From 67bb121fe7f962872421d0b8a16953ade26bfb43 Mon Sep 17 00:00:00 2001
Message-Id: <67bb121fe7f962872421d0b8a16953ade26bfb43.1715192908.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Tue, 18 Apr 2017 00:39:24 +0100
Subject: [PATCH] keys/tripe-keys.in, keys/tripe-keys.conf.5.in: Allow setting
 attributes.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

Add `master-attrs' and `kx-attrs' options to allow setting arbitrary
attributes on keys.
---
 keys/tripe-keys.conf.5.in | 15 +++++++++++++++
 keys/tripe-keys.in        |  7 +++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in
index 06ba3e49..b6bc6eb6 100644
--- a/keys/tripe-keys.conf.5.in
+++ b/keys/tripe-keys.conf.5.in
@@ -117,6 +117,13 @@ default.  Usually set up automatically.
 Additional options for generating master keys.  Default is
 .RB ` -l '.
 .TP
+.I master-attrs
+Additional attributes to set on the master key,
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
 .I hk-master
 The fingerprint of the current master signing key.  No default.  Usually
 set up automatically.
@@ -201,6 +208,14 @@ ec	\-Cnist-p256
 _
 .TE
 .TP
+.I kx-attrs
+Additional attributes to set on the parameters
+(and therefore copied to peer keys),
+as
+.IB key = value
+pairs separated by spaces.
+Default is empty.
+.TP
 .I kx-expire
 Expiry time for generated keys.  Default is
 .BR "now + 1 year" .
diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index ce9f74dc..f40f3965 100644
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -244,11 +244,13 @@ def conf_defaults():
                                             'ec': 'ec-param'}[conf['kx']]),
                ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
+               ('kx-attrs', ''),
                ('kx-expire', 'now + 1 year'),
                ('kx-warn-days', '28'),
                ('cipher', 'rijndael-cbc'),
                ('hash', 'sha256'),
                ('master-keygen-flags', '-l'),
+               ('master-attrs', ''),
                ('mgf', '${hash}-mgf'),
                ('mac', lambda: '%s-hmac/%d' %
                          (conf['hash'],
@@ -360,7 +362,7 @@ def cmd_newmaster(args):
   run('''key -kmaster add
     -a${sig-genalg} !${sig-param}
     -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
-    sig=${sig} hash=${sig-hash}''' % seq)
+    sig=${sig} hash=${sig-hash} !${master-attrs}''' % seq)
   run('key -kmaster extract -f-secret repos/master.pub')
 
 ###--------------------------------------------------------------------------
@@ -371,7 +373,8 @@ def cmd_setup(args):
   run('''key -krepos/param add
     -a${kx-param-genalg} !${kx-param}
     -eforever -tparam tripe-param
-    kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
+    kx-group=${kx} mgf=${mgf} mac=${mac}
+    cipher=${cipher} hash=${hash} ${kx-attrs}''')
   cmd_newmaster(args)
 
 ###--------------------------------------------------------------------------
-- 
[mdw]