('upload-hook', ': run upload hook'),
('kx', 'dh'),
('kx-genalg', lambda: {'dh': 'dh',
- 'ec': 'ec'}[conf['kx']]),
+ 'ec': 'ec',
+ 'x25519': 'x25519',
+ 'x448': 'x448'}[conf['kx']]),
('kx-param-genalg', lambda: {'dh': 'dh-param',
- 'ec': 'ec-param'}[conf['kx']]),
+ 'ec': 'ec-param',
+ 'x25519': 'empty',
+ 'x448': 'empty'}[conf['kx']]),
('kx-param', lambda: {'dh': '-LS -b3072 -B256',
- 'ec': '-Cnist-p256'}[conf['kx']]),
- ('kx-attrs', ''),
+ 'ec': '-Cnist-p256',
+ 'x25519': '',
+ 'x448': ''}[conf['kx']]),
+ ('kx-attrs', lambda: {'dh': 'serialization=constlen',
+ 'ec': 'serialization=constlen',
+ 'x25519': '',
+ 'x448': ''}[conf['kx']]),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('bulk', 'iiv'),
- ('cipher', 'rijndael-cbc'),
+ ('cipher', lambda: conf['bulk'] == 'naclbox'
+ and 'salsa20' or 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
('master-attrs', ''),
('mgf', '${hash}-mgf'),
- ('mac', lambda: '%s-hmac/%d' %
- (conf['hash'],
- C.gchashes[conf['hash']].hashsz * 4)),
- ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
+ ('mac', lambda: conf['bulk'] == 'naclbox'
+ and 'poly1305/128'
+ or '%s-hmac/%d' %
+ (conf['hash'],
+ C.gchashes[conf['hash']].hashsz * 4)),
+ ('sig', lambda: {'dh': 'dsa',
+ 'ec': 'ecdsa',
+ 'x25519': 'ed25519',
+ 'x448': 'ed448'}[conf['kx']]),
('sig-fresh', 'always'),
('sig-genalg', lambda: {'kcdsa': 'dh',
'dsa': 'dsa',
mtu -= mac_tagsz() # MAC tag
mtu -= 4 # Sequence number
+ elif bulk == 'naclbox':
+ mtu -= 16 # MAC tag
+ mtu -= 4 # Sequence number
+
else:
die("Unknown bulk transform `%s'" % bulk)