Botan  2.6.0
Crypto and TLS for C++11
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

enum  Format {
  ANSI_X9_42, ANSI_X9_57, PKCS_3, DSA_PARAMETERS = ANSI_X9_57,
  DH_PARAMETERS = ANSI_X9_42, ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42, PKCS3_DH_PARAMETERS = PKCS_3
}
 
enum  PrimeType { Strong, Prime_Subgroup, DSA_Kosherizer }
 

Public Member Functions

void BER_decode (const std::vector< uint8_t > &ber, Format format)
 
std::vector< uint8_t > DER_encode (Format format) const
 
 DL_Group ()=default
 
 DL_Group (const std::string &name)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
 DL_Group (const uint8_t ber[], size_t ber_len, Format format)
 
template<typename Alloc >
 DL_Group (const std::vector< uint8_t, Alloc > &ber, Format format)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
void PEM_decode (const std::string &pem)
 
std::string PEM_encode (Format format) const
 
BigInt power_g_p (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static std::shared_ptr< DL_Group_Data > DL_group_info (const std::string &name)
 
static std::string PEM_for_named_group (const std::string &name)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 23 of file dl_group.h.

Member Enumeration Documentation

◆ Format

The DL group encoding format variants.

Enumerator
ANSI_X9_42 
ANSI_X9_57 
PKCS_3 
DSA_PARAMETERS 
DH_PARAMETERS 
ANSI_X9_42_DH_PARAMETERS 
PKCS3_DH_PARAMETERS 

Definition at line 34 of file dl_group.h.

◆ PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 29 of file dl_group.h.

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value. Use this constructor is you wish to set the groups values from a DER or PEM encoded group.

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( const std::string &  name)

Construct a DL group that is registered in the configuration.

Parameters
namethe name that is configured in the global configuration for the desired group. If no configuration file is specified, the default values from the file policy.cpp will be used. For instance, use "modp/ietf/3072".

Definition at line 152 of file dl_group.cpp.

References Botan::PEM_Code::decode(), DL_group_info(), and Botan::unlock().

153  {
154  // Either a name or a PEM block, try name first
155  m_data = DL_group_info(str);
156 
157  if(m_data == nullptr)
158  {
159  try
160  {
161  std::string label;
162  const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
163  Format format = pem_label_to_dl_format(label);
164 
165  m_data = BER_decode_DL_group(ber.data(), ber.size(), format);
166  }
167  catch(...) {}
168  }
169 
170  if(m_data == nullptr)
171  throw Invalid_Argument("DL_Group: Unknown group " + str);
172  }
static std::shared_ptr< DL_Group_Data > DL_group_info(const std::string &name)
Definition: dl_named.cpp:13
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
PrimeType  type,
size_t  pbits,
size_t  qbits = 0 
)

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 202 of file dl_group.cpp.

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::PRIME_TABLE_SIZE, Botan::PRIMES, Botan::random_prime(), Botan::random_safe_prime(), Botan::Modular_Reducer::reduce(), Strong, Botan::ASN1::to_string(), type, and X.

204  {
205  if(pbits < 1024)
206  throw Invalid_Argument("DL_Group: prime size " + std::to_string(pbits) + " is too small");
207 
208  if(type == Strong)
209  {
210  if(qbits != 0 && qbits != pbits - 1)
211  throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
212 
213  const BigInt p = random_safe_prime(rng, pbits);
214  const BigInt q = (p - 1) / 2;
215 
216  /*
217  Always choose a generator that is quadratic reside mod p,
218  this forces g to be a generator of the subgroup of size q.
219  */
220  BigInt g = 2;
221  if(jacobi(g, p) != 1)
222  {
223  // prime table does not contain 2
224  for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i)
225  {
226  g = PRIMES[i];
227  if(jacobi(g, p) == 1)
228  break;
229  }
230  }
231 
232  m_data = std::make_shared<DL_Group_Data>(p, q, g);
233  }
234  else if(type == Prime_Subgroup)
235  {
236  if(qbits == 0)
237  qbits = dl_exponent_size(pbits);
238 
239  const BigInt q = random_prime(rng, qbits);
240  Modular_Reducer mod_2q(2*q);
241  BigInt X;
242  BigInt p;
243  while(p.bits() != pbits || !is_prime(p, rng))
244  {
245  X.randomize(rng, pbits);
246  p = X - mod_2q.reduce(X) + 1;
247  }
248 
249  const BigInt g = make_dsa_generator(p, q);
250  m_data = std::make_shared<DL_Group_Data>(p, q, g);
251  }
252  else if(type == DSA_Kosherizer)
253  {
254  if(qbits == 0)
255  qbits = ((pbits <= 1024) ? 160 : 256);
256 
257  BigInt p, q;
258  generate_dsa_primes(rng, p, q, pbits, qbits);
259  const BigInt g = make_dsa_generator(p, q);
260  m_data = std::make_shared<DL_Group_Data>(p, q, g);
261  }
262  else
263  {
264  throw Invalid_Argument("DL_Group unknown PrimeType");
265  }
266  }
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:254
fe X
Definition: ge.cpp:27
const uint16_t PRIMES[]
Definition: primes.cpp:12
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:482
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:145
MechanismType type
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:38
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition: make_prm.cpp:145
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition: make_prm.cpp:18
size_t dl_exponent_size(size_t bits)
Definition: workfactor.cpp:51
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: jacobi.cpp:15

