Botan::DL_Group Class Referencefinal
#include <dl_group.h>
Public Types | |
| using | Format = DL_Group_Format |
| enum | PrimeType : uint8_t { Strong , Prime_Subgroup , DSA_Kosherizer } |
Public Member Functions | |
| const Montgomery_Params & | _monty_params_p () const |
| const Barrett_Reduction & | _reducer_mod_p () const |
| void | BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format) |
| std::vector< uint8_t > | DER_encode (DL_Group_Format format) const |
| DL_Group ()=default | |
| DL_Group (const BigInt &p, const BigInt &g) | |
| DL_Group (const BigInt &p, const BigInt &q, const BigInt &g) | |
| template<typename Alloc> | |
| DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format) | |
| DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format) | |
| DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0) | |
| DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0) | |
| DL_Group (std::string_view name) | |
| size_t | estimated_strength () const |
| size_t | exponent_bits () const |
| const BigInt & | get_g () const |
| const BigInt & | get_p () const |
| const BigInt & | get_q () const |
| bool | has_q () const |
| BigInt | inverse_mod_p (const BigInt &x) const |
| BigInt | inverse_mod_q (const BigInt &x) const |
| BigInt | mod_p (const BigInt &x) const |
| BigInt | mod_q (const BigInt &x) const |
| BigInt | multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const |
| BigInt | multiply_mod_p (const BigInt &x, const BigInt &y) const |
| BigInt | multiply_mod_q (const BigInt &x, const BigInt &y) const |
| BigInt | multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const |
| size_t | p_bits () const |
| size_t | p_bytes () const |
| std::string | PEM_encode (DL_Group_Format format) const |
| BigInt | power_b_p (const BigInt &b, const BigInt &x) const |
| BigInt | power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const |
| BigInt | power_g_p (const BigInt &x) const |
| BigInt | power_g_p (const BigInt &x, size_t max_x_bits) const |
| size_t | q_bits () const |
| size_t | q_bytes () const |
| DL_Group_Source | source () const |
| BigInt | square_mod_q (const BigInt &x) const |
| bool | verify_element_pair (const BigInt &y, const BigInt &x) const |
| bool | verify_group (RandomNumberGenerator &rng, bool strong=true) const |
| bool | verify_private_element (const BigInt &x) const |
| bool | verify_public_element (const BigInt &y) const |
Static Public Member Functions | |
| static DL_Group | DL_Group_from_PEM (std::string_view pem) |
| static std::shared_ptr< DL_Group_Data > | DL_group_info (std::string_view name) |
| static DL_Group | from_name (std::string_view name) |
| static DL_Group | from_PEM (std::string_view pem) |
Detailed Description
This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.
Definition at line 46 of file dl_group.h.
Member Typedef Documentation
◆ Format
Definition at line 53 of file dl_group.h.
Member Enumeration Documentation
◆ PrimeType
| enum Botan::DL_Group::PrimeType : uint8_t |
Determine the prime creation for DL groups.
| Enumerator | |
|---|---|
| Strong | |
| Prime_Subgroup | |
| DSA_Kosherizer | |
Definition at line 51 of file dl_group.h.
Constructor & Destructor Documentation
◆ DL_Group() [1/8]
|
default |
Construct a DL group with uninitialized internal value.
References BOTAN_DEPRECATED, DL_Group(), from_name(), and from_PEM().
Referenced by BER_decode(), DL_Group(), DL_Group(), DL_Group_from_PEM(), from_name(), and from_PEM().
◆ DL_Group() [2/8]
|
explicit |
Construct a DL group that is registered in the configuration.
- Parameters
-
name the name of the group, for example "modp/ietf/3072"
- Warning
- This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group::from_PEM or DL_Group::from_name
Definition at line 198 of file dl_group.cpp.
198 {
199 // Either a name or a PEM block, try name first
200 m_data = DL_group_info(str);
201
202 if(m_data == nullptr) {
203 try {
204 std::string label;
206 DL_Group_Format format = pem_label_to_dl_format(label);
207
208 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
209 } catch(...) {}
210 }
211
212 if(m_data == nullptr) {
214 }
215}
static std::shared_ptr< DL_Group_Data > DL_group_info(std::string_view name)
Definition dl_named.cpp:13
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().
◆ DL_Group() [3/8]
| Botan::DL_Group::DL_Group | ( | RandomNumberGenerator & | rng, |
| PrimeType | type, | ||
| size_t | pbits, | ||
| size_t | qbits = 0 ) |
Create a new group randomly.
- Parameters
-
rng the random number generator to use type specifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created. pbits the number of bits of p qbits the number of bits of q. Leave it as 0 to have the value determined according to pbits.
Definition at line 268 of file dl_group.cpp.
268 {
269 if(pbits < 1024) {
271 }
272
273 if(qbits >= pbits) {
275 }
276
278 if(qbits != 0 && qbits != pbits - 1) {
279 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
280 }
281
283 const BigInt q = (p - 1) / 2;
284
285 /*
286 Always choose a generator that is quadratic reside mod p, this forces g to
287 be a generator of the subgroup of size q.
288
289 We use 2 by default, but if 2 is not a quadratic reside then use 4 which
290 is always a quadratic reside, being the square of 2 (or p - 2)
291 */
292 BigInt g = BigInt::from_word(2);
294 g = BigInt::from_word(4);
295 }
296
297 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
299 if(qbits == 0) {
300 qbits = dl_exponent_size(pbits);
301 }
302
304 const BigInt q2 = q * 2;
305 BigInt X;
306 BigInt p;
308 X.randomize(rng, pbits);
309 // Variable time division is OK here since DH groups are public anyway
310 p = X - (X % q2) + 1;
311 }
312
313 const BigInt g = make_dsa_generator(p, q);
314 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
316 if(qbits == 0) {
317 qbits = ((pbits <= 1024) ? 160 : 256);
318 }
319
320 BigInt p;
321 BigInt q;
322 generate_dsa_primes(rng, p, q, pbits, qbits);
323 const BigInt g = make_dsa_generator(p, q);
324 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
325 } else {
326 throw Invalid_Argument("DL_Group unknown PrimeType");
327 }
328}
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition make_prm.cpp:97
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:354
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition dsa_gen.cpp:54
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition make_prm.cpp:294
References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::random_prime(), Botan::random_safe_prime(), Botan::BigInt::randomize(), Botan::RandomlyGenerated, and Strong.
◆ DL_Group() [4/8]
| Botan::DL_Group::DL_Group | ( | RandomNumberGenerator & | rng, |
| const std::vector< uint8_t > & | seed, | ||
| size_t | pbits = 1024, | ||
| size_t | qbits = 0 ) |
Create a DSA group with a given seed.
- Parameters
-
rng the random number generator to use seed the seed to use to create the random primes pbits the desired bit size of the prime p qbits the desired bit size of the prime q.
Definition at line 333 of file dl_group.cpp.
333 {
334 BigInt p;
335 BigInt q;
336
338 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
339 }
340
341 BigInt g = make_dsa_generator(p, q);
342
343 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
344}
References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.
◆ DL_Group() [5/8]
Create a DL group.
- Parameters
-
p the prime p g the base g
Definition at line 349 of file dl_group.cpp.
References Botan::ExternalSource.
◆ DL_Group() [6/8]
Create a DL group.
- Parameters
-
p the prime p q the prime q g the base g
Definition at line 356 of file dl_group.cpp.
356 {
357 if(q.is_zero()) {
358 m_data = std::make_shared<DL_Group_Data>(p, g, DL_Group_Source::ExternalSource);
359 } else {
360 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
361 }
362}
References Botan::ExternalSource, and Botan::BigInt::is_zero().
◆ DL_Group() [7/8]
| Botan::DL_Group::DL_Group | ( | const uint8_t | ber[], |
| size_t | ber_len, | ||
| DL_Group_Format | format ) |
Decode a BER-encoded DL group param
Definition at line 630 of file dl_group.cpp.
References Botan::ExternalSource.
◆ DL_Group() [8/8]
template<typename Alloc>
|
inline |
Decode a BER-encoded DL group param
Definition at line 137 of file dl_group.h.
References DL_Group().
Member Function Documentation
◆ _monty_params_p()
| const Montgomery_Params & Botan::DL_Group::_monty_params_p | ( | ) | const |
Return parameters for Montgomery reduction/exponentiation mod p
For internal use only
Definition at line 492 of file dl_group.cpp.
492 {
493 return data().monty_params_p();
494}
◆ _reducer_mod_p()
| const Barrett_Reduction & Botan::DL_Group::_reducer_mod_p | ( | ) | const |
Definition at line 539 of file dl_group.cpp.
539 {
540 return data().reducer_mod_p();
541}
◆ BER_decode()
|
inline |
Decode a DER/BER encoded group into this instance.
- Parameters
-
ber a vector containing the DER/BER encoded group format the format of the encoded group
- Warning
- avoid this. Instead use the DL_Group constructor
Definition at line 362 of file dl_group.h.
References BER_decode(), and DL_Group().
Referenced by BER_decode().
◆ DER_encode()
| std::vector< uint8_t > Botan::DL_Group::DER_encode | ( | DL_Group_Format | format | ) | const |
Encode this group into a string using DER encoding.
- Parameters
-
format the encoding format
- Returns
- string holding the DER encoded group
Definition at line 592 of file dl_group.cpp.
592 {
594 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
595 }
596
597 std::vector<uint8_t> output;
598 DER_Encoder der(output);
599
606 } else {
607 throw Invalid_Argument("Unknown DL_Group encoding");
608 }
609
610 return output;
611}
References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().
Referenced by PEM_encode().
◆ DL_Group_from_PEM()
|
inlinestatic |
Definition at line 85 of file dl_group.h.
85 {
87 }
References BOTAN_DEPRECATED, DL_Group(), DL_Group_from_PEM(), and from_PEM().
Referenced by DL_Group_from_PEM().
◆ DL_group_info()
|
static |
Definition at line 13 of file dl_named.cpp.
13 {
14 /* TLS FFDHE groups */
15
16 if(name == "ffdhe/ietf/2048") {
17 return load_DL_group_info(
18 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
19 "0x2");
20 }
21
22 if(name == "ffdhe/ietf/3072") {
23 return load_DL_group_info(
24 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
25 "0x2");
26 }
27
28 if(name == "ffdhe/ietf/4096") {
29 return load_DL_group_info(
30 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
31 "0x2");
32 }
33
34 if(name == "ffdhe/ietf/6144") {
35 return load_DL_group_info(
36 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
37 "0x2");
38 }
39
40 if(name == "ffdhe/ietf/8192") {
41 return load_DL_group_info(
42 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", "0x2");
43 }
44
45 /* IETF IPsec groups */
46
47 if(name == "modp/ietf/1024") {
48 return load_DL_group_info(
49 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
50 "0x2");
51 }
52
53 if(name == "modp/ietf/1536") {
54 return load_DL_group_info(
55 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
56 "0x2");
57 }
58
59 if(name == "modp/ietf/2048") {
60 return load_DL_group_info(
61 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
62 "0x2");
63 }
64
65 if(name == "modp/ietf/3072") {
66 return load_DL_group_info(
67 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
68 "0x2");
69 }
70
71 if(name == "modp/ietf/4096") {
72 return load_DL_group_info(
73 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
74 "0x2");
75 }
76
77 if(name == "modp/ietf/6144") {
78 return load_DL_group_info(
79 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
80 "0x2");
81 }
82
83 if(name == "modp/ietf/8192") {
84 return load_DL_group_info(
85 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0x2");
86 }
87
88 /* SRP groups
89
90 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
91 of subgroup of size q, so set q == 0 to bypass generator check
92
93 Missing q doesn't matter for SRP, and nothing but SRP should be
94 using these parameters.
