X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/67bb121fe7f962872421d0b8a16953ade26bfb43..de8edc7fdb0a26ca9cb736a49b020a64ee4a0d40:/keys/tripe-keys.in diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in index f40f3965..62b62b6e 100644 --- a/keys/tripe-keys.in +++ b/keys/tripe-keys.in @@ -244,17 +244,21 @@ def conf_defaults(): 'ec': 'ec-param'}[conf['kx']]), ('kx-param', lambda: {'dh': '-LS -b3072 -B256', 'ec': '-Cnist-p256'}[conf['kx']]), - ('kx-attrs', ''), + ('kx-attrs', 'serialization=constlen'), ('kx-expire', 'now + 1 year'), ('kx-warn-days', '28'), - ('cipher', 'rijndael-cbc'), + ('bulk', 'iiv'), + ('cipher', lambda: conf['bulk'] == 'naclbox' + and 'salsa20' or 'rijndael-cbc'), ('hash', 'sha256'), ('master-keygen-flags', '-l'), ('master-attrs', ''), ('mgf', '${hash}-mgf'), - ('mac', lambda: '%s-hmac/%d' % - (conf['hash'], - C.gchashes[conf['hash']].hashsz * 4)), + ('mac', lambda: conf['bulk'] == 'naclbox' + and 'poly1305/128' + or '%s-hmac/%d' % + (conf['hash'], + C.gchashes[conf['hash']].hashsz * 4)), ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]), ('sig-fresh', 'always'), ('sig-genalg', lambda: {'kcdsa': 'dh', @@ -262,11 +266,15 @@ def conf_defaults(): 'rsapkcs1': 'rsa', 'rsapss': 'rsa', 'ecdsa': 'ec', - 'eckcdsa': 'ec'}[conf['sig']]), + 'eckcdsa': 'ec', + 'ed25519': 'ed25519', + 'ed448': 'ed448'}[conf['sig']]), ('sig-param', lambda: {'dh': '-LS -b3072 -B256', 'dsa': '-b3072 -B256', 'ec': '-Cnist-p256', - 'rsa': '-b3072'}[conf['sig-genalg']]), + 'rsa': '-b3072', + 'ed25519': '', + 'ed448': ''}[conf['sig-genalg']]), ('sig-hash', '${hash}'), ('sig-expire', 'forever'), ('fingerprint-hash', '${hash}')]: @@ -374,7 +382,7 @@ def cmd_setup(args): -a${kx-param-genalg} !${kx-param} -eforever -tparam tripe-param kx-group=${kx} mgf=${mgf} mac=${mac} - cipher=${cipher} hash=${hash} ${kx-attrs}''') + bulk=${bulk} cipher=${cipher} hash=${hash} ${kx-attrs}''') cmd_newmaster(args) ###-------------------------------------------------------------------------- @@ -548,24 +556,39 @@ def cmd_check(args): ###-------------------------------------------------------------------------- ### Commands: mtu +def mac_tagsz(): + macname = conf['mac'] + index = macname.rindex('/') + if index == -1: tagsz = C.gcmacs[macname].tagsz + else: tagsz = int(macname[index + 1:])/8 + return tagsz + def cmd_mtu(args): mtu, = (lambda mtu = '1500': (mtu,))(*args) mtu = int(mtu) - blksz = C.gcciphers[conf['cipher']].blksz - - index = conf['mac'].find('/') - if index == -1: - tagsz = C.gcmacs[conf['mac']].tagsz - else: - tagsz = int(conf['mac'][index + 1:])/8 - mtu -= 20 # Minimum IP header mtu -= 8 # UDP header mtu -= 1 # TrIPE packet type octet - mtu -= tagsz # MAC tag - mtu -= 4 # Sequence number - mtu -= blksz # Initialization vector + + bulk = conf['bulk'] + + if bulk == 'v0': + blksz = C.gcciphers[conf['cipher']].blksz + mtu -= mac_tagsz() # MAC tag + mtu -= 4 # Sequence number + mtu -= blksz # Initialization vector + + elif bulk == 'iiv': + mtu -= mac_tagsz() # MAC tag + mtu -= 4 # Sequence number + + elif bulk == 'naclbox': + mtu -= 16 # MAC tag + mtu -= 4 # Sequence number + + else: + die("Unknown bulk transform `%s'" % bulk) print mtu