From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 08:26:09 +0000 (+0100)
Subject: keys/tripe-keys.in: Provide `kx-genalg' and `kx-param-genalg' options.
X-Git-Tag: 1.0.0pre19~18
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/256bc8d0263f36d6a6589d989f809d90d6c5ec1e

keys/tripe-keys.in: Provide `kx-genalg' and `kx-param-genalg' options.

Not all `tripe' key exchange groups G necessarily have `key'
key-generation algorithms named `G' and `G-param' corresponding to them;
it's just a coincidence that they do at the moment.
---

diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in
index 3e5c777b..06ba3e49 100644
--- a/keys/tripe-keys.conf.5.in
+++ b/keys/tripe-keys.conf.5.in
@@ -143,6 +143,46 @@ or
 .BR dh .
 .ne 7
 .TP
+.I kx-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating keys.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx	kx-genalg
+_
+dh	dh
+ec	ec
+_
+.TE
+.ne 7
+.TP
+.I kx-param-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating the parameters key.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx	kx-param-genalg
+_
+dh	dh-param
+ec	ec-param
+_
+.TE
+.ne 7
+.TP
 .I kx-param
 Options to pass to
 .B "key add"
diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 46e1816a..ce9f74dc 100644
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -238,6 +238,10 @@ def conf_defaults():
                ('conf-file', '${base-dir}tripe-keys.conf'),
                ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
+               ('kx-genalg', lambda: {'dh': 'dh',
+                                      'ec': 'ec'}[conf['kx']]),
+               ('kx-param-genalg', lambda: {'dh': 'dh-param',
+                                            'ec': 'ec-param'}[conf['kx']]),
                ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
                ('kx-expire', 'now + 1 year'),
@@ -365,7 +369,7 @@ def cmd_newmaster(args):
 def cmd_setup(args):
   OS.mkdir('repos')
   run('''key -krepos/param add
-    -a${kx}-param !${kx-param}
+    -a${kx-param-genalg} !${kx-param}
     -eforever -tparam tripe-param
     kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
   cmd_newmaster(args)
@@ -489,7 +493,7 @@ def cmd_generate(args):
   keyring_pub = 'peer-%s.pub' % tag
   zap('keyring'); zap(keyring_pub)
   run('key -kkeyring merge repos/param')
-  run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe' %
+  run('key -kkeyring add -a${kx-genalg} -pparam -e${kx-expire} -t%s tripe' %
       tag)
   run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag))