Botan 2.19.1
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::DL_Group Class Referencefinal

#include <dl_group.h>

Public Types

enum  Format {
  ANSI_X9_42 , ANSI_X9_57 , PKCS_3 , DSA_PARAMETERS = ANSI_X9_57 ,
  DH_PARAMETERS = ANSI_X9_42 , ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42 , PKCS3_DH_PARAMETERS = PKCS_3
}
 
enum  PrimeType { Strong , Prime_Subgroup , DSA_Kosherizer }
 

Public Member Functions

void BER_decode (const std::vector< uint8_t > &ber, Format format)
 
std::vector< uint8_t > DER_encode (Format format) const
 
 DL_Group ()=default
 
 DL_Group (const BigInt &p, const BigInt &g)
 
 DL_Group (const BigInt &p, const BigInt &q, const BigInt &g)
 
 DL_Group (const std::string &name)
 
template<typename Alloc >
 DL_Group (const std::vector< uint8_t, Alloc > &ber, Format format)
 
 DL_Group (const uint8_t ber[], size_t ber_len, Format format)
 
 DL_Group (RandomNumberGenerator &rng, const std::vector< uint8_t > &seed, size_t pbits=1024, size_t qbits=0)
 
 DL_Group (RandomNumberGenerator &rng, PrimeType type, size_t pbits, size_t qbits=0)
 
size_t estimated_strength () const
 
size_t exponent_bits () const
 
const BigIntget_g () const
 
const BigIntget_p () const
 
const BigIntget_q () const
 
BigInt inverse_mod_p (const BigInt &x) const
 
BigInt inverse_mod_q (const BigInt &x) const
 
BigInt mod_p (const BigInt &x) const
 
BigInt mod_q (const BigInt &x) const
 
std::shared_ptr< const Montgomery_Paramsmonty_params_p () const
 
BigInt multi_exponentiate (const BigInt &x, const BigInt &y, const BigInt &z) const
 
BigInt multiply_mod_p (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_q (const BigInt &x, const BigInt &y, const BigInt &z) const
 
size_t p_bits () const
 
size_t p_bytes () const
 
void PEM_decode (const std::string &pem)
 
std::string PEM_encode (Format format) const
 
BigInt power_g_p (const BigInt &x) const
 
BigInt power_g_p (const BigInt &x, size_t max_x_bits) const
 
size_t q_bits () const
 
size_t q_bytes () const
 
DL_Group_Source source () const
 
BigInt square_mod_q (const BigInt &x) const
 
bool verify_element_pair (const BigInt &y, const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=true) const
 
bool verify_public_element (const BigInt &y) const
 

Static Public Member Functions

static DL_Group DL_Group_from_PEM (const std::string &pem)
 
static std::shared_ptr< DL_Group_Data > DL_group_info (const std::string &name)
 
static std::string PEM_for_named_group (const std::string &name)
 

Detailed Description

This class represents discrete logarithm groups. It holds a prime modulus p, a generator g, and (optionally) a prime q which is a factor of (p-1). In most cases g generates the order-q subgroup.

Definition at line 29 of file dl_group.h.

Member Enumeration Documentation

◆ Format

enum Botan::DL_Group::Format

The DL group encoding format variants.

Enumerator
ANSI_X9_42 
ANSI_X9_57 
PKCS_3 
DSA_PARAMETERS 
DH_PARAMETERS 
ANSI_X9_42_DH_PARAMETERS 
PKCS3_DH_PARAMETERS 

Definition at line 40 of file dl_group.h.

