summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
f274f20)
Not all `tripe' key exchange groups G necessarily have `key'
key-generation algorithms named `G' and `G-param' corresponding to them;
it's just a coincidence that they do at the moment.
+.I kx-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating keys.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-genalg
+_
+dh dh
+ec ec
+_
+.TE
+.ne 7
+.TP
+.I kx-param-genalg
+Key generation algorithm name to pass to
+.B "key add"
+when generating the parameters key.
+Default depends on
+.I kx
+as follows.
+.TS
+center;
+| ci | ci |
+| lb | lb |.
+_
+kx kx-param-genalg
+_
+dh dh-param
+ec ec-param
+_
+.TE
+.ne 7
+.TP
.I kx-param
Options to pass to
.B "key add"
.I kx-param
Options to pass to
.B "key add"
('conf-file', '${base-dir}tripe-keys.conf'),
('upload-hook', ': run upload hook'),
('kx', 'dh'),
('conf-file', '${base-dir}tripe-keys.conf'),
('upload-hook', ': run upload hook'),
('kx', 'dh'),
+ ('kx-genalg', lambda: {'dh': 'dh',
+ 'ec': 'ec'}[conf['kx']]),
+ ('kx-param-genalg', lambda: {'dh': 'dh-param',
+ 'ec': 'ec-param'}[conf['kx']]),
('kx-param', lambda: {'dh': '-LS -b3072 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
('kx-expire', 'now + 1 year'),
('kx-param', lambda: {'dh': '-LS -b3072 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
('kx-expire', 'now + 1 year'),
def cmd_setup(args):
OS.mkdir('repos')
run('''key -krepos/param add
def cmd_setup(args):
OS.mkdir('repos')
run('''key -krepos/param add
- -a${kx}-param !${kx-param}
+ -a${kx-param-genalg} !${kx-param}
-eforever -tparam tripe-param
kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
cmd_newmaster(args)
-eforever -tparam tripe-param
kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
cmd_newmaster(args)
keyring_pub = 'peer-%s.pub' % tag
zap('keyring'); zap(keyring_pub)
run('key -kkeyring merge repos/param')
keyring_pub = 'peer-%s.pub' % tag
zap('keyring'); zap(keyring_pub)
run('key -kkeyring merge repos/param')
- run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe' %
+ run('key -kkeyring add -a${kx-genalg} -pparam -e${kx-expire} -t%s tripe' %
tag)
run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag))
tag)
run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag))