sirp 2.0.0.pre

data/examples/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem 'puma'
+gem 'sinatra'
+gem 'http'
+gem 'sirp', path: '../'

data/examples/README.md

@@ -0,0 +1,34 @@
+# SiRP : Secure (interoperable) Remote Password : Example
+
+## Install Ruby Dependencies
+
+```
+$ cd examples
+$ bundle install
+```
+
+## Run Server
+
+```sh
+# run this in the first terminal window
+$ ./server.rb
+```
+
+## Authenticate with Ruby Client
+
+```sh
+# run this in the second terminal window
+$ cd clients/ruby/
+$ ./client.rb
+```
+
+## Authenticate with JavaScript Client
+
+```sh
+# see the output of the JS client in the browser's JS console
+$ cd clients/javascript/
+$ npm install
+$ open index.html
+```
+
+You can find other username : password combinations in `server.rb`

data/examples/clients/javascript/.gitignore

@@ -0,0 +1 @@
+/node_modules/

data/examples/clients/javascript/app.js

@@ -0,0 +1,59 @@
+var client = new jsrp.client()
+var serverAddr = 'http://localhost:4567/authenticate'
+var username = 'leonardo'
+var password = 'capricciosa'
+
+$(document).ready(function () {
+  'use strict'
+
+  console.log('Starting Authentication')
+
+  $(document).ajaxError(function (event, request, settings) {
+    console.log(event)
+    console.log(request)
+    console.log(settings)
+  })
+
+  client.init({ username: username, password: password, length: 4096 }, function () {
+    client.createVerifier(function (err, result) {
+      // result will contain the necessary values the server needs to
+      // authenticate this user in the future.
+      // sendSaltToServer(result.salt)
+      // sendVerifierToServer(result.verifier)
+
+      if (err) {
+         console.log(err.stack);
+       }
+
+      var A = client.getPublicKey()
+
+      // Auth Phase 1
+      console.log('P1 : Sending username and A to server')
+      $.post(serverAddr, { username: username, A: A }, function (data) {
+        console.log('P1 : Received salt : ', data.salt)
+        console.log('P1 : Received B : ', data.B)
+        client.setSalt(data.salt)
+        client.setServerPublicKey(data.B)
+
+        var clientM = client.getProof()
+        console.log('P1 : calculated client M : ', clientM)
+
+        // Auth Phase 2
+        console.log('P2 : Sending username and M to server')
+        $.post(serverAddr, { username: username, M: clientM }, function (data) {
+          console.log('P2 : Received server H_AMK : ', data.H_AMK)
+          if (client.checkServerProof(data.H_AMK)) {
+            console.log('P2 : Client and server H_AMK match. Authenticated!')
+            console.log('P2 : Client and server negotiated shared key K : ', client.getSharedKey())
+            $('#status').html('Authenticated!')
+            $('#username').html(username)
+            $('#K').html(client.getSharedKey())
+          } else {
+            $('#status').html('Authenticated FAILED')
+            console.log('P2 : Client and server H_AMK DO NOT match. Authentication failed!')
+          }
+        }, 'json')
+      }, 'json')
+    })
+  })
+})

data/examples/clients/javascript/index.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Secure Remote Password JS Client Example</title>
+  </head>
+  <body>
+    <h1>Secure Remote Password JS Client Example</h1>
+
+    <p>
+      Open the JavaScript console to see more output. Any shared secret
+      negotiated on successful authentication will be displayed below.
+    </p>
+
+    <p id='status'></p>
+    <p id='username'></p>
+    <p id='K'></p>
+
+    <script type="text/javascript" src="node_modules/jquery/dist/jquery.min.js"></script>
+    <script type="text/javascript" src="node_modules/jsrp/jsrp-browser.js"></script>
+    <script type="text/javascript" src="app.js"></script>
+  </body>
+</html>

data/examples/clients/javascript/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "javascript",
+  "version": "1.0.0",
+  "description": "",
+  "main": "app.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "New BSD",
+  "dependencies": {
+    "jquery": "^2.2.3",
+    "jsrp": "^0.2.0"
+  }
+}