40 {
41 ANSI_X9_42,
42 ANSI_X9_57,
43 PKCS_3,
44
45 DSA_PARAMETERS = ANSI_X9_57,
46 DH_PARAMETERS = ANSI_X9_42,
47 ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42,
48 PKCS3_DH_PARAMETERS = PKCS_3
49 };
Botan::DL_Group::DSA_PARAMETERS
@ DSA_PARAMETERS
Definition: dl_group.h:45
Botan::DL_Group::DH_PARAMETERS
@ DH_PARAMETERS
Definition: dl_group.h:46
Botan::DL_Group::ANSI_X9_57
@ ANSI_X9_57
Definition: dl_group.h:42
Botan::DL_Group::PKCS3_DH_PARAMETERS
@ PKCS3_DH_PARAMETERS
Definition: dl_group.h:48
Botan::DL_Group::ANSI_X9_42_DH_PARAMETERS
@ ANSI_X9_42_DH_PARAMETERS
Definition: dl_group.h:47
Botan::DL_Group::ANSI_X9_42
@ ANSI_X9_42
Definition: dl_group.h:41
Botan::DL_Group::PKCS_3
@ PKCS_3
Definition: dl_group.h:43

◆ PrimeType

enum Botan::DL_Group::PrimeType

Determine the prime creation for DL groups.

Enumerator
Strong 
Prime_Subgroup 
DSA_Kosherizer 

Definition at line 35 of file dl_group.h.

35{ Strong, Prime_Subgroup, DSA_Kosherizer };
Botan::DL_Group::Prime_Subgroup
@ Prime_Subgroup
Definition: dl_group.h:35
Botan::DL_Group::DSA_Kosherizer
@ DSA_Kosherizer
Definition: dl_group.h:35
Botan::DL_Group::Strong
@ Strong
Definition: dl_group.h:35

Constructor & Destructor Documentation

◆ DL_Group() [1/8]

Botan::DL_Group::DL_Group ( )
default

Construct a DL group with uninitialized internal value. Use this constructor is you wish to set the groups values from a DER or PEM encoded group.

Referenced by DL_Group_from_PEM().

◆ DL_Group() [2/8]

Botan::DL_Group::DL_Group ( const std::string &  name)
explicit

Construct a DL group that is registered in the configuration.

Parameters
namethe name of the group, for example "modp/ietf/3072"
Warning
This constructor also accepts PEM inputs. This behavior is deprecated and will be removed in a future major release. Instead use DL_Group_from_PEM function

Definition at line 189 of file dl_group.cpp.

190 {
191 // Either a name or a PEM block, try name first
192 m_data = DL_group_info(str);
193
194 if(m_data == nullptr)
195 {
196 try
197 {
198 std::string label;
199 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(str, label));
200 Format format = pem_label_to_dl_format(label);
201
202 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
203 }
204 catch(...) {}
205 }
206
207 if(m_data == nullptr)
208 throw Invalid_Argument("DL_Group: Unknown group " + str);
209 }
Botan::DL_Group::DL_group_info
static std::shared_ptr< DL_Group_Data > DL_group_info(const std::string &name)
Definition: dl_named.cpp:13
Botan::DL_Group::Format
Format
Definition: dl_group.h:40
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72

References Botan::PEM_Code::decode(), DL_group_info(), Botan::ExternalSource, and Botan::unlock().

◆ DL_Group() [3/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
PrimeType  type,
size_t  pbits,
size_t  qbits = 0 
)

Create a new group randomly.

Parameters
rngthe random number generator to use
typespecifies how the creation of primes p and q shall be performed. If type=Strong, then p will be determined as a safe prime, and q will be chosen as (p-1)/2. If type=Prime_Subgroup and qbits = 0, then the size of q will be determined according to the estimated difficulty of the DL problem. If type=DSA_Kosherizer, DSA primes will be created.
pbitsthe number of bits of p
qbitsthe number of bits of q. Leave it as 0 to have the value determined according to pbits.

Definition at line 240 of file dl_group.cpp.

242 {
243 if(pbits < 1024)
244 throw Invalid_Argument("DL_Group: prime size " + std::to_string(pbits) + " is too small");
245
246 if(type == Strong)
247 {
248 if(qbits != 0 && qbits != pbits - 1)
249 throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits");
250
251 const BigInt p = random_safe_prime(rng, pbits);
252 const BigInt q = (p - 1) / 2;
253
254 /*
255 Always choose a generator that is quadratic reside mod p,
256 this forces g to be a generator of the subgroup of size q.
257 */
258 BigInt g = 2;
259 if(jacobi(g, p) != 1)
260 {
261 // prime table does not contain 2
262 for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i)
263 {
264 g = PRIMES[i];
265 if(jacobi(g, p) == 1)
266 break;
267 }
268 }
269
270 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
271 }
272 else if(type == Prime_Subgroup)
273 {
274 if(qbits == 0)
275 qbits = dl_exponent_size(pbits);
276
277 const BigInt q = random_prime(rng, qbits);
278 Modular_Reducer mod_2q(2*q);
279 BigInt X;
280 BigInt p;
281 while(p.bits() != pbits || !is_prime(p, rng, 128, true))
282 {
283 X.randomize(rng, pbits);
284 p = X - mod_2q.reduce(X) + 1;
285 }
286
287 const BigInt g = make_dsa_generator(p, q);
288 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
289 }
290 else if(type == DSA_Kosherizer)
291 {
292 if(qbits == 0)
293 qbits = ((pbits <= 1024) ? 160 : 256);
294
295 BigInt p, q;
296 generate_dsa_primes(rng, p, q, pbits, qbits);
297 const BigInt g = make_dsa_generator(p, q);
298 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
299 }
300 else
301 {
302 throw Invalid_Argument("DL_Group unknown PrimeType");
303 }
304 }
X
fe X
Definition: ge.cpp:27
Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
Botan::random_prime
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo, size_t prob)
Definition: make_prm.cpp:77
Botan::PRIMES
const uint16_t PRIMES[]
Definition: primes.cpp:12
Botan::PRIME_TABLE_SIZE
const size_t PRIME_TABLE_SIZE
Definition: numthry.h:287
Botan::dl_exponent_size
size_t dl_exponent_size(size_t bits)
Definition: workfactor.cpp:52
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:228
Botan::generate_dsa_primes
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:39
Botan::jacobi
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: jacobi.cpp:15
Botan::random_safe_prime
BigInt random_safe_prime(RandomNumberGenerator &rng, size_t bits)
Definition: make_prm.cpp:268
type
MechanismType type
Definition: p11_mechanism.cpp:44

References Botan::BigInt::bits(), Botan::dl_exponent_size(), DSA_Kosherizer, Botan::generate_dsa_primes(), Botan::is_prime(), Botan::jacobi(), Prime_Subgroup, Botan::PRIME_TABLE_SIZE, Botan::PRIMES, Botan::random_prime(), Botan::random_safe_prime(), Botan::RandomlyGenerated, Botan::Modular_Reducer::reduce(), Strong, Botan::ASN1::to_string(), type, and X.

◆ DL_Group() [4/8]

Botan::DL_Group::DL_Group ( RandomNumberGenerator rng,
const std::vector< uint8_t > &  seed,
size_t  pbits = 1024,
size_t  qbits = 0 
)

Create a DSA group with a given seed.

Parameters
rngthe random number generator to use
seedthe seed to use to create the random primes
pbitsthe desired bit size of the prime p
qbitsthe desired bit size of the prime q.

Definition at line 309 of file dl_group.cpp.

312 {
313 BigInt p, q;
314
315 if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed))
316 throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group");
317
318 BigInt g = make_dsa_generator(p, q);
319
320 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::RandomlyGenerated);
321 }

References Botan::generate_dsa_primes(), and Botan::RandomlyGenerated.

◆ DL_Group() [5/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
gthe base g

Definition at line 326 of file dl_group.cpp.

327 {
328 m_data = std::make_shared<DL_Group_Data>(p, 0, g, DL_Group_Source::ExternalSource);
329 }

References Botan::ExternalSource.

◆ DL_Group() [6/8]

Botan::DL_Group::DL_Group ( const BigInt p,
const BigInt q,
const BigInt g 
)

Create a DL group.

Parameters
pthe prime p
qthe prime q
gthe base g

Definition at line 334 of file dl_group.cpp.

335 {
336 m_data = std::make_shared<DL_Group_Data>(p, q, g, DL_Group_Source::ExternalSource);
337 }

References Botan::ExternalSource.

◆ DL_Group() [7/8]

Botan::DL_Group::DL_Group ( const uint8_t  ber[],
size_t  ber_len,
Format  format 
)

Decode a BER-encoded DL group param

Definition at line 607 of file dl_group.cpp.

608 {
609 m_data = BER_decode_DL_group(ber, ber_len, format, DL_Group_Source::ExternalSource);
610 }

References Botan::ExternalSource.

◆ DL_Group() [8/8]

template<typename Alloc >
Botan::DL_Group::DL_Group ( const std::vector< uint8_t, Alloc > &  ber,
Format  format 
)
inline

Decode a BER-encoded DL group param

Definition at line 124 of file dl_group.h.

124 :
125 DL_Group(ber.data(), ber.size(), format) {}
Botan::DL_Group::DL_Group
DL_Group()=default

Member Function Documentation

◆ BER_decode()

void Botan::DL_Group::BER_decode ( const std::vector< uint8_t > &  ber,
Format  format 
)

Decode a DER/BER encoded group into this instance.

Parameters
bera vector containing the DER/BER encoded group
formatthe format of the encoded group
Warning
avoid this. Instead use the DL_Group constructor

Definition at line 612 of file dl_group.cpp.

613 {
614 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
615 }

References Botan::ExternalSource.

Referenced by Botan::DL_Scheme_PrivateKey::DL_Scheme_PrivateKey().

◆ DER_encode()

std::vector< uint8_t > Botan::DL_Group::DER_encode ( Format  format) const

Encode this group into a string using DER encoding.

Parameters
formatthe encoding format
Returns
string holding the DER encoded group

Definition at line 553 of file dl_group.cpp.

554 {
555 if(get_q().is_zero() && (format == ANSI_X9_57 || format == ANSI_X9_42))
556 throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing");
557
558 std::vector<uint8_t> output;
559 DER_Encoder der(output);
560
561 if(format == ANSI_X9_57)
562 {
563 der.start_cons(SEQUENCE)
564 .encode(get_p())
565 .encode(get_q())
566 .encode(get_g())
567 .end_cons();
568 }
569 else if(format == ANSI_X9_42)
570 {
571 der.start_cons(SEQUENCE)
572 .encode(get_p())
573 .encode(get_g())
574 .encode(get_q())
575 .end_cons();
576 }
577 else if(format == PKCS_3)
578 {
579 der.start_cons(SEQUENCE)
580 .encode(get_p())
581 .encode(get_g())
582 .end_cons();
583 }
584 else
585 throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format));
586
587 return output;
588 }
Botan::DL_Group::get_p
const BigInt & get_p() const
Definition: dl_group.cpp:425
Botan::DL_Group::get_g
const BigInt & get_g() const
Definition: dl_group.cpp:433
Botan::DL_Group::get_q
const BigInt & get_q() const
Definition: dl_group.cpp:441
Botan::SEQUENCE
@ SEQUENCE
Definition: asn1_obj.h:42

References ANSI_X9_42, ANSI_X9_57, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), get_g(), get_p(), get_q(), PKCS_3, Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::ASN1::to_string().

Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), and PEM_encode().

◆ DL_Group_from_PEM()

DL_Group Botan::DL_Group::DL_Group_from_PEM ( const std::string &  pem)
static

Definition at line 618 of file dl_group.cpp.

619 {
620 std::string label;
621 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
622 Format format = pem_label_to_dl_format(label);
623 return DL_Group(ber, format);
624 }

References Botan::PEM_Code::decode(), DL_Group(), and Botan::unlock().

◆ DL_group_info()

std::shared_ptr< DL_Group_Data > Botan::DL_Group::DL_group_info ( const std::string &  name)
static

Definition at line 13 of file dl_named.cpp.

14 {
15 /* TLS FFDHE groups */
16
17 if(name == "ffdhe/ietf/2048")
18 {
19 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
20 "0x2");
21 }
22
23 if(name == "ffdhe/ietf/3072")
24 {
25 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
26 "0x2");
27 }
28
29 if(name == "ffdhe/ietf/4096")
30 {
31 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
32 "0x2");
33 }
34
35 if(name == "ffdhe/ietf/6144")
36 {
37 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
38 "0x2");
39 }
40
41 if(name == "ffdhe/ietf/8192")
42 {
43 return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF",
44 "0x2");
45 }
46
47 /* IETF IPsec groups */
48
49 if(name == "modp/ietf/1024")
50 {
51 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF",
52 "0x2");
53 }
54
55 if(name == "modp/ietf/1536")
56 {
57 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
58 "0x2");
59 }
60
61 if(name == "modp/ietf/2048")
62 {
63 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF",
64 "0x2");
65 }
66
67 if(name == "modp/ietf/3072")
68 {
69 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
70 "0x2");
71 }
72
73 if(name == "modp/ietf/4096")
74 {
75 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
76 "0x2");
77 }
78
79 if(name == "modp/ietf/6144")
80 {
81 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
82 "0x2");
83 }
84
85 if(name == "modp/ietf/8192")
86 {
87 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
88 "0x2");
89 }
90
91 /* SRP groups
92
93 SRP groups have a p st (p-1)/2 is prime, but g is not a generator
94 of subgroup of size q, so set q == 0 to bypass generator check
95
96 Missing q doesn't matter for SRP, and nothing but SRP should be
97 using these parameters.
98 */
99
100 if(name == "modp/srp/1024")
101 {
102 return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3",
103 "0",
104 "0x2");
105 }
106
107 if(name == "modp/srp/1536")
108 {
109 return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB",
110 "0",
111 "0x2");
112 }
113
114 if(name == "modp/srp/2048")
115 {
116 return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
117 "0",
118 "0x2");
119 }
120
121 if(name == "modp/srp/3072")
122 {
123 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
124 "0",
125 "0x5");
126 }
127
128 if(name == "modp/srp/4096")
129 {
130 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF",
131 "0",
132 "0x5");
133 }
134
135 if(name == "modp/srp/6144")
136 {
137 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
138 "0",
139 "0x5");
140 }
141
142 if(name == "modp/srp/8192")
143 {
144 return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF",
145 "0",
146 "0x13");
147 }
148
149 /* DSA groups */
150
151 if(name == "dsa/jce/1024")
152 {
153 return load_DL_group_info("0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7",
154 "0x9760508F15230BCCB292B982A2EB840BF0581CF5",
155 "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D");
156 }
157
158 if(name == "dsa/botan/2048")
159 {
160 return load_DL_group_info("0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1",
161 "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D",
162 "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131");
163 }
164
165 if(name == "dsa/botan/3072")
166 {
167 return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B",
168 "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B",
169 "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394");
170 }
171
172 return std::shared_ptr<DL_Group_Data>();
173 }
name
std::string name
Definition: commoncrypto_hash.cpp:24

References name.

Referenced by DL_Group().

◆ estimated_strength()

size_t Botan::DL_Group::estimated_strength ( ) const

Return an estimate of the strength of this group against discrete logarithm attacks (eg NFS). Warning: since this only takes into account known attacks it is by necessity an overestimate of the actual strength.

Definition at line 473 of file dl_group.cpp.

474 {
475 return data().estimated_strength();
476 }

Referenced by Botan::DL_Scheme_PublicKey::estimated_strength().

◆ exponent_bits()

size_t Botan::DL_Group::exponent_bits ( ) const

Return size in bits of a secret exponent

This attempts to balance between the attack costs of NFS (which depends on the size of the modulus) and Pollard's rho (which depends on the size of the exponent).

It may vary over time for a particular group, if the attack costs change.

Definition at line 478 of file dl_group.cpp.

479 {
480 return data().exponent_bits();
481 }

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ get_g()

const BigInt & Botan::DL_Group::get_g ( ) const

Get the base g.

Returns
base g

Definition at line 433 of file dl_group.cpp.

434 {
435 return data().g();
436 }

Referenced by DER_encode(), multi_exponentiate(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), and verify_group().

◆ get_p()

const BigInt & Botan::DL_Group::get_p ( ) const

Get the prime p.

Returns
prime p

Definition at line 425 of file dl_group.cpp.

