }
 
      const BigInt p = random_safe_prime(rng, pbits);
      const BigInt q = (p - 1) / 2;
 
      /*
      Always choose a generator that is quadratic reside mod p, this forces g to
      be a generator of the subgroup of size q.
 
      We use 2 by default, but if 2 is not a quadratic reside then use 4 which
      is always a quadratic reside, being the square of 2 (or p - 2)
      */
      BigInt g = BigInt::from_word(2);
      if(jacobi(g, p) != 1) {
         g = BigInt::from_word(4);
      }
 
      m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
   } else if(type == Prime_Subgroup) {
      if(qbits == 0) {
         qbits = dl_exponent_size(pbits);
      }
 
      const BigInt q = random_prime(rng, qbits);
      const BigInt q2 = q * 2;
      BigInt X;
      BigInt p;
      while(p.bits() != pbits || !is_prime(p, rng, 128, true)) {
         X.randomize(rng, pbits);
         // Variable time division is OK here since DH groups are public anyway
         p = X - (X % q2) + 1;
      }
 
      const BigInt g = make_dsa_generator(p, q);
      m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
   } else if(type == DSA_Kosherizer) {
      if(qbits == 0) {
         qbits = ((pbits <= 1024) ? 160 : 256);
      }
 
      BigInt p, q;
      generate_dsa_primes(rng, p, q, pbits, qbits);
      const BigInt g = make_dsa_generator(p, q);
      m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
   } else {
      throw Invalid_Argument("DL_Group unknown PrimeType");
   }
}

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::random_prime(), Botan::random_safe_prime(), Botan::BigInt::randomize(), Botan::RandomlyGenerated, and Strong.

DL_Group() [4/8]

Botan::DL_Group::DL_Group	(	RandomNumberGenerator &	rng,
		const std::vector< uint8_t > &	seed,
		size_t	pbits = 1024,
		size_t	qbits = 0 )

Create a DSA group with a given seed.

Parameters

rng	the random number generator to use
seed	the seed to use to create the random primes
pbits	the desired bit size of the prime p
qbits	the desired bit size of the prime q.

Definition at line 326 of file dl_group.cpp.

                                                                                                         {
   BigInt p, q;
 
   if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) {
      throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
   }
 
   BigInt g = make_dsa_generator(p, q);
 
   m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
}

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

DL_Group() [5/8]

Botan::DL_Group::DL_Group	(	const BigInt &	p,
		const BigInt &	g )

Create a DL group.

Parameters

p	the prime p
g	the base g

Definition at line 341 of file dl_group.cpp.

                                                   {
   m_data = std::make_shared<DL_Group_Data>(p, g, DL_Group_Source::ExternalSource);
}

References Botan::ExternalSource.

DL_Group() [6/8]

Botan::DL_Group::DL_Group	(	const BigInt &	p,
		const BigInt &	q,
		const BigInt &	g )

Create a DL group.

Parameters

p	the prime p
q	the prime q
g	the base g

Definition at line 348 of file dl_group.cpp.

                                                                    {
   if(q.is_zero()) {
      m_data = std::make_shared<DL_Group_Data>(p, g, DL_Group_Source::ExternalSource);
   } else {
      m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
   }
}

References Botan::ExternalSource, and Botan::BigInt::is_zero().

DL_Group() [7/8]

Botan::DL_Group::DL_Group	(	const uint8_t	ber[],
		size_t	ber_len,
		DL_Group_Format	format )

Decode a BER-encoded DL group param

Definition at line 622 of file dl_group.cpp.

                                                                              {
   m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
}

References Botan::ExternalSource.

DL_Group() [8/8]

template<typename Alloc>

Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > & ber, DL_Group_Format format )

inline

Decode a BER-encoded DL group param

Definition at line 137 of file dl_group.h.

                                                                             :
            DL_Group(ber.data(), ber.size(), format) {}

References DL_Group().

Member Function Documentation

_reducer_mod_p()

const Barrett_Reduction & Botan::DL_Group::_reducer_mod_p

(

)

const

Definition at line 531 of file dl_group.cpp.

                                                        {
   return data().reducer_mod_p();
}

BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > & ber, DL_Group_Format format )

inline

Decode a DER/BER encoded group into this instance.

Parameters

ber	a vector containing the DER/BER encoded group
format	the format of the encoded group

Warning

avoid this. Instead use the DL_Group constructor

Definition at line 365 of file dl_group.h.

                                                                             {
         *this = DL_Group(ber, format);
      }

References BER_decode(), and DL_Group().

Referenced by BER_decode().

DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode

(

DL_Group_Format

format

)

const

Encode this group into a string using DER encoding.

Parameters

format

the encoding format

Returns

string holding the DER encoded group

Definition at line 584 of file dl_group.cpp.

                                                                    {
   if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3)) {
      throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
   }
 
   std::vector<uint8_t> output;
   DER_Encoder der(output);
 
   if(format == DL_Group_Format::ANSI_X9_57) {
      der.start_sequence().encode(get_p()).encode(get_q()).encode(get_g()).end_cons();
   } else if(format == DL_Group_Format::ANSI_X9_42) {
      der.start_sequence().encode(get_p()).encode(get_g()).encode(get_q()).end_cons();
   } else if(format == DL_Group_Format::PKCS_3) {
      der.start_sequence().encode(get_p()).encode(get_g()).end_cons();
   } else {
      throw Invalid_Argument("Unknown DL_Group encoding");
   }
 
   return output;
}

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by PEM_encode().

DL_Group_from_PEM()

static DL_Group Botan::DL_Group::DL_Group_from_PEM ( std::string_view pem )

inlinestatic

Definition at line 85 of file dl_group.h.

                                                                                             {
         return DL_Group::from_PEM(pem);
      }

References BOTAN_DEPRECATED, DL_Group(), DL_Group_from_PEM(), and from_PEM().

Referenced by DL_Group_from_PEM().

DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( std::string_view name )

static

Definition at line 13 of file dl_named.cpp.

                                                                        {
   /* TLS FFDHE groups */
 
   if(name == "ffdhe/ietf/2048") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "ffdhe/ietf/3072") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "ffdhe/ietf/4096") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "ffdhe/ietf/6144") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "ffdhe/ietf/8192") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", "0x2");
   }
 
   /* IETF IPsec groups */
 
   if(name == "modp/ietf/1024") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/1536") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/2048") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/3072") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/4096") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/6144") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
         "0x2");
   }
 
   if(name == "modp/ietf/8192") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0x2");
   }
 
   /* SRP groups
 
   SRP groups have a p st (p-1)/2 is prime, but g is not a generator
   of subgroup of size q, so set q == 0 to bypass generator check
 
   Missing q doesn't matter for SRP, and nothing but SRP should be
   using these parameters.
   */
 
   if(name == "modp/srp/1024") {
      return load_DL_group_info(
         "0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
         "0",
         "0x2");
   }
 
   if(name == "modp/srp/1536") {
      return load_DL_group_info(
         "0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
         "0",
         "0x2");
   }
 
   if(name == "modp/srp/2048") {
      return load_DL_group_info(
         "0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
         "0",
         "0x2");
   }
 
   if(name == "modp/srp/3072") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
         "0",
         "0x5");
   }
 
   if(name == "modp/srp/4096") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
         "0",
         "0x5");
   }
 
   if(name == "modp/srp/6144") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
         "0",
         "0x5");
   }
 
   if(name == "modp/srp/8192") {
      return load_DL_group_info(
         "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0", "0x13");
   }
 
   /* DSA groups */
 
   if(name == "dsa/jce/1024") {
      return load_DL_group_info(
         "0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
         "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
         "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
   }
 
   if(name == "dsa/botan/2048") {
      return load_DL_group_info(
         "0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
         "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
         "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
   }
 
   if(name == "dsa/botan/3072") {
      return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
   }
 
   return std::shared_ptr<DL_Group_Data>();
}

Referenced by DL_Group(), and from_name().

estimated_strength()

size_t Botan::DL_Group::estimated_strength

(

)

const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 510 of file dl_group.cpp.

                                          {
   return data().estimated_strength();
}

exponent_bits()

size_t Botan::DL_Group::exponent_bits

(

)

const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 514 of file dl_group.cpp.

                                     {
   return data().exponent_bits();
}

from_name()

DL_Group Botan::DL_Group::from_name ( std::string_view name )

static

Construct a DL group that is registered in the configuration.

Parameters

name	the name of the group, for example "modp/ietf/3072"

Exceptions

Invalid_Argument

if the named group is unknown

Definition at line 212 of file dl_group.cpp.

                                                {
   auto data = DL_group_info(name);
 
   if(!data) {
      throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", name));
   }
 
   return DL_Group(data);
}

References DL_Group(), DL_group_info(), and Botan::fmt().

Referenced by botan_srp6_group_size(), Botan::create_private_key(), DL_Group(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::srp6_group_identifier(), and Botan::SRP6_Server_Session::step1().

from_PEM()

DL_Group Botan::DL_Group::from_PEM ( std::string_view pem )

static

Definition at line 223 of file dl_group.cpp.

                                              {
   std::string label;
   const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
   DL_Group_Format format = pem_label_to_dl_format(label);
   return DL_Group(ber, format);
}

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

Referenced by DL_Group(), and DL_Group_from_PEM().

get_g()

const BigInt & Botan::DL_Group::get_g

(

)

const

Get the base g.

Returns

base g

Definition at line 473 of file dl_group.cpp.

                                    {
   return data().g();
}

Referenced by DER_encode(), multi_exponentiate(), Botan::srp6_client_agree(), and verify_group().

get_p()

const BigInt & Botan::DL_Group::get_p

(

)

const

Get the prime p.

Returns

prime p

Definition at line 466 of file dl_group.cpp.

                                    {
   return data().p();
}

Referenced by DER_encode(), inverse_mod_p(), Botan::srp6_client_agree(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().

get_q()

const BigInt & Botan::DL_Group::get_q

(

)

const

Get the prime q, returns zero if q is not used

Returns

prime q

Definition at line 480 of file dl_group.cpp.

                                    {
   return data().q();
}

Referenced by DER_encode(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().

has_q()

bool Botan::DL_Group::has_q

(

)

const

Return if the q value is set

Definition at line 488 of file dl_group.cpp.

                           {
   return data().q_is_set();
}

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey(), and Botan::DSA_PrivateKey::DSA_PrivateKey().

inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p

(

const BigInt &

x

)

const

Return the inverse of x mod p

Definition at line 518 of file dl_group.cpp.

                                                    {
   // precompute??
   return inverse_mod_public_prime(x, get_p());
}

References get_p(), and Botan::inverse_mod_public_prime().

inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q

(

const BigInt &

x

)

const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 535 of file dl_group.cpp.

                                                    {
   data().assert_q_is_set("inverse_mod_q");
   // precompute??
   return inverse_mod_public_prime(x, get_q());
}

References get_q(), and Botan::inverse_mod_public_prime().

mod_p()

BigInt Botan::DL_Group::mod_p

(

const BigInt &

x

)

const

Reduce an integer modulo p

Returns

x % p

Definition at line 523 of file dl_group.cpp.

                                            {
   return data().reducer_mod_p().reduce(x);
}

Referenced by Botan::srp6_client_agree().

mod_q()

BigInt Botan::DL_Group::mod_q

(

const BigInt &

x

)

const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns

x % q

Definition at line 541 of file dl_group.cpp.

                                            {
   data().assert_q_is_set("mod_q");
   return data().reducer_mod_q().reduce(x);
}

monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p

(

)

const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 484 of file dl_group.cpp.

                                                                      {
   return data().monty_params_p();
}

Referenced by multi_exponentiate().

multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate	(	const BigInt &	x,
		const BigInt &	y,
		const BigInt &	z ) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 561 of file dl_group.cpp.

                                                                                           {
   return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z).value();
}

References get_g(), Botan::monty_multi_exp(), monty_params_p(), and Botan::Montgomery_Int::value().

multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p	(	const BigInt &	x,
		const BigInt &	y ) const

Multiply and reduce an integer modulo p

Returns

(x*y) % p

Definition at line 527 of file dl_group.cpp.

                                                                      {
   return data().reducer_mod_p().multiply(x, y);
}

Referenced by Botan::srp6_client_agree().

multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q	(	const BigInt &	x,
		const BigInt &	y ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns

(x*y) % q

Definition at line 546 of file dl_group.cpp.

                                                                      {
   data().assert_q_is_set("multiply_mod_q");
   return data().reducer_mod_q().multiply(x, y);
}

Referenced by multiply_mod_q().

multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q	(	const BigInt &	x,
		const BigInt &	y,
		const BigInt &	z ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns

(x*y*z) % q

Definition at line 551 of file dl_group.cpp.

                                                                                       {
   data().assert_q_is_set("multiply_mod_q");
   return this->multiply_mod_q(this->multiply_mod_q(x, y), z);
}

References multiply_mod_q().

p_bits()

size_t Botan::DL_Group::p_bits

(

)

const

Return the size of p in bits Same as get_p().bits()

Definition at line 492 of file dl_group.cpp.

                              {
   return data().p_bits();
}

Referenced by power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and Botan::SRP6_Server_Session::step1().

p_bytes()

size_t Botan::DL_Group::p_bytes

(

)

const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 496 of file dl_group.cpp.

                               {
   return data().p_bytes();
}

Referenced by Botan::srp6_client_agree().

PEM_encode()

std::string Botan::DL_Group::PEM_encode

(

DL_Group_Format

format

)

const

Encode this group into a string using PEM encoding.

Parameters

format

the encoding format

Returns

string holding the PEM encoded group

Definition at line 608 of file dl_group.cpp.

                                                           {
   const std::vector<uint8_t> encoding = DER_encode(format);
 
   if(format == DL_Group_Format::PKCS_3) {
      return PEM_Code::encode(encoding, "DH PARAMETERS");
   } else if(format == DL_Group_Format::ANSI_X9_57) {
      return PEM_Code::encode(encoding, "DSA PARAMETERS");
   } else if(format == DL_Group_Format::ANSI_X9_42) {
      return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
   } else {
      throw Invalid_Argument("Unknown DL_Group encoding");
   }
}

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

power_b_p() [1/2]

BigInt Botan::DL_Group::power_b_p	(	const BigInt &	b,
		const BigInt &	x ) const

Modular exponentiation

Parameters

b	the base
x	the exponent

Returns

(b^x) % p

Definition at line 569 of file dl_group.cpp.

                                                                 {
   return this->power_b_p(b, x, data().p_bits());
}

References p_bits(), and power_b_p().

power_b_p() [2/2]

BigInt Botan::DL_Group::power_b_p	(	const BigInt &	b,
		const BigInt &	x,
		size_t	max_x_bits ) const

Modular exponentiation

Parameters

b	the base
x	the exponent
max_x_bits	x is assumed to be at most this many bits long.

Returns

(b^x) % p

Definition at line 573 of file dl_group.cpp.

                                                                                    {
   return data().power_b_p(b, x, max_x_bits);
}

Referenced by power_b_p(), and Botan::srp6_client_agree().

power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x ) const

inline

Modular exponentiation

Warning

this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.

Returns

(g^x) % p

Definition at line 263 of file dl_group.h.

                                                                                                                  {
         return power_g_p(x, x.bits());
      }

References BOTAN_DEPRECATED, and power_g_p().

Referenced by power_g_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and verify_element_pair().

power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p	(	const BigInt &	x,
		size_t	max_x_bits ) const

Modular exponentiation

Parameters

x	the exponent
max_x_bits	x is assumed to be at most this many bits long.

Returns

(g^x) % p

Definition at line 565 of file dl_group.cpp.

