From: Mark Wooding Date: Mon, 29 Dec 2008 17:52:32 +0000 (+0000) Subject: server/admin: New ALGS command. X-Git-Tag: 1.0.0pre8~35^2~1 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/449991a38a59d04c723791a3ca2897da5f2d9709 server/admin: New ALGS command. Returns information about crypto algorithms in use. Can be used to compute MTUs, for example. --- diff --git a/server/admin.c b/server/admin.c index c4433e45..045727f7 100644 --- a/server/admin.c +++ b/server/admin.c @@ -1646,6 +1646,34 @@ static void acmd_bgcancel(admin *a, unsigned ac, char *av[]) } } +static void acmd_algs(admin *a, unsigned ac, char *av[]) +{ + a_info(a, + "kx-group=%s", gg->ops->name, + "kx-group-order-bits=%lu", (unsigned long)mp_bits(gg->r), + "kx-group-elt-bits=%lu", (unsigned long)gg->nbits, + A_END); + a_info(a, + "hash=%s", algs.h->name, + "mgf=%s", algs.mgf->name, + "hash-sz=%lu", (unsigned long)algs.h->hashsz, + A_END); + a_info(a, + "cipher=%s", algs.c->name, + "cipher-keysz=%lu", (unsigned long)algs.cksz, + "cipher-blksz=%lu", (unsigned long)algs.c->blksz, + A_END); + a_info(a, + "cipher-data-limit=%lu", (unsigned long)algs.expsz, + A_END); + a_info(a, + "mac=%s", algs.m->name, + "mac-keysz=%lu", (unsigned long)algs.mksz, + "mac-tagsz=%lu", (unsigned long)algs.tagsz, + A_END); + a_ok(a); +} + static void acmd_list(admin *a, unsigned ac, char *av[]) { FOREACH_PEER(p, { a_info(a, "%s", p_name(p), A_END); }); @@ -1846,6 +1874,7 @@ static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]); static const acmd acmdtab[] = { { "add", "[OPTIONS] PEER ADDR ...", 2, 0xffff, acmd_add }, { "addr", "PEER", 1, 1, acmd_addr }, + { "algs", 0, 0, 0, acmd_algs }, { "bgcancel", "TAG", 1, 1, acmd_bgcancel }, { "checkchal", "CHAL", 1, 1, acmd_checkchal }, { "daemon", 0, 0, 0, acmd_daemon }, diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in index 3442b023..c493d187 100644 --- a/server/tripe-admin.5.in +++ b/server/tripe-admin.5.in @@ -344,6 +344,78 @@ Emits an line reporting the IP address and port number stored for .IR peer . .SP +.B "ALGS" +Emits information about the cryptographic algorithms in use, in +key-value form. The keys are as follows. +.RS +.TP +.B kx-group +Type of key-exchange group in use, currently either +.B ec +or +.BR prime . +.TP +.B kx-group-order-bits +Length of the group order, in bits. This gives an approximate measure +of the group strength. +.TP +.B kx-group-elt-bits +Length of a group element, in bits. This may be useful when analyzing +protocol traces. +.TP +.B hash +The hash function in use, e.g., +.BR sha256 . +.TP +.B mgf +The mask-generating function in use, e.g., +.BR whirlpool-mgf . +.TP +.B hashsz +The size of the hash function's output, in octets. +.TP +.B cipher +The name of the bulk data cipher in use, e.g., +.BR blowfish-cbc . +.TP +.B cipher-keysz +The length of key used by the bulk data cipher, in octets. +.TP +.B cipher-blksz +The block size of the bulk data cipher, or zero if it's not based on a +block cipher. +.TP +.B cipher-data-limit +The maximum amount of data to be encrypted using a single key. (A new +key exchange is instigated well before the limit is reached, in order to +allow for a seamless changeover of keys.) +.TP +.B mac +The message authentication algorithm in use, e.g., +.BR ripemd160-hmac .. +.TP +.B mac-keysz +The length of the key used by the message authentication algorithm, in +octets. +.TP +.B mac-tagsz +The length of the message authentication tag, in octets. +.PP +The various sizes are useful, for example, when computing the MTU for a +tunnel interface. If +.I MTU +is the MTU of the path to the peer, then the tunnel MTU should be +.IP +.I MTU +\- 33 \- +.I cipher-blksz +\- +.I mac-tagsz +.PP +allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type +octet, a four-octet sequence number, an IV, and a MAC tag. +.RE +.SP .BI "BGCANCEL " tag Cancels the background job with the named .IR tag .