426 {
427 return data().p();
428 }

Referenced by DER_encode(), inverse_mod_p(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::srp6_client_agree(), Botan::srp6_group_identifier(), Botan::SRP6_Server_Session::step1(), verify_element_pair(), verify_group(), and verify_public_element().

◆ get_q()

const BigInt & Botan::DL_Group::get_q ( ) const

Get the prime q, returns zero if q is not used

Returns
prime q

Definition at line 441 of file dl_group.cpp.

442 {
443 return data().q();
444 }

Referenced by DER_encode(), inverse_mod_q(), PEM_for_named_group(), verify_group(), and verify_public_element().

◆ inverse_mod_p()

BigInt Botan::DL_Group::inverse_mod_p ( const BigInt x) const

Return the inverse of x mod p

Definition at line 483 of file dl_group.cpp.

484 {
485 // precompute??
486 return inverse_mod(x, get_p());
487 }
Botan::inverse_mod
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: mod_inv.cpp:250

References get_p(), and Botan::inverse_mod().

◆ inverse_mod_q()

BigInt Botan::DL_Group::inverse_mod_q ( const BigInt x) const

Return the inverse of x mod q Throws if q is unset on this DL_Group

Definition at line 499 of file dl_group.cpp.

500 {
501 data().assert_q_is_set("inverse_mod_q");
502 // precompute??
503 return inverse_mod(x, get_q());
504 }

References get_q(), and Botan::inverse_mod().

◆ mod_p()

BigInt Botan::DL_Group::mod_p ( const BigInt x) const

Reduce an integer modulo p

Returns
x % p

Definition at line 489 of file dl_group.cpp.

490 {
491 return data().mod_p(x);
492 }

Referenced by Botan::srp6_client_agree(), and Botan::SRP6_Server_Session::step1().

◆ mod_q()

BigInt Botan::DL_Group::mod_q ( const BigInt x) const

Reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
x % q

Definition at line 506 of file dl_group.cpp.

507 {
508 data().assert_q_is_set("mod_q");
509 return data().mod_q(x);
510 }

◆ monty_params_p()

std::shared_ptr< const Montgomery_Params > Botan::DL_Group::monty_params_p ( ) const

Return parameters for Montgomery reduction/exponentiation mod p

Definition at line 446 of file dl_group.cpp.

447 {
448 return data().monty_params_p();
449 }

Referenced by multi_exponentiate().

◆ multi_exponentiate()

BigInt Botan::DL_Group::multi_exponentiate ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multi-exponentiate Return (g^x * y^z) % p

Definition at line 530 of file dl_group.cpp.

531 {
532 return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z);
533 }
Botan::DL_Group::monty_params_p
std::shared_ptr< const Montgomery_Params > monty_params_p() const
Definition: dl_group.cpp:446
Botan::monty_multi_exp
BigInt monty_multi_exp(std::shared_ptr< const Montgomery_Params > params_p, const BigInt &x_bn, const BigInt &z1, const BigInt &y_bn, const BigInt &z2)
Definition: monty_exp.cpp:177

References get_g(), Botan::monty_multi_exp(), and monty_params_p().

◆ multiply_mod_p()

BigInt Botan::DL_Group::multiply_mod_p ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo p

Returns
(x*y) % p

Definition at line 494 of file dl_group.cpp.

495 {
496 return data().multiply_mod_p(x, y);
497 }

◆ multiply_mod_q() [1/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y) % q

Definition at line 512 of file dl_group.cpp.

513 {
514 data().assert_q_is_set("multiply_mod_q");
515 return data().multiply_mod_q(x, y);
516 }

Referenced by multiply_mod_q().

◆ multiply_mod_q() [2/2]

BigInt Botan::DL_Group::multiply_mod_q ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Multiply and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*y*z) % q

Definition at line 518 of file dl_group.cpp.

519 {
520 data().assert_q_is_set("multiply_mod_q");
521 return data().multiply_mod_q(data().multiply_mod_q(x, y), z);
522 }
Botan::DL_Group::multiply_mod_q
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
Definition: dl_group.cpp:512

References multiply_mod_q().

