keys/tripe-keys.in, keys/tripe-keys.conf.5.in: Allow setting attributes.

[tripe] / keys / tripe-keys.in

diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index db577b6266869da79a030b335f7478fb06cbf5ce..f40f3965ee0970b13baca580a613bbb6e6cc5d2a 100644 (file)
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -238,13 +238,19 @@ def conf_defaults():
                ('conf-file', '${base-dir}tripe-keys.conf'),
                ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
+               ('kx-genalg', lambda: {'dh': 'dh',
+                                      'ec': 'ec'}[conf['kx']]),
+               ('kx-param-genalg', lambda: {'dh': 'dh-param',
+                                            'ec': 'ec-param'}[conf['kx']]),
                ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
+               ('kx-attrs', ''),
                ('kx-expire', 'now + 1 year'),
                ('kx-warn-days', '28'),
                ('cipher', 'rijndael-cbc'),
                ('hash', 'sha256'),
                ('master-keygen-flags', '-l'),
+               ('master-attrs', ''),
                ('mgf', '${hash}-mgf'),
                ('mac', lambda: '%s-hmac/%d' %
                          (conf['hash'],
@@ -356,7 +362,7 @@ def cmd_newmaster(args):
   run('''key -kmaster add
     -a${sig-genalg} !${sig-param}
     -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
-    sig=${sig} hash=${sig-hash}''' % seq)
+    sig=${sig} hash=${sig-hash} !${master-attrs}''' % seq)
   run('key -kmaster extract -f-secret repos/master.pub')
 
 ###--------------------------------------------------------------------------
@@ -365,9 +371,10 @@ def cmd_newmaster(args):
 def cmd_setup(args):
   OS.mkdir('repos')
   run('''key -krepos/param add
-    -a${kx}-param !${kx-param}
+    -a${kx-param-genalg} !${kx-param}
     -eforever -tparam tripe-param
-    kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
+    kx-group=${kx} mgf=${mgf} mac=${mac}
+    cipher=${cipher} hash=${hash} ${kx-attrs}''')
   cmd_newmaster(args)
 
 ###--------------------------------------------------------------------------
@@ -420,6 +427,16 @@ def cmd_upload(args):
     for base in commit:
       new = '%s.new' % base
       OS.rename(new, base)
+
+    ## Remove files in the base-dir which don't correspond to ones we just
+    ## committed
+    allow = {}
+    basedir = conf['base-dir']
+    bdl = len(basedir)
+    for base in commit:
+      if base.startswith(basedir): allow[base[bdl:]] = 1
+    for found in OS.listdir(basedir):
+      if found not in allow: OS.remove(OS.path.join(basedir, found))
   finally:
     OS.chdir(cwd)
     rmtree('tmp')
@@ -479,7 +496,7 @@ def cmd_generate(args):
   keyring_pub = 'peer-%s.pub' % tag
   zap('keyring'); zap(keyring_pub)
   run('key -kkeyring merge repos/param')
-  run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe' %
+  run('key -kkeyring add -a${kx-genalg} -pparam -e${kx-expire} -t%s tripe' %
       tag)
   run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag))