ims-volte-vowifi/strongswan-epdg
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten

Browse source
This commit is contained in:
Martin Willi 2010-04-19 14:41:20 +02:00
parent f0212e8837
commit 4590260b2d
13 changed files with 211 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
NEWS
View file

@ -8,6 +8,11 @@ strongswan-4.4.0
The development of the High Availability functionality was sponsored by
secunet Security Networks AG.
- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
and openssl plugins, usable by both pluto and charon. The new proposal
keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten
from IBM for his contribution.
- The IKEv1 pluto daemon supports RAM-based virtual IP pools using
the rightsourceip directive with a subnet from which addresses
are allocated.

29
scripts/dh_speed.c
View file

@ -15,19 +15,22 @@ struct {
char *name;
diffie_hellman_group_t group;
} groups[] = {
{"modp768", MODP_768_BIT},
{"modp1024", MODP_1024_BIT},
{"modp1536", MODP_1536_BIT},
{"modp2048", MODP_2048_BIT},
{"modp3072", MODP_3072_BIT},
{"modp4096", MODP_4096_BIT},
{"modp6144", MODP_6144_BIT},
{"modp8192", MODP_8192_BIT},
{"ecp256", ECP_256_BIT},
{"ecp384", ECP_384_BIT},
{"ecp521", ECP_521_BIT},
{"ecp192", ECP_192_BIT},
{"ecp224", ECP_224_BIT},
{"modp768", MODP_768_BIT},
{"modp1024", MODP_1024_BIT},
{"modp1024s160", MODP_1024_160},
{"modp1536", MODP_1536_BIT},
{"modp2048", MODP_2048_BIT},
{"modp2048s224", MODP_2048_224},
{"modp2048s256", MODP_2048_256},
{"modp3072", MODP_3072_BIT},
{"modp4096", MODP_4096_BIT},
{"modp6144", MODP_6144_BIT},
{"modp8192", MODP_8192_BIT},
{"ecp256", ECP_256_BIT},
{"ecp384", ECP_384_BIT},
{"ecp521", ECP_521_BIT},
{"ecp192", ECP_192_BIT},
{"ecp224", ECP_224_BIT},
};
static void start_timing(struct timespec *start)

6
scripts/dh_speed.sh
View file

@ -4,17 +4,17 @@
echo "testing gmp"
# gmp needs a RNG plugin, pick gcrypt
sudo ./dh_speed "gmp gcrypt" 400 modp768 modp768 modp1024 modp1536 modp2048 | tail -n 4
sudo ./dh_speed "gmp gcrypt" 400 modp768 modp768 modp1024 modp1024s160 modp1536 modp2048 modp2048s224 modp2048s256 | tail -n 7
sudo ./dh_speed "gmp gcrypt" 100 modp1024 modp3072 modp4096 | tail -n 2
sudo ./dh_speed "gmp gcrypt" 5 modp2048 modp6144 modp8192 | tail -n 2
echo "testing gcrypt"
sudo ./dh_speed "gcrypt" 400 modp768 modp768 modp1024 modp1536 modp2048 | tail -n 4
sudo ./dh_speed "gcrypt" 400 modp768 modp768 modp1024 modp1024s160 modp1536 modp2048 modp2048s224 modp2048s256 | tail -n 7
sudo ./dh_speed "gcrypt" 100 modp1024 modp3072 modp4096 | tail -n 2
sudo ./dh_speed "gcrypt" 5 modp2048 modp6144 modp8192 | tail -n 2
echo "testing openssl"
sudo ./dh_speed "openssl" 400 modp768 modp768 modp1024 modp1536 modp2048 | tail -n 4
sudo ./dh_speed "openssl" 400 modp768 modp768 modp1024 modp1024s160 modp1536 modp2048 modp2048s224 modp2048s256 | tail -n 7
sudo ./dh_speed "openssl" 100 modp1024 modp3072 modp4096 | tail -n 2
sudo ./dh_speed "openssl" 5 modp2048 modp6144 modp8192 | tail -n 2
sudo ./dh_speed "openssl" 300 ecp192 ecp192 ecp224 ecp256 ecp384 ecp521 | tail -n 5

3
src/libcharon/config/proposal.c
View file

@ -858,6 +858,9 @@ static void proposal_add_supported_ike(private_proposal_t *this)
case ECP_256_BIT:
case ECP_384_BIT:
case ECP_521_BIT:
case MODP_1024_160:
case MODP_2048_224:
case MODP_2048_256:
case ECP_192_BIT:
case ECP_224_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);

112
src/libstrongswan/crypto/diffie_hellman.c
View file

@ -32,7 +32,10 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"ECP_256",
"ECP_384",
"ECP_521");
ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_192",
"ECP_224");
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
@ -301,6 +304,110 @@ static struct {
0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
},
},{
.group = MODP_1024_160, .opt_exp = 20, .public = {
.subgroup = chunk_from_chars(
0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
0x49,0x46,0x23,0x53),
.generator = chunk_from_chars(
0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,0xEF,0xB9,0x99,0x05,
0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,
0x26,0x6F,0xEA,0x1E,0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13,
0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,0x9E,0x27,0x49,0xF4,
0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,
0xA6,0xA2,0x4C,0x08,0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A,
0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,0x18,0xD0,0x8B,0xC8,
0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5),
.prime = chunk_from_chars(
0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,0xAE,0x5D,0x54,0xEC,
0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,
0x60,0x73,0xE2,0x86,0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0,
0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,0xD4,0x9B,0x83,0xBF,
0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,
0x4E,0xFF,0xD6,0xFA,0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0,
0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,0x36,0x5C,0x1A,0x65,
0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71),
},
}, {
.group = MODP_2048_224, .opt_exp = 28, .public = {
.subgroup = chunk_from_chars(
0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
.generator = chunk_from_chars(
0xAC,0x40,0x32,0xEF,0x4F,0x2D,0x9A,0xE3,0x9D,0xF3,0x0B,0x5C,0x8F,0xFD,0xAC,0x50,
0x6C,0xDE,0xBE,0x7B,0x89,0x99,0x8C,0xAF,0x74,0x86,0x6A,0x08,0xCF,0xE4,0xFF,0xE3,
0xA6,0x82,0x4A,0x4E,0x10,0xB9,0xA6,0xF0,0xDD,0x92,0x1F,0x01,0xA7,0x0C,0x4A,0xFA,
0xAB,0x73,0x9D,0x77,0x00,0xC2,0x9F,0x52,0xC5,0x7D,0xB1,0x7C,0x62,0x0A,0x86,0x52,
0xBE,0x5E,0x90,0x01,0xA8,0xD6,0x6A,0xD7,0xC1,0x76,0x69,0x10,0x19,0x99,0x02,0x4A,
0xF4,0xD0,0x27,0x27,0x5A,0xC1,0x34,0x8B,0xB8,0xA7,0x62,0xD0,0x52,0x1B,0xC9,0x8A,
0xE2,0x47,0x15,0x04,0x22,0xEA,0x1E,0xD4,0x09,0x93,0x9D,0x54,0xDA,0x74,0x60,0xCD,
0xB5,0xF6,0xC6,0xB2,0x50,0x71,0x7C,0xBE,0xF1,0x80,0xEB,0x34,0x11,0x8E,0x98,0xD1,
0x19,0x52,0x9A,0x45,0xD6,0xF8,0x34,0x56,0x6E,0x30,0x25,0xE3,0x16,0xA3,0x30,0xEF,
0xBB,0x77,0xA8,0x6F,0x0C,0x1A,0xB1,0x5B,0x05,0x1A,0xE3,0xD4,0x28,0xC8,0xF8,0xAC,
0xB7,0x0A,0x81,0x37,0x15,0x0B,0x8E,0xEB,0x10,0xE1,0x83,0xED,0xD1,0x99,0x63,0xDD,
0xD9,0xE2,0x63,0xE4,0x77,0x05,0x89,0xEF,0x6A,0xA2,0x1E,0x7F,0x5F,0x2F,0xF3,0x81,
0xB5,0x39,0xCC,0xE3,0x40,0x9D,0x13,0xCD,0x56,0x6A,0xFB,0xB4,0x8D,0x6C,0x01,0x91,
0x81,0xE1,0xBC,0xFE,0x94,0xB3,0x02,0x69,0xED,0xFE,0x72,0xFE,0x9B,0x6A,0xA4,0xBD,
0x7B,0x5A,0x0F,0x1C,0x71,0xCF,0xFF,0x4C,0x19,0xC4,0x18,0xE1,0xF6,0xEC,0x01,0x79,
0x81,0xBC,0x08,0x7F,0x2A,0x70,0x65,0xB3,0x84,0xB8,0x90,0xD3,0x19,0x1F,0x2B,0xFA),
.prime = chunk_from_chars(
0xAD,0x10,0x7E,0x1E,0x91,0x23,0xA9,0xD0,0xD6,0x60,0xFA,0xA7,0x95,0x59,0xC5,0x1F,
0xA2,0x0D,0x64,0xE5,0x68,0x3B,0x9F,0xD1,0xB5,0x4B,0x15,0x97,0xB6,0x1D,0x0A,0x75,
0xE6,0xFA,0x14,0x1D,0xF9,0x5A,0x56,0xDB,0xAF,0x9A,0x3C,0x40,0x7B,0xA1,0xDF,0x15,
0xEB,0x3D,0x68,0x8A,0x30,0x9C,0x18,0x0E,0x1D,0xE6,0xB8,0x5A,0x12,0x74,0xA0,0xA6,
0x6D,0x3F,0x81,0x52,0xAD,0x6A,0xC2,0x12,0x90,0x37,0xC9,0xED,0xEF,0xDA,0x4D,0xF8,
0xD9,0x1E,0x8F,0xEF,0x55,0xB7,0x39,0x4B,0x7A,0xD5,0xB7,0xD0,0xB6,0xC1,0x22,0x07,
0xC9,0xF9,0x8D,0x11,0xED,0x34,0xDB,0xF6,0xC6,0xBA,0x0B,0x2C,0x8B,0xBC,0x27,0xBE,
0x6A,0x00,0xE0,0xA0,0xB9,0xC4,0x97,0x08,0xB3,0xBF,0x8A,0x31,0x70,0x91,0x88,0x36,
0x81,0x28,0x61,0x30,0xBC,0x89,0x85,0xDB,0x16,0x02,0xE7,0x14,0x41,0x5D,0x93,0x30,
0x27,0x82,0x73,0xC7,0xDE,0x31,0xEF,0xDC,0x73,0x10,0xF7,0x12,0x1F,0xD5,0xA0,0x74,
0x15,0x98,0x7D,0x9A,0xDC,0x0A,0x48,0x6D,0xCD,0xF9,0x3A,0xCC,0x44,0x32,0x83,0x87,
0x31,0x5D,0x75,0xE1,0x98,0xC6,0x41,0xA4,0x80,0xCD,0x86,0xA1,0xB9,0xE5,0x87,0xE8,
0xBE,0x60,0xE6,0x9C,0xC9,0x28,0xB2,0xB9,0xC5,0x21,0x72,0xE4,0x13,0x04,0x2E,0x9B,
0x23,0xF1,0x0B,0x0E,0x16,0xE7,0x97,0x63,0xC9,0xB5,0x3D,0xCF,0x4B,0xA8,0x0A,0x29,
0xE3,0xFB,0x73,0xC1,0x6B,0x8E,0x75,0xB9,0x7E,0xF3,0x63,0xE2,0xFF,0xA3,0x1F,0x71,
0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F)
},
},{
.group = MODP_2048_256, .opt_exp = 32, .public = {
.subgroup = chunk_from_chars(
0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
.generator = chunk_from_chars(
0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,0x60,0xED,0xBD,0x48,
0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25,
0x10,0xDB,0xC1,0x50,0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55,
0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,0x7E,0x8C,0x6F,0x62,
0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65,
0x01,0x96,0xF9,0x31,0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B,
0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,0x82,0xD6,0xED,0x38,
0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93,
0xB5,0x04,0x5A,0xF2,0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55,
0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,0xD1,0x82,0xEA,0x0A,
0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9,
0xB7,0xD2,0xBB,0xD2,0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15,
0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,0x0D,0xF9,0x2B,0x52,
0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3,
0x2F,0x63,0x07,0x84,0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51,
0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,0x6C,0xC4,0x16,0x59),
.prime = chunk_from_chars(
0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,0x65,0x19,0x59,0x99,
0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00,
0xE0,0x0D,0xF8,0xF1,0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30,
0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,0x83,0x0E,0x9A,0x7C,
0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED,
0x91,0xF9,0xE6,0x72,0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B,
0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,0xB1,0xE5,0x9B,0xB8,
0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76,
0xB6,0x3A,0xCA,0xE1,0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E,
0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,0x96,0x52,0x4D,0x8E,
0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25,
0x1C,0xCA,0xCB,0x83,0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26,
0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,0xBD,0x0B,0xE6,0x21,
0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03,
0xA4,0xB5,0x43,0x30,0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F,
0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,0x1E,0x1A,0x15,0x97)
},
},
};
@ -317,7 +424,8 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
{
if (!dh_params[i].public.exp_len)
{
if (lib->settings->get_int(lib->settings,
if (!dh_params[i].public.subgroup.len &&
lib->settings->get_int(lib->settings,
"libstrongswan.dh_exponent_ansi_x9_42", TRUE))
{
dh_params[i].public.exp_len = dh_params[i].public.prime.len;

8
src/libstrongswan/crypto/diffie_hellman.h
View file

@ -50,6 +50,9 @@ enum diffie_hellman_group_t {
ECP_256_BIT = 19,
ECP_384_BIT = 20,
ECP_521_BIT = 21,
MODP_1024_160 = 22,
MODP_2048_224 = 23,
MODP_2048_256 = 24,
ECP_192_BIT = 25,
ECP_224_BIT = 26,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
@ -127,6 +130,11 @@ struct diffie_hellman_params_t {
* Exponent length to use
*/
size_t exp_len;
/**
* Prime order subgroup; for MODP Groups 22-24
*/
const chunk_t subgroup;
};
/**

3
src/libstrongswan/crypto/proposal/proposal_keywords.txt
View file

@ -121,3 +121,6 @@ ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0
modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0
modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0

6
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
View file

@ -190,6 +190,10 @@ plugin_t *gcrypt_plugin_create()
/* diffie hellman groups, using modp */
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_224,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_256,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@ -202,6 +206,8 @@ plugin_t *gcrypt_plugin_create()
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_160,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gcrypt_dh_create);

12
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
View file

@ -106,10 +106,20 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
#ifdef EXTENDED_DH_TEST
/* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */
mpz_t q, one;
diffie_hellman_params_t *params;
mpz_init(q);
mpz_init(one);
mpz_fdiv_q_2exp(q, p_min_1, 1);
params = diffie_hellman_get_params(this->group);
if (!params->subgroup.len)
{
mpz_fdiv_q_2exp(q, p_min_1, 1);
}
else
{
mpz_import(q, params->subgroup.len, 1, 1, 1, 0, params->subgroup.ptr);
}
mpz_powm(one, this->yb, q, this->p);
mpz_clear(q);
if (mpz_cmp_ui(one, 1) == 0)

6
src/libstrongswan/plugins/gmp/gmp_plugin.c
View file

@ -60,6 +60,10 @@ plugin_t *gmp_plugin_create()
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_224,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_256,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@ -72,6 +76,8 @@ plugin_t *gmp_plugin_create()
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_160,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);

6
src/libstrongswan/plugins/openssl/openssl_plugin.c
View file

@ -266,6 +266,10 @@ plugin_t *openssl_plugin_create()
/* (ec) diffie hellman */
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_224,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_2048_256,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
@ -288,6 +292,8 @@ plugin_t *openssl_plugin_create()
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_160,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);

5
src/pluto/constants.c
View file

@ -920,12 +920,15 @@ static const char *const oakley_group_name_rfc4753[] = {
};
static const char *const oakley_group_name_rfc5114[] = {
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_192",
"ECP_224"
};
enum_names oakley_group_names_rfc5114 =
{ ECP_192_BIT, ECP_224_BIT,
{ MODP_1024_160, ECP_224_BIT,
oakley_group_name_rfc5114, NULL };
enum_names oakley_group_names_rfc4753 =

30
src/pluto/crypto.c
View file

@ -237,6 +237,27 @@ static struct dh_desc dh_desc_ecp_521 = {
ke_size: 2*528 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_1024_160 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: MODP_1024_160,
algo_next: NULL,
ke_size: 1024 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_2048_224 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: MODP_2048_224,
algo_next: NULL,
ke_size: 2048 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_2048_256 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: MODP_2048_256,
algo_next: NULL,
ke_size: 2048 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_192 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: ECP_192_BIT,
@ -370,6 +391,15 @@ bool init_crypto(void)
case ECP_521_BIT:
desc = &dh_desc_ecp_521;
break;
case MODP_1024_160:
desc = &dh_desc_modp_1024_160;
break;
case MODP_2048_224:
desc = &dh_desc_modp_2048_224;
break;
case MODP_2048_256:
desc = &dh_desc_modp_2048_256;
break;
case ECP_192_BIT:
desc = &dh_desc_ecp_192;
break;