◆ p_bits()

size_t Botan::DL_Group::p_bits ( ) const

Return the size of p in bits Same as get_p().bits()

Definition at line 451 of file dl_group.cpp.

452 {
453 return data().p_bits();
454 }

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), and Botan::DL_Scheme_PublicKey::key_length().

◆ p_bytes()

size_t Botan::DL_Group::p_bytes ( ) const

Return the size of p in bytes Same as get_p().bytes()

Definition at line 456 of file dl_group.cpp.

457 {
458 return data().p_bytes();
459 }

Referenced by Botan::srp6_client_agree().

◆ PEM_decode()

void Botan::DL_Group::PEM_decode ( const std::string &  pem)

Decode a PEM encoded group into this instance.

Parameters
pemthe PEM encoding of the group

Definition at line 629 of file dl_group.cpp.

630 {
631 std::string label;
632 const std::vector<uint8_t> ber = unlock(PEM_Code::decode(pem, label));
633 Format format = pem_label_to_dl_format(label);
634
635 m_data = BER_decode_DL_group(ber.data(), ber.size(), format, DL_Group_Source::ExternalSource);
636 }

References Botan::PEM_Code::decode(), Botan::ExternalSource, and Botan::unlock().

◆ PEM_encode()

std::string Botan::DL_Group::PEM_encode ( Format  format) const

Encode this group into a string using PEM encoding.

Parameters
formatthe encoding format
Returns
string holding the PEM encoded group

Definition at line 593 of file dl_group.cpp.

594 {
595 const std::vector<uint8_t> encoding = DER_encode(format);
596
597 if(format == PKCS_3)
598 return PEM_Code::encode(encoding, "DH PARAMETERS");
599 else if(format == ANSI_X9_57)
600 return PEM_Code::encode(encoding, "DSA PARAMETERS");
601 else if(format == ANSI_X9_42)
602 return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS");
603 else
604 throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format));
605 }
Botan::DL_Group::DER_encode
std::vector< uint8_t > DER_encode(Format format) const
Definition: dl_group.cpp:553
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43

References ANSI_X9_42, ANSI_X9_57, DER_encode(), Botan::PEM_Code::encode(), PKCS_3, and Botan::ASN1::to_string().

Referenced by PEM_for_named_group().

◆ PEM_for_named_group()

std::string Botan::DL_Group::PEM_for_named_group ( const std::string &  name)
static

Return PEM representation of named DL group

Definition at line 639 of file dl_group.cpp.

640 {
641 DL_Group group(name);
642 DL_Group::Format format = group.get_q().is_zero() ? DL_Group::PKCS_3 : DL_Group::ANSI_X9_42;
643 return group.PEM_encode(format);
644 }

References ANSI_X9_42, get_q(), Botan::BigInt::is_zero(), name, PEM_encode(), and PKCS_3.

◆ power_g_p() [1/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x) const

Modular exponentiation

Warning
this function leaks the size of x via the number of loop iterations. Use the version taking the maximum size to avoid this.
Returns
(g^x) % p

Definition at line 535 of file dl_group.cpp.

536 {
537 return data().power_g_p(x, x.bits());
538 }

References Botan::BigInt::bits().

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::generate_srp6_verifier(), Botan::srp6_client_agree(), Botan::SRP6_Server_Session::step1(), verify_element_pair(), and verify_group().

◆ power_g_p() [2/2]

BigInt Botan::DL_Group::power_g_p ( const BigInt x,
size_t  max_x_bits 
) const

Modular exponentiation

Parameters
xthe exponent
max_x_bitsx is assumed to be at most this many bits long.
Returns
(g^x) % p

Definition at line 540 of file dl_group.cpp.

541 {
542 return data().power_g_p(x, max_x_bits);
543 }

◆ q_bits()

size_t Botan::DL_Group::q_bits ( ) const

Return the size of q in bits Same as get_q().bits() Throws if q is unset

Definition at line 461 of file dl_group.cpp.

462 {
463 data().assert_q_is_set("q_bits");
464 return data().q_bits();
465 }

Referenced by Botan::DSA_PrivateKey::DSA_PrivateKey().

◆ q_bytes()

size_t Botan::DL_Group::q_bytes ( ) const

Return the size of q in bytes Same as get_q().bytes() Throws if q is unset

Definition at line 467 of file dl_group.cpp.

468 {
469 data().assert_q_is_set("q_bytes");
470 return data().q_bytes();
471 }

◆ source()

DL_Group_Source Botan::DL_Group::source ( ) const

Definition at line 545 of file dl_group.cpp.

546 {
547 return data().source();
548 }

Referenced by verify_group().

◆ square_mod_q()

BigInt Botan::DL_Group::square_mod_q ( const BigInt x) const

Square and reduce an integer modulo q Throws if q is unset on this DL_Group

Returns
(x*x) % q

Definition at line 524 of file dl_group.cpp.

525 {
526 data().assert_q_is_set("square_mod_q");
527 return data().square_mod_q(x);
528 }

◆ verify_element_pair()

bool Botan::DL_Group::verify_element_pair ( const BigInt y,
const BigInt x 
) const

Verify a pair of elements y = g^x

This verifies that 1 < x,y < p and that y=g^x mod p

Definition at line 364 of file dl_group.cpp.

365 {
366 const BigInt& p = get_p();
367
368 if(y <= 1 || y >= p || x <= 1 || x >= p)
369 return false;
370
371 if(y != power_g_p(x))
372 return false;
373
374 return true;
375 }
Botan::DL_Group::power_g_p
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:535

References get_p(), and power_g_p().

Referenced by Botan::DL_Scheme_PrivateKey::check_key().

◆ verify_group()

bool Botan::DL_Group::verify_group ( RandomNumberGenerator rng,
bool  strong = true 
) const

Perform validity checks on the group.

Parameters
rngthe rng to use
strongwhether to perform stronger by lengthier tests
Returns
true if the object is consistent, false otherwise

Definition at line 380 of file dl_group.cpp.

382 {
383 const bool from_builtin = (source() == DL_Group_Source::Builtin);
384
385 if(!strong && from_builtin)
386 return true;
387
388 const BigInt& p = get_p();
389 const BigInt& q = get_q();
390 const BigInt& g = get_g();
391
392 if(g < 2 || p < 3 || q < 0)
393 return false;
394
395 const size_t test_prob = 128;
396 const bool is_randomly_generated = (source() != DL_Group_Source::ExternalSource);
397
398 if(q != 0)
399 {
400 if((p - 1) % q != 0)
401 {
402 return false;
403 }
404 if(this->power_g_p(q) != 1)
405 {
406 return false;
407 }
408 if(!is_prime(q, rng, test_prob, is_randomly_generated))
409 {
410 return false;
411 }
412 }
413
414 if(!is_prime(p, rng, test_prob, is_randomly_generated))
415 {
416 return false;
417 }
418
419 return true;
420 }
Botan::DL_Group::source
DL_Group_Source source() const
Definition: dl_group.cpp:545

References Botan::Builtin, Botan::ExternalSource, get_g(), get_p(), get_q(), Botan::is_prime(), power_g_p(), and source().

Referenced by Botan::DL_Scheme_PublicKey::check_key(), Botan::DL_Scheme_PrivateKey::check_key(), and Botan::TLS::Callbacks::tls_dh_agree().

◆ verify_public_element()

bool Botan::DL_Group::verify_public_element ( const BigInt y) const

Verify a public element, ie check if y = g^x for some x.

This is not a perfect test. It verifies that 1 < y < p and (if q is set) that y is in the subgroup of size q.

Definition at line 347 of file dl_group.cpp.

348 {
349 const BigInt& p = get_p();
350 const BigInt& q = get_q();
351
352 if(y <= 1 || y >= p)
353 return false;
354
355 if(q.is_zero() == false)
356 {
357 if(power_mod(y, q, p) != 1)
358 return false;
359 }
360
361 return true;
362 }
Botan::power_mod
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:151

References get_p(), get_q(), Botan::BigInt::is_zero(), and Botan::power_mod().

Referenced by Botan::DL_Scheme_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.3