[IPsec] Question about RFC 5114

[Joy Latten]

Hi,

I am looking to implement modp groups 22, 23, and 24 into IKE but have a
question.

RFC 5114 gives the prime, p, the generator, g and a subgroup, q, with a 
specific size...

Because prior rfcs for modp groups did not specify a "q", I was not sure
if this was a new constant or just stating a size requirement?
So I took a look at NIST 800-56A. In particular, 

5.6.1 Private/Public Key Pair Generation

5.6.1.1 FFC Key Pair Generation
For the FFC schemes, each static and ephemeral private key and public
key shall be generated using an Approved method and the selected valid
domain parameters (p, q, g{, SEED,pgenCounter}) (see Appendix B of FIPS
186-3). 
...

I then took a look at FIPS 186-3, Appendix B, which documents 2 methods
for finite field cryptography (FFC) key pair generation. 
For example, one method is "Key Pair Generation Using Extra Random
Bits". It actually states that "q" is an input and it is used to do an
additional computation to compute "x". 

I am somewhat confused, are the modp groups 22, 23 & 24 suppose to use
one of these new methods and that is why "q" is given in rfc 5114?
Or am I to ignore this and just continue with existing way 
where "q" is not used and there aren't any additional computations
to compute x.

I am not even sure this is correct place to ask, but any advice
would be welcome.

regards,
Joy


(Cut-n-paste from FIPs 186-3 below to show input and process)

 Input:
    (p, q, g)      The subset of the domain parameters that are used
                   for this process. p, q and g shall either be
                   provided as integers during input, or shall be
                   converted to integers prior to use.

Process:
1. N = len(q); L = len(p).    Comment: Check that the (L, N) pair
                              is specified in Section 4.2.
2. If the (L, N) pair is invalid, then return an ERROR indicator,
   Invalid_x, and Invalid_y.
3. requested_security_strength = the security strength associated
   with the (L, N) pair;      see SP 800-57.
4. Obtain a string of N+64 returned_bits from an RBG with a security
   strength of requested_security_strength or more. If an ERROR
   indication is returned, then return an ERROR indication,
   Invalid_x, and Invalid_y.
5. Convert returned_bits to the (non-negative) integer c (see
   Appendix C.2.1).
6. x = (c mod (q–1)) + 1.       Comment: 0 ≤ c mod (q–1) ≤ q–2 and
                                implies that 1 ≤ x ≤ q–1.
7. y = gx mod p.
8. Return SUCCESS, x, and y.

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec