[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114
Joy Latten
latten at austin.ibm.com
Thu Apr 8 15:34:40 CEST 2010
On Thu, 2010-04-08 at 14:10 +0200, Martin Willi wrote:
> Hi Joy,
>
> > + /**
> > + * The generator as byte array.
> > + */
> > + const u_int8_t *hex_generator;
> > +
> > + /**
> > + * Length of the hex generator.
> > + */
> > + size_t hex_generator_len;
>
> I think we can unify the generator format and drop the current u_int16_t
> definition by a generic chunk format. I'll push these changes to master
> this afternoon.
>
> > +modp_dh22, DIFFIE_HELLMAN_GROUP, MODP_DH22,
> > +modp_dh23, DIFFIE_HELLMAN_GROUP, MODP_DH23,
> > +modp_dh24, DIFFIE_HELLMAN_GROUP, MODP_DH24,
>
> Traditionally, strongSwan did not use the group number for
> configuration, but instead some more meaningful names by including the
> size of the prime. This gives the user a hint how strong a group
> actually is.
>
> I'd prefer a naming scheme for the new groups in accordance to the
> existing groups. What about modp1024s160 and MODP_1024_160? Too
> complicated?
>
I like what you suggested very much! At first I had something like it
but changed it. :-) Will you include those changes too when you push
the others? I plan to work on a patch for the validation of the public
key of the new groups this afternoon.
Thanks!!
regards,
Joy
More information about the Dev
mailing list