[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114

Andreas Steffen andreas.steffen at strongswan.org
Wed Apr 7 10:12:13 CEST 2010

Hi Joy,
Joy Latten wrote:
> This patch adds the MODP DH Groups 22-24 defined in RFC 5114.
> After consulting with ietf ipsec mailing list, I realized all I needed
> to do was add the constants for these groups. 
> I tried interoperability testing with openswan's DH groups 22-24.
> Unfortunately, I could not get strongswan->openswan to work with 
> any of the new or old modp groups. Openswan complained about the message
> ID it received, which looked correct to me. This problem as outside the
> scope of my patch. 
> I was able to get openswan->strongswan to work with old and new modp
> groups.
> I was also told following on ipsec ietf list:
> 1. The exponent only needs to be size of q, for group 22-24. I noticed
> in strongswan it likes to use the size of the prime. I left it like
> this.
There is no sense spending a lot of entropy by choosing a secret DH
exponent which is larger than the size q of the subgroup since the
resulting public DH factor will just wrap around modulo q.

In order to restrict the secret factor to the size of the subgroup
either q or at least the number of bits of q (160, 224, 256 bits)
should be stored in the dh_params tables. Actually they are already
stored there as the optimum secret size (20, 28, 32 octets) but
these restrictions should also be heeded with charon's default


where with the normal DH groups secret is chosen randomly up to
the full prime p size. So probably an additional column is needed
in the dh_params table containing the maximum size of ANSI X9.42

> 2. Doing all validation steps as defined in NIST SP 800-56A is important
> for groups 22-24. I am currently determining what this is and will
> submit a second patch very soon.
> Let me know if this patch looks ok.
> Thanks!
> regards,
> Joy

Best regards


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list