This patch adds the MODP DH Groups 22-24 defined in RFC 5114.
After consulting with ietf ipsec mailing list, I realized all I needed
to do was add the constants for these groups.
I tried interoperability testing with openswan's DH groups 22-24.
Unfortunately, I could not get strongswan->openswan to work with
any of the new or old modp groups. Openswan complained about the message
ID it received, which looked correct to me. This problem as outside the
scope of my patch.
I was able to get openswan->strongswan to work with old and new modp
groups.
I was also told following on ipsec ietf list:
1. The exponent only needs to be size of q, for group 22-24. I noticed
in strongswan it likes to use the size of the prime. I left it like
this.
2. Doing all validation steps as defined in NIST SP 800-56A is important
for groups 22-24. I am currently determining what this is and will
submit a second patch very soon.
Let me know if this patch looks ok.
Thanks!
regards,
Joy
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index f2a34f2..7ea8b8b 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -858,6 +858,9 @@ static void proposal_add_supported_ike(private_proposal_t *this)
case ECP_256_BIT:
case ECP_384_BIT:
case ECP_521_BIT:
+ case MODP_DH22:
+ case MODP_DH23:
+ case MODP_DH24:
case ECP_192_BIT:
case ECP_224_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index f3e5786..5033cee 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -32,7 +32,11 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_DH22, MODP_DH24, ECP_521_BIT,
+ "MODP_DH22",
+ "MODP_DH23",
+ "MODP_DH24");
+ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, MODP_DH24,
"ECP_192",
"ECP_224");
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
@@ -298,18 +302,138 @@ static const u_int8_t group18_modulus[] = {
};
/**
+ * Modulus of Group 22 (MODP_DH22).
+ */
+static u_int8_t group22_modulus[] = {
+ 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,0xAE,0x5D,0x54,0xEC,
+ 0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,
+ 0x60,0x73,0xE2,0x86,0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0,
+ 0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,0xD4,0x9B,0x83,0xBF,
+ 0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,
+ 0x4E,0xFF,0xD6,0xFA,0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0,
+ 0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,0x36,0x5C,0x1A,0x65,
+ 0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71
+};
+
+
+/**
+ * Modulus of Group 23 (MODP_DH23).
+ */
+static u_int8_t group23_modulus[] = {
+ 0xAD,0x10,0x7E,0x1E,0x91,0x23,0xA9,0xD0,0xD6,0x60,0xFA,0xA7,0x95,0x59,0xC5,0x1F,
+ 0xA2,0x0D,0x64,0xE5,0x68,0x3B,0x9F,0xD1,0xB5,0x4B,0x15,0x97,0xB6,0x1D,0x0A,0x75,
+ 0xE6,0xFA,0x14,0x1D,0xF9,0x5A,0x56,0xDB,0xAF,0x9A,0x3C,0x40,0x7B,0xA1,0xDF,0x15,
+ 0xEB,0x3D,0x68,0x8A,0x30,0x9C,0x18,0x0E,0x1D,0xE6,0xB8,0x5A,0x12,0x74,0xA0,0xA6,
