[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114

Joy Latten latten at austin.ibm.com
Tue Apr 6 16:25:47 CEST 2010

This patch adds the MODP DH Groups 22-24 defined in RFC 5114.

After consulting with ietf ipsec mailing list, I realized all I needed
to do was add the constants for these groups. 

I tried interoperability testing with openswan's DH groups 22-24.
Unfortunately, I could not get strongswan->openswan to work with 
any of the new or old modp groups. Openswan complained about the message
ID it received, which looked correct to me. This problem as outside the
scope of my patch. 
I was able to get openswan->strongswan to work with old and new modp

I was also told following on ipsec ietf list:

1. The exponent only needs to be size of q, for group 22-24. I noticed
in strongswan it likes to use the size of the prime. I left it like

2. Doing all validation steps as defined in NIST SP 800-56A is important
for groups 22-24. I am currently determining what this is and will
submit a second patch very soon.

Let me know if this patch looks ok.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhpatch
Type: text/x-patch
Size: 15299 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100406/eb565740/attachment.bin>

More information about the Dev mailing list