On Wed, 2010-04-07 at 10:12 +0200, Andreas Steffen wrote: > Hi Joy, > Joy Latten wrote: > > This patch adds the MODP DH Groups 22-24 defined in RFC 5114. > > > > After consulting with ietf ipsec mailing list, I realized all I needed > > to do was add the constants for these groups. > > > > I tried interoperability testing with openswan's DH groups 22-24. > > Unfortunately, I could not get strongswan->openswan to work with > > any of the new or old modp groups. Openswan complained about the message > > ID it received, which looked correct to me. This problem as outside the > > scope of my patch. > > I was able to get openswan->strongswan to work with old and new modp > > groups. > > > > I was also told following on ipsec ietf list: > > > > 1. The exponent only needs to be size of q, for group 22-24. I noticed > > in strongswan it likes to use the size of the prime. I left it like > > this. > > > There is no sense spending a lot of entropy by choosing a secret DH > exponent which is larger than the size q of the subgroup since the > resulting public DH factor will just wrap around modulo q. > > In order to restrict the secret factor to the size of the subgroup > either q or at least the number of bits of q (160, 224, 256 bits) > should be stored in the dh_params tables. Actually they are already > stored there as the optimum secret size (20, 28, 32 octets) but > these restrictions should also be heeded with charon's default > setting > > libstrongswan.dh_exponent_ansi_x9_42=yes > > where with the normal DH groups secret is chosen randomly up to > the full prime p size. So probably an additional column is needed > in the dh_params table containing the maximum size of ANSI X9.42 > secrets. > Should I go ahead and make this change? I plan to submit second patch for validation of the public value and could do it then...
Thanks! regards, Joy _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