+ 0x6D,0x3F,0x81,0x52,0xAD,0x6A,0xC2,0x12,0x90,0x37,0xC9,0xED,0xEF,0xDA,0x4D,0xF8,
+ 0xD9,0x1E,0x8F,0xEF,0x55,0xB7,0x39,0x4B,0x7A,0xD5,0xB7,0xD0,0xB6,0xC1,0x22,0x07,
+ 0xC9,0xF9,0x8D,0x11,0xED,0x34,0xDB,0xF6,0xC6,0xBA,0x0B,0x2C,0x8B,0xBC,0x27,0xBE,
+ 0x6A,0x00,0xE0,0xA0,0xB9,0xC4,0x97,0x08,0xB3,0xBF,0x8A,0x31,0x70,0x91,0x88,0x36,
+ 0x81,0x28,0x61,0x30,0xBC,0x89,0x85,0xDB,0x16,0x02,0xE7,0x14,0x41,0x5D,0x93,0x30,
+ 0x27,0x82,0x73,0xC7,0xDE,0x31,0xEF,0xDC,0x73,0x10,0xF7,0x12,0x1F,0xD5,0xA0,0x74,
+ 0x15,0x98,0x7D,0x9A,0xDC,0x0A,0x48,0x6D,0xCD,0xF9,0x3A,0xCC,0x44,0x32,0x83,0x87,
+ 0x31,0x5D,0x75,0xE1,0x98,0xC6,0x41,0xA4,0x80,0xCD,0x86,0xA1,0xB9,0xE5,0x87,0xE8,
+ 0xBE,0x60,0xE6,0x9C,0xC9,0x28,0xB2,0xB9,0xC5,0x21,0x72,0xE4,0x13,0x04,0x2E,0x9B,
+ 0x23,0xF1,0x0B,0x0E,0x16,0xE7,0x97,0x63,0xC9,0xB5,0x3D,0xCF,0x4B,0xA8,0x0A,0x29,
+ 0xE3,0xFB,0x73,0xC1,0x6B,0x8E,0x75,0xB9,0x7E,0xF3,0x63,0xE2,0xFF,0xA3,0x1F,0x71,
+ 0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F
+};
+
+/**
+ * Modulus of Group 24 (MODP_DH24).
+ */
+static u_int8_t group24_modulus[] = {
+ 0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,0x65,0x19,0x59,0x99,
+ 0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00,
+ 0xE0,0x0D,0xF8,0xF1,0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30,
+ 0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,0x83,0x0E,0x9A,0x7C,
+ 0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED,
+ 0x91,0xF9,0xE6,0x72,0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B,
+ 0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,0xB1,0xE5,0x9B,0xB8,
+ 0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76,
+ 0xB6,0x3A,0xCA,0xE1,0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E,
+ 0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,0x96,0x52,0x4D,0x8E,
+ 0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25,
+ 0x1C,0xCA,0xCB,0x83,0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26,
+ 0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,0xBD,0x0B,0xE6,0x21,
+ 0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03,
+ 0xA4,0xB5,0x43,0x30,0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F,
+ 0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,0x1E,0x1A,0x15,0x97
+};
+
+/**
+ * Generator for Group 22 (MODP_DH22).
+ */
+static u_int8_t group22_generator[] = {
+ 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,0xEF,0xB9,0x99,0x05,
+ 0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,
+ 0x26,0x6F,0xEA,0x1E,0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13,
+ 0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,0x9E,0x27,0x49,0xF4,
+ 0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,
+ 0xA6,0xA2,0x4C,0x08,0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A,
+ 0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,0x18,0xD0,0x8B,0xC8,
+ 0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5
+};
+
+/**
+ * Generator of Group 23 (MODP_DH23).
