From: Mark Wooding Date: Sat, 29 Apr 2017 12:55:40 +0000 (+0100) Subject: Introduce negotiation for Diffie--Hellman groups. X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/secnet/commitdiff_plain/9c6af4eca6bfb7bed6f86b1f32479f933979c080?ds=inline;hp=9c6af4eca6bfb7bed6f86b1f32479f933979c080 Introduce negotiation for Diffie--Hellman groups. For the most part, this slots into the space previously prepared for it. However, there are a few subtleties. The most significant one is that existing Secnets don't pay attention to the high 16 cap bits. To bring them into availability, we introduce a signalling system. If bit 15 is set, then * all of the bits are scanned for capabilities, and * it is expected that sender has advertised its DH groups explicitly. If the bit is clear, then we have the old situation: * firstly, only the low 16 bits are scanned for transform cap bits, and * secondly, it is assumed that the sender only implements traditional integer Diffie--Hellman, cap 10, with some appropriately determined group. We also set the explicit bit if one of the high capability bits is set. As part of this, add a parameter to the `diffie-hellman' closure to configure its advertised group cap. Signed-off-by: Mark Wooding ---