[strongSwan] Charon fails when MODP_2048_256 is advertised first

Mike Belopuhov mkb at crypt.org.ru
Tue Sep 14 20:37:11 CEST 2010


Hi,

I'm experiencing a problem that Charon doesn't accept MODP_2048_256
DH group if it was listed first in the proposal:

09[CFG] selecting proposal:
09[CFG]   proposal matches
09[CFG] received proposals: IKE:AES_CBC_256/AES_CBC_192/AES_CBC_128/
3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA1_96/HMAC_MD5_96/PRF_HMAC_SHA2_256/
PRF_HMAC_SHA1/PRF_HMAC_MD5/MODP_2048_256/MODP_2048/MODP_1536/MODP_1024
09[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/
MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/HMAC_SHA1_96/
HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/
PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/PRF_HMAC_MD5/
PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/
MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/
MODP_1024/MODP_1024_160
09[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
09[LIB] size of DH secret exponent: 256 bits
09[IKE] DH group MODP_2048_256 inacceptable, requesting MODP_2048

If I specify it after MODP_2048, then it works as expected:

09[CFG] selecting proposal:
09[CFG]   proposal matches
09[CFG] received proposals: IKE:AES_CBC_256/AES_CBC_192/AES_CBC_128/
3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA1_96/HMAC_MD5_96/PRF_HMAC_SHA2_256/
PRF_HMAC_SHA1/PRF_HMAC_MD5/MODP_2048/MODP_2048_256/MODP_1536/MODP_1024
09[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/
MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/HMAC_SHA1_96/
HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/
PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/PRF_HMAC_MD5/
PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/
MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/
MODP_1024/MODP_1024_160
09[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
09[LIB] size of DH secret exponent: 2047 bits

"DH secret exponent" sizes are different, while they are
supposed to be the same.

I'm running strongswan 4.4.1 on 2.6.35 kernel, openssl version
0.9.8k-7ubuntu8.

Could you please advise if this behaviour is intentional and
if so, why it fails to use MODP_2048_256?

Thanks in advance,
Mike




More information about the Users mailing list