DH Support MODP-2048-256

Pokitoz · November 26, 2018, 5:43pm

Hello !

I am following a specification that needs one of the following algorithm for the key agreement algorithm
DH+MODP-2048-256 (RFC 5114: Additional Diffie-Hellman Groups for Use with IETF Standards)
As far as I can see within mbedtls/dhm.h at master · Mbed-TLS/mbedtls · GitHub mbedTLS does not support this algorithm. (It supports 2048-224: mbedtls/dhm.h at master · Mbed-TLS/mbedtls · GitHub )

Is there any reason why the support has not been added for this algorithm ? I am guessing adding it is not as easy as specifying the corresponding MBEDTLS_DHM_RFC5114_MODP_2048_256_P and MBEDTLS_DHM_RFC5114_MODP_2048_256_G defines from the rfc5114.

roneld01 · November 27, 2018, 9:03am

Hi @Pokitoz,
Thank you for your question!

Note that Mbed TLS supports Diffie-Hellman-Merkle (DHM) algorithm, and your request is not for a dfferent algorithm, but for different groups than what is supported by default by Mbed TLS.
However, you can supply your own set of group parameters to the Mbed TLS DHM API.
To learn how to do it, please follow the guidelines in this article.

Regards,
Mbed TLS Team member
Ron

Pokitoz · November 27, 2018, 10:23am

Thanks for the clarifications Ron.

Topic		Replies	Views
Support for RSAPSS according to PKCS #1 v2.2: RSA Cryptography Standard Crypto and SSL questions	3	1932	June 27, 2018
How to perform Diffie-Hellman key exchange using PSA Cryptography APIs that use mbed-tls library? Crypto and SSL questions mbed_tls	0	719	July 5, 2020
Beginner's Question: Does MbedTLS support SSH? Generic	1	3273	May 2, 2019
About SHA-3 implementation plans Feature Requests mbed_tls	2	643	October 21, 2021
Missing cipher suite Mbed TLS	1	430	May 12, 2023

DH Support MODP-2048-256

Related topics