The default is `iiv', because we don't have the compatibility
constraints that the main server has.
Also, fix the `mtu' command, which has been wrong about the `iiv'
overhead for a while.
Hashing algorithm to use. Default is
.BR sha256 .
.TP
Hashing algorithm to use. Default is
.BR sha256 .
.TP
+.I bulk
+The bulk crypto transform to use.
+Default is
+.BR iiv .
.I mac
Message authentication algorithm to use. Default is
.IB hash -hmac/ halfhashlen \fR,
.I mac
Message authentication algorithm to use. Default is
.IB hash -hmac/ halfhashlen \fR,
('kx-attrs', ''),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('kx-attrs', ''),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('cipher', 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
('cipher', 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
-a${kx-param-genalg} !${kx-param}
-eforever -tparam tripe-param
kx-group=${kx} mgf=${mgf} mac=${mac}
-a${kx-param-genalg} !${kx-param}
-eforever -tparam tripe-param
kx-group=${kx} mgf=${mgf} mac=${mac}
- cipher=${cipher} hash=${hash} ${kx-attrs}''')
+ bulk=${bulk} cipher=${cipher} hash=${hash} ${kx-attrs}''')
cmd_newmaster(args)
###--------------------------------------------------------------------------
cmd_newmaster(args)
###--------------------------------------------------------------------------
###--------------------------------------------------------------------------
### Commands: mtu
###--------------------------------------------------------------------------
### Commands: mtu
+def mac_tagsz():
+ macname = conf['mac']
+ index = macname.rindex('/')
+ if index == -1: tagsz = C.gcmacs[macname].tagsz
+ else: tagsz = int(macname[index + 1:])/8
+ return tagsz
+
def cmd_mtu(args):
mtu, = (lambda mtu = '1500': (mtu,))(*args)
mtu = int(mtu)
def cmd_mtu(args):
mtu, = (lambda mtu = '1500': (mtu,))(*args)
mtu = int(mtu)
- blksz = C.gcciphers[conf['cipher']].blksz
-
- index = conf['mac'].find('/')
- if index == -1:
- tagsz = C.gcmacs[conf['mac']].tagsz
- else:
- tagsz = int(conf['mac'][index + 1:])/8
-
mtu -= 20 # Minimum IP header
mtu -= 8 # UDP header
mtu -= 1 # TrIPE packet type octet
mtu -= 20 # Minimum IP header
mtu -= 8 # UDP header
mtu -= 1 # TrIPE packet type octet
- mtu -= tagsz # MAC tag
- mtu -= 4 # Sequence number
- mtu -= blksz # Initialization vector
+
+ bulk = conf['bulk']
+
+ if bulk == 'v0':
+ blksz = C.gcciphers[conf['cipher']].blksz
+ mtu -= mac_tagsz() # MAC tag
+ mtu -= 4 # Sequence number
+ mtu -= blksz # Initialization vector
+
+ elif bulk == 'iiv':
+ mtu -= mac_tagsz() # MAC tag
+ mtu -= 4 # Sequence number
+
+ else:
+ die("Unknown bulk transform `%s'" % bulk)
## Expiry time for peer key-exchange keys.
# kx-expire = now + 1 year
## Expiry time for peer key-exchange keys.
# kx-expire = now + 1 year
+## Bulk crypto transform to use. May be `v0', or `iiv'.
+# bulk = iiv
+
## Symmetric encryption scheme to use.
# cipher = rijndael-cbc
## Symmetric encryption scheme to use.
# cipher = rijndael-cbc