[strongSwan-dev] Diffie Hellman Group 24 Question

[Joy Latten]

Hi, 

On Wed, 2010-03-03 at 08:27 +0100, Martin Willi wrote:
> Hi Joy,
> 
> > I could not readily determine the correct way to add this new group to
> > the enum chain in src/libstrongswan/crypto/diffie_hellman.c. Does it
> > belong in an existing range or should I create a new range for it?
> 
> Group 24 works a little different than our existing modp groups, as it
> uses generators different from 2 and prime order subgroups. Integrating
> into the gmp plugin requires more than just adding the new constants.
> I'm not sure whats simpler, create a new implementation that uses these
> subgroups, or adjust the existing one to handle both cases. Depends on
> what is actually the difference code-wise.
> 
I took a look at the NIST 800-56A and FIPS 186-3 to determine what's to 
be done. So far, I don't think there will be a big difference
code-wise. I really like the modularity and "crispness" of the
strongswan code I have seen so far and will see if integrating subprime
code keeps it that way.  
 
> > rfc 5114 includes some test data. I looked but could not find existing
> > testcases or test data for diffie hellman in strongswan.
> 
> No, we currently do not have integrated DH implementations in our test
> framework. There are not a lot of test vectors available for DH, and the
> current DH API does actually not allow us to test them in a predictable
> manner.
> 
> > Or do I hard code a testcase to verify the computations using the test
> > data in rfc5114?
> 
> Either hardcode a test or change the API of DH implementations (e.g.
> optionally pass x to the constructor). This way we could integrate DH
> vectors in our algorithm test framework.
> 
I'll take a look and see what it would entail to change the DH API to 
optionally pass x & y to the constructor for test purposes.
If it seems very invasive, I'll just hardcode a test to ensure the
computations comply.

Thanks!!

regards,
Joy Latten