95 */
96
97 if(name == "modp/srp/1024") {
98 return load_DL_group_info(
99 "0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
100 "0",
101 "0x2");
102 }
103
104 if(name == "modp/srp/1536") {
105 return load_DL_group_info(
106 "0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
107 "0",
108 "0x2");
109 }
110
111 if(name == "modp/srp/2048") {
112 return load_DL_group_info(
113 "0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
114 "0",
115 "0x2");
116 }
117
118 if(name == "modp/srp/3072") {
119 return load_DL_group_info(
120 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
121 "0",
122 "0x5");
123 }
124
125 if(name == "modp/srp/4096") {
126 return load_DL_group_info(
127 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
128 "0",
129 "0x5");
130 }
131
132 if(name == "modp/srp/6144") {
133 return load_DL_group_info(
134 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
135 "0",
136 "0x5");
137 }
138
139 if(name == "modp/srp/8192") {
140 return load_DL_group_info(
141 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0", "0x13");
142 }
143
144 /* DSA groups */
145
146 if(name == "dsa/jce/1024") {
147 return load_DL_group_info(
148 "0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
149 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
150 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
151 }
152
153 if(name == "dsa/botan/2048") {
154 return load_DL_group_info(
155 "0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
156 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
157 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
158 }
159
160 if(name == "dsa/botan/3072") {
161 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
162 }
163
164 return std::shared_ptr<DL_Group_Data>();
165}
Referenced by DL_Group(), and from_name().
◆ estimated_strength()
| size_t Botan::DL_Group::estimated_strength | ( | ) | const |
Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.
Definition at line 518 of file dl_group.cpp.
518 {
519 return data().estimated_strength();
520}
◆ exponent_bits()
| size_t Botan::DL_Group::exponent_bits | ( | ) | const |
Return size in bits of a secret exponent
This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).
It may vary over time for a particular group, if the attack costs change.
Definition at line 522 of file dl_group.cpp.
522 {
523 return data().exponent_bits();
524}
◆ from_name()
|
static |
Construct a DL group that is registered in the configuration.
- Parameters
-
name the name of the group, for example "modp/ietf/3072"
- Exceptions
-
Invalid_Argument if the named group is unknown
Definition at line 217 of file dl_group.cpp.
217 {
219
220 if(!data) {
222 }
223
225}
References DL_Group(), DL_group_info(), and Botan::fmt().
Referenced by botan_srp6_group_size(), Botan::create_private_key(), DL_Group(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::srp6_group_identifier(), and Botan::SRP6_Server_Session::step1().
◆ from_PEM()
|
static |
Definition at line 228 of file dl_group.cpp.
References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().
Referenced by DL_Group(), and DL_Group_from_PEM().
◆ get_g()
| const BigInt & Botan::DL_Group::get_g | ( | ) | const |
Get the base g.
- Returns
- base g
Definition at line 481 of file dl_group.cpp.
481 {
482 return data().g();
483}
Referenced by DER_encode(), multi_exponentiate(), Botan::srp6_client_agree(), and verify_group().
◆ get_p()
| const BigInt & Botan::DL_Group::get_p | ( | ) | const |
Get the prime p.
- Returns
- prime p
Definition at line 474 of file dl_group.cpp.
474 {
475 return data().p();
476}
Referenced by DER_encode(), inverse_mod_p(), Botan::srp6_client_agree(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().
◆ get_q()
| const BigInt & Botan::DL_Group::get_q | ( | ) | const |
Get the prime q, returns zero if q is not used
- Returns
- prime q
Definition at line 488 of file dl_group.cpp.
488 {
489 return data().q();
490}
Referenced by DER_encode(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().
◆ has_q()
| bool Botan::DL_Group::has_q | ( | ) | const |
Return if the q value is set
Definition at line 496 of file dl_group.cpp.
496 {
497 return data().q_is_set();
498}
Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey(), and Botan::DSA_PrivateKey::DSA_PrivateKey().
◆ inverse_mod_p()
Return the inverse of x mod p
Definition at line 526 of file dl_group.cpp.
526 {
527 // precompute??
529}
BigInt inverse_mod_public_prime(const BigInt &x, const BigInt &p)
Definition mod_inv.cpp:291
References get_p(), and Botan::inverse_mod_public_prime().
◆ inverse_mod_q()
Return the inverse of x mod q Throws if q is unset on this DL_Group
Definition at line 543 of file dl_group.cpp.
543 {
544 data().assert_q_is_set("inverse_mod_q");
545 // precompute??
547}
References get_q(), and Botan::inverse_mod_public_prime().
◆ mod_p()
Reduce an integer modulo p
- Returns
- x % p
Definition at line 531 of file dl_group.cpp.
531 {
532 return data().reducer_mod_p().reduce(x);
533}
Referenced by Botan::srp6_client_agree().
◆ mod_q()
Reduce an integer modulo q Throws if q is unset on this DL_Group
- Returns
- x % q
Definition at line 549 of file dl_group.cpp.
549 {
550 data().assert_q_is_set("mod_q");
551 return data().reducer_mod_q().reduce(x);
552}
◆ multi_exponentiate()
| BigInt Botan::DL_Group::multi_exponentiate | ( | const BigInt & | x, |
| const BigInt & | y, | ||
| const BigInt & | z ) const |
Multi-exponentiate Return (g^x * y^z) % p
- Warning
- this function is variable time and should not be used with secret inputs
Definition at line 569 of file dl_group.cpp.
569 {
571}
Montgomery_Int monty_multi_exp(const Montgomery_Params ¶ms_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition monty_exp.cpp:161
References get_g(), Botan::monty_multi_exp(), and Botan::Montgomery_Int::value().
◆ multiply_mod_p()
Multiply and reduce an integer modulo p
- Returns
- (x*y) % p
Definition at line 535 of file dl_group.cpp.
535 {
536 return data().reducer_mod_p().multiply(x, y);
537}
Referenced by Botan::srp6_client_agree().
◆ multiply_mod_q() [1/2]
Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group
- Returns
- (x*y) % q
Definition at line 554 of file dl_group.cpp.
554 {
555 data().assert_q_is_set("multiply_mod_q");
556 return data().reducer_mod_q().multiply(x, y);
557}
Referenced by multiply_mod_q().
◆ multiply_mod_q() [2/2]
| BigInt Botan::DL_Group::multiply_mod_q | ( | const BigInt & | x, |
| const BigInt & | y, | ||
| const BigInt & | z ) const |
Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group
- Returns
- (x*y*z) % q
Definition at line 559 of file dl_group.cpp.
559 {
560 data().assert_q_is_set("multiply_mod_q");
562}
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition dl_group.cpp:554
References multiply_mod_q().
◆ p_bits()
| size_t Botan::DL_Group::p_bits | ( | ) | const |
Return the size of p in bits Same as get_p().bits()
Definition at line 500 of file dl_group.cpp.
500 {
501 return data().p_bits();
502}
Referenced by power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and Botan::SRP6_Server_Session::step1().
◆ p_bytes()
| size_t Botan::DL_Group::p_bytes | ( | ) | const |
Return the size of p in bytes Same as get_p().bytes()
Definition at line 504 of file dl_group.cpp.
504 {
505 return data().p_bytes();
506}
Referenced by Botan::srp6_client_agree().
◆ PEM_encode()
| std::string Botan::DL_Group::PEM_encode | ( | DL_Group_Format | format | ) | const |
Encode this group into a string using PEM encoding.
- Parameters
-
format the encoding format
- Returns
- string holding the PEM encoded group
Definition at line 616 of file dl_group.cpp.
616 {
618
625 } else {
626 throw Invalid_Argument("Unknown DL_Group encoding");
627 }
628}
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition dl_group.cpp:592
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.
◆ power_b_p() [1/2]
Modular exponentiation
- Parameters
-
b the base x the exponent
- Returns
- (b^x) % p
Definition at line 577 of file dl_group.cpp.
577 {
579}
BigInt power_b_p(const BigInt &b, const BigInt &x, size_t max_x_bits) const
Definition dl_group.cpp:581
References p_bits(), and power_b_p().
◆ power_b_p() [2/2]
Modular exponentiation
- Parameters
-
b the base x the exponent max_x_bits x is assumed to be at most this many bits long.
- Returns
- (b^x) % p
Definition at line 581 of file dl_group.cpp.
581 {
582 return data().power_b_p(b, x, max_x_bits);
583}
Referenced by power_b_p(), and Botan::srp6_client_agree().
◆ power_g_p() [1/2]
Modular exponentiation
- Warning
- this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
- Returns
- (g^x) % p
Definition at line 263 of file dl_group.h.
263 {
265 }
References BOTAN_DEPRECATED, and power_g_p().
Referenced by power_g_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and verify_element_pair().
◆ power_g_p() [2/2]
Modular exponentiation
- Parameters
-
x the exponent max_x_bits x is assumed to be at most this many bits long.
- Returns
- (g^x) % p
Definition at line 573 of file dl_group.cpp.
573 {
574 return data().power_g_p(x, max_x_bits);
575}
◆ q_bits()
| size_t Botan::DL_Group::q_bits | ( | ) | const |
Return the size of q in bits Same as get_q().bits() Throws if q is unset
Definition at line 508 of file dl_group.cpp.
508 {
509 data().assert_q_is_set("q_bits");
510 return data().q_bits();
511}
◆ q_bytes()
| size_t Botan::DL_Group::q_bytes | ( | ) | const |
Return the size of q in bytes Same as get_q().bytes() Throws if q is unset
Definition at line 513 of file dl_group.cpp.
513 {
514 data().assert_q_is_set("q_bytes");
515 return data().q_bytes();
516}
◆ source()
| DL_Group_Source Botan::DL_Group::source | ( | ) | const |
Definition at line 585 of file dl_group.cpp.
585 {
586 return data().source();
587}
Referenced by verify_group().
◆ square_mod_q()
Square and reduce an integer modulo q Throws if q is unset on this DL_Group
- Returns
- (x*x) % q
Definition at line 564 of file dl_group.cpp.
564 {
565 data().assert_q_is_set("square_mod_q");
566 return data().reducer_mod_q().square(x);
567}
References Botan::BigInt::square().
◆ verify_element_pair()
Verify a pair of elements y = g^x
This verifies that 1 < x,y < p and that y=g^x mod p
Definition at line 404 of file dl_group.cpp.
404 {
406
407 if(y <= 1 || y >= p || x <= 1 || x >= p) {
408 return false;
409 }
410
412 return false;
413 }
414
415 return true;
416}
References Botan::BigInt::bits(), get_p(), and power_g_p().
◆ verify_group()
| bool Botan::DL_Group::verify_group | ( | RandomNumberGenerator & | rng, |
| bool | strong = true ) const |
Perform validity checks on the group.
- Parameters
-
rng the rng to use strong whether to perform stronger by lengthier tests
- Returns
- true if the object is consistent, false otherwise
Definition at line 421 of file dl_group.cpp.
421 {
423
424 if(!strong && from_builtin) {
425 return true;
426 }
427
431
432 if(g < 2 || p < 3 || q < 0) {
433 return false;
434 }
435
436 const size_t test_prob = 128;
438
440 return false;
441 }
442
443 if(q != 0) {
444 if((p - 1) % q != 0) {
445 return false;
446 }
447 if(data().power_g_p_vartime(q) != 1) {
448 return false;
449 }
451 return false;
452 }
453 } else {
454 if(!from_builtin && !is_randomly_generated) {
455 // If we got this p,g from some unknown source, try to verify
456 // that the group order is not too absurdly small.
457
458 const size_t upper_bound = strong ? 1000 : 100;
459
460 for(size_t i = 2; i != upper_bound; ++i) {
462 return false;
463 }
464 }
465 }
466 }
467
468 return true;
469}
References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().
◆ verify_private_element()
| bool Botan::DL_Group::verify_private_element | ( | const BigInt & | x | ) | const |
Verify a private element
Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q
Definition at line 389 of file dl_group.cpp.
389 {
392
393 if(x <= 1 || x >= p) {
394 return false;
395 }
396
397 if(q > 0 && x > q) {
398 return false;
399 }
400
401 return true;
402}
◆ verify_public_element()
| bool Botan::DL_Group::verify_public_element | ( | const BigInt & | y | ) | const |
Verify a public element, ie check if y = g^x for some x.
This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.
Definition at line 372 of file dl_group.cpp.
372 {
375
376 if(y <= 1 || y >= p) {
377 return false;
378 }
379
380 if(!q.is_zero()) {
381 if(data().power_b_p_vartime(y, q) != 1) {
382 return false;
383 }
384 }
385
386 return true;
387}
References get_p(), get_q(), and Botan::BigInt::is_zero().
The documentation for this class was generated from the following files:
- src/lib/pubkey/dl_group/dl_group.h
- src/lib/pubkey/dl_group/dl_group.cpp
- src/lib/pubkey/dl_group/dl_named.cpp
Generated by
1.14.0