[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114

Andreas Steffen andreas.steffen at strongswan.org
Wed Apr 7 10:12:13 CEST 2010 

Hi Joy,
Joy Latten wrote:
> This patch adds the MODP DH Groups 22-24 defined in RFC 5114.
> 
> After consulting with ietf ipsec mailing list, I realized all I needed
> to do was add the constants for these groups. 
> 
> I tried interoperability testing with openswan's DH groups 22-24.
> Unfortunately, I could not get strongswan->openswan to work with 
> any of the new or old modp groups. Openswan complained about the message
> ID it received, which looked correct to me. This problem as outside the
> scope of my patch. 
> I was able to get openswan->strongswan to work with old and new modp
> groups.
> 
> I was also told following on ipsec ietf list:
> 
> 1. The exponent only needs to be size of q, for group 22-24. I noticed
> in strongswan it likes to use the size of the prime. I left it like
> this.
>
There is no sense spending a lot of entropy by choosing a secret DH
exponent which is larger than the size q of the subgroup since the
resulting public DH factor will just wrap around modulo q.

In order to restrict the secret factor to the size of the subgroup
either q or at least the number of bits of q (160, 224, 256 bits)
should be stored in the dh_params tables. Actually they are already
stored there as the optimum secret size (20, 28, 32 octets) but
these restrictions should also be heeded with charon's default
setting

   libstrongswan.dh_exponent_ansi_x9_42=yes

where with the normal DH groups secret is chosen randomly up to
the full prime p size. So probably an additional column is needed
in the dh_params table containing the maximum size of ANSI X9.42
secrets.

> 2. Doing all validation steps as defined in NIST SP 800-56A is important
> for groups 22-24. I am currently determining what this is and will
> submit a second patch very soon.
> 
> Let me know if this patch looks ok.
> Thanks!
> 
> regards,
> Joy

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list