Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?

To: Kurt Roeckx <kurt%roeckx.be@localhost>, Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
From: "Mark D. Baushke" <mdb%juniper.net@localhost>
Date: Sat, 8 Mar 2014 10:12:58 -0800

Hi Kurt,

You raise a good point. Folks with 'bc -l' should be able to verify the
MODP groups.

Kurt Roeckx <kurt%roeckx.be@localhost> writes:

> On Fri, Mar 07, 2014 at 06:18:11PM -0500, Mouse wrote:
> > 
> > However, if you add 18 more 0s to the long string of them (which the
> > formatting makes it look likely got dropped in whatever produced the
> > weird line breaks above - if I add 18 more 0s and paste the first two
> > lines together, the result is exactly as long as the next five lines),
> > that _is_ 2^2048 - 2^1984 - 1 + (2^64 * 124476).  That is, it's what
> > you get if you take pi to be 0.  I suspect your bc didn't recognize the
> > character string "pi" and treated it as an unset variable or some such,
> > effectively replacing it with 0.
> 
> If you want pi in bc, you need to start bc with the -l option and do:
> pi=4*a(1)

Yes. Of course, to get the same values as is used in the RFCs more
fractional bits need to be calculated

Using bc to calculate the group14 and group15 primes:

$ bc -l
scale=1000 /* should be enough for group 14 and group 15 */
obase=16
/* A function to return the largest integral value not greater than x */
define floor(x) {
  auto s
  s = scale
  scale = 0
  x /= 1  /* round x down */
  scale = s
  return (x)
}

pi=4*a(1)
pi
3.243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C8945\
2821E638D01377BE5466CF34E90C6CC0AC29B7C97C50DD3F84D5B5B54709179216D5\
D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96BA7C9045F1\
2C7F9924A19947B3916CF70801F2E2858EFC16636920D871574E69A458FEA3F4933D\
7E0D95748F728EB658718BCD5882154AEE7B54A41DC25A59B59C30D5392AF26013C5\
D1B023286085F0CA417918B8DB38EF8E79DCB0603A180E6C9E0E8BB01E8A3ED71577\
C1BD314B2778AF2FDA55605C60E65525F3AA55AB945748986263E8144055CA396A2A\
AB10B6B4CC5C341141E8CEA15486AF7C72E993B3EE1411636FBC2A2BA9C55D741831\
F6CE5C3E169B87931EAFD6BA336C24CF5C7A325381289586773B8F48986B4BB9AFC4\
BFE81B6628219361D809CCFB21A991487CAC605DEC8032EF845D5DE98575B1DC2623\
02EB651B8823893E81D396ACC50F6D6FF383F442392E0B4482A484200469C8F04A9E\
1F9B5E21C66842F6E96C9A670C9C61ABD388F06A51A0D2D8542F68960FA728AB5133\
A36EEF0B6C137A3B8
2^2048 - 2^1984 - 1 + 2^64 * (floor(pi * 2^1918) + 124476) /* group 14 */
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020B\
BEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D\
6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A89\
9FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A\
69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C\
354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2\
EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA\
051015728E5A8AACAA68FFFFFFFFFFFFFFFF
2^3072 - 2^3008 - 1 + 2^64 * (floor(2^2942 * pi) + 1690314) /* group 15 */
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020B\
BEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D\
6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A89\
9FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A\
69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C\
354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2\
EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA\
051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A\
8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3\
D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE11757\
7A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93A\
D2CAFFFFFFFFFFFFFFFF


They both compare exactly to rfc3526.

To calculate the group 16 value, I need to add more digits to pi

scale=4000 /* need more digits for group 16 */
pi=4*a(1)
2^4096 - 2^4032 - 1 + 2^64 * (floor(pi * 2^3966) + 240904) /* group 16 */
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020B\
BEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D\
6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A89\
9FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A\
69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C\
354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2\
EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA\
051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A\
8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3\
D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE11757\
7A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A921\
08011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA\
2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2\
964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127\
D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFF\
FFFF

The above was calculated using GNU bc version 1.06.

	-- Mark

Follow-Ups:
- MODP group modulus derivation [was: Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
  - From: Daniel Kahn Gillmor

References:
- Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
  - From: Peter Gutmann
- Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
  - From: Mouse
- Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
  - From: Kurt Roeckx

Prev by Date: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
Next by Date: MODP group modulus derivation [was: Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
Previous by Thread: Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?
Next by Thread: MODP group modulus derivation [was: Re: [TLS] I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
Indexes:

Home | Main Index | Thread Index | Old Index