                                                                   {
   return data().power_g_p(x, max_x_bits);
}

q_bits()

size_t Botan::DL_Group::q_bits

(

)

const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 500 of file dl_group.cpp.

                              {
   data().assert_q_is_set("q_bits");
   return data().q_bits();
}

q_bytes()

size_t Botan::DL_Group::q_bytes

(

)

const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 505 of file dl_group.cpp.

                               {
   data().assert_q_is_set("q_bytes");
   return data().q_bytes();
}

source()

DL_Group_Source Botan::DL_Group::source

(

)

const

Definition at line 577 of file dl_group.cpp.

                                       {
   return data().source();
}

Referenced by verify_group().

square_mod_q()

BigInt Botan::DL_Group::square_mod_q

(

const BigInt &

x

)

const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns

(x*x) % q

Definition at line 556 of file dl_group.cpp.

                                                   {
   data().assert_q_is_set("square_mod_q");
   return data().reducer_mod_q().square(x);
}

References Botan::BigInt::square().

verify_element_pair()

bool Botan::DL_Group::verify_element_pair	(	const BigInt &	y,
		const BigInt &	x ) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 396 of file dl_group.cpp.

                                                                         {
   const BigInt& p = get_p();
 
   if(y <= 1 || y >= p || x <= 1 || x >= p) {
      return false;
   }
 
   if(y != this->power_g_p(x, x.bits())) {
      return false;
   }
 
   return true;
}

References Botan::BigInt::bits(), get_p(), and power_g_p().

verify_group()

bool Botan::DL_Group::verify_group	(	RandomNumberGenerator &	rng,
		bool	strong = true ) const

Perform validity checks on the group.

Parameters

rng	the rng to use
strong	whether to perform stronger by lengthier tests

Returns

true if the object is consistent, false otherwise

Definition at line 413 of file dl_group.cpp.

                                                                         {
   const bool from_builtin = (source() == DL_Group_Source::Builtin);
 
   if(!strong && from_builtin) {
      return true;
   }
 
   const BigInt& p = get_p();
   const BigInt& q = get_q();
   const BigInt& g = get_g();
 
   if(g < 2 || p < 3 || q < 0) {
      return false;
   }
 
   const size_t test_prob = 128;
   const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
 
   if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
      return false;
   }
 
   if(q != 0) {
      if((p - 1) % q != 0) {
         return false;
      }
      if(data().power_g_p_vartime(q) != 1) {
         return false;
      }
      if(!is_prime(q, rng, test_prob, is_randomly_generated)) {
         return false;
      }
   } else {
      if(!from_builtin && !is_randomly_generated) {
         // If we got this p,g from some unknown source, try to verify
         // that the group order is not too absurdly small.
 
         const size_t upper_bound = strong ? 1000 : 100;
 
         for(size_t i = 2; i != upper_bound; ++i) {
            if(data().power_g_p_vartime(BigInt::from_word(i)) == 1) {
               return false;
            }
         }
      }
   }
 
   return true;
}

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

verify_private_element()

bool Botan::DL_Group::verify_private_element

(

const BigInt &

x

)

const

Verify a private element

Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q

Definition at line 381 of file dl_group.cpp.

                                                           {
   const BigInt& p = get_p();
   const BigInt& q = get_q();
 
   if(x <= 1 || x >= p) {
      return false;
   }
 
   if(q > 0 && x > q) {
      return false;
   }
 
   return true;
}

References get_p(), and get_q().

verify_public_element()

bool Botan::DL_Group::verify_public_element

(

const BigInt &

y

)

const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 364 of file dl_group.cpp.

                                                          {
   const BigInt& p = get_p();
   const BigInt& q = get_q();
 
   if(y <= 1 || y >= p) {
      return false;
   }
 
   if(q.is_zero() == false) {
      if(data().power_b_p_vartime(y, q) != 1) {
         return false;
      }
   }
 
   return true;
}

References get_p(), get_q(), and Botan::BigInt::is_zero().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/dl_group/dl_group.h
• src/lib/pubkey/dl_group/dl_group.cpp
• src/lib/pubkey/dl_group/dl_named.cpp