data/examples/clients/ruby/client.rb

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler/setup'
+require 'http'
+require 'json'
+require 'sirp'
+require 'logger'
+logger = Logger.new $stdout
+
+server_addr  = 'http://localhost:4567/authenticate'
+username     = 'leonardo'
+password     = 'capricciosa'
+prime_length = 4096
+
+# The salt and verifier should be stored on the server database.
+# In this example code these values are hard-coded in server.rb
+# @auth = SIRP::Verifier.new(prime_length).generate_userauth(username, password)
+# @auth is a hash containing :username, :verifier and :salt
+
+logger.info 'Start authentication'
+
+client = SIRP::Client.new(prime_length)
+A = client.start_authentication
+
+logger.info "Sending username: '#{username}' and A: '#{A}' to server"
+
+# Client => Server: username, A
+# Server => Client: salt, B
+response = HTTP.post(server_addr, form: { username: username, A: A }).parse
+logger.info "Server responded with: '#{response}'"
+
+logger.info 'Client is calculating M, from B and salt, as a response to the challenge'
+client_M = client.process_challenge(username, password, response['salt'], response['B'])
+
+# Client => Server: username, M
+# Server => Client: H(AMK)
+logger.info "Client is sending M: '#{client_M}' to server"
+response = HTTP.post(server_addr, form: { username: username, M: client_M }).parse
+logger.info "Server responded with: #{response}"
+
+if client.verify(response['H_AMK'])
+  logger.info 'Client verification of server H_AMK has succeeded! Authenticated!'
+  logger.info "Client and server have negotiated shared secret K: '#{client.K}'"
+else
+  logger.error 'Client verification of server H_AMK has failed!'
+end

data/examples/server.rb

@@ -0,0 +1,88 @@
+#!/usr/bin/env ruby
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler/setup'
+require 'sinatra'
+require 'json'
+require 'sirp'
+require 'logger'
+logger = Logger.new $stdout
+
+# Sinatra : Use Puma
+configure { set :server, :puma }
+
+# Set prime N length - client has to use the same value!
+prime_length = 4096
+
+# Simulated DB
+users = {
+  leonardo: 'capricciosa',
+  raphael: 'quattro formaggi',
+  donatello: 'margherita',
+  michelangelo: 'tropicana'
+}
+
+user_verifiers = users.map do |username, password|
+  { username => SIRP::Verifier.new(prime_length).generate_userauth(username, password) }
+end
+
+user_verifiers.each { |h| users.update h }
+
+before do
+  content_type 'application/json'
+  response['Access-Control-Allow-Origin'] = '*'
+end
+
+post '/authenticate' do
+  username = params[:username]
+  user = users[username.to_sym]
+
+  unless user
+    logger.warn "User #{username} not found"
+    halt 401
+  end
+
+  if params[:A]
+    logger.info 'P1 : Starting'
+    logger.info "P1 : Server received username '#{username}' and A"
+    logger.info "P1 : Client A : #{params[:A]}"
+    aa = params[:A]
+    v = user[:verifier]
+    salt = user[:salt]
+
+    # Server generates B, saves A and B to database
+    verifier = SIRP::Verifier.new(prime_length)
+    session = verifier.get_challenge_and_proof(username, v, salt, aa)
+
+    logger.info 'P1 : Server persisting user verifier (proof)'
+    user[:session_proof] = session[:proof]
+
+    logger.info 'P1 : Server sending salt and B'
+    logger.info "P1 : Server salt : #{session[:challenge][:salt].length} : #{session[:challenge][:salt]}"
+    logger.info "P1 : Server B : #{session[:challenge][:B].length} : #{session[:challenge][:B]}"
+    return JSON.generate(session[:challenge])
+  elsif params[:M]
+    logger.info 'P2 : Starting'
+    logger.info "P2 : Server received username '#{username}' and client M"
+    client_M = params[:M]
+    logger.info "P2 : Client M : #{client_M.length} : #{client_M}"
+
+    logger.info 'P2 : Retrieving verifier from the database'
+    proof = user[:session_proof]
+
+    logger.info 'P2 : Verifying client/server M match, generating H_AMK'
+    verifier = SIRP::Verifier.new(prime_length)
+    server_H_AMK = verifier.verify_session(proof, client_M)
+    logger.info "P2 : server M: #{verifier.M}"
+
+    if server_H_AMK
+      logger.info "P2 : #{username} Authenticated!"
+      logger.info "P2 : Client and server negotiated shared key K : #{verifier.K}"
+      logger.info "P2 : Server sending final H_AMK : #{server_H_AMK.length} : #{server_H_AMK}"
+      return JSON.generate(H_AMK: server_H_AMK)
+    end
+  end
+
+  halt 401
+end

data/lib/sirp.rb

@@ -0,0 +1,8 @@
+require 'openssl'
+require 'digest'
+require 'rbnacl/libsodium'
+require 'securer_randomer'
+require 'sirp/sirp'
+require 'sirp/client'
+require 'sirp/verifier'
+require 'sirp/version'

data/lib/sirp/client.rb

@@ -0,0 +1,50 @@
+module SIRP
+  class Client
+    attr_reader :N, :g, :k, :a, :A, :S, :K, :M, :H_AMK, :hash
+
+    def initialize(group = 2048)
+      # select modulus (N) and generator (g)
+      @N, @g, @hash = SIRP.Ng(group)
+      @k = SIRP.calc_k(@N, @g, hash)
+    end
+
+    def start_authentication
+      # Generate a/A private and public components
+      @a ||= SecureRandom.hex(32).hex
+      @A = SIRP.num_to_hex(SIRP.calc_A(@a, @N, @g))
+    end
+
+    # Process initiated authentication challenge.
+    # Returns M if authentication is successful, false otherwise.
+    # Salt and B should be given in hex.
+    def process_challenge(username, password, xsalt, xbb)
+      bb = xbb.to_i(16)
+
+      # SRP-6a safety check
+      return false if (bb % @N) == 0
+
+      x = SIRP.calc_x(username, password, xsalt, hash)
+      u = SIRP.calc_u(@A, xbb, @N, hash)
+
+      # SRP-6a safety check
+      return false if u == 0
+
+      # calculate session key
+      @S = SIRP.num_to_hex(SIRP.calc_client_S(bb, @a, @k, x, u, @N, @g))
+      @K = SIRP.sha_hex(@S, hash)
+
+      # calculate match
+      @M = SIRP.calc_M(@A, xbb, @K, hash)
+
+      # calculate verifier
+      @H_AMK = SIRP.num_to_hex(SIRP.calc_H_AMK(@A, @M, @K, hash))
+
+      @M
+    end
+
+    def verify(server_HAMK)
+      return false unless @H_AMK
+      @H_AMK == server_HAMK
+    end
+  end
+end

