~mdw / tripe / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
server/, keys/: Support Bernstein's X25519 and Hamburg's X448 algorithms.
[tripe] / keys / tripe-keys.in
diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 62b62b6..cfa740b 100644 (file)
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -239,12 +239,21 @@ def conf_defaults():
                ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
                ('kx-genalg', lambda: {'dh': 'dh',
-                                      'ec': 'ec'}[conf['kx']]),
+                                      'ec': 'ec',
+                                      'x25519': 'x25519',
+                                      'x448': 'x448'}[conf['kx']]),
                ('kx-param-genalg', lambda: {'dh': 'dh-param',
-                                            'ec': 'ec-param'}[conf['kx']]),
+                                            'ec': 'ec-param',
+                                            'x25519': 'empty',
+                                            'x448': 'empty'}[conf['kx']]),
                ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
-                                     'ec': '-Cnist-p256'}[conf['kx']]),
-               ('kx-attrs', 'serialization=constlen'),
+                                     'ec': '-Cnist-p256',
+                                     'x25519': '',
+                                     'x448': ''}[conf['kx']]),
+               ('kx-attrs', lambda: {'dh': 'serialization=constlen',
+                                     'ec': 'serialization=constlen',
+                                     'x25519': '',
+                                     'x448': ''}[conf['kx']]),
                ('kx-expire', 'now + 1 year'),
                ('kx-warn-days', '28'),
                ('bulk', 'iiv'),
@@ -259,7 +268,10 @@ def conf_defaults():
                                  or '%s-hmac/%d' %
                                       (conf['hash'],
                                        C.gchashes[conf['hash']].hashsz * 4)),
-               ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
+               ('sig', lambda: {'dh': 'dsa',
+                                'ec': 'ecdsa',
+                                'x25519': 'ed25519',
+                                'x448': 'ed448'}[conf['kx']]),
                ('sig-fresh', 'always'),
                ('sig-genalg', lambda: {'kcdsa': 'dh',
                                        'dsa': 'dsa',
Trivial IP Encryption: a simple VPN