+ */
+static u_int8_t group23_generator[] = {
+ 0xAC,0x40,0x32,0xEF,0x4F,0x2D,0x9A,0xE3,0x9D,0xF3,0x0B,0x5C,0x8F,0xFD,0xAC,0x50,
+ 0x6C,0xDE,0xBE,0x7B,0x89,0x99,0x8C,0xAF,0x74,0x86,0x6A,0x08,0xCF,0xE4,0xFF,0xE3,
+ 0xA6,0x82,0x4A,0x4E,0x10,0xB9,0xA6,0xF0,0xDD,0x92,0x1F,0x01,0xA7,0x0C,0x4A,0xFA,
+ 0xAB,0x73,0x9D,0x77,0x00,0xC2,0x9F,0x52,0xC5,0x7D,0xB1,0x7C,0x62,0x0A,0x86,0x52,
+ 0xBE,0x5E,0x90,0x01,0xA8,0xD6,0x6A,0xD7,0xC1,0x76,0x69,0x10,0x19,0x99,0x02,0x4A,
+ 0xF4,0xD0,0x27,0x27,0x5A,0xC1,0x34,0x8B,0xB8,0xA7,0x62,0xD0,0x52,0x1B,0xC9,0x8A,
+ 0xE2,0x47,0x15,0x04,0x22,0xEA,0x1E,0xD4,0x09,0x93,0x9D,0x54,0xDA,0x74,0x60,0xCD,
+ 0xB5,0xF6,0xC6,0xB2,0x50,0x71,0x7C,0xBE,0xF1,0x80,0xEB,0x34,0x11,0x8E,0x98,0xD1,
+ 0x19,0x52,0x9A,0x45,0xD6,0xF8,0x34,0x56,0x6E,0x30,0x25,0xE3,0x16,0xA3,0x30,0xEF,
+ 0xBB,0x77,0xA8,0x6F,0x0C,0x1A,0xB1,0x5B,0x05,0x1A,0xE3,0xD4,0x28,0xC8,0xF8,0xAC,
+ 0xB7,0x0A,0x81,0x37,0x15,0x0B,0x8E,0xEB,0x10,0xE1,0x83,0xED,0xD1,0x99,0x63,0xDD,
+ 0xD9,0xE2,0x63,0xE4,0x77,0x05,0x89,0xEF,0x6A,0xA2,0x1E,0x7F,0x5F,0x2F,0xF3,0x81,
+ 0xB5,0x39,0xCC,0xE3,0x40,0x9D,0x13,0xCD,0x56,0x6A,0xFB,0xB4,0x8D,0x6C,0x01,0x91,
+ 0x81,0xE1,0xBC,0xFE,0x94,0xB3,0x02,0x69,0xED,0xFE,0x72,0xFE,0x9B,0x6A,0xA4,0xBD,
+ 0x7B,0x5A,0x0F,0x1C,0x71,0xCF,0xFF,0x4C,0x19,0xC4,0x18,0xE1,0xF6,0xEC,0x01,0x79,
+ 0x81,0xBC,0x08,0x7F,0x2A,0x70,0x65,0xB3,0x84,0xB8,0x90,0xD3,0x19,0x1F,0x2B,0xFA
+};
+
+/**
+ * Generator of Group 24 (MODP_DH24).
+ */
+static u_int8_t group24_generator[] = {
+ 0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,0x60,0xED,0xBD,0x48,
+ 0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25,
+ 0x10,0xDB,0xC1,0x50,0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55,
+ 0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,0x7E,0x8C,0x6F,0x62,
+ 0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65,
+ 0x01,0x96,0xF9,0x31,0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B,
+ 0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,0x82,0xD6,0xED,0x38,
+ 0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93,
+ 0xB5,0x04,0x5A,0xF2,0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55,
+ 0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,0xD1,0x82,0xEA,0x0A,
+ 0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9,
+ 0xB7,0xD2,0xBB,0xD2,0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15,
+ 0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,0x0D,0xF9,0x2B,0x52,
+ 0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3,
+ 0x2F,0x63,0x07,0x84,0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51,
+ 0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,0x6C,0xC4,0x16,0x59
+};
+
+/**
* All supported diffie hellman groups.
* Optimum exponent size according to RFC 3526.
*/
static diffie_hellman_params_t dh_params[] = {
- {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 32, 0, 2},
- {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 32, 0, 2},
- {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 32, 0, 2},
- {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 0, 2},
- {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 0, 2},
- {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 0, 2},
- {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 0, 2},
- {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 0, 2},
+ {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 32, 0, 2, 0, 0},
+ {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 32, 0, 2, 0, 0},
+ {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 32, 0, 2, 0, 0},
+ {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 0, 2, 0, 0},
+ {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 0, 2, 0, 0},
+ {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 0, 2, 0, 0},
+ {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 0, 2, 0, 0},
+ {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 0, 2, 0, 0},
+ {MODP_DH22, group22_modulus, sizeof(group22_modulus), 20, 0, 2, group22_generator, sizeof(group22_generator)},
+ {MODP_DH23, group23_modulus, sizeof(group23_modulus), 28, 0, 2, group23_generator, sizeof(group23_generator)},
+ {MODP_DH24, group24_modulus, sizeof(group24_modulus), 32, 0, 2, group24_generator, sizeof(group24_generator)},
};
/**
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 9d3b604..6f00b62 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -50,6 +50,9 @@ enum diffie_hellman_group_t {
ECP_256_BIT = 19,
ECP_384_BIT = 20,
ECP_521_BIT = 21,
+ MODP_DH22 = 22,
+ MODP_DH23 = 23,
+ MODP_DH24 = 24,
ECP_192_BIT = 25,
ECP_224_BIT = 26,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
@@ -142,6 +145,16 @@ struct diffie_hellman_params_t {
* Generator.
*/
u_int16_t generator;
+
+ /**
+ * The generator as byte array.
+ */
+ const u_int8_t *hex_generator;
+
+ /**
+ * Length of the hex generator.
+ */
+ size_t hex_generator_len;
};
/**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 0997c93..4afa0a8 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -121,3 +121,6 @@ ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
+modp_dh22, DIFFIE_HELLMAN_GROUP, MODP_DH22, 0
+modp_dh23, DIFFIE_HELLMAN_GROUP, MODP_DH23, 0
+modp_dh24, DIFFIE_HELLMAN_GROUP, MODP_DH24, 0
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index f4808f2..ecddc8f 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -49,6 +49,11 @@ struct private_gmp_diffie_hellman_t {
*/
mpz_t g;
+ /*
+ * Generator length.
+ */
+ size_t g_len;
+
/**
* My private value.
*/
@@ -223,7 +228,17 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
}
mpz_import(this->p, params->prime_len, 1, 1, 1, 0, params->prime);
this->p_len = params->prime_len;
- mpz_set_ui(this->g, params->generator);
+
+ if (params->hex_generator_len)
+ {
+ mpz_import(this->g, params->hex_generator_len, 1, 1, 1, 0, params->hex_generator);
+ this->g_len = params->hex_generator_len;
+ DBG1("adding hex g");
+ }
+ else
+ {
+ mpz_set_ui(this->g, params->generator);
+ }
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index ca50514..d9def5d 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -58,6 +58,12 @@ plugin_t *gmp_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ lib->crypto->add_dh(lib->crypto, MODP_DH22,
+ (dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_DH23,
+ (dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_DH24,
+ (dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 7823abe..2c9c8e2 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -920,12 +920,15 @@ static const char *const oakley_group_name_rfc4753[] = {
};
static const char *const oakley_group_name_rfc5114[] = {
+ "MODP_DH22",
+ "MODP_DH23",
+ "MODP_DH24",
"ECP_192",
"ECP_224"
};
enum_names oakley_group_names_rfc5114 =
- { ECP_192_BIT, ECP_224_BIT,
+ { MODP_DH22, ECP_224_BIT,
oakley_group_name_rfc5114, NULL };
enum_names oakley_group_names_rfc4753 =
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index fb0cff7..09df6bf 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -237,6 +237,27 @@ static struct dh_desc dh_desc_ecp_521 = {
ke_size: 2*528 / BITS_PER_BYTE
};
+static struct dh_desc dh_desc_modp_dh22 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_DH22,
+ algo_next: NULL,
+ ke_size: 1024 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_dh23 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_DH23,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_dh24 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_DH24,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
+};
+
static struct dh_desc dh_desc_ecp_192 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: ECP_192_BIT,
@@ -370,6 +391,15 @@ bool init_crypto(void)
case ECP_521_BIT:
desc = &dh_desc_ecp_521;
break;
+ case MODP_DH22:
+ desc = &dh_desc_modp_dh22;
+ break;
+ case MODP_DH23:
+ desc = &dh_desc_modp_dh23;
+ break;
+ case MODP_DH24:
+ desc = &dh_desc_modp_dh24;
+ break;
case ECP_192_BIT:
desc = &dh_desc_ecp_192;
break;
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
