From a4902c660c01eaada34877d32f374a7d05947b46 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Fri, 28 Apr 2017 22:51:36 +0100 Subject: [PATCH] make-secnet-sites: Make the `dh' property be listish, and add XDH groups. Also add these to `mdw-test/sites' to test the new functionality. Signed-off-by: Mark Wooding --- README.make-secnet-sites | 13 ++++++++++--- make-secnet-sites | 7 +++++-- mdw-test/sites | 1 + 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/README.make-secnet-sites b/README.make-secnet-sites index 240ce41..ac64fb4 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -131,9 +131,16 @@ INPUT SYNTAX location levels. dh P G - Assigns a Diffie--Hellman closure to the `dh' key, - constructed as `diffie-hellman(P, G)'. Acceptable at all - levels; required at site level. + dh GROUP-NAME + Assigns a Diffie--Hellman closure to the `dh' key. If + MODULUS and GENERATOR are given, the closure is + constructed as `diffie-hellman(P, G)'. If a GROUP-NAME + is given, it must be one of `x25519' or `x448', and the + like-named pre-existing DH closure is used. This is a + listish property: it can be set more than once and the + values are accumulated into a list in the output. + + Acceptable at all levels; required at site level. hash HASH-NAME Assigns the HASH-NAME to the `hash' key. The HASH-NAME diff --git a/make-secnet-sites b/make-secnet-sites index c079bcc..e63a2c2 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -103,13 +103,16 @@ class networks (basetype): def __str__(self): return ",".join(map((lambda n: '"%s"'%n), self.set.networks())) -class dhgroup (basetype): +class trad_dhgroup (basetype): "A Diffie-Hellman group" def __init__(self,w): self.mod=w[1] self.gen=w[2] def __str__(self): return 'diffie-hellman("%s","%s")'%(self.mod,self.gen) +def dhgroup(w): + if w[1] in ('x25519', 'x448'): return w[1] + else: return trad_dhgroup(w) class hash (basetype): "A choice of hash function" @@ -168,7 +171,7 @@ class rsakey (basetype): # Possible properties of configuration nodes keywords={ 'contact':(email,"Contact address"), - 'dh':(dhgroup,"Diffie-Hellman group"), + 'dh':(listof(dhgroup),"Diffie-Hellman group"), 'hash':(hash,"Hash function"), 'key-lifetime':(num,"Maximum key lifetime (ms)"), 'setup-timeout':(num,"Key setup timeout (ms)"), diff --git a/mdw-test/sites b/mdw-test/sites index 8b95e2f..f944ba7 100644 --- a/mdw-test/sites +++ b/mdw-test/sites @@ -30,6 +30,7 @@ hash sha1 ## 0 <= i < 12, so p is prime by Pocklington's theorem. Finally, set q = ## q_0, and g = 2^{(p-1)/q}, so that g has order q in GF(p)^*. dh ef1233764fabef4f216f957871e7e9eda5a82d31aa1036ec54dd1d7f1dc6d15918370ebea703adbecf8ef48ca4760b555504b58eeadfe7ccfea8966096701434480dae0477537b1e8c56771b26742688a3804314ddbcd9121d21d1cdeb0574ab4f487a68b287e760305a8557d4b81aac36505ef206715e01ba581b4fed24f1806dc81051cedcbf78547574ef699f24b2aa02b0ae6d8dab4091795ed6ee95bf3120c8a7c7e607f4611b58f83bc0acde50a5345ff570366a2a3994b5ec09f1bb95a900f4b28ffd1b75336be514aaff162c810c35d65924710780f0954168d45a78179dbe496cd26fbc038846cbf054d8ae69bda87698a836866bde3d2c2aa4d7a2fb9a6cc3330d06f1e83e859f585f1612dd389badad41370a8d955dfd98ff241b0227130656b959962fc29e9721f7112bde43b4d09eb29db1ffac0a37ee25dbe99e1c4ea9bc23210971d2f02d8bc000f3caa711a6bab24ceab5022af119361bcb59b0c070989c8fb1ef005cef2aa988dabe9a822c082c374e15a94d8a0acd4a03 5418fc17aa90e9f025db7015c68748c63b021df235eb3f8dfc7a28bbfa0a119da168be262b639df2c285238713ef31075379dd4342ce526520e6b6d7d073509d1ff893dfed769536483228b89c00ec3b66b355d0158167e0f3bf67f34fdcbb40ffdd87d3cea8bc0723560d276f378301d120cb6ff5124ed325f1f7a93516f7f23ec5ba41a090a3c720f4a49bc2345304fd4683144f2b6970ee14e19dd75b95ce2273811de39cad185981eb5247f5049ae268390e1f54008fd052d1b6c07b5d93636db66a08de861cc4463512170c258221eb599ae595116274a71983f6e1f127609ca2114b244786b1648c0b9a7b4eb43073034fd19efce1f755b2e572d682176083eabfeba0bb5605de0c5c5ea01d6244284872a7f7e9a88105cde69c017590765ff24a62001b7674c39ee10260e440f56ab749fe352a3eb84b94981166e7a63bd294333668fcf9aa09ac7f133760a9d177d28bdfa4ee254dee39fa845a0230d6cf04384678970a88e20e829645e22fca339083803eb107282d0b4afd377e9a +#dh x448 ###-------------------------------------------------------------------------- location alice alice -- 2.11.0