X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/c55f0b7ced2cc3112408f967a55556a0e525c2c7..e99aedcf9373b3305c32e510c086bf3357b4736a:/keys/tripe-keys.in

diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 3ca2834b..6e947e52 100644
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -143,6 +143,7 @@ def run(args):
       nargs += a[1:].split()
   args = nargs
   print '+ %s' % ' '.join(args)
+  SYS.stdout.flush()
   rc = OS.spawnvp(OS.P_WAIT, args[0], args)
   if rc != 0:
     raise SubprocessError, rc
@@ -216,10 +217,10 @@ def conf_defaults():
                ('conf-file', '${base-dir}tripe-keys.conf'),
                ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
-               ('kx-param', lambda: {'dh': '-LS -b2048 -B256',
+               ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
                ('kx-expire', 'now + 1 year'),
-               ('cipher', 'blowfish-cbc'),
+               ('cipher', 'rijndael-cbc'),
                ('hash', 'sha256'),
                ('master-keygen-flags', '-l'),
                ('mgf', '${hash}-mgf'),
@@ -234,10 +235,10 @@ def conf_defaults():
                                        'rsapss': 'rsa',
                                        'ecdsa': 'ec',
                                        'eckcdsa': 'ec'}[conf['sig']]),
-               ('sig-param', lambda: {'dh': '-LS -b2048 -B256',
-                                      'dsa': '-b2048 -B256',
+               ('sig-param', lambda: {'dh': '-LS -b3072 -B256',
+                                      'dsa': '-b3072 -B256',
                                       'ec': '-Cnist-p256',
-                                      'rsa': '-b2048'}[conf['sig-genalg']]),
+                                      'rsa': '-b3072'}[conf['sig-genalg']]),
                ('sig-hash', '${hash}'),
                ('sig-expire', 'forever'),
                ('fingerprint-hash', '${hash}')]:
@@ -473,6 +474,30 @@ def cmd_clean(args):
       zap(i)
 
 ###--------------------------------------------------------------------------
+### Commands: mtu
+
+def cmd_mtu(args):
+  mtu, = (lambda mtu = '1500': (mtu,))(*args)
+  mtu = int(mtu)
+
+  blksz = C.gcciphers[conf['cipher']].blksz
+
+  index = conf['mac'].find('/')
+  if index == -1:
+    tagsz = C.gcmacs[conf['mac']].tagsz
+  else:
+    tagsz = int(conf['mac'][index + 1:])/8
+
+  mtu -= 20                             # Minimum IP header
+  mtu -= 8                              # UDP header
+  mtu -= 1                              # TrIPE packet type octet
+  mtu -= tagsz                          # MAC tag
+  mtu -= 4                              # Sequence number
+  mtu -= blksz                          # Initialization vector
+
+  print mtu
+
+###--------------------------------------------------------------------------
 ### Main driver.
 
 ## Exceptions.
@@ -484,6 +509,7 @@ commands = {'help': (cmd_help, 0, 1, ''),
             'upload': (cmd_upload, 0, 0, ''),
             'update': (cmd_update, 0, 0, ''),
             'clean': (cmd_clean, 0, 0, ''),
+            'mtu': (cmd_mtu, 0, 1, '[PATH-MTU]'),
             'generate': (cmd_generate, 1, 1, 'TAG'),
             'rebuild': (cmd_rebuild, 0, 0, '')}