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
const std::vector< uint8_t > &  seed,
size_t  pbits = 1024,
size_t  qbits = 0 
)

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 271 of file dl_group.cpp.

References Botan::generate_dsa_primes().

274  {
275  BigInt p, q;
276 
277  if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed))
278  throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
279 
280  BigInt g = make_dsa_generator(p, q);
281 
282  m_data = std::make_shared<DL_Group_Data>(p, q, g);
283  }
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:38

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 288 of file dl_group.cpp.

289  {
290  m_data = std::make_shared<DL_Group_Data>(p, 0, g);
291  }

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt q,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 296 of file dl_group.cpp.

297  {
298  m_data = std::make_shared<DL_Group_Data>(p, q, g);
299  }

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t  ber[],
size_t  ber_len,
Format  format 
)

Decode a BER-encoded DL group param

Definition at line 510 of file dl_group.cpp.

511  {
512  m_data = BER_decode_DL_group(ber, ber_len, format);
513  }

◆ DL_Group() [8/8]

template<typename Alloc >
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > &  ber,
Format  format 
)
inline

Decode a BER-encoded DL group param

Definition at line 112 of file dl_group.h.

112  :
113  DL_Group(ber.data(), ber.size(), format) {}
DL_Group()=default

Member Function Documentation

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > &  ber,
Format  format 
)

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group

Definition at line 515 of file dl_group.cpp.

Referenced by Botan::DL_Scheme_PrivateKey::DL_Scheme_PrivateKey().

516  {
517  m_data = BER_decode_DL_group(ber.data(), ber.size(), format);
518  }

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( Format  format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 455 of file dl_group.cpp.

References ANSI_X9_42, ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents_unlocked(), get_g(), get_p(), get_q(), Botan::CT::is_zero(), PKCS_3, Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), and PEM_encode().

456  {
457  if(get_q().is_zero() && (format == ANSI_X9_57 || format == ANSI_X9_42))
458  throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
459 
460  if(format == ANSI_X9_57)
461  {
462  return DER_Encoder()
463  .start_cons(SEQUENCE)
464  .encode(get_p())
465  .encode(get_q())
466  .encode(get_g())
467  .end_cons()
468  .get_contents_unlocked();
469  }
470  else if(format == ANSI_X9_42)
471  {
472  return DER_Encoder()
473  .start_cons(SEQUENCE)
474  .encode(get_p())
475  .encode(get_g())
476  .encode(get_q())
477  .end_cons()
478  .get_contents_unlocked();
479  }
480  else if(format == PKCS_3)
481  {
482  return DER_Encoder()
483  .start_cons(SEQUENCE)
484  .encode(get_p())
485  .encode(get_g())
486  .end_cons()
487  .get_contents_unlocked();
488  }
489 
490  throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format));
491  }
const BigInt & get_g() const
Definition: dl_group.cpp:388
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:145
const BigInt & get_p() const
Definition: dl_group.cpp:380
T is_zero(T x)
Definition: ct_utils.h:118
const BigInt & get_q() const
Definition: dl_group.cpp:396

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( const std::string &  name)
static

Definition at line 13 of file dl_named.cpp.

Referenced by DL_Group().

14  {
15  /* TLS FFDHE groups */
16 
17  if(name == "ffdhe/ietf/2048")
18  {
19  return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
20  "0x2");
21  }
22 
23  if(name == "ffdhe/ietf/3072")
24  {
25  return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
26  "0x2");
27  }
28 
29  if(name == "ffdhe/ietf/4096")
30  {
31  return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
32  "0x2");
33  }
34 
35  if(name == "ffdhe/ietf/6144")
36  {
37  return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
38  "0x2");
39  }
40 
41  if(name == "ffdhe/ietf/8192")
42  {
43  return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF",
44  "0x2");
45  }
46 
47  /* IETF IPsec groups */
48 
49  if(name == "modp/ietf/1024")
50  {
51  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
52  "0x2");
53  }
54 
55  if(name == "modp/ietf/1536")
56  {
57  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
58  "0x2");
59  }
60 
61  if(name == "modp/ietf/2048")
62  {
63  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
64  "0x2");
65  }
66 
67  if(name == "modp/ietf/3072")
68  {
69  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
70  "0x2");
71  }
72 
73  if(name == "modp/ietf/4096")
74  {
75  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
76  "0x2");
77  }
78 
79  if(name == "modp/ietf/6144")
80  {
81  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
82  "0x2");
83  }
84 
85  if(name == "modp/ietf/8192")
86  {
87  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
88  "0x2");
89  }
90 
91  /* SRP groups
92 
93  SRP groups have a p st (p-1)/2 is prime, but g is not a generator
94  of subgroup of size q, so set q == 0 to bypass generator check
95 
96  Missing q doesn't matter for SRP, and nothing but SRP should be
97  using these parameters.
98  */
99 
100  if(name == "modp/srp/1024")
101  {
102  return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
103  "0",
104  "0x2");
105  }
106 
107  if(name == "modp/srp/1536")
108  {
109  return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
110  "0",
111  "0x2");
112  }
113 
114  if(name == "modp/srp/2048")
115  {
116  return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
117  "0",
118  "0x2");
119  }
120 
121  if(name == "modp/srp/3072")
122  {
123  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
124  "0",
125  "0x5");
126  }
127 
128  if(name == "modp/srp/4096")
129  {
130  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
131  "0",
132  "0x5");
133  }
134 
135  if(name == "modp/srp/6144")
136  {
137  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
138  "0",
139  "0x5");
140  }
141 
142  if(name == "modp/srp/8192")
143  {
144  return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
145  "0",
146  "0x13");
147  }
148 
149  /* DSA groups */
150 
151  if(name == "dsa/jce/1024")
152  {
153  return load_DL_group_info("0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
154  "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
155  "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
156  }
157 
158  if(name == "dsa/botan/2048")
159  {
160  return load_DL_group_info("0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
161  "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
162  "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
163  }
164 
165  if(name == "dsa/botan/3072")
166  {
167  return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B",
168  "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B",
169  "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
170  }
171 
172  return std::shared_ptr<DL_Group_Data>();
173  }

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 416 of file dl_group.cpp.

Referenced by Botan::DL_Scheme_PublicKey::estimated_strength().

417  {
418  return data().estimated_strength();
419  }

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 421 of file dl_group.cpp.

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), and Botan::ElGamal_PrivateKey::ElGamal_PrivateKey().

422  {
423  return data().exponent_bits();
424  }

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 388 of file dl_group.cpp.

Referenced by DER_encode(), multi_exponentiate(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), and verify_group().

389  {
390  return data().g();
391  }

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 396 of file dl_group.cpp.

Referenced by DER_encode(), PEM_for_named_group(), verify_group(), and verify_public_element().

397  {
398  return data().q();
399  }

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt x) const

Definition at line 426 of file dl_group.cpp.

References get_p(), and Botan::inverse_mod().

427  {
428  // precompute??
429  return inverse_mod(x, get_p());
430  }
const BigInt & get_p() const
Definition: dl_group.cpp:380
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:279

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 432 of file dl_group.cpp.

Referenced by Botan::SRP6_Server_Session::step1().

433  {
434  return data().mod_p(x);
435  }

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 401 of file dl_group.cpp.

Referenced by multi_exponentiate().

402  {
403  return data().monty_params_p();
404  }

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 442 of file dl_group.cpp.

References get_g(), Botan::monty_multi_exp(), and monty_params_p().

443  {
444  return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z);
445  }
BigInt monty_multi_exp(std::shared_ptr< const Montgomery_Params > params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition: monty_exp.cpp:161
const BigInt & get_g() const
Definition: dl_group.cpp:388
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition: dl_group.cpp:401

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 437 of file dl_group.cpp.

438  {
439  return data().multiply_mod_p(x, y);
440  }

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 406 of file dl_group.cpp.

Referenced by Botan::DL_Scheme_PublicKey::key_length().

407  {
408  return data().p_bits();
409  }

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 411 of file dl_group.cpp.

Referenced by Botan::srp6_client_agree().

412  {
413  return data().p_bytes();
414  }

◆ PEM_decode()

void Botan::DL_Group::PEM_decode ( const std::string &  pem)

Decode a PEM encoded group into this instance.

Parameters
pemthe PEM encoding of the group

Definition at line 523 of file dl_group.cpp.

References Botan::PEM_Code::decode(), and Botan::unlock().

524  {
525  std::string label;
526  const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
527  Format format = pem_label_to_dl_format(label);
528 
529  m_data = BER_decode_DL_group(ber.data(), ber.size(), format);
530  }
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( Format  format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 496 of file dl_group.cpp.

References ANSI_X9_42, ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), PKCS_3, and Botan::ASN1::to_string().

Referenced by PEM_for_named_group().

497  {
498  const std::vector<uint8_t> encoding = DER_encode(format);
499 
500  if(format == PKCS_3)
501  return PEM_Code::encode(encoding, "DH PARAMETERS");
502  else if(format == ANSI_X9_57)
503  return PEM_Code::encode(encoding, "DSA PARAMETERS");
504  else if(format == ANSI_X9_42)
505  return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
506  else
507  throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format));
508  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:145
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
std::vector< uint8_t > DER_encode(Format format) const
Definition: dl_group.cpp:455

◆ PEM_for_named_group()

std::string Botan::DL_Group::PEM_for_named_group ( const std::string &  name)
static

Return PEM representation of named DL group

Definition at line 533 of file dl_group.cpp.

References ANSI_X9_42, get_q(), Botan::BigInt::is_zero(), PEM_encode(), and PKCS_3.

534  {
535  DL_Group group(name);
536  DL_Group::Format format = group.get_q().is_zero() ? DL_Group::PKCS_3 : DL_Group::ANSI_X9_42;
537  return group.PEM_encode(format);
538  }
DL_Group()=default

◆ power_g_p()

BigInt Botan::DL_Group::power_g_p ( const BigInt x) const

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt y,
const BigInt x 
) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 326 of file dl_group.cpp.

References get_p(), and power_g_p().

Referenced by Botan::DL_Scheme_PrivateKey::check_key().

327  {
328  const BigInt& p = get_p();
329 
330  if(y <= 1 || y >= p || x <= 1 || x >= p)
331  return false;
332 
333  if(y != power_g_p(x))
334  return false;
335 
336  return true;
337  }
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:447
const BigInt & get_p() const
Definition: dl_group.cpp:380

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator rng,
bool  strong = true 
) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 342 of file dl_group.cpp.

References get_g(), get_p(), get_q(), Botan::is_prime(), and power_g_p().

Referenced by Botan::DL_Scheme_PublicKey::check_key(), Botan::DL_Scheme_PrivateKey::check_key(), and Botan::TLS::Callbacks::tls_dh_agree().

344  {
345  const BigInt& p = get_p();
346  const BigInt& q = get_q();
347  const BigInt& g = get_g();
348 
349  if(g < 2 || p < 3 || q < 0)
350  return false;
351 
352  const size_t prob = (strong) ? 128 : 10;
353 
354  if(q != 0)
355  {
356  if((p - 1) % q != 0)
357  {
358  return false;
359  }
360  if(this->power_g_p(q) != 1)
361  {
362  return false;
363  }
364  if(!is_prime(q, rng, prob))
365  {
366  return false;
367  }
368  }
369 
370  if(!is_prime(p, rng, prob))
371  {
372  return false;
373  }
374  return true;
375  }
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:447
const BigInt & get_g() const
Definition: dl_group.cpp:388
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:482
const BigInt & get_p() const
Definition: dl_group.cpp:380
const BigInt & get_q() const
Definition: dl_group.cpp:396

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 309 of file dl_group.cpp.

References get_p(), get_q(), Botan::BigInt::is_zero(), and Botan::power_mod().

Referenced by Botan::DL_Scheme_PublicKey::check_key().

310  {
311  const BigInt& p = get_p();
312  const BigInt& q = get_q();
313 
314  if(y <= 1 || y >= p)
315  return false;
316 
317  if(q.is_zero() == false)
318  {
319  if(power_mod(y, q, p) != 1)
320  return false;
321  }
322 
323  return true;
324  }
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:389
const BigInt & get_p() const
Definition: dl_group.cpp:380
const BigInt & get_q() const
Definition: dl_group.cpp:396

The documentation for this class was generated from the following files: