Botan 3.8.1
Crypto and TLS for C&
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

using Format = DL_Group_Format
 
enum  PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }
 

Public Member Functions

const Barrett_Reduction_reducer_mod_p () const
 
void BER_decode (const std::vector< uint8_t > &ber, DL_Group_Format format)
 
std::vector< uint8_t > DER_encode (DL_Group_Format format) const
 
 DL_Group ()=default
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
template<typename Alloc>
 DL_Group (const std::vector< uint8_t, Alloc > &ber, DL_Group_Format format)
 
 DL_Group (const uint8_t ber[], size_t ber_len, DL_Group_Format format)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
 DL_Group (std::string_view name)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
bool has_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt inverse_mod_q (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
BigInt mod_q (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
std::string PEM_encode (DL_Group_Format format) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x) const
 
BigInt power_b_p (const BigInt &b, const BigInt &x, size_t max_x_bits) const
 
BigInt power_g_p (const BigInt &x) const
 
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
 
size_t q_bits () const
 
size_t q_bytes () const
 
DL_Group_Source source () const
 
BigInt square_mod_q (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_private_element (const BigInt &x) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static DL_Group DL_Group_from_PEM (std::string_view pem)
 
static std::shared_ptr< DL_Group_Data > DL_group_info (std::string_view name)
 
static DL_Group from_name (std::string_view name)
 
static DL_Group from_PEM (std::string_view pem)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 46 of file dl_group.h.

Member Typedef Documentation

◆ Format

Definition at line 53 of file dl_group.h.

Member Enumeration Documentation

◆ PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 51 of file dl_group.h.

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value.

References BOTAN_DEPRECATED, DL_Group(), from_name(), and from_PEM().

Referenced by BER_decode(), DL_Group(), DL_Group(), DL_Group_from_PEM(), from_name(), and from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( std::string_view name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group::from_PEM or DL_Group::from_name

Definition at line 193 of file dl_group.cpp.

193 {
194 // Either a name or a PEM block, try name first
195 m_data = DL_group_info(str);
196
197 if(m_data == nullptr) {
198 try {
199 std::string label;
200 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
201 DL_Group_Format format = pem_label_to_dl_format(label);
202
203 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
204 } catch(...) {}
205 }
206
207 if(m_data == nullptr) {
208 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", str));
209 }
210}
static std::shared_ptr< DL_Group_Data > DL_group_info(std::string_view name)
Definition dl_named.cpp:13
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
DL_Group_Format
Definition dl_group.h:30
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:82

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, Botan::fmt(), and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
PrimeType type,
size_t pbits,
size_t qbits = 0 )

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 262 of file dl_group.cpp.

262 {
263 if(pbits < 1024) {
264 throw Invalid_Argument(fmt("DL_Group: requested prime size {} is too small", pbits));
265 }
266
267 if(qbits >= pbits) {
268 throw Invalid_Argument(fmt("DL_Group: requested q size {} is too big for p {}", qbits, pbits));
269 }
270
271 if(type == Strong) {
272 if(qbits != 0 && qbits != pbits - 1) {
273 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
274 }
275
276 const BigInt p = random_safe_prime(rng, pbits);
277 const BigInt q = (p - 1) / 2;
278
279 /*
280 Always choose a generator that is quadratic reside mod p, this forces g to
281 be a generator of the subgroup of size q.
282
283 We use 2 by default, but if 2 is not a quadratic reside then use 4 which
284 is always a quadratic reside, being the square of 2 (or p - 2)
285 */
286 BigInt g = BigInt::from_word(2);
287 if(jacobi(g, p) != 1) {
288 g = BigInt::from_word(4);
289 }
290
291 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
292 } else if(type == Prime_Subgroup) {
293 if(qbits == 0) {
294 qbits = dl_exponent_size(pbits);
295 }
296
297 const BigInt q = random_prime(rng, qbits);
298 const BigInt q2 = q * 2;
299 BigInt X;
300 BigInt p;
301 while(p.bits() != pbits || !is_prime(p, rng, 128, true)) {
302 X.randomize(rng, pbits);
303 // Variable time division is OK here since DH groups are public anyway
304 p = X - (X % q2) + 1;
305 }
306
307 const BigInt g = make_dsa_generator(p, q);
308 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
309 } else if(type == DSA_Kosherizer) {
310 if(qbits == 0) {
311 qbits = ((pbits <= 1024) ? 160 : 256);
312 }
313
314 BigInt p, q;
315 generate_dsa_primes(rng, p, q, pbits, qbits);
316 const BigInt g = make_dsa_generator(p, q);
317 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
318 } else {
319 throw Invalid_Argument("DL_Group unknown PrimeType");
320 }
321}
static BigInt from_word(word n)
Definition bigint.cpp:33
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition make_prm.cpp:97
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:355
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition dsa_gen.cpp:54
size_t dl_exponent_size(size_t bits)
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition numthry.cpp:116
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition make_prm.cpp:294

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::fmt(), Botan::BigInt::from_word(), Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::random_prime(), Botan::random_safe_prime(), Botan::BigInt::randomize(), Botan::RandomlyGenerated, and Strong.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator & rng,
const std::vector< uint8_t > & seed,
size_t pbits = 1024,
size_t qbits = 0 )

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 326 of file dl_group.cpp.

326 {
327 BigInt p, q;
328
329 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) {
330 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
331 }
332
333 BigInt g = make_dsa_generator(p, q);
334
335 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
336}

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 341 of file dl_group.cpp.

341 {
342 m_data = std::make_shared<DL_Group_Data>(p, g, DL_Group_Source::ExternalSource);
343}

References Botan::ExternalSource.

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt & p,
const BigInt & q,
const BigInt & g )

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 348 of file dl_group.cpp.

348 {
349 if(q.is_zero()) {
350 m_data = std::make_shared<DL_Group_Data>(p, g, DL_Group_Source::ExternalSource);
351 } else {
352 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
353 }
354}

References Botan::ExternalSource, and Botan::BigInt::is_zero().

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t ber[],
size_t ber_len,
DL_Group_Format format )

Decode a BER-encoded DL group param

Definition at line 622 of file dl_group.cpp.

622 {
623 m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
624}

References Botan::ExternalSource.

◆ DL_Group() [8/8]

template<typename Alloc>
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > & ber,
DL_Group_Format format )
inline

Decode a BER-encoded DL group param

Definition at line 137 of file dl_group.h.

137 :
138 DL_Group(ber.data(), ber.size(), format) {}
DL_Group()=default

References DL_Group().

Member Function Documentation

◆ _reducer_mod_p()

const Barrett_Reduction & Botan::DL_Group::_reducer_mod_p ( ) const

Definition at line 531 of file dl_group.cpp.

531 {
532 return data().reducer_mod_p();
533}

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > & ber,
DL_Group_Format format )
inline

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 365 of file dl_group.h.

365 {
366 *this = DL_Group(ber, format);
367 }

References BER_decode(), and DL_Group().

Referenced by BER_decode().

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( DL_Group_Format format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 584 of file dl_group.cpp.

584 {
585 if(get_q().is_zero() && (format != DL_Group_Format::PKCS_3)) {
586 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
587 }
588
589 std::vector<uint8_t> output;
590 DER_Encoder der(output);
591
592 if(format == DL_Group_Format::ANSI_X9_57) {
593 der.start_sequence().encode(get_p()).encode(get_q()).encode(get_g()).end_cons();
594 } else if(format == DL_Group_Format::ANSI_X9_42) {
595 der.start_sequence().encode(get_p()).encode(get_g()).encode(get_q()).end_cons();
596 } else if(format == DL_Group_Format::PKCS_3) {
597 der.start_sequence().encode(get_p()).encode(get_g()).end_cons();
598 } else {
599 throw Invalid_Argument("Unknown DL_Group encoding");
600 }
601
602 return output;
603}
const BigInt & get_p() const
Definition dl_group.cpp:466
const BigInt & get_g() const
Definition dl_group.cpp:473
const BigInt & get_q() const
Definition dl_group.cpp:480

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), Botan::PKCS_3, and Botan::DER_Encoder::start_sequence().

Referenced by PEM_encode().

◆ DL_Group_from_PEM()

static DL_Group Botan::DL_Group::DL_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 85 of file dl_group.h.

85 {
86 return DL_Group::from_PEM(pem);
87 }
static DL_Group from_PEM(std::string_view pem)
Definition dl_group.cpp:223

References BOTAN_DEPRECATED, DL_Group(), DL_Group_from_PEM(), and from_PEM().

Referenced by DL_Group_from_PEM().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( std::string_view name)
static

Definition at line 13 of file dl_named.cpp.

13 {
14 /* TLS FFDHE groups */
15
16 if(name == "ffdhe/ietf/2048") {
17 return load_DL_group_info(
18 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
19 "0x2");
20 }
21
22 if(name == "ffdhe/ietf/3072") {
23 return load_DL_group_info(
24 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
25 "0x2");
26 }
27
28 if(name == "ffdhe/ietf/4096") {
29 return load_DL_group_info(
30 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
31 "0x2");
32 }
33
34 if(name == "ffdhe/ietf/6144") {
35 return load_DL_group_info(
36 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
37 "0x2");
38 }
39
40 if(name == "ffdhe/ietf/8192") {
41 return load_DL_group_info(
42 "0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", "0x2");
43 }
44
45 /* IETF IPsec groups */
46
47 if(name == "modp/ietf/1024") {
48 return load_DL_group_info(
49 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
50 "0x2");
51 }
52
53 if(name == "modp/ietf/1536") {
54 return load_DL_group_info(
55 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
56 "0x2");
57 }
58
59 if(name == "modp/ietf/2048") {
60 return load_DL_group_info(
61 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
62 "0x2");
63 }
64
65 if(name == "modp/ietf/3072") {
66 return load_DL_group_info(
67 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
68 "0x2");
69 }
70
71 if(name == "modp/ietf/4096") {
72 return load_DL_group_info(
73 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
74 "0x2");
75 }
76
77 if(name == "modp/ietf/6144") {
78 return load_DL_group_info(
79 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
80 "0x2");
81 }
82
83 if(name == "modp/ietf/8192") {
84 return load_DL_group_info(
85 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0x2");
86 }
87
88 /* SRP groups
89
90 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
91 of subgroup of size q, so set q == 0 to bypass generator check
92
93 Missing q doesn't matter for SRP, and nothing but SRP should be
94 using these parameters.
95 */
96
97 if(name == "modp/srp/1024") {
98 return load_DL_group_info(
99 "0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
100 "0",
101 "0x2");
102 }
103
104 if(name == "modp/srp/1536") {
105 return load_DL_group_info(
106 "0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
107 "0",
108 "0x2");
109 }
110
111 if(name == "modp/srp/2048") {
112 return load_DL_group_info(
113 "0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
114 "0",
115 "0x2");
116 }
117
118 if(name == "modp/srp/3072") {
119 return load_DL_group_info(
120 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
121 "0",
122 "0x5");
123 }
124
125 if(name == "modp/srp/4096") {
126 return load_DL_group_info(
127 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
128 "0",
129 "0x5");
130 }
131
132 if(name == "modp/srp/6144") {
133 return load_DL_group_info(
134 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
135 "0",
136 "0x5");
137 }
138
139 if(name == "modp/srp/8192") {
140 return load_DL_group_info(
141 "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", "0", "0x13");
142 }
143
144 /* DSA groups */
145
146 if(name == "dsa/jce/1024") {
147 return load_DL_group_info(
148 "0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
149 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
150 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
151 }
152
153 if(name == "dsa/botan/2048") {
154 return load_DL_group_info(
155 "0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
156 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
157 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
158 }
159
160 if(name == "dsa/botan/3072") {
161 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
162 }
163
164 return std::shared_ptr<DL_Group_Data>();
165}

Referenced by DL_Group(), and from_name().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 510 of file dl_group.cpp.

510 {
511 return data().estimated_strength();
512}

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 514 of file dl_group.cpp.

514 {
515 return data().exponent_bits();
516}

◆ from_name()

DL_Group Botan::DL_Group::from_name ( std::string_view name)
static

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Exceptions
Invalid_Argumentif the named group is unknown

Definition at line 212 of file dl_group.cpp.

212 {
213 auto data = DL_group_info(name);
214
215 if(!data) {
216 throw Invalid_Argument(fmt("DL_Group: Unknown group '{}'", name));
217 }
218
219 return DL_Group(data);
220}

References DL_Group(), DL_group_info(), and Botan::fmt().

Referenced by botan_srp6_group_size(), Botan::create_private_key(), DL_Group(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), Botan::srp6_group_identifier(), and Botan::SRP6_Server_Session::step1().

◆ from_PEM()

DL_Group Botan::DL_Group::from_PEM ( std::string_view pem)
static

Definition at line 223 of file dl_group.cpp.

223 {
224 std::string label;
225 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
226 DL_Group_Format format = pem_label_to_dl_format(label);
227 return DL_Group(ber, format);
228}

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

Referenced by DL_Group(), and DL_Group_from_PEM().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 473 of file dl_group.cpp.

473 {
474 return data().g();
475}

Referenced by DER_encode(), multi_exponentiate(), Botan::srp6_client_agree(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 466 of file dl_group.cpp.

466 {
467 return data().p();
468}

Referenced by DER_encode(), inverse_mod_p(), Botan::srp6_client_agree(), verify_element_pair(), verify_group(), verify_private_element(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 480 of file dl_group.cpp.

480 {
481 return data().q();
482}

Referenced by DER_encode(), inverse_mod_q(), verify_group(), verify_private_element(), and verify_public_element().

◆ has_q()

bool Botan::DL_Group::has_q ( ) const

Return if the q value is set

Definition at line 488 of file dl_group.cpp.

488 {
489 return data().q_is_set();
490}

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey(), and Botan::DSA_PrivateKey::DSA_PrivateKey().

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt & x) const

Return the inverse of x mod p

Definition at line 518 of file dl_group.cpp.

518 {
519 // precompute??
520 return inverse_mod_public_prime(x, get_p());
521}
BigInt inverse_mod_public_prime(const BigInt &x, const BigInt &p)
Definition mod_inv.cpp:291

References get_p(), and Botan::inverse_mod_public_prime().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt & x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 535 of file dl_group.cpp.

535 {
536 data().assert_q_is_set("inverse_mod_q");
537 // precompute??
538 return inverse_mod_public_prime(x, get_q());
539}

References get_q(), and Botan::inverse_mod_public_prime().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt & x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 523 of file dl_group.cpp.

523 {
524 return data().reducer_mod_p().reduce(x);
525}

Referenced by Botan::srp6_client_agree().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt & x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 541 of file dl_group.cpp.

541 {
542 data().assert_q_is_set("mod_q");
543 return data().reducer_mod_q().reduce(x);
544}

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 484 of file dl_group.cpp.

484 {
485 return data().monty_params_p();
486}

Referenced by multi_exponentiate().

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 561 of file dl_group.cpp.

561 {
562 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z).value();
563}
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition dl_group.cpp:484
BigInt value() const
Definition monty.cpp:323
Montgomery_Int monty_multi_exp(const std::shared_ptr< const Montgomery_Params > &params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)

References get_g(), Botan::monty_multi_exp(), monty_params_p(), and Botan::Montgomery_Int::value().

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 527 of file dl_group.cpp.

527 {
528 return data().reducer_mod_p().multiply(x, y);
529}

Referenced by Botan::srp6_client_agree().

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 546 of file dl_group.cpp.

546 {
547 data().assert_q_is_set("multiply_mod_q");
548 return data().reducer_mod_q().multiply(x, y);
549}

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 551 of file dl_group.cpp.

551 {
552 data().assert_q_is_set("multiply_mod_q");
553 return this->multiply_mod_q(this->multiply_mod_q(x, y), z);
554}
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition dl_group.cpp:546

References multiply_mod_q().

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 492 of file dl_group.cpp.

492 {
493 return data().p_bits();
494}

Referenced by power_b_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and Botan::SRP6_Server_Session::step1().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 496 of file dl_group.cpp.

496 {
497 return data().p_bytes();
498}

Referenced by Botan::srp6_client_agree().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( DL_Group_Format format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 608 of file dl_group.cpp.

608 {
609 const std::vector<uint8_t> encoding = DER_encode(format);
610
611 if(format == DL_Group_Format::PKCS_3) {
612 return PEM_Code::encode(encoding, "DH PARAMETERS");
613 } else if(format == DL_Group_Format::ANSI_X9_57) {
614 return PEM_Code::encode(encoding, "DSA PARAMETERS");
615 } else if(format == DL_Group_Format::ANSI_X9_42) {
616 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
617 } else {
618 throw Invalid_Argument("Unknown DL_Group encoding");
619 }
620}
std::vector< uint8_t > DER_encode(DL_Group_Format format) const
Definition dl_group.cpp:584
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References Botan::ANSI_X9_42, Botan::ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), and Botan::PKCS_3.

◆ power_b_p() [1/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
Returns
(b^x) % p

Definition at line 569 of file dl_group.cpp.

569 {
570 return this->power_b_p(b, x, data().p_bits());
571}
size_t p_bits() const
Definition dl_group.cpp:492
BigInt power_b_p(const BigInt &b, const BigInt &x, size_t max_x_bits) const
Definition dl_group.cpp:573

References p_bits(), and power_b_p().

◆ power_b_p() [2/2]

BigInt Botan::DL_Group::power_b_p ( const BigInt & b,
const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
bthe base
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(b^x) % p

Definition at line 573 of file dl_group.cpp.

573 {
574 return data().power_b_p(b, x, max_x_bits);
575}

Referenced by power_b_p(), and Botan::srp6_client_agree().

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x) const
inline

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 263 of file dl_group.h.

263 {
264 return power_g_p(x, x.bits());
265 }
BigInt power_g_p(const BigInt &x) const
Definition dl_group.h:263

References BOTAN_DEPRECATED, and power_g_p().

Referenced by power_g_p(), Botan::srp6_client_agree(), Botan::srp6_generate_verifier(), and verify_element_pair().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt & x,
size_t max_x_bits ) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 565 of file dl_group.cpp.

565 {
566 return data().power_g_p(x, max_x_bits);
567}

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 500 of file dl_group.cpp.

500 {
501 data().assert_q_is_set("q_bits");
502 return data().q_bits();
503}

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 505 of file dl_group.cpp.

505 {
506 data().assert_q_is_set("q_bytes");
507 return data().q_bytes();
508}

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 577 of file dl_group.cpp.

577 {
578 return data().source();
579}

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt & x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 556 of file dl_group.cpp.

556 {
557 data().assert_q_is_set("square_mod_q");
558 return data().reducer_mod_q().square(x);
559}

References Botan::BigInt::square().

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt & y,
const BigInt & x ) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 396 of file dl_group.cpp.

396 {
397 const BigInt& p = get_p();
398
399 if(y <= 1 || y >= p || x <= 1 || x >= p) {
400 return false;
401 }
402
403 if(y != this->power_g_p(x, x.bits())) {
404 return false;
405 }
406
407 return true;
408}

References Botan::BigInt::bits(), get_p(), and power_g_p().

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = true ) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 413 of file dl_group.cpp.

413 {
414 const bool from_builtin = (source() == DL_Group_Source::Builtin);
415
416 if(!strong && from_builtin) {
417 return true;
418 }
419
420 const BigInt& p = get_p();
421 const BigInt& q = get_q();
422 const BigInt& g = get_g();
423
424 if(g < 2 || p < 3 || q < 0) {
425 return false;
426 }
427
428 const size_t test_prob = 128;
429 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
430
431 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
432 return false;
433 }
434
435 if(q != 0) {
436 if((p - 1) % q != 0) {
437 return false;
438 }
439 if(data().power_g_p_vartime(q) != 1) {
440 return false;
441 }
442 if(!is_prime(q, rng, test_prob, is_randomly_generated)) {
443 return false;
444 }
445 } else {
446 if(!from_builtin && !is_randomly_generated) {
447 // If we got this p,g from some unknown source, try to verify
448 // that the group order is not too absurdly small.
449
450 const size_t upper_bound = strong ? 1000 : 100;
451
452 for(size_t i = 2; i != upper_bound; ++i) {
453 if(data().power_g_p_vartime(BigInt::from_word(i)) == 1) {
454 return false;
455 }
456 }
457 }
458 }
459
460 return true;
461}
DL_Group_Source source() const
Definition dl_group.cpp:577

References Botan::Builtin, Botan::ExternalSource, Botan::BigInt::from_word(), get_g(), get_p(), get_q(), Botan::is_prime(), and source().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

◆ verify_private_element()

bool Botan::DL_Group::verify_private_element ( const BigInt & x) const

Verify a private element

Specifically this checks that x is > 1 and < p, and additionally if q is set then x must be < q

Definition at line 381 of file dl_group.cpp.

381 {
382 const BigInt& p = get_p();
383 const BigInt& q = get_q();
384
385 if(x <= 1 || x >= p) {
386 return false;
387 }
388
389 if(q > 0 && x > q) {
390 return false;
391 }
392
393 return true;
394}

References get_p(), and get_q().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt & y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 364 of file dl_group.cpp.

364 {
365 const BigInt& p = get_p();
366 const BigInt& q = get_q();
367
368 if(y <= 1 || y >= p) {
369 return false;
370 }
371
372 if(q.is_zero() == false) {
373 if(data().power_b_p_vartime(y, q) != 1) {
374 return false;
375 }
376 }
377
378 return true;
379}

References get_p(), get_q(), and Botan::BigInt::is_zero().


The documentation for this class was generated from the following files: