[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114

Martin Willi martin at strongswan.org
Thu Apr 8 15:17:54 CEST 2010


> I think we can unify the generator format and drop the current u_int16_t
> definition by a generic chunk format. I'll push these changes to master
> this afternoon.

Please have a look at changeset b34b93db, it changes the generator
format to a variable length chunk. This should allow you to implement
the new groups without touching the actual DH implementation. The other
plugins will benefit from the new groups, too (if registered).

As Andreas suggested, we should store the size of the subgroup in the
Diffie Hellman parameter description for choosing an optimal exponent
size. Adding a new field to the now private dh_params in
diffie_hellman.c and use it if set, unaffected from the ansi_x9_42
setting.

Regards
Martin





More information about the Dev mailing list