[strongSwan-dev] Diffie Hellman Group 24 Question
Martin Willi
martin at strongswan.org
Wed Mar 3 08:27:09 CET 2010
Hi Joy,
> I could not readily determine the correct way to add this new group to
> the enum chain in src/libstrongswan/crypto/diffie_hellman.c. Does it
> belong in an existing range or should I create a new range for it?
Group 24 works a little different than our existing modp groups, as it
uses generators different from 2 and prime order subgroups. Integrating
into the gmp plugin requires more than just adding the new constants.
I'm not sure whats simpler, create a new implementation that uses these
subgroups, or adjust the existing one to handle both cases. Depends on
what is actually the difference code-wise.
> rfc 5114 includes some test data. I looked but could not find existing
> testcases or test data for diffie hellman in strongswan.
No, we currently do not have integrated DH implementations in our test
framework. There are not a lot of test vectors available for DH, and the
current DH API does actually not allow us to test them in a predictable
manner.
> Or do I hard code a testcase to verify the computations using the test
> data in rfc5114?
Either hardcode a test or change the API of DH implementations (e.g.
optionally pass x to the constructor). This way we could integrate DH
vectors in our algorithm test framework.
Best regards
Martin
More information about the Dev
mailing list