Change our view of the Diffie--Hellman closure protocol.

[secnet] / secnet.h

diff --git a/secnet.h b/secnet.h
index b23ffa8..731687e 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -612,17 +612,27 @@ struct netlink_if {
 
 /* DH interface */
 
-/* Returns public key as a malloced hex string */
+/* Returns public key as a malloced hex string.  The secretlen will be the
+ * secret_len reported by the closure.  This operation is not expected to
+ * fail.
+ */
 typedef string_t dh_makepublic_fn(void *st, uint8_t *secret,
                                  int32_t secretlen);
-/* Fills buffer (up to buflen) with shared secret */
+
+/* Fills buffer (up to buflen) with shared secret.  The rempublic string
+ * comes from the remote site, and may not be acceptable, though it has been
+ * checked for memory-safety.  The secretlen and buflen are the secret_len
+ * and shared_len reported by the closure, respectively.  Return false on
+ * faliure (e.g., if the publiclen is unacceptable).
+ */
 typedef bool_t dh_makeshared_fn(void *st, uint8_t *secret,
                                int32_t secretlen, cstring_t rempublic,
                                uint8_t *sharedsecret, int32_t buflen);
+
 struct dh_if {
     void *st;
-    int32_t len; /* Approximate size of modulus in bytes */
-    int32_t ceil_len; /* Number of bytes just sufficient to contain modulus */
+    int32_t secret_len; /* Size of random secret to generate */
+    int32_t shared_len; /* Size of generated shared secret */
     dh_makepublic_fn *makepublic;
     dh_makeshared_fn *makeshared;
 };