#define f_limlee 8u /* Generate Lim-Lee primes */
#define f_subgroup 16u /* Generate a subgroup */
#define f_retag 32u /* Remove any existing tag */
+#define f_kcdsa 64u /* Generate KCDSA primes */
/* --- @dolock@ --- *
*
key_putattr(k->kf, k->k, "factors", d.buf);
dstr_destroy(&d);
}
+ } else if (k->f & f_kcdsa) {
+ if (!k->qbits)
+ k->qbits = 256;
+ rc = dh_kcdsagen(&dp, k->qbits, k->bits, 0,
+ 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0);
+ if (!rc) {
+ dstr d = DSTR_INIT;
+ mp *v = MP_NEW;
+
+ mp_writedstr(dp.q, &d, 10);
+ mp_div(&v, 0, dp.p, dp.q);
+ v = mp_lsr(v, v, 1);
+ dstr_puts(&d, ", ");
+ mp_writedstr(v, &d, 10);
+ mp_drop(v);
+ key_putattr(k->kf, k->k, "factors", d.buf);
+ dstr_destroy(&d);
+ }
} else
rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
(k->f & f_quiet) ? 0 : pgen_ev, 0);
{
key_file f;
time_t exp = KEXP_EXPIRE;
+ uint32 kid = rand_global.ops->word(&rand_global);
const char *tag = 0, *ptag = 0;
const char *c = 0;
keyalg *alg = algtab;
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
+ { "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
{ "seedalg", OPTF_ARGREQ, 0, 'A' },
{ "seed", OPTF_ARGREQ, 0, 's' },
{ "quiet", 0, 0, 'q' },
{ "lim-lee", 0, 0, 'L' },
{ "subgroup", 0, 0, 'S' },
+ { "kcdsa", 0, 0, 'K' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:C:A:s:n:lqrLS",
+ int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
opt, 0, 0, 0);
if (i < 0)
break;
seed = d.buf;
k.r = sa->gen(p, n);
} break;
+
+ /* --- Key id --- */
+
+ case 'I': {
+ char *p;
+ unsigned long id;
+
+ errno = 0;
+ id = strtoul(optarg, &p, 16);
+ if (errno || *p || id > MASK32)
+ die(EXIT_FAILURE, "bad key-id `%s'", optarg);
+ kid = id;
+ } break;
/* --- Other flags --- */
case 'L':
k.f |= f_limlee;
break;
+ case 'K':
+ k.f |= f_kcdsa;
+ break;
case 'S':
k.f |= f_subgroup;
break;
keyrand(&f, rtag);
for (;;) {
- uint32 id = rand_global.ops->word(&rand_global);
int err;
- if ((err = key_new(&f, id, argv[optind], exp, &k.k)) == 0)
+ if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
break;
else if (err != KERR_DUPID)
die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
- Options: [-lqrLS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
- [-A SEEDALG] [-s SEED] [-n BITS]\n\
+ Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
+ [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
\n\
-t, --tag=TAG Tag the key with the name TAG.\n\
-r, --retag Untag any key currently with that tag.\n\
-R, --rand-id=TAG Use key named TAG for the random number generator.\n\
+-I, --key-id=ID Force the key-id for the new key.\n\
-l, --lock Lock the generated key with a passphrase.\n\
-q, --quiet Don't give progress indicators while working.\n\
-L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
+-K, --kcdsa Generate KCDSA-style Lim-Lee primes for DH groups.\n\
-S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
" },
{ 0, 0, 0 }