Mbed forum

DH Support MODP-2048-256

mbed_tls

(Florian Depraz) #1

Hello !

I am following a specification that needs one of the following algorithm for the key agreement algorithm
DH+MODP-2048-256 (https://tools.ietf.org/html/rfc5114#section-2.3)
As far as I can see within https://github.com/ARMmbed/mbedtls/blob/master/include/mbedtls/dhm.h mbedTLS does not support this algorithm. (It supports 2048-224: https://github.com/ARMmbed/mbedtls/blob/master/include/mbedtls/dhm.h#L321 )

Is there any reason why the support has not been added for this algorithm ? I am guessing adding it is not as easy as specifying the corresponding MBEDTLS_DHM_RFC5114_MODP_2048_256_P and MBEDTLS_DHM_RFC5114_MODP_2048_256_G defines from the rfc5114.


(Ron Eldor) #2

Hi @Pokitoz,
Thank you for your question!

Note that Mbed TLS supports Diffie-Hellman-Merkle (DHM) algorithm, and your request is not for a dfferent algorithm, but for different groups than what is supported by default by Mbed TLS.
However, you can supply your own set of group parameters to the Mbed TLS DHM API.
To learn how to do it, please follow the guidelines in this article.

Regards,
Mbed TLS Team member
Ron


(Florian Depraz) #3

Thanks for the clarifications Ron.