~mdw / secnet / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 088f80a) | patch
Introduce negotiation for Diffie--Hellman groups.
authorMark Wooding <mdw@distorted.org.uk>
Sat, 29 Apr 2017 12:55:40 +0000 (13:55 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Wed, 25 Sep 2019 12:46:59 +0000 (13:46 +0100)
commit9c6af4eca6bfb7bed6f86b1f32479f933979c080
treee3479cee73b3fbe403a942fe2700c64e1303ec32tree | snapshot (tar.gz zip)
parent088f80a16f384041909c6df6c5fbc98c0d76427fcommit | diff
Introduce negotiation for Diffie--Hellman groups.

For the most part, this slots into the space previously prepared for
it.  However, there are a few subtleties.

The most significant one is that existing Secnets don't pay attention to
the high 16 cap bits.  To bring them into availability, we introduce a
signalling system.  If bit 15 is set, then

  * all of the bits are scanned for capabilities, and

  * it is expected that sender has advertised its DH groups explicitly.

If the bit is clear, then we have the old situation:

  * firstly, only the low 16 bits are scanned for transform cap bits,
    and

  * secondly, it is assumed that the sender only implements traditional
    integer Diffie--Hellman, cap 10, with some appropriately determined
    group.

We also set the explicit bit if one of the high capability bits is set.

As part of this, add a parameter to the `diffie-hellman' closure to
configure its advertised group cap.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
NOTES diff | blob | blame | history
dh.c diff | blob | blame | history
magic.h diff | blob | blame | history
secnet-wireshark.lua diff | blob | blame | history
secnet.8 diff | blob | blame | history
secnet.h diff | blob | blame | history
site.c diff | blob | blame | history
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/