data/lib/sirp/sirp.rb

@@ -0,0 +1,283 @@
+module SIRP
+  class << self
+    # http://stackoverflow.com/questions/3772410/convert-a-string-of-0-f-into-a-byte-array-in-ruby
+    def hex_to_bytes(str)
+      [str].pack('H*').unpack('C*')
+    end
+
+    def sha_hex(h, hash_klass)
+      hash_klass.hexdigest([h].pack('H*'))
+    end
+
+    def sha_str(s, hash_klass = Digest::SHA1)
+      hash_klass.hexdigest(s)
+    end
+
+    # Modular Exponentiation
+    # https://en.m.wikipedia.org/wiki/Modular_exponentiation
+    # http://rosettacode.org/wiki/Modular_exponentiation#Ruby
+    #
+    # a^b (mod m)
+    def mod_exp(a, b, m)
+      # Use OpenSSL::BN#mod_exp
+      a.to_bn.mod_exp(b, m)
+    end
+
+    # Hashing function with padding.
+    # Input is prefixed with 0 to meet N hex width.
+    def H(hash_klass, n, *a)
+      nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3)
+
+      hashin = a.map do |s|
+        next unless s
+        shex = (s.class == String) ? s : num_to_hex(s)
+        if shex.length > nlen
+          raise 'Bit width does not match - client uses different prime'
+        end
+        '0' * (nlen - shex.length) + shex
+      end.join('')
+
+      sha_hex(hashin, hash_klass).hex % n
+    end
+
+    # Multiplier parameter
+    # k = H(N, g)   (in SIRP-6a)
+    def calc_k(n, g, hash_klass)
+      H(hash_klass, n, n, g)
+    end
+
+    # Private key (derived from username, raw password and salt)
+    # x = H(salt || H(username || ':' || password))
+    def calc_x(username, password, salt, hash_klass)
+      spad = salt.length.odd? ? '0' : ''
+      sha_hex(spad + salt + sha_str([username, password].join(':'), hash_klass), hash_klass).hex
+    end
+
+    # Random scrambling parameter
+    # u = H(A, B)
+    def calc_u(xaa, xbb, n, hash_klass)
+      H(hash_klass, n, xaa, xbb)
+    end
+
+    # Password verifier
+    # v = g^x (mod N)
+    def calc_v(x, n, g)
+      mod_exp(g, x, n)
+    end
+
+    # A = g^a (mod N)
+    def calc_A(a, n, g)
+      mod_exp(g, a, n)
+    end
+
+    # B = g^b + k v (mod N)
+    def calc_B(b, k, v, n, g)
+      (mod_exp(g, b, n) + k * v) % n
+    end
+
+    # Client secret
+    # S = (B - (k * g^x)) ^ (a + (u * x)) % N
+    def calc_client_S(bb, a, k, x, u, n, g)
+      mod_exp((bb - k * mod_exp(g, x, n)) % n, (a + x * u), n)
+    end
+
+    # Server secret
+    # S = (A * v^u) ^ b % N
+    def calc_server_S(aa, b, v, u, n)
+      mod_exp((mod_exp(v, u, n) * aa), b, n)
+    end
+
+    # M = H(A, B, K)
+    def calc_M(xaa, xbb, xkk, hash_klass)
+      digester = hash_klass.new
+      digester << hex_to_bytes(xaa).pack('C*')
+      digester << hex_to_bytes(xbb).pack('C*')
+      digester << hex_to_bytes(xkk).pack('C*')
+      digester.hexdigest
+    end
+
+    # H(A, M, K)
+    def calc_H_AMK(xaa, xmm, xkk, hash_klass)
+      byte_string = hex_to_bytes([xaa, xmm, xkk].join('')).pack('C*')
+      sha_str(byte_string, hash_klass).hex
+    end
+
+    def num_to_hex(num)
+      hex_str = num.to_s(16)
+      even_hex_str = hex_str.length.odd? ? '0' + hex_str : hex_str
+      even_hex_str.downcase
+    end
+
+    # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity
+    def Ng(group)
+      case group
+      when 1024
+        @N = %w(
+          EEAF0AB9 ADB38DD6 9C33F80A FA8FC5E8 60726187 75FF3C0B 9EA2314C
+          9C256576 D674DF74 96EA81D3 383B4813 D692C6E0 E0D5D8E2 50B98BE4
+          8E495C1D 6089DAD1 5DC7D7B4 6154D6B6 CE8EF4AD 69B15D49 82559B29
+          7BCF1885 C529F566 660E57EC 68EDBC3C 05726CC0 2FD4CBF4 976EAA9A
+          FD5138FE 8376435B 9FC61D2F C0EB06E3
+        ).join.hex
+        @g = 2
+        @hash = Digest::SHA1
+
+      when 1536
+        @N = %w(
+          9DEF3CAF B939277A B1F12A86 17A47BBB DBA51DF4 99AC4C80 BEEEA961
+          4B19CC4D 5F4F5F55 6E27CBDE 51C6A94B E4607A29 1558903B A0D0F843
+          80B655BB 9A22E8DC DF028A7C EC67F0D0 8134B1C8 B9798914 9B609E0B
+          E3BAB63D 47548381 DBC5B1FC 764E3F4B 53DD9DA1 158BFD3E 2B9C8CF5
+          6EDF0195 39349627 DB2FD53D 24B7C486 65772E43 7D6C7F8C E442734A
+          F7CCB7AE 837C264A E3A9BEB8 7F8A2FE9 B8B5292E 5A021FFF 5E91479E
+          8CE7A28C 2442C6F3 15180F93 499A234D CF76E3FE D135F9BB
+        ).join.hex
+        @g = 2
+        @hash = Digest::SHA1
+
+      when 2048
+        @N = %w(
+          AC6BDB41 324A9A9B F166DE5E 1389582F AF72B665 1987EE07 FC319294
+          3DB56050 A37329CB B4A099ED 8193E075 7767A13D D52312AB 4B03310D
+          CD7F48A9 DA04FD50 E8083969 EDB767B0 CF609517 9A163AB3 661A05FB
+          D5FAAAE8 2918A996 2F0B93B8 55F97993 EC975EEA A80D740A DBF4FF74
+          7359D041 D5C33EA7 1D281E44 6B14773B CA97B43A 23FB8016 76BD207A
+          436C6481 F1D2B907 8717461A 5B9D32E6 88F87748 544523B5 24B0D57D
+          5EA77A27 75D2ECFA 032CFBDB F52FB378 61602790 04E57AE6 AF874E73
+          03CE5329 9CCC041C 7BC308D8 2A5698F3 A8D0C382 71AE35F8 E9DBFBB6
+          94B5C803 D89F7AE4 35DE236D 525F5475 9B65E372 FCD68EF2 0FA7111F
+          9E4AFF73
+        ).join.hex
+        @g = 2
+        @hash = Digest::SHA256
+
+      when 3072
+        @N = %w(
+          FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
+          8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B
+          302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9
+          A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6
+          49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8
+          FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
+          670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C
+          180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718
+          3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D
+          04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D
+          B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226
+          1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
+          BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
+          E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF
+        ).join.hex
+        @g = 5
+        @hash = Digest::SHA256
+
+      when 4096
+        @N = %w(
