X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/39bcd193d88309a411d3b26b5db205f913ce530d..e7c18650b233c1f337ceb5f5e3464b1ff943ef6a:/keys/tripe-keys.in

diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index f1279ad7..d95a31d2 100644
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -239,24 +239,39 @@ def conf_defaults():
                ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
                ('kx-genalg', lambda: {'dh': 'dh',
-                                      'ec': 'ec'}[conf['kx']]),
+                                      'ec': 'ec',
+                                      'x25519': 'x25519',
+                                      'x448': 'x448'}[conf['kx']]),
                ('kx-param-genalg', lambda: {'dh': 'dh-param',
-                                            'ec': 'ec-param'}[conf['kx']]),
+                                            'ec': 'ec-param',
+                                            'x25519': 'empty',
+                                            'x448': 'empty'}[conf['kx']]),
                ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
-                                     'ec': '-Cnist-p256'}[conf['kx']]),
-               ('kx-attrs', ''),
+                                     'ec': '-Cnist-p256',
+                                     'x25519': '',
+                                     'x448': ''}[conf['kx']]),
+               ('kx-attrs', lambda: {'dh': 'serialization=constlen',
+                                     'ec': 'serialization=constlen',
+                                     'x25519': '',
+                                     'x448': ''}[conf['kx']]),
                ('kx-expire', 'now + 1 year'),
                ('kx-warn-days', '28'),
                ('bulk', 'iiv'),
-               ('cipher', 'rijndael-cbc'),
+               ('cipher', lambda: conf['bulk'] == 'naclbox'
+                                    and 'salsa20' or 'rijndael-cbc'),
                ('hash', 'sha256'),
                ('master-keygen-flags', '-l'),
                ('master-attrs', ''),
                ('mgf', '${hash}-mgf'),
-               ('mac', lambda: '%s-hmac/%d' %
-                         (conf['hash'],
-                          C.gchashes[conf['hash']].hashsz * 4)),
-               ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
+               ('mac', lambda: conf['bulk'] == 'naclbox'
+                                 and 'poly1305/128'
+                                 or '%s-hmac/%d' %
+                                      (conf['hash'],
+                                       C.gchashes[conf['hash']].hashsz * 4)),
+               ('sig', lambda: {'dh': 'dsa',
+                                'ec': 'ecdsa',
+                                'x25519': 'ed25519',
+                                'x448': 'ed448'}[conf['kx']]),
                ('sig-fresh', 'always'),
                ('sig-genalg', lambda: {'kcdsa': 'dh',
                                        'dsa': 'dsa',
@@ -468,8 +483,8 @@ def cmd_update(args):
     OS.mkdir('tmp')
     OS.chdir('tmp')
     seq = int(conf['master-sequence'])
-    run('curl -s -o tripe-keys.tar.gz ${repos-url}')
-    run('curl -s -o tripe-keys.sig %s' % seqsubst('sig-url', seq))
+    run('curl -sL -o tripe-keys.tar.gz ${repos-url}')
+    run('curl -sL -o tripe-keys.sig %s' % seqsubst('sig-url', seq))
     run('tar xfz tripe-keys.tar.gz')
 
     ## Verify the signature
@@ -580,6 +595,10 @@ def cmd_mtu(args):
     mtu -= mac_tagsz()                  # MAC tag
     mtu -= 4                            # Sequence number
 
+  elif bulk == 'naclbox':
+    mtu -= 16                           # MAC tag
+    mtu -= 4                            # Sequence number
+
   else:
     die("Unknown bulk transform `%s'" % bulk)