From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 25 Jul 2013 17:30:53 +0000 (+0100)
Subject: site: support multiple transforms
X-Git-Tag: debian/0.3.0_beta2~8
X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/commitdiff_plain/5b5f297f9a9d47ee7e9804d5bdaa552f1953c6b6?hp=5b5f297f9a9d47ee7e9804d5bdaa552f1953c6b6

site: support multiple transforms

The "transform" key in site's dictionary argument can now be a list,
as well as just a single transform.

We use 16 bits of the capability mechanism to advertise the transforms
we support; the config is supposed to nominate a transform capability
number (from 0 to 15) for each transform closure - although the
default numbers are sufficient if you don't need to do parameter
rollover.

The receiver of MSG2 intersects the two bitmaps and chooses the best
transform, and states its choice in MSG3.

A protocol downgrade attack is prevented by the fact that the
capability bitmaps are advertised in the signed parts of MSG3 and
MSG4.  (If the one in MSG4 doesn't match what was in MSG2, the MSG4 is
rejected and presumably the key exchange fails.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---