[strongSwan-dev] Diffie Hellman Group 24 Question

Joy Latten latten at austin.ibm.com
Thu Mar 11 22:58:26 CET 2010 

Hi, 

I was viewing the strongswan contributions url,
http://wiki.strongswan.org/projects/strongswan/wiki/Contributions
and noticed that in some place it states that some contributions should
be made under MIT license. But then it also says that strongswan is
opensource project distributed under GPL.

Could you clarify whether strongswan is distributed under GPLv2 or MIT
X11 license?

To add dh group 24, changes would occur to existing files under
src/charon, src/libstrongswan and src/pluto, would the latter
contribution be submitted under GPL and MIT X11 license for the others? 

Thanks for all advise.

regards,
Joy Latten

On Wed, 2010-03-03 at 08:27 +0100, Martin Willi wrote:
> Hi Joy,
> 
> > I could not readily determine the correct way to add this new group to
> > the enum chain in src/libstrongswan/crypto/diffie_hellman.c. Does it
> > belong in an existing range or should I create a new range for it?
> 
> Group 24 works a little different than our existing modp groups, as it
> uses generators different from 2 and prime order subgroups. Integrating
> into the gmp plugin requires more than just adding the new constants.
> I'm not sure whats simpler, create a new implementation that uses these
> subgroups, or adjust the existing one to handle both cases. Depends on
> what is actually the difference code-wise.
> 
> > rfc 5114 includes some test data. I looked but could not find existing
> > testcases or test data for diffie hellman in strongswan.
> 
> No, we currently do not have integrated DH implementations in our test
> framework. There are not a lot of test vectors available for DH, and the
> current DH API does actually not allow us to test them in a predictable
> manner.
> 
> > Or do I hard code a testcase to verify the computations using the test
> > data in rfc5114?
> 
> Either hardcode a test or change the API of DH implementations (e.g.
> optionally pass x to the constructor). This way we could integrate DH
> vectors in our algorithm test framework.
> 
> Best regards
> Martin

More information about the Dev mailing list