chiark - git - ian - secnet.git/commit

author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 29 Apr 2017 12:55:40 +0000 (13:55 +0100)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Wed, 1 Jan 2020 23:48:14 +0000 (23:48 +0000)
commit	5ac3acb96c0fe0300f2963c7883893fd4f42d743
tree	f3151ef588a0634268b99d028e47fb6926328b4d	tree \| snapshot
parent	0cd7090f53ec7185fdfebee38e9374607ec59f99	commit \| diff

Introduce negotiation for Diffie--Hellman groups.

For the most part, this slots into the space previously prepared for
it.  However, there are a few subtleties.

The most significant one is that existing Secnets don't pay attention to
the high 16 cap bits.  To bring them into availability, we introduce a
signalling system.  If bit 15 is set, then

  * all of the bits are scanned for capabilities, and

  * it is expected that sender has advertised its DH groups explicitly.

If the bit is clear, then we have the old situation:

  * firstly, only the low 16 bits are scanned for transform cap bits,
    and

  * secondly, it is assumed that the sender only implements traditional
    integer Diffie--Hellman, cap 10, with some appropriately determined
    group.

We also set the explicit bit if one of the high capability bits is set.

As part of this, add a parameter to the `diffie-hellman' closure to
configure its advertised group cap.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>

NOTES		diff \| blob \| history
dh.c		diff \| blob \| history
magic.h		diff \| blob \| history
secnet-wireshark.lua		diff \| blob \| history
secnet.8		diff \| blob \| history
secnet.h		diff \| blob \| history
site.c		diff \| blob \| history