+          FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
+          8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B
+          302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9
+          A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6
+          49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8
+          FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
+          670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C
+          180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718
+          3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D
+          04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D
+          B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226
+          1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
+          BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
+          E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26
+          99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB
+          04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2
+          233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127
+          D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199
+          FFFFFFFF FFFFFFFF
+        ).join.hex
+        @g = 5
+        @hash = Digest::SHA256
+
+      when 6144
+        @N = %w(
+          FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
+          8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B
+          302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9
+          A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6
+          49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8
+          FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
+          670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C
+          180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718
+          3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D
+          04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D
+          B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226
+          1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
+          BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
+          E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26
+          99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB
+          04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2
+          233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127
+          D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492
+          36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406
+          AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918
+          DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151
+          2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03
+          F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F
+          BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA
+          CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B
+          B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632
+          387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E
+          6DCC4024 FFFFFFFF FFFFFFFF
+        ).join.hex
+        @g = 5
+        @hash = Digest::SHA256
+
+      when 8192
+        @N = %w(
+          FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
+          8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B
+          302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9
+          A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6
+          49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8
+          FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
+          670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C
+          180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718
+          3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D
+          04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D
+          B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226
+          1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
+          BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
+          E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26
+          99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB
+          04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2
+          233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127
+          D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492
+          36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406
+          AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918
+          DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151
+          2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03
+          F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F
+          BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA
+          CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B
+          B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632
+          387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E
+          6DBE1159 74A3926F 12FEE5E4 38777CB6 A932DF8C D8BEC4D0 73B931BA
+          3BC832B6 8D9DD300 741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C
+          5AE4F568 3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9
+          22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B 4BCBC886
+          2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A 062B3CF5 B3A278A6
+          6D2A13F8 3F44F82D DF310EE0 74AB6A36 4597E899 A0255DC1 64F31CC5
+          0846851D F9AB4819 5DED7EA1 B1D510BD 7EE74D73 FAF36BC3 1ECFA268
+          359046F4 EB879F92 4009438B 481C6CD7 889A002E D5EE382B C9190DA6
+          FC026E47 9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71
+          60C980DD 98EDD3DF FFFFFFFF FFFFFFFF
+        ).join.hex
+        @g = 19
+        @hash = Digest::SHA256
+      else
+        raise NotImplementedError, 'unknown group size'
+      end
+
+      [@N, @g, @hash]
+    end
+    # rubocop:enable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity
+  end
+end