~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
server/, keys/: Add bulk crypto transform based on NaCl `crypto_secretbox'.
[tripe]
/
keys
/
tripe-keys.in
diff --git
a/keys/tripe-keys.in
b/keys/tripe-keys.in
index
81d2ff7
..
62b62b6
100644
(file)
--- a/
keys/tripe-keys.in
+++ b/
keys/tripe-keys.in
@@
-248,14
+248,17
@@
def conf_defaults():
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('bulk', 'iiv'),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('bulk', 'iiv'),
- ('cipher', 'rijndael-cbc'),
+ ('cipher', lambda: conf['bulk'] == 'naclbox'
+ and 'salsa20' or 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
('master-attrs', ''),
('mgf', '${hash}-mgf'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
('master-attrs', ''),
('mgf', '${hash}-mgf'),
- ('mac', lambda: '%s-hmac/%d' %
- (conf['hash'],
- C.gchashes[conf['hash']].hashsz * 4)),
+ ('mac', lambda: conf['bulk'] == 'naclbox'
+ and 'poly1305/128'
+ or '%s-hmac/%d' %
+ (conf['hash'],
+ C.gchashes[conf['hash']].hashsz * 4)),
('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
('sig-fresh', 'always'),
('sig-genalg', lambda: {'kcdsa': 'dh',
('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
('sig-fresh', 'always'),
('sig-genalg', lambda: {'kcdsa': 'dh',
@@
-580,6
+583,10
@@
def cmd_mtu(args):
mtu -= mac_tagsz() # MAC tag
mtu -= 4 # Sequence number
mtu -= mac_tagsz() # MAC tag
mtu -= 4 # Sequence number
+ elif bulk == 'naclbox':
+ mtu -= 16 # MAC tag
+ mtu -= 4 # Sequence number
+
else:
die("Unknown bulk transform `%s'" % bulk)
else:
die("Unknown bulk transform `%s'" % bulk)