}
}
+static void acmd_algs(admin *a, unsigned ac, char *av[])
+{
+ a_info(a,
+ "kx-group=%s", gg->ops->name,
+ "kx-group-order-bits=%lu", (unsigned long)mp_bits(gg->r),
+ "kx-group-elt-bits=%lu", (unsigned long)gg->nbits,
+ A_END);
+ a_info(a,
+ "hash=%s", algs.h->name,
+ "mgf=%s", algs.mgf->name,
+ "hash-sz=%lu", (unsigned long)algs.h->hashsz,
+ A_END);
+ a_info(a,
+ "cipher=%s", algs.c->name,
+ "cipher-keysz=%lu", (unsigned long)algs.cksz,
+ "cipher-blksz=%lu", (unsigned long)algs.c->blksz,
+ A_END);
+ a_info(a,
+ "cipher-data-limit=%lu", (unsigned long)algs.expsz,
+ A_END);
+ a_info(a,
+ "mac=%s", algs.m->name,
+ "mac-keysz=%lu", (unsigned long)algs.mksz,
+ "mac-tagsz=%lu", (unsigned long)algs.tagsz,
+ A_END);
+ a_ok(a);
+}
+
static void acmd_list(admin *a, unsigned ac, char *av[])
{
FOREACH_PEER(p, { a_info(a, "%s", p_name(p), A_END); });
static const acmd acmdtab[] = {
{ "add", "[OPTIONS] PEER ADDR ...", 2, 0xffff, acmd_add },
{ "addr", "PEER", 1, 1, acmd_addr },
+ { "algs", 0, 0, 0, acmd_algs },
{ "bgcancel", "TAG", 1, 1, acmd_bgcancel },
{ "checkchal", "CHAL", 1, 1, acmd_checkchal },
{ "daemon", 0, 0, 0, acmd_daemon },
line reporting the IP address and port number stored for
.IR peer .
.SP
+.B "ALGS"
+Emits information about the cryptographic algorithms in use, in
+key-value form. The keys are as follows.
+.RS
+.TP
+.B kx-group
+Type of key-exchange group in use, currently either
+.B ec
+or
+.BR prime .
+.TP
+.B kx-group-order-bits
+Length of the group order, in bits. This gives an approximate measure
+of the group strength.
+.TP
+.B kx-group-elt-bits
+Length of a group element, in bits. This may be useful when analyzing
+protocol traces.
+.TP
+.B hash
+The hash function in use, e.g.,
+.BR sha256 .
+.TP
+.B mgf
+The mask-generating function in use, e.g.,
+.BR whirlpool-mgf .
+.TP
+.B hashsz
+The size of the hash function's output, in octets.
+.TP
+.B cipher
+The name of the bulk data cipher in use, e.g.,
+.BR blowfish-cbc .
+.TP
+.B cipher-keysz
+The length of key used by the bulk data cipher, in octets.
+.TP
+.B cipher-blksz
+The block size of the bulk data cipher, or zero if it's not based on a
+block cipher.
+.TP
+.B cipher-data-limit
+The maximum amount of data to be encrypted using a single key. (A new
+key exchange is instigated well before the limit is reached, in order to
+allow for a seamless changeover of keys.)
+.TP
+.B mac
+The message authentication algorithm in use, e.g.,
+.BR ripemd160-hmac ..
+.TP
+.B mac-keysz
+The length of the key used by the message authentication algorithm, in
+octets.
+.TP
+.B mac-tagsz
+The length of the message authentication tag, in octets.
+.PP
+The various sizes are useful, for example, when computing the MTU for a
+tunnel interface. If
+.I MTU
+is the MTU of the path to the peer, then the tunnel MTU should be
+.IP
+.I MTU
+\- 33 \-
+.I cipher-blksz
+\-
+.I mac-tagsz
+.PP
+allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
+octet, a four-octet sequence number, an IV, and a MAC tag.
+.RE
+.SP
.BI "BGCANCEL " tag
Cancels the background job with the named
.IR tag .