Botan 3.12.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

using Format = DL_Group_Format
enum  PrimeType : uint8_t { Strong , Prime_Subgroup , DSA_Kosherizer }

Public Member Functions

const Montgomery_Params_monty_params_p () const
const Barrett_Reduction_reducer_mod_p () const
void BER_decode (const std::vector< uint8_t > &der, DL_Group_Format format)
std::vector< uint8_t > DER_encode (DL_Group_Format format) const
 DL_Group ()=default
 DL_Group (const BigInt &p, const BigInt &g)
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 DL_Group (const uint8_t der[], size_t der_len, DL_Group_Format format)
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 DL_Group (std::span< const uint8_t > der, DL_Group_Format format)
 DL_Group (std::string_view name)
size_t estimated_strength () const
size_t exponent_bits () const
const BigIntget_g () const
const BigIntget_p () const
const BigIntget_q () const
bool has_q () const
BigInt inverse_mod_p (const BigInt &x) const
BigInt inverse_mod_q (const BigInt &x) const
BigInt mod_p (const BigInt &x) const
BigInt mod_q (const BigInt &x) const
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
size_t p_bits () const
size_t p_bytes () const
std::string PEM_encode (DL_Group_Format format) const
BigInt power_b_p (const BigInt &b, const BigInt &x) const
BigInt power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
BigInt power_g_p (const BigInt &x) const
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
size_t q_bits () const
size_t q_bytes () const
DL_Group_Source source () const
BigInt square_mod_q (const BigInt &x) const
bool verify_element_pair (const BigInt &y, const BigInt &x) const
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
bool verify_private_element (const BigInt &x) const
bool verify_public_element (const BigInt &y) const

Static Public Member Functions

static DL_Group DL_Group_from_PEM (std::string_view pem)
static std::shared_ptr< DL_Group_Data > DL_group_info (std::string_view name)
static DL_Group from_name (std::string_view name)
static DL_Group from_PEM (std::string_view pem)

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 46 of file dl_group.h.

Member Typedef Documentation

◆ Format

using Botan::DL_Group::Format = DL_Group_Format

Definition at line 53 of file dl_group.h.

Member Enumeration Documentation

◆ PrimeType

enum Botan::DL_Group::PrimeType : uint8_t

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 51 of file dl_group.h.

51: uint8_t /* NOLINT(*-use-enum-class) */ { Strong, Prime_Subgroup, DSA_Kosherizer };
Botan::DL_Group::Prime_Subgroup
@ Prime_Subgroup
Definition dl_group.h:51
Botan::DL_Group::DSA_Kosherizer
@ DSA_Kosherizer
Definition dl_group.h:51
Botan::DL_Group::Strong
@ Strong
Definition dl_group.h:51

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value.

References BOTAN_DEPRECATED, DL_Group(), from_name(), and from_PEM().

Referenced by BER_decode(), DL_Group(), DL_Group(), DL_Group_from_PEM(), from_name(), and from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( std::string_view name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group::from_PEM or DL_Group::from_name

Definition at line 243 of file dl_group.cpp.

243 {
244 // Either a name or a PEM block, try name first
245 m_data = DL_group_info(str);
246
247 if(m_data == nullptr) {
248 try {
249 std::string label;
250 const std::vector<uint8_t> der = unlock(PEM_Code::decode(str, label));
251 const DL_Group_Format format = pem_label_to_dl_format(label);
252
253 m_data = DER_decode_DL_group(der, format, DL_Group_Source::ExternalSource);
254 } catch(...) {}
255 }
256
257 if(m_data == nullptr) {
258 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", str));
259 }
260}
Botan::DL_Group::DL_group_info
static std::shared_ptr< DL_Group_Data > DL_group_info(std::string_view name)
Definition dl_named.cpp:13
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:85
Botan::DL_Group_Format
DL_Group_Format
Definition dl_group.h:30

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
PrimeType type,
size_t pbits,
size_t qbits = 0 )

Create a new group randomly.

Parameters
Random Number Generatorsthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 313 of file dl_group.cpp.

313 {
314 if(pbits < 1024) {
315 throw Invalid_Argument(fmt("DL_Group: requested prime size {} is too small", pbits));
316 }
317
318 if(qbits >= pbits) {
319 throw Invalid_Argument(fmt("DL_Group: requested q size {} is too big for p {}", qbits, pbits));
320 }
321
322 if(type == Strong) {
323 if(qbits != 0 && qbits != pbits - 1) {
324 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
325 }
326
327 const BigInt p = random_safe_prime(rng, pbits);
328 const BigInt q = (p - 1) / 2;
329
330 /*
331 Always choose a generator that is quadratic reside mod p, this forces g to
332 be a generator of the subgroup of size q.
333
334 We use 2 by default, but if 2 is not a quadratic reside then use 4 which
335 is always a quadratic reside, being the square of 2 (or p - 2)
336 */
337 BigInt g = BigInt::from_word(2);
338 if(jacobi(g, p) != 1) {
339 g = BigInt::from_word(4);
340 }
341
342 m_data = DL_Group_Data::create(p, q, g, DL_Group_Source::RandomlyGenerated);
343 } else if(type == Prime_Subgroup) {
344 if(qbits == 0) {
345 qbits = dl_exponent_size(pbits);
346 }
347
348 const BigInt q = random_prime(rng, qbits);
349 const BigInt q2 = q * 2;
350 BigInt X;
351 BigInt p;
352 while(p.bits() != pbits || !is_prime(p, rng, 128, true)) {
353 X.randomize(rng, pbits);
354 // Variable time division is OK here since DH groups are public anyway
355 p = X - (X % q2) + 1;
356 }
357
358 const BigInt g = make_dsa_generator(p, q);
359 m_data = DL_Group_Data::create(p, q, g, DL_Group_Source::RandomlyGenerated);
360 } else if(type == DSA_Kosherizer) {
361 if(qbits == 0) {
362 qbits = ((pbits <= 1024) ? 160 : 256);
363 }
364
365 BigInt p;
366 BigInt q;
367 generate_dsa_primes(rng, p, q, pbits, qbits);
368 const BigInt g = make_dsa_generator(p, q);
369 m_data = DL_Group_Data::create(p, q, g, DL_Group_Source::RandomlyGenerated);
370 } else {
371 throw Invalid_Argument("DL_Group unknown PrimeType");
372 }
373}
Botan::BigInt::from_word
static BigInt from_word(word n)
Definition bigint.cpp:35
Botan::jacobi
int32_t jacobi(BigInt a, BigInt n)
Definition numthry.cpp:119
Botan::random_prime
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition make_prm.cpp:112
Botan::dl_exponent_size
size_t dl_exponent_size(size_t p_bits)
Definition workfactor.cpp:53
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:381
Botan::generate_dsa_primes
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition dsa_gen.cpp:54
Botan::random_safe_prime
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition make_prm.cpp:314

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::random_prime(), Botan::random_safe_prime(), Botan::BigInt::randomize(), Botan::RandomlyGenerated, and Strong.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
const std::vector< uint8_t > & seed,
size_t pbits = 1024,
size_t qbits = 0 )

Create a DSA group with a given seed.

Parameters
Random Number Generatorsthe random number generator to use
SEEDthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 378 of file dl_group.cpp.

378 {
379 BigInt p;
380 BigInt q;
381
382 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) {
383 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
384 }
385
386 const BigInt g = make_dsa_generator(p, q);
387
388 m_data = DL_Group_Data::create(p, q, g, DL_Group_Source::RandomlyGenerated);
389}

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 394 of file dl_group.cpp.

394 {
395 m_data = DL_Group_Data::create(p, g, DL_Group_Source::ExternalSource);
396}

References Botan::ExternalSource.

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & q,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 401 of file dl_group.cpp.

401 {
402 if(q.is_zero()) {
403 m_data = DL_Group_Data::create(p, g, DL_Group_Source::ExternalSource);
404 } else {
405 m_data = DL_Group_Data::create(p, q, g, DL_Group_Source::ExternalSource);
406 }
407}

References Botan::ExternalSource, and Botan::BigInt::is_zero().

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t der[],
size_t der_len,
DL_Group_Format format )
inline

Decode a DER-encoded DL group param

Definition at line 131 of file dl_group.h.

131: DL_Group({der, der_len}, format) {}
Botan::DL_Group::DL_Group
DL_Group()=default

References DL_Group().

◆ DL_Group() [8/8]

Botan::DL_Group::DL_Group ( std::span< const uint8_t > der,
DL_Group_Format format )

Decode a DER-encoded DL group param

Definition at line 675 of file dl_group.cpp.

675 {
676 m_data = DER_decode_DL_group(der, format, DL_Group_Source::ExternalSource);
677}

References Botan::ExternalSource.

Member Function Documentation

◆ _monty_params_p()

const Montgomery_Params & Botan::DL_Group::_monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

For internal use only

Definition at line 537 of file dl_group.cpp.

537 {
538 return data().monty_params_p();
539}

◆ _reducer_mod_p()

const Barrett_Reduction & Botan::DL_Group::_reducer_mod_p ( ) const

Definition at line 584 of file dl_group.cpp.

584 {
585 return data().reducer_mod_p();
586}

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > & der,
DL_Group_Format format )
inline

Decode a DER encoded group into this instance.

Parameters
dera vector containing the DER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 360 of file dl_group.h.

360 {
361 *this = DL_Group(der, format);
362 }

References BER_decode(), and DL_Group().

Referenced by BER_decode().

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( DL_Group_Format format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 637 of file dl_group.cpp.

637 {
638 if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3)) {
639 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
640 }
641
642 std::vector<uint8_t> output;
643 DER_Encoder der(output);
644
645 if(format == DL_Group_Format::ANSI_X9_57) {
646 der.start_sequence().encode(get_p()).encode(get_q()).encode(get_g()).end_cons();
647 } else if(format == DL_Group_Format::ANSI_X9_42) {
648 der.start_sequence().encode(get_p()).encode(get_g()).encode(get_q()).end_cons();
649 } else if(format == DL_Group_Format::PKCS_3) {
650 der.start_sequence().encode(get_p()).encode(get_g()).end_cons();
651 } else {
652 throw Invalid_Argument("Unknown DL_Group encoding");
653 }
654
655 return output;
656}
Botan::DL_Group::get_p
const BigInt & get_p() const
Definition dl_group.cpp:519
Botan::DL_Group::get_g
const BigInt & get_g() const
Definition dl_group.cpp:526
Botan::DL_Group::get_q
const BigInt & get_q() const
Definition dl_group.cpp:533

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by PEM_encode().

◆ DL_Group_from_PEM()

DL_Group Botan::DL_Group::DL_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 85 of file dl_group.h.

85 {
86 return DL_Group::from_PEM(pem);
87 }
Botan::DL_Group::from_PEM
static DL_Group from_PEM(std::string_view pem)
Definition dl_group.cpp:273

References BOTAN_DEPRECATED, DL_Group(), DL_Group_from_PEM(), and from_PEM().

Referenced by DL_Group_from_PEM().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( std::string_view name)
static

Definition at line 13 of file dl_named.cpp.

13 {
14 /* TLS FFDHE groups */
15
16 if(name == "ffdhe/ietf/2048") {
17 return load_DL_group_info(
18 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
19 "0x2");
20 }
21
22 if(name == "ffdhe/ietf/3072") {
23 return load_DL_group_info(
24 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
25 "0x2");
26 }
27
28 if(name == "ffdhe/ietf/4096") {
29 return load_DL_group_info(
30 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
31 "0x2");
32 }
33
34 if(name == "ffdhe/ietf/6144") {
35 return load_DL_group_info(
36 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
37 "0x2");
38 }
39
40 if(name == "ffdhe/ietf/8192") {
41 return load_DL_group_info(
42 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", "0x2");
43 }
44
45 /* IETF IPsec groups */
46
47 if(name == "modp/ietf/1024") {
48 return load_DL_group_info(
49 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
50 "0x2");
51 }
52
53 if(name == "modp/ietf/1536") {
54 return load_DL_group_info(
55 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
56 "0x2");
57 }
58
59 if(name == "modp/ietf/2048") {
60 return load_DL_group_info(
61 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
62 "0x2");
63 }
64
65 if(name == "modp/ietf/3072") {
66 return load_DL_group_info(
67 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
68 "0x2");
69 }
70
71 if(name == "modp/ietf/4096") {
72 return load_DL_group_info(
73 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
74 "0x2");
75 }
76
77 if(name == "modp/ietf/6144") {
78 return load_DL_group_info(
79 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
80 "0x2");
81 }
82
83 if(name == "modp/ietf/8192") {
84 return load_DL_group_info(
85 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0x2");
86 }
87
88 /* SRP groups
89
90 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
91 of subgroup of size q, so set q == 0 to bypass generator check
92
93 Missing q doesn't matter for SRP, and nothing but SRP should be
94 using these parameters.
95 */
96
97 if(name == "modp/srp/1024") {
98 return load_DL_group_info(
99 "0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
100 "0",
101 "0x2");
102 }
103
104 if(name == "modp/srp/1536") {
105 return load_DL_group_info(
106 "0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
107 "0",
108 "0x2");
109 }
110
111 if(name == "modp/srp/2048") {
112 return load_DL_group_info(
113 "0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
114 "0",
115 "0x2");
116 }
117
118 if(name == "modp/srp/3072") {
119 return load_DL_group_info(
120 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
121 "0",
122 "0x5");
123 }
124
125 if(name == "modp/srp/4096") {
126 return load_DL_group_info(
127 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
128 "0",
129 "0x5");
130 }
131
132 if(name == "modp/srp/6144") {
133 return load_DL_group_info(
134 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
135 "0",
136 "0x5");
137 }
138
139 if(name == "modp/srp/8192") {
140 return load_DL_group_info(
141 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0", "0x13");
142 }
143
144 /* DSA groups */
145
146 if(name == "dsa/jce/1024") {
147 return load_DL_group_info(
148 "0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
149 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
150 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
151 }
152
153 if(name == "dsa/botan/2048") {
154 return load_DL_group_info(
155 "0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
156 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
157 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
158 }
159
160 if(name == "dsa/botan/3072") {
161 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
162 }
163
164 return std::shared_ptr<DL_Group_Data>();
165}

Referenced by DL_Group(), and from_name().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 563 of file dl_group.cpp.

563 {
564 return data().estimated_strength();
565}

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 567 of file dl_group.cpp.

567 {
568 return data().exponent_bits();
569}

◆ from_name()

DL_Group Botan::DL_Group::from_name ( std::string_view name)
static

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Exceptions
Invalid_Argumentif the named group is unknown

Definition at line 262 of file dl_group.cpp.

262 {
263 auto data = DL_group_info(name);
264
265 if(!data) {
266 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", name));
267 }
268
269 return DL_Group(data);
270}

References DL_Group(), DL_group_info(), and Botan::fmt().

Referenced by botan_srp6_client_agree(), botan_srp6_generate_verifier(), botan_srp6_group_size(), botan_srp6_server_session_step1(), Botan::create_private_key(), DL_Group(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::srp6_group_identifier(), and Botan::SRP6_Server_Session::step1().

◆ from_PEM()

DL_Group Botan::DL_Group::from_PEM ( std::string_view pem)
static

Definition at line 273 of file dl_group.cpp.

273 {
274 std::string label;
275 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
276 const DL_Group_Format format = pem_label_to_dl_format(label);
277 return DL_Group(ber, format);
278}

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

Referenced by DL_Group(), and DL_Group_from_PEM().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 526 of file dl_group.cpp.

526 {
527 return data().g();
528}

Referenced by DER_encode(), multi_exponentiate(), Botan::srp6_client_agree(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 519 of file dl_group.cpp.

519 {
520 return data().p();
521}

Referenced by DER_encode(), inverse_mod_p(), Botan::srp6_client_agree(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 533 of file dl_group.cpp.

533 {
534 return data().q();
535}

Referenced by DER_encode(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().

◆ has_q()

bool Botan::DL_Group::has_q ( ) const

Return if the q value is set

Definition at line 541 of file dl_group.cpp.

541 {
542 return data().q_is_set();
543}

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey(), and Botan::DSA_PrivateKey::DSA_PrivateKey().

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt & x) const

Return the inverse of x mod p

Definition at line 571 of file dl_group.cpp.

571 {
572 // precompute??
573 return inverse_mod_public_prime(x, get_p());
574}
Botan::inverse_mod_public_prime
BigInt inverse_mod_public_prime(const BigInt &x, const BigInt &p)
Definition mod_inv.cpp:294

References get_p(), and Botan::inverse_mod_public_prime().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt & x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 588 of file dl_group.cpp.

588 {
589 data().assert_q_is_set("inverse_mod_q");
590 // precompute??
591 return inverse_mod_public_prime(x, get_q());
592}

References get_q(), and Botan::inverse_mod_public_prime().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt & x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 576 of file dl_group.cpp.

576 {
577 return data().reducer_mod_p().reduce(x);
578}

Referenced by Botan::srp6_client_agree().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt & x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 594 of file dl_group.cpp.

594 {
595 data().assert_q_is_set("mod_q");
596 return data().reducer_mod_q().reduce(x);
597}

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multi-exponentiate Return (g^x * y^z) % p

Warning
this function is variable time and should not be used with secret inputs

Definition at line 614 of file dl_group.cpp.

614 {
615 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z).value();
616}
Botan::Montgomery_Int::value
BigInt value() const
Definition monty.cpp:246
Botan::monty_multi_exp
Montgomery_Int monty_multi_exp(const Montgomery_Params &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition monty_exp.cpp:166

References get_g(), Botan::monty_multi_exp(), and Botan::Montgomery_Int::value().

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 580 of file dl_group.cpp.

580 {
581 return data().reducer_mod_p().multiply(x, y);
582}

Referenced by Botan::srp6_client_agree().

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 599 of file dl_group.cpp.

599 {
600 data().assert_q_is_set("multiply_mod_q");
601 return data().reducer_mod_q().multiply(x, y);
602}

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 604 of file dl_group.cpp.

604 {
605 data().assert_q_is_set("multiply_mod_q");
606 return this->multiply_mod_q(this->multiply_mod_q(x, y), z);
607}
Botan::DL_Group::multiply_mod_q
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition dl_group.cpp:599

References multiply_mod_q().

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 545 of file dl_group.cpp.

545 {
546 return data().p_bits();
547}

Referenced by power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and Botan::SRP6_Server_Session::step1().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 549 of file dl_group.cpp.

549 {
550 return data().p_bytes();
551}

Referenced by Botan::srp6_client_agree().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( DL_Group_Format format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 661 of file dl_group.cpp.

661 {
662 const std::vector<uint8_t> encoding = DER_encode(format);
663
664 if(format == DL_Group_Format::PKCS_3) {
665 return PEM_Code::encode(encoding, "DH PARAMETERS");
666 } else if(format == DL_Group_Format::ANSI_X9_57) {
667 return PEM_Code::encode(encoding, "DSA PARAMETERS");
668 } else if(format == DL_Group_Format::ANSI_X9_42) {
669 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
670 } else {
671 throw Invalid_Argument("Unknown DL_Group encoding");
672 }
673}
Botan::DL_Group::DER_encode
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition dl_group.cpp:637
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

◆ power_b_p() [1/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
Returns
(b^x) % p

Definition at line 622 of file dl_group.cpp.

622 {
623 return this->power_b_p(b, x, data().p_bits());
624}
Botan::DL_Group::p_bits
size_t p_bits() const
Definition dl_group.cpp:545
Botan::DL_Group::power_b_p
BigInt power_b_p(const BigInt &b, const BigInt &x, size_t max_x_bits) const
Definition dl_group.cpp:626

References p_bits(), and power_b_p().

◆ power_b_p() [2/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(b^x) % p

Definition at line 626 of file dl_group.cpp.

626 {
627 return data().power_b_p(b, x, max_x_bits);
628}

Referenced by power_b_p(), and Botan::srp6_client_agree().

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x) const
inline

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 261 of file dl_group.h.

261 {
262 return power_g_p(x, x.bits());
263 }
Botan::DL_Group::power_g_p
BigInt power_g_p(const BigInt &x) const
Definition dl_group.h:261

References BOTAN_DEPRECATED, and power_g_p().

Referenced by power_g_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and verify_element_pair().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 618 of file dl_group.cpp.

618 {
619 return data().power_g_p(x, max_x_bits);
620}

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 553 of file dl_group.cpp.

553 {
554 data().assert_q_is_set("q_bits");
555 return data().q_bits();
556}

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 558 of file dl_group.cpp.

558 {
559 data().assert_q_is_set("q_bytes");
560 return data().q_bytes();
561}

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 630 of file dl_group.cpp.

630 {
631 return data().source();
632}

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt & x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 609 of file dl_group.cpp.

609 {
610 data().assert_q_is_set("square_mod_q");
611 return data().reducer_mod_q().square(x);
612}

References Botan::BigInt::square().

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt & y,
const BigInt & x ) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 449 of file dl_group.cpp.

449 {
450 const BigInt& p = get_p();
451
452 if(y <= 1 || y >= p || x <= 1 || x >= p) {
453 return false;
454 }
455
456 if(y != this->power_g_p(x, x.bits())) {
457 return false;
458 }
459
460 return true;
461}

References Botan::BigInt::bits(), get_p(), and power_g_p().

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = true ) const

Perform validity checks on the group.

Parameters
Random Number Generatorsthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 466 of file dl_group.cpp.

466 {
467 const bool from_builtin = (source() == DL_Group_Source::Builtin);
468
469 if(!strong && from_builtin) {
470 return true;
471 }
472
473 const BigInt& p = get_p();
474 const BigInt& q = get_q();
475 const BigInt& g = get_g();
476
477 if(g < 2 || p < 3 || q < 0) {
478 return false;
479 }
480
481 const size_t test_prob = 128;
482 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
483
484 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
485 return false;
486 }
487
488 if(q != 0) {
489 if((p - 1) % q != 0) {
490 return false;
491 }
492 if(data().power_g_p_vartime(q) != 1) {
493 return false;
494 }
495 if(!is_prime(q, rng, test_prob, is_randomly_generated)) {
496 return false;
497 }
498 } else {
499 if(!from_builtin && !is_randomly_generated) {
500 // If we got this p,g from some unknown source, try to verify
501 // that the group order is not too absurdly small.
502
503 const size_t upper_bound = strong ? 1000 : 100;
504
505 for(size_t i = 2; i != upper_bound; ++i) {
506 if(data().power_g_p_vartime(BigInt::from_word(i)) == 1) {
507 return false;
508 }
509 }
510 }
511 }
512
513 return true;
514}
Botan::DL_Group::source
DL_Group_Source source() const
Definition dl_group.cpp:630

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ verify_private_element()

bool Botan::DL_Group::verify_private_element ( const BigInt & x) const

Verify a private element

Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q

Definition at line 434 of file dl_group.cpp.

434 {
435 const BigInt& p = get_p();
436 const BigInt& q = get_q();
437
438 if(x <= 1 || x >= p) {
439 return false;
440 }
441
442 if(q > 0 && x > q) {
443 return false;
444 }
445
446 return true;
447}

References get_p(), and get_q().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt & y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 417 of file dl_group.cpp.

417 {
418 const BigInt& p = get_p();
419 const BigInt& q = get_q();
420
421 if(y <= 1 || y >= p) {
422 return false;
423 }
424
425 if(!q.is_zero()) {
426 if(data().power_b_p_vartime(y, q) != 1) {
427 return false;
428 }
429 }
430
431 return true;
432}

References get_p(), get_q(), and Botan::BigInt::is_zero().

The documentation for this class was generated from the following files:
Generated by doxygen 1.16.1