void PEM_DH_Load(BufferedTransformation& bt, Integer& p, Integer& q, Integer& g) { ByteQueue obj; PEM_NextObject(bt, obj); PEM_Type type = PEM_GetType(obj); if(type == PEM_DH_PARAMETERS) PEM_StripEncapsulatedBoundary(obj, SBB_DH_PARAMETERS_BEGIN, SBB_DH_PARAMETERS_END); else throw InvalidDataFormat("PEM_DH_Read: invalid DH parameters"); ByteQueue temp; PEM_Base64Decode(obj, temp); BERSequenceDecoder dh(temp); p.BERDecode(dh); q.BERDecode(dh); g.BERDecode(dh); dh.MessageEnd(); #if PEM_KEY_OR_PARAMETER_VALIDATION AutoSeededRandomPool prng; if(!VerifyPrime(prng, p, 3)) throw Exception(Exception::OTHER_ERROR, "PEM_DH_Read: p is not prime"); // https://crypto.stackexchange.com/questions/12961/diffie-hellman-parameter-check-when-g-2-must-p-mod-24-11 long residue = p % 24; if(residue != 11 && residue != 23) throw Exception(Exception::OTHER_ERROR, "PEM_DH_Read: g is not a suitable generator"); #endif }
void DL_GroupParameters_EC<EC>::BERDecode(BufferedTransformation &bt) { byte b; if (!bt.Peek(b)) BERDecodeError(); if (b == OBJECT_IDENTIFIER) Initialize(OID(bt)); else { BERSequenceDecoder seq(bt); word32 version; BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version EllipticCurve ec(seq); Point G = ec.BERDecodePoint(seq); Integer n(seq); Integer k; bool cofactorPresent = !seq.EndReached(); if (cofactorPresent) k.BERDecode(seq); else k = Integer::Zero(); seq.MessageEnd(); Initialize(ec, G, n, k); } }