Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
GET_RFC3526_PRIME_8... FreeBSD Library Functions Manual	GET_RFC3526_PRIME_8...

     get_rfc2409_prime_768, get_rfc2409_prime_1024, get_rfc3526_prime_1536,
     get_rfc3526_prime_2048, get_rfc3526_prime_3072, get_rfc3526_prime_4096,
     get_rfc3526_prime_6144, get_rfc3526_prime_8192, BN_get_rfc2409_prime_768,
     BN_get_rfc2409_prime_1024,	BN_get_rfc3526_prime_2048,
     BN_get_rfc3526_prime_3072,	BN_get_rfc3526_prime_4096,
     BN_get_rfc3526_prime_6144,	BN_get_rfc3526_prime_8192 -- standard moduli
     for Diffie-Hellmann key exchange

     #include <openssl/bn.h>

     BIGNUM *
     get_rfc2409_prime_768(BIGNUM *bn);

     BIGNUM *
     get_rfc2409_prime_1024(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_1536(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_2048(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_3072(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_4096(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_6144(BIGNUM *bn);

     BIGNUM *
     get_rfc3526_prime_8192(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc2409_prime_768(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc2409_prime_1024(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_1536(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_2048(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_3072(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_4096(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_6144(BIGNUM *bn);

     BIGNUM *
     BN_get_rfc3526_prime_8192(BIGNUM *bn);

     Each of these functions returns one specific constant Sophie Germain
     prime number p.  The names	with the prefix	`BN_' are aliases for the
     names without that	prefix.

     If	bn is NULL, a new BIGNUM object	is created and returned.  Otherwise,
     the number	is stored in *bn and bn	is returned.

     All these numbers are of the form

     p = 2 sup s - 2 sup left (	s - 64 right ) - 1 + 2 sup 64 *	left { left [
     2 sup left	( s - 130 right	) pi right ] + offset right } delim $$

     where s is	the size of the	binary representation of the number in bits
     and appears at the	end of the function names.  As long as the offset is
     sufficiently small, the above form	assures	that the top and bottom	64
     bits of each number are all 1.

     The offsets are defined in	the standards as follows:

	   size	s offset

	    768	= 3 * 2^8149686
	   1024	= 2 * 2^9129093
	   1536	= 3 * 2^9741804
	   2048	= 2 * 2^10124476
	   3072	= 3 * 2^101690314
	   4096	= 2 * 2^11240904
	   6144	= 3 * 2^11929484
	   8192	= 2 * 2^124743158

     For each of these prime numbers, the finite group of natural numbers
     smaller than p, where the group operation is defined as multiplication
     modulo p, is used for Diffie-Hellmann key exchange.  The first two	of
     these groups are called the First Oakley Group and	the Second Oakley
     Group.  Obiviously, all these groups are cyclic groups of order p,	re-
     spectively, and the numbers returned by these functions are not secrets.

     If	memory allocation fails, these functions return	NULL.  That can	happen
     even if bn	is not NULL.

     BN_mod_exp(3), BN_new(3), BN_set_flags(3),	DH_new(3)

     RFC 2409, "The Internet Key Exchange (IKE)", defines the Oakley Groups.

     RFC 2412, "The OAKLEY Key Determination Protocol",	contains additional
     information about these numbers.

     RFC 3526, "More Modular Exponential (MODP)	Diffie-Hellman groups for In-
     ternet Key	Exchange (IKE)", defines the other six numbers.

     get_rfc2409_prime_768(), get_rfc2409_prime_1024(),
     get_rfc3526_prime_1536(), get_rfc3526_prime_2048(),
     get_rfc3526_prime_3072(), get_rfc3526_prime_4096(),
     get_rfc3526_prime_6144(), and get_rfc3526_prime_8192() first appeared in
     OpenSSL 0.9.8a and	have been available since OpenBSD 4.5.

     The BN_ aliases first appeared in OpenSSL 1.1.0 and have been available
     since OpenBSD 6.3.

     As	all the	memory needed for storing the numbers is dynamically allo-
     cated, the	BN_FLG_STATIC_DATA flag	is not set on the returned BIGNUM ob-
     jects.  So	be careful to not change the returned numbers.

FreeBSD	13.0			March 23, 2018			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help