From b2920262e82ea5939511ea841eb33a094cea566d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 9 Nov 2019 00:08:21 +0000 Subject: [PATCH] make-secnet-sites: Support new `pub' directive This is how we are going to support multiple public key algorithms. Right now there is no backward-combinatibility support and no key negotiation support. Signed-off-by: Ian Jackson --- README.make-secnet-sites | 7 ++++--- make-secnet-sites | 13 ++++++++++++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/README.make-secnet-sites b/README.make-secnet-sites index 71a0e0f..995dbb0 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -196,8 +196,8 @@ INPUT SYNTAX Assigns a public-key closure to the `key' key, constructed as `rsa-public(E, N)'. The argument HUNOZ must be an integer, but is otherwise ignored; it's - conventionally the length of N in bits. Acceptable only - at site level; required at site level. + conventionally the length of N in bits. + Acceptable only at site level. See `pub'. mobile BOOL Assigns BOOL to the `mobile' key. Acceptable only at @@ -212,7 +212,8 @@ INPUT SYNTAX Defines a public key. ALG is an algorithm name and DATA91S is the public key data, encoded according to secnet-base91 (see below). - Not yet suported in make-secnet-sites. + Gives make-public("ALG","DATAB91S") in sites.conf; + at least one `pub' or `pubkey' must be specified. serial SETIDHEX Specifies the key set id (8 hex digits representing diff --git a/make-secnet-sites b/make-secnet-sites index b7720d2..820d272 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -86,7 +86,7 @@ if version_info.major == 2: # for python2 import io open=lambda f,m='r': io.open(f,m,encoding='utf-8') -max={'rsa_bits':8200,'name':33,'dh_bits':8200} +max={'rsa_bits':8200,'name':33,'dh_bits':8200,'algname':127} def debugrepr(*args): if debug_level > 0: @@ -415,6 +415,11 @@ class address (basetype): class pubkey (basetype): "Some kind of publie key" + def __init__(self,w): + self.a=w[1].name('algname') + self.d=w[2].base91(); + def __str__(self): + return 'make-public("%s","%s")'%(self.a,self.d) class rsakey (pubkey): "An RSA public key" @@ -425,10 +430,14 @@ class rsakey (pubkey): if len(w) >= 5: w[4].email() def __str__(self): return 'rsa-public("%s","%s")'%(self.e,self.n) + # this specialisation means we can generate files + # compatible with old secnet executables def somepubkey(w): if w[0]=='pubkey': return rsakey(w) + elif w[0]=='pub': + return pubkey(w) else: assert(False) @@ -444,6 +453,7 @@ keywords={ 'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"), 'restrict-nets':(networks,"Allowable networks"), 'networks':(networks,"Claimed networks"), + 'pub':(listof(somepubkey),"new style public site key",'pubkey'), 'pubkey':(listof(somepubkey),"RSA public site key"), 'peer':(single_ipaddr,"Tunnel peer IP address"), 'address':(address,"External contact address and port"), @@ -564,6 +574,7 @@ class sitelevel(level): 'address':sp, 'networks':None, 'peer':None, + 'pub':None, 'pubkey':None, 'mobile':sp, }) -- 2.30.2