chiark - git - ian - secnet.git/commit

author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 29 Apr 2017 12:55:40 +0000 (13:55 +0100)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Sun, 8 Dec 2019 00:21:52 +0000 (00:21 +0000)
commit	3046cb544db28ba50d5f72112bf3187614597314
tree	ddc7716652cc901a271e2b37900711216b5b6816	tree \| snapshot
parent	4600c0a12c2eb805828b6380090033f3addb5e81	commit \| diff

Introduce negotiation for Diffie--Hellman groups.

For the most part, this slots into the space previously prepared for
it.  However, there are a few subtleties.

The most significant one is that existing Secnets don't pay attention to
the high 16 cap bits.  To bring them into availability, we introduce a
signalling system.  If bit 15 is set, then

  * all of the bits are scanned for capabilities, and

  * it is expected that sender has advertised its DH groups explicitly.

If the bit is clear, then we have the old situation:

  * firstly, only the low 16 bits are scanned for transform cap bits,
    and

  * secondly, it is assumed that the sender only implements traditional
    integer Diffie--Hellman, cap 10, with some appropriately determined
    group.

We also set the explicit bit if one of the high capability bits is set.

As part of this, add a parameter to the `diffie-hellman' closure to
configure its advertised group cap.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>

NOTES		diff \| blob \| history
dh.c		diff \| blob \| history
magic.h		diff \| blob \| history
secnet-wireshark.lua		diff \| blob \| history
secnet.8		diff \| blob \| history
secnet.h		diff \| blob \| history
site.c		diff \| blob \| history