[strongSwan-dev] [PATCH] DiffieHellman Groups 22-24 in RFC5114
Joy Latten
latten at austin.ibm.com
Mon Apr 12 22:20:46 CEST 2010
On Thu, 2010-04-08 at 15:17 +0200, Martin Willi wrote:
> > I think we can unify the generator format and drop the current u_int16_t
> > definition by a generic chunk format. I'll push these changes to master
> > this afternoon.
>
> Please have a look at changeset b34b93db, it changes the generator
> format to a variable length chunk. This should allow you to implement
> the new groups without touching the actual DH implementation. The other
> plugins will benefit from the new groups, too (if registered).
>
> As Andreas suggested, we should store the size of the subgroup in the
> Diffie Hellman parameter description for choosing an optimal exponent
> size. Adding a new field to the now private dh_params in
> diffie_hellman.c and use it if set, unaffected from the ansi_x9_42
> setting.
I've reworked the original patch to include a variable length chunk
for q in the dh_params. I included q to do the validation of the peer
public value. I tested it with and without EXTENDED_DH_TEST defined.
Let me know if this is ok.
Thanks!
regards,
Joy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhpatch4
Type: text/x-patch
Size: 15245 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100412/1a4cdb6e/attachment.bin>
More information about the Dev
mailing list