'ec': 'ec-param'}[conf['kx']]),
('kx-param', lambda: {'dh': '-LS -b3072 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
+ ('kx-attrs', 'serialization=constlen'),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
+ ('bulk', 'iiv'),
('cipher', 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
+ ('master-attrs', ''),
('mgf', '${hash}-mgf'),
('mac', lambda: '%s-hmac/%d' %
(conf['hash'],
'rsapkcs1': 'rsa',
'rsapss': 'rsa',
'ecdsa': 'ec',
- 'eckcdsa': 'ec'}[conf['sig']]),
+ 'eckcdsa': 'ec',
+ 'ed25519': 'ed25519',
+ 'ed448': 'ed448'}[conf['sig']]),
('sig-param', lambda: {'dh': '-LS -b3072 -B256',
'dsa': '-b3072 -B256',
'ec': '-Cnist-p256',
- 'rsa': '-b3072'}[conf['sig-genalg']]),
+ 'rsa': '-b3072',
+ 'ed25519': '',
+ 'ed448': ''}[conf['sig-genalg']]),
('sig-hash', '${hash}'),
('sig-expire', 'forever'),
('fingerprint-hash', '${hash}')]:
run('''key -kmaster add
-a${sig-genalg} !${sig-param}
-e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
- sig=${sig} hash=${sig-hash}''' % seq)
+ sig=${sig} hash=${sig-hash} !${master-attrs}''' % seq)
run('key -kmaster extract -f-secret repos/master.pub')
###--------------------------------------------------------------------------
run('''key -krepos/param add
-a${kx-param-genalg} !${kx-param}
-eforever -tparam tripe-param
- kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
+ kx-group=${kx} mgf=${mgf} mac=${mac}
+ bulk=${bulk} cipher=${cipher} hash=${hash} ${kx-attrs}''')
cmd_newmaster(args)
###--------------------------------------------------------------------------
###--------------------------------------------------------------------------
### Commands: mtu
+def mac_tagsz():
+ macname = conf['mac']
+ index = macname.rindex('/')
+ if index == -1: tagsz = C.gcmacs[macname].tagsz
+ else: tagsz = int(macname[index + 1:])/8
+ return tagsz
+
def cmd_mtu(args):
mtu, = (lambda mtu = '1500': (mtu,))(*args)
mtu = int(mtu)
- blksz = C.gcciphers[conf['cipher']].blksz
-
- index = conf['mac'].find('/')
- if index == -1:
- tagsz = C.gcmacs[conf['mac']].tagsz
- else:
- tagsz = int(conf['mac'][index + 1:])/8
-
mtu -= 20 # Minimum IP header
mtu -= 8 # UDP header
mtu -= 1 # TrIPE packet type octet
- mtu -= tagsz # MAC tag
- mtu -= 4 # Sequence number
- mtu -= blksz # Initialization vector
+
+ bulk = conf['bulk']
+
+ if bulk == 'v0':
+ blksz = C.gcciphers[conf['cipher']].blksz
+ mtu -= mac_tagsz() # MAC tag
+ mtu -= 4 # Sequence number
+ mtu -= blksz # Initialization vector
+
+ elif bulk == 'iiv':
+ mtu -= mac_tagsz() # MAC tag
+ mtu -= 4 # Sequence number
+
+ else:
+ die("Unknown bulk transform `%s'" % bulk)
print mtu