Merge pull request #225 from libtom/pr/fix-114-dh-primes

Better DH primes

demos/timing.c

@@ -133,7 +133,7 @@ static void init_timer(void)
    fprintf(stderr, "Clock Skew: %lu\n", (unsigned long)skew);
 }
 
-static int time_keysched(void)
+static void time_keysched(void)
 {
   unsigned long x, y1;
   ulong64 t1, c1;
@@ -165,12 +165,10 @@ static int time_keysched(void)
 #undef DO1
    }
    tally_results(0);
-
-   return 0;
 }
 
 #ifdef LTC_ECB_MODE
-static int time_cipher_ecb(void)
+static void time_cipher_ecb(void)
 {
   unsigned long x, y1;
   ulong64  t1, t2, c1, c2, a1, a2;
@@ -237,15 +235,13 @@ static int time_cipher_ecb(void)
 #undef DO1
    }
    tally_results(1);
-
-   return 0;
 }
 #else
-static int time_cipher_ecb(void) { fprintf(stderr, "NO ECB\n"); return 0; }
+static void time_cipher_ecb(void) { fprintf(stderr, "NO ECB\n"); return 0; }
 #endif
 
 #ifdef LTC_CBC_MODE
-static int time_cipher_cbc(void)
+static void time_cipher_cbc(void)
 {
   unsigned long x, y1;
   ulong64  t1, t2, c1, c2, a1, a2;
@@ -312,15 +308,13 @@ static int time_cipher_cbc(void)
 #undef DO1
    }
    tally_results(1);
-
-   return 0;
 }
 #else
-static int time_cipher_cbc(void) { fprintf(stderr, "NO CBC\n"); return 0; }
+static void time_cipher_cbc(void) { fprintf(stderr, "NO CBC\n"); return 0; }
 #endif
 
 #ifdef LTC_CTR_MODE
-static int time_cipher_ctr(void)
+static void time_cipher_ctr(void)
 {
   unsigned long x, y1;
   ulong64  t1, t2, c1, c2, a1, a2;
@@ -387,15 +381,13 @@ static int time_cipher_ctr(void)
 #undef DO1
    }
    tally_results(1);
-
-   return 0;
 }
 #else
-static int time_cipher_ctr(void) { fprintf(stderr, "NO CTR\n"); return 0; }
+static void time_cipher_ctr(void) { fprintf(stderr, "NO CTR\n"); return 0; }
 #endif
 
 #ifdef LTC_LRW_MODE
-static int time_cipher_lrw(void)
+static void time_cipher_lrw(void)
 {
   unsigned long x, y1;
   ulong64  t1, t2, c1, c2, a1, a2;
@@ -464,15 +456,13 @@ static int time_cipher_lrw(void)
 #undef DO1
    }
    tally_results(1);
-
-   return 0;
 }
 #else
-static int time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); return 0; }
+static void time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); return 0; }
 #endif
 
 
-static int time_hash(void)
+static void time_hash(void)
 {
   unsigned long x, y1, len;
   ulong64 t1, t2, c1, c2;
@@ -519,8 +509,6 @@ static int time_hash(void)
 #undef DO1
    }
    tally_results(2);
-
-   return 0;
 }
 
 /*#warning you need an mp_rand!!!*/
@@ -888,6 +876,58 @@ static void time_katja(void)
 static void time_katja(void) { fprintf(stderr, "NO Katja\n"); }
 #endif
 
