Secnet progress

Wed Sep 25 23:24:57 BST 2019

My Secnet repository is at

        https://git.distorted.org.uk/~mdw/secnet/

(the same URL works for browsing or cloning).  You can use `git://...'
too, but I don't recommend it because it provides no authenticity.

My `master' is just tracking upstream.

I (still :-( ) haven't gone back to read Ian's previous email comments;
I'm just blundering on ahead, in the vague hope that it won't be too
hard to fix things so that other people don't hate them.

`mdw/springclean' contains some miscellaneous fixes, a Wireshark
dissector, and a reorganization of the capability-bit handling.  This is
stuff that my previous XDH work built on, but disentangled from that.

`mdw/xdh' contains the rest of my XDH work, and is where I'm currently
working.  It starts by refactoring the DH closure interface, then moves
onto DH group negotiation, and then adds Bernstein's X25519 and X448.

Usually, `mdw/...' branches are aggressively rewinding.  I'm going to
hold off on that for a while.  Commit messages starting `@@@ ...'
indicate temporary commits which I intend to tidy up later.  The rest of
the message is usually extremely terse.

So, what is there?

Some of the `mdw/springclean' patches are new, fixing things that I
thought looked wrong in upstream work.  Apart from that, as far as the
`make-secnet-sites' changes, things are as they were two years ago, only
rebased onto modern `master'.

After that, I introduce the `import-catacomb-crypto' script, and we have
new things, but I'm prioritizing forward progress over tidiness.  The
script seems to be doing a reasonable job of copying the necessary code
out of a Catacomb working tree and making a useful commit message.  The
`Update crypto code' commits should be good examples of the sort of
thing to expect.  The main thing the script lacks is any kind of
parameterization.  In particular, it assumes there' a Catacomb working
tree in `../catacomb'.  I should make that configurable.  I also want to
add molly guards against importing from dirty working trees or rewinding
branches, and against running it in a dirty working tree.

Beyond that, I've split apart and enhanced the test machinery[1] I wrote
last time to cope with the larger number of primitives we want now, and
integrated the full versions of the field arithmetic code.

Oh, and I've just got Ed25519 working.

Ed448 will have to wait for a bit: I have to do Keccak/SHA3/SHAKE first.
(Honestly, X448 with Ed25519 is a fine combination even for very
paranoid people.  It's the DH which has to withstand a long-term
attack.)

[1] This is in many ways better than the code I use in Catacomb.  I'm
    thinking of switching at some point.

-- [mdw]