From 8fb3bdd70f72c67472d3ec32cb825ba00605f630 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 29 Apr 2017 13:55:40 +0100 Subject: [PATCH] dh.c, secnet.8: Allow `diffie-hellman' to take a dictionary of arguments. I want to add more optional arguments to this, but it'll get rather unwieldy. Signed-off-by: Mark Wooding --- dh.c | 61 +++++++++++++++++++++++++++++++++++-------------------------- secnet.8 | 27 +++++++++++++++++++++++---- 2 files changed, 58 insertions(+), 30 deletions(-) diff --git a/dh.c b/dh.c index 68318ce..11f1d35 100644 --- a/dh.c +++ b/dh.c @@ -92,7 +92,9 @@ static list_t *dh_apply(closure_t *self, struct cloc loc, dict_t *context, { struct dh *st; string_t p,g; + dict_t *dict = 0; item_t *i; + bool_t check = True; NEW(st); st->cl.description="dh"; @@ -103,40 +105,47 @@ static list_t *dh_apply(closure_t *self, struct cloc loc, dict_t *context, st->ops.makepublic=dh_makepublic; st->ops.makeshared=dh_makeshared; st->loc=loc; - /* We have two string arguments: the first is the modulus, and the - second is the generator. Both are in hex. */ + + /* We either have two string arguments and maybe a boolean, or a + * dictionary + */ i=list_elem(args,0); - if (i) { - if (i->type!=t_string) { - cfgfatal(i->loc,"diffie-hellman","first argument must be a " - "string\n"); - } - p=i->data.string; - if (mpz_init_set_str(&st->p,p,16)!=0) { - cfgfatal(i->loc,"diffie-hellman","\"%s\" is not a hex number " - "string\n",p); - } + if (i && i->type==t_dict) { + dict=i->data.dict; + p=dict_read_string(dict,"p",True,"diffie-hellman",loc); + g=dict_read_string(dict,"g",True,"diffie-hellman",loc); + check=dict_read_bool(dict,"check",False,"diffie-hellman",loc,True); } else { - cfgfatal(loc,"diffie-hellman","you must provide a prime modulus\n"); - } - - i=list_elem(args,1); - if (i) { - if (i->type!=t_string) { + if (!i) + cfgfatal(loc,"diffie-hellman","you must provide a prime modulus\n"); + else if (i->type!=t_string) + cfgfatal(i->loc,"diffie-hellman", + "first argument must be a string or a dictionary\n"); + p=i->data.string; + i=list_elem(args,1); + if (!i) + cfgfatal(loc,"diffie-hellman","you must provide a generator\n"); + else if (i->type!=t_string) cfgfatal(i->loc,"diffie-hellman","second argument must be a " "string\n"); - } g=i->data.string; - if (mpz_init_set_str(&st->g,g,16)!=0) { - cfgfatal(i->loc,"diffie-hellman","\"%s\" is not a hex number " - "string\n",g); + i=list_elem(args,2); + if (i) { + if (i->type!=t_bool) + cfgfatal(i->loc,"diffie-hellman", + "third argument must be boolean or omitted\n"); + check=i->data.bool; } - } else { - cfgfatal(loc,"diffie-hellman","you must provide a generator\n"); } - i=list_elem(args,2); - if (i && i->type==t_bool && i->data.bool==False) { + if (mpz_init_set_str(&st->p,p,16)!=0) + cfgfatal(loc,"diffie-hellman","\"%s\" is not a hex number " + "string\n",p); + if (mpz_init_set_str(&st->g,g,16)!=0) + cfgfatal(i->loc,"diffie-hellman","\"%s\" is not a hex number " + "string\n",g); + + if (!check) { Message(M_INFO,"diffie-hellman (%s:%d): skipping modulus " "primality check\n",loc.file,loc.line); } else { diff --git a/secnet.8 b/secnet.8 index 3a5340f..f8cd48f 100644 --- a/secnet.8 +++ b/secnet.8 @@ -300,18 +300,37 @@ network addresses. .SS diffie-hellman .PP \fBdiffie-hellman(\fIMODULUS\fB, \fIGENERATOR\fR[\fB, \fICHECK\fR]\fB)\fR => \fIdh closure\fR -.TP -.I MODULUS +.br +\fBdiffie-hellman(\fIDICT\fB)\fR => \fIdh closure\fR +Defines a Diffie\(enHellman group which uses +traditional Diffie\(enHellman modulo a large prime number. +Arguments may be provided +either as positional arguments +or in a dictionary. +Dictionary keys are described below; +those keys which correspond with positional arguments +are mentioned in the individual descriptions. +.TP +.B p String. The prime modulus \fIp\fR in hex. +Corresponds to the +.I MODULUS +argument. .TP -.I GENERATOR +.B g String. The generator \fIg\fR in hex. +Corresponds to the +.I GENERATOR +argument. .TP -.I CHECK +.B check Boolean. If \fBtrue\fR (the default) then check if \fIp\fR is prime. +Corresponds to the +.I CHECK +argument. .PP A \fIdh closure\fR defines a group to be used for key exchange. -- 2.11.0