ECDH, early capabilities, etc.

Ian Jackson ijackson at
Sun Apr 30 20:02:21 BST 2017

Ian Jackson writes ("Re: ECDH, early capabilities, etc."):
> FYI I'm currently halfway through 08f0e3eb "site.c, magic.h: Formalize
> the system of message variants." and my dinner has just arrived...

Thanks very much for your work.  I've reviewed
origin/master..mdw/mdw/xdh (see full list below).
(TBH much of the time I just looked at the commit messges.)

Most of it I am entirely happy with.  For the parts I had
queries/comments/whatever I have sent emails with review comments.

In the interests of getting some of your series out of your tree and
into mine, feel free to make a pre- series that contains only fixes


8b65b7baea9f220d7cc66af7787a911081d4a544 @@@ testing
18dd2913fce01e20a711886f73802d9e2f8b4433 Introduce negotiation for Diffie--Hellman groups.
d59f7573a02e2d3cdedc0dd72b786dd122866247 make-secnet-sites: Introduce a notion of listish types.
ac4c3286cc411bada7ee207b21f4e3f48a47749f make-secnet-sites: Introduce a superclass for the config types.
22577705f05fac5e57f93a281ba6d675b65eab53 magic.h, secnet.8, NOTES: Allocate the high capability bits.
81d2105447660e59ff2601d2160e3bc121cbaa61 secnet.8: Describe capability negotiation in its own section.
f46f9f4439ab85a6c5e7055ea0afda1c7a53f9cb site.c: Abstract out the various parts of capability handling.
8c3d8d8a8ac24c0117d0b50a671517a812b25a77 site.c: Allocate and free the Diffie--Hellman secret buffers each time.
37a6f3f55c98ea1ecc49daef3720d751277c9582 site.c: Abstract out generation of the Diffie--Hellman private secret.
8161a1c9b8060d75f00299e83a395dfd477abc91 dh.c, secnet.8: Allow `diffie-hellman' to take a dictionary of arguments.
08f0e3eb5ab21435c59d610f3dc92c22668eb249 site.c, magic.h: Formalize the system of message variants.
305c1cdb281d1c49cb7a02d76e8e05649843d4f8 site.c: Rename `remote_transforms' in `process_msg2'.
82194179879901c91049497dbfa0c878c2e31069 secnet.8, magic.h: Rephrase documentation of `capab-num' settings.
b72717616c9ffc2c143eb9318f38079bcfc7bee0 magic.h, etc.: Rename the transform capability bits.
08f489cea60b71d74c391a0397be3b86b53bea2e Adjust the DH closure protocol to handle public values as raw binary.
6f5c3403084b31eefcd77aed9705d83dca2e5788 @@@ xdh in testing
4f0b332708fd78252daec87234d981ddea9c1f58 make-secnet-sites: Educate it about the new XDH groups.
2f43559b671fec3c71cd8637891fa5dfc66e122f xdh.c: New module defining elliptic curve Diffie--Hellman functions.
0619a39f5a7f3ffd547846fbc60af45cf1fb2995 Hack on the newly imported X25519 and X448 code.
9a5f167b9e7bef8593b30593d8dc09f99ec5382b Import implementations of X25519 and X448 from Catacomb.
8654493b0e1953cc7ea4c9d50228531e49d065a8 unaligned.h: Add macros for reading and writing little-endian 32-bit words.
ff2252b2b08e8923a74d56e5de50480051c77200 util.[ch]: Factor out hex encoding and decoding utilities.
5d0811373bfbb1b18527a42204a32a147f2ae658 site.c: Pass the length of the actual shared secret to the transform.
fd5ab9d58e5c67d3e484e1b3aec37a91e2b8590f Change our view of the Diffie--Hellman closure protocol.
e9175d8914624e2074ef756e9a43feb25fe910db site.c: Don't overwrite `st->sharedsecret' if it's null.
09284a8efe521b1a76da8f0a21e2fe07d683f240 site.c, dh.c, secnet.h: Allow the dh `makeshared' method to fail.
1a5325e01baf30bf4bc3ca890eed5f45f116aa55 site.c: Cope with failure of transform `setkey' method.
715038082bf5ccd9a3e95b95a78209247ca17147 site.c: Make sure there's enough buffer space for the signature terminator.
9edc66d43d77f215f607891c3f7c1843986d8117 README: Note that I've hacked on the code.
fe31dde9341afc51a426ba16f1fb264632643bf5 @@@ sha512 in testing
911163ad85744c9ba83055f665855b8d6b2ddf13 sha512.c, etc.: Provide `sha512' as a hash function for signing.
39c1a06a939cadd4d5bf69e5f323b706450702dc sha512.[ch]: Remove a bunch of unused code.
88d6860ad96507dda169518932d1a17066ed3ba5 rsa.c transform-cbcmac.c: Fix configuration error messages.
4f742fb84fb6361d5301a8499424db58d55426d9 NOTES: Describe the current allocation of capability bits.
6d7188b76e3e9fd1d76892341147fd839bfa6179 make-secnet-sites: Don't allow setting new VPN-level props when restricted.
da655ac80f0ce074ad7faf334fab46c112748e3c make-secnet-sites: Remove duplicate `address' entry in sitelevel.
de5126c448b7dcae072a095e27e3dc99712c8cc5 secnet.8: Fix wrong information.
a9608d097dddb13b372a17ff23c7375433ce586f README.make-secnet-sites: Provide some documentation for this tool.
8edb7b755af45eaf38657c62876623b7fff6f1b6 .dir-locals.el: Settings for Python code.
7f0908788b5c77911c799ebb4d82ddba655069eb @@@ maybe test the ancient transform
00418813bc77d056b1b069042625d31564cec7c9 @@@ testing utilities
a88623eae16b4d153639f76595faae06914edec6 util.c: Don't byte-swap IPv4 addresses, even if we don't have IPv6.
ed6eb2b91117f63c85fac1f8499d136fc8340f80 polypath.c: Fix missing include of <limits.h>.

More information about the sgo-software-discuss mailing list