+#ifdef LTC_MDH
+/* time various DH operations */
+static void time_dh(void)
+{
+   dh_key key;
+   ulong64 t1, t2;
+   unsigned char buf[2][4096];
+   unsigned long i, x, y, z;
+   int           err;
+   static unsigned long sizes[] = {768/8, 1024/8, 1536/8, 2048/8, 3072/8, 4096/8, 6144/8, 8192/8, 100000};
+
+   for (x = sizes[i=0]; x < 100000; x = sizes[++i]) {
+       t2 = 0;
+       for (y = 0; y < 16; y++) {
+           t_start();
+           t1 = t_read();
+           if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) {
+              fprintf(stderr, "\n\ndh_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
+              exit(EXIT_FAILURE);
+           }
+           t1 = t_read() - t1;
+           t2 += t1;
+
+           if (y < 15) {
+              dh_free(&key);
+           }
+       }
+       t2 >>= 4;
+       fprintf(stderr, "DH-%4lu make_key    took %15llu cycles\n", x*8, t2);
+
+       t2 = 0;
+       for (y = 0; y < 16; y++) {
+           t_start();
+           t1 = t_read();
+           z = sizeof(buf[1]);
+           if ((err = dh_encrypt_key(buf[0], 20, buf[1], &z, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"),
+                                      &key)) != CRYPT_OK) {
+              fprintf(stderr, "\n\ndh_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
+              exit(EXIT_FAILURE);
+           }
+           t1 = t_read() - t1;
+           t2 += t1;
+       }
+       t2 >>= 4;
+       fprintf(stderr, "DH-%4lu encrypt_key took %15llu cycles\n", x*8, t2);
+       dh_free(&key);
+  }
+}
+#else
+static void time_dh(void) { fprintf(stderr, "NO DH\n"); }
+#endif
+
 #ifdef LTC_MECC
 /* time various ECC operations */
 static void time_ecc(void)
@@ -1347,9 +1387,36 @@ static void time_encmacs(void)
    time_encmacs_(32);
 }
 
-int main(void)
+#define LTC_TEST_FN(f)  { f, #f }
+int main(int argc, char **argv)
 {
 int err;
+
+const struct
+{
+   void (*fn)(void);
+   const char* name;
+} test_functions[] = {
+   LTC_TEST_FN(time_keysched),
+   LTC_TEST_FN(time_cipher_ecb),
+   LTC_TEST_FN(time_cipher_cbc),
+   LTC_TEST_FN(time_cipher_ctr),
+   LTC_TEST_FN(time_cipher_lrw),
+   LTC_TEST_FN(time_hash),
+   LTC_TEST_FN(time_macs),
+   LTC_TEST_FN(time_encmacs),
+   LTC_TEST_FN(time_prng),
+   LTC_TEST_FN(time_mult),
+   LTC_TEST_FN(time_sqr),
+   LTC_TEST_FN(time_rsa),
+   LTC_TEST_FN(time_dsa),
+   LTC_TEST_FN(time_ecc),
+   LTC_TEST_FN(time_dh),
+   LTC_TEST_FN(time_katja)
+};
+char *single_test = NULL;
+unsigned int i;
+
 init_timer();
 register_all_ciphers();
 register_all_hashes();
@@ -1371,21 +1438,16 @@ if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT
    exit(EXIT_FAILURE);
 }
 
-time_keysched();
-time_cipher_ecb();
-time_cipher_cbc();
-time_cipher_ctr();
-time_cipher_lrw();
-time_hash();
-time_macs();
-time_encmacs();
-time_prng();
-time_mult();
-time_sqr();
-time_rsa();
-time_dsa();
-time_ecc();
-time_katja();
+/* single test name from commandline */
+if (argc > 1) single_test = argv[1];
+
+for (i = 0; i < sizeof(test_functions)/sizeof(test_functions[0]); ++i) {
+   if (single_test && strstr(test_functions[i].name, single_test) == NULL) {
+     continue;
+   }
+   test_functions[i].fn();
+}
+
 return EXIT_SUCCESS;
 
 }

src/headers/tomcrypt_custom.h

@@ -364,16 +364,15 @@
 /* Supported Key Sizes */
 #define LTC_DH768
 #define LTC_DH1024
-#define LTC_DH1280
 #define LTC_DH1536
-#define LTC_DH1792
 #define LTC_DH2048
 
 #ifndef TFM_DESC
 /* tfm has a problem in fp_isprime for larger key sizes */
-#define LTC_DH2560
 #define LTC_DH3072
 #define LTC_DH4096
+#define LTC_DH6144
+#define LTC_DH8192
 #endif
 
 /* Include Katja (a Rabin variant like RSA) */

src/pk/dh/dh.c

@@ -35,8 +35,8 @@ int dh_compat_test(void)
 #if 0
         printf("dh_test():testing size %d-bits\n", sets[x].size * 8);
 #endif
-        if ((err = mp_read_radix(g,(char *)sets[x].base, 64)) != CRYPT_OK)    { goto error; }
-        if ((err = mp_read_radix(p,(char *)sets[x].prime, 64)) != CRYPT_OK)   { goto error; }
+        if ((err = mp_read_radix(g,(char *)sets[x].base, 16)) != CRYPT_OK)    { goto error; }
+        if ((err = mp_read_radix(p,(char *)sets[x].prime, 16)) != CRYPT_OK)   { goto error; }
 
         /* ensure p is prime */
         if ((err = mp_prime_is_prime(p, 8, &primality)) != CRYPT_OK)                     { goto done; }
@@ -104,37 +104,58 @@ int dh_get_size(dh_key *key)
 
 /**
   Make a DH key [private key pair]
-  @param prng     An active PRNG state
-  @param wprng    The index for the PRNG you desire to use
-  @param keysize  The key size (octets) desired
-  @param key      [out] Where the newly created DH key will be stored
+  @param prng       An active PRNG state
+  @param wprng      The index for the PRNG you desire to use
+  @param groupsize  The size (octets) of used DH group
+  @param key        [out] Where the newly created DH key will be stored
   @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
 */
-int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
+int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key)
 {
    unsigned char *buf;
-   unsigned long x;
-   void *p, *g;
+   unsigned long idx, keysize;
+   void *p, *g, *p_minus1;
    int err;
 
    LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(prng != NULL);
 
    /* good prng? */
    if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
       return err;
    }
 
-   /* find key size */
-   for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++);
-#ifdef FAST_PK
-   keysize = MIN(sets[x].size, 32);
-#else
-   keysize = sets[x].size;
-#endif
-   if (sets[x].size == 0) {
+   /* find group size */
+   for (idx = 0; (groupsize > sets[idx].size) && (sets[idx].size != 0); idx++);
+   if (sets[idx].size == 0) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+   groupsize = sets[idx].size;
+
+   /* The strength estimates from https://tools.ietf.org/html/rfc3526#section-8
+    * We use "Estimate 2" to get an appropriate private key (exponent) size.
+    */
+   if (groupsize <= 192) {
+      keysize = 30;     /* 1536-bit => key size 240-bit */
+   }
+   else if (groupsize <= 256) {
+      keysize = 40;     /* 2048-bit => key size 320-bit */
+   }
+   else if (groupsize <= 384) {
+      keysize = 52;     /* 3072-bit => key size 416-bit */
+   }
+   else if (groupsize <= 512) {
+      keysize = 60;     /* 4096-bit => key size 480-bit */
+   }
+   else if (groupsize <= 768) {
+      keysize = 67;     /* 6144-bit => key size 536-bit */
+   }
+   else if (groupsize <= 1024) {
+      keysize = 77;     /* 8192-bit => key size 616-bit */
+   }
+   else {
       return CRYPT_INVALID_KEYSIZE;
    }
-   key->idx = x;
 
    /* allocate buffer */
    buf = XMALLOC(keysize);
@@ -142,41 +163,40 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
       return CRYPT_MEM;
    }
 
-   /* make up random string */
-   if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) {
-      err = CRYPT_ERROR_READPRNG;
-      goto error2;
-   }
-
-   if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
-      err = CRYPT_ERROR_READPRNG;
-      goto error2;
+   /* init big numbers */
+   if ((err = mp_init_multi(&g, &p, &p_minus1, &key->x, &key->y, NULL)) != CRYPT_OK) {
+      goto freebuf;
    }
 
-   /* init parameters */
-   if ((err = mp_init_multi(&g, &p, &key->x, &key->y, NULL)) != CRYPT_OK) {
-      goto error;
-   }
-
-   if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK)      { goto error; }
-   if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK)     { goto error; }
-
-   /* load the x value */
-   if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK)     { goto error; }
-   if ((err = mp_exptmod(g, key->x, p, key->y)) != CRYPT_OK)            { goto error; }
+   if ((err = mp_read_radix(g, sets[idx].base, 16)) != CRYPT_OK)           { goto error; }
+   if ((err = mp_read_radix(p, sets[idx].prime, 16)) != CRYPT_OK)          { goto error; }
+   if ((err = mp_sub_d(p, 1, p_minus1)) != CRYPT_OK)                       { goto error; }
+
+   do {
+      /* make up random buf */
+      if (prng_descriptor[wprng].read(buf, keysize, prng) != keysize) {
+         err = CRYPT_ERROR_READPRNG;
+         goto error;
+      }
+      /* load the x value - private key */
+      if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK)  { goto error; }
+      /* compute the y value - public key */
+      if ((err = mp_exptmod(g, key->x, p, key->y)) != CRYPT_OK)            { goto error; }
+      /* avoid: y <= 1 OR y >= p-1 */
+   } while (mp_cmp(key->y, p_minus1) != LTC_MP_LT || mp_cmp_d(key->y, 1) != LTC_MP_GT);
+
+   /* success */
+   key->idx = idx;
    key->type = PK_PRIVATE;
-
-   /* free up ram */
    err = CRYPT_OK;
    goto done;
+
 error:
    mp_clear_multi(key->x, key->y, NULL);
 done:
-   mp_clear_multi(p, g, NULL);
-error2:
-#ifdef LTC_CLEAN_STACK
+   mp_clear_multi(g, p, p_minus1, NULL);
+freebuf:
    zeromem(buf, keysize);
-#endif
    XFREE(buf);
    return err;
 }
@@ -335,7 +355,7 @@ error:
 int dh_shared_secret(dh_key *private_key, dh_key *public_key,
                      unsigned char *out, unsigned long *outlen)
 {
-   void *tmp, *p;
+   void *tmp, *p, *p_minus1;
    unsigned long x;
    int err;
 
@@ -355,26 +375,31 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key,
    }
 
    /* compute y^x mod p */
-   if ((err = mp_init_multi(&tmp, &p, NULL)) != CRYPT_OK) {
+   if ((err = mp_init_multi(&tmp, &p, &p_minus1, NULL)) != CRYPT_OK) {
       return err;
    }
 
-   if ((err = mp_read_radix(p, (char *)sets[private_key->idx].prime, 64)) != CRYPT_OK)     { goto error; }
-   if ((err = mp_exptmod(public_key->y, private_key->x, p, tmp)) != CRYPT_OK)           { goto error; }
+   if ((err = mp_read_radix(p, sets[private_key->idx].prime, 16)) != CRYPT_OK)  { goto error; }
+   if ((err = mp_sub_d(p, 1, p_minus1)) != CRYPT_OK)                            { goto error; }
+   if (mp_cmp(public_key->y, p_minus1) != LTC_MP_LT || mp_cmp_d(public_key->y, 1) != LTC_MP_GT) {
+      /* reject public key with: y <= 1 OR y >= p-1 */
+      err = CRYPT_INVALID_ARG;
+      goto error;
+   }
+   if ((err = mp_exptmod(public_key->y, private_key->x, p, tmp)) != CRYPT_OK)   { goto error; }
 
    /* enough space for output? */
    x = (unsigned long)mp_unsigned_bin_size(tmp);
    if (*outlen < x) {
       err = CRYPT_BUFFER_OVERFLOW;
-      goto done;
+      goto error;
    }
-   if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK)                                   { goto error; }
+   if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK)                        { goto error; }
    *outlen = x;
    err = CRYPT_OK;
-   goto done;
+
 error:
-done:
-   mp_clear_multi(p, tmp, NULL);
+   mp_clear_multi(p_minus1, p, tmp, NULL);
    return err;
 }
 

src/pk/dh/dh_static.c

@@ -23,121 +23,201 @@
 /* This holds the key settings.  ***MUST*** be organized by size from smallest to largest. */
 const dh_set sets[] = {
 #ifdef LTC_DH768
-{
+{  /* 768-bit MODP Group 1 - https://tools.ietf.org/html/rfc7296#appendix-B.1 */
    96,
    "DH-768",
-   "4",
-   "F///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "//////m3wvV"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"
 },
 #endif
 #ifdef LTC_DH1024
-{
+{  /* 1024-bit MODP Group 2 - https://tools.ietf.org/html/rfc7296#appendix-B.2 */
    128,
    "DH-1024",
-   "4",
-   "F///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////m3C47"
-},
-#endif
-#ifdef LTC_DH1280
-{
-   160,
-   "DH-1280",
-   "4",
-   "F///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "//////////////////////////////m4kSN"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
+   "FFFFFFFFFFFFFFFF"
 },
 #endif
 #ifdef LTC_DH1536
-{
+{  /* 1536-bit MODP Group 5 - https://tools.ietf.org/html/rfc3526#section-2 */
    192,
    "DH-1536",
-   "4",
-   "F///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////m5uqd"
-},
-#endif
-#ifdef LTC_DH1792
-{
-   224,
-   "DH-1792",
-   "4",
-   "F///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "//////////////////////////////////////////////////////mT/sd"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
 },
 #endif
 #ifdef LTC_DH2048
-{
+{  /* 2048-bit MODP Group 14 - https://tools.ietf.org/html/rfc3526#section-3 */
    256,
    "DH-2048",
-   "4",
-   "3///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "/////////////////////////////////////////m8MPh"
-},
-#endif
-#ifdef LTC_DH2560
-{
-   320,
-   "DH-2560",
-   "4",
-   "3///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "/////mKFpF"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+   "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+   "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+   "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
 },
 #endif
 #ifdef LTC_DH3072
-{
+{  /* 3072-bit MODP Group 15 - https://tools.ietf.org/html/rfc3526#section-4 */
    384,
    "DH-3072",
-   "4",
-   "3///////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "/////////////////////////////m32nN"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+   "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+   "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+   "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+   "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+   "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+   "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+   "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+   "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
 },
 #endif
 #ifdef LTC_DH4096
-{
+{  /* 4096-bit MODP Group 16 - https://tools.ietf.org/html/rfc3526#section-5 */
    512,
    "DH-4096",
-   "4",
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "////////////////////////////////////////////////////////////"
-   "/////////////////////m8pOF"
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+   "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+   "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+   "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+   "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+   "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+   "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+   "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+   "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+   "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+   "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+   "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+   "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+   "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
+   "FFFFFFFFFFFFFFFF"
+},
+#endif
+#ifdef LTC_DH6144
+{  /* 6144-bit MODP Group 17 - https://tools.ietf.org/html/rfc3526#section-6 */
+   786,
+   "DH-6144",
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+   "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+   "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+   "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+   "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+   "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+   "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+   "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+   "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+   "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+   "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+   "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+   "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+   "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+   "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
+   "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+   "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
+   "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+   "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
+   "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+   "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+   "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+   "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+   "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+   "12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF"
+},
+#endif
+#ifdef LTC_DH8192
+{  /* 8192-bit MODP Group 18 - https://tools.ietf.org/html/rfc3526#section-7 */
+   1024,
+   "DH-8192",
+   "2",
+   "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+   "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+   "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+   "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+   "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+   "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+   "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+   "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+   "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+   "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+   "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+   "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+   "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+   "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+   "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+   "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+   "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+   "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+   "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+   "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+   "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+   "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
+   "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+   "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
+   "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+   "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
+   "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+   "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+   "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+   "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+   "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+   "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
+   "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
+   "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
+   "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+   "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
+   "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
+   "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
+   "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
+   "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
+   "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
+   "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
+   "60C980DD98EDD3DFFFFFFFFFFFFFFFFF"
 },
 #endif
 {

src/pk/dh/dh_sys.c

@@ -354,8 +354,8 @@ int dh_sign_hash(const unsigned char *in,  unsigned long inlen,
    if ((err = mp_read_unsigned_bin(k, buf, sets[key->idx].size)) != CRYPT_OK)          { goto LBL_ERR; }
 
    /* load g, p and p1 */
-   if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK)               { goto LBL_ERR; }
-   if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK)              { goto LBL_ERR; }
+   if ((err = mp_read_radix(g, sets[key->idx].base, 16)) != CRYPT_OK)               { goto LBL_ERR; }
+   if ((err = mp_read_radix(p, sets[key->idx].prime, 16)) != CRYPT_OK)              { goto LBL_ERR; }
    if ((err = mp_sub_d(p, 1, p1)) != CRYPT_OK)                                     { goto LBL_ERR; }
    if ((err = mp_div_2(p1, p1)) != CRYPT_OK)                                       { goto LBL_ERR; } /* p1 = (p-1)/2 */
 
@@ -458,8 +458,8 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
    INPUT_BIGNUM(b, sig, x, y, siglen);
 
    /* load p and g */
-   if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK)              { goto error1; }
-   if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK)               { goto error1; }
+   if ((err = mp_read_radix(p, sets[key->idx].prime, 16)) != CRYPT_OK)              { goto error1; }
+   if ((err = mp_read_radix(g, sets[key->idx].base, 16)) != CRYPT_OK)               { goto error1; }
 
    /* load m */
    if ((err = mp_read_unsigned_bin(m, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error1; }