* (c) 1999 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
#include "config.h"
+#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <noise.h>
#include <rand.h>
+#include "bintab.h"
#include "bbs.h"
#include "dh.h"
#include "dsa.h"
#include "ectab.h"
#include "fibrand.h"
#include "getdate.h"
+#include "gfreduce.h"
#include "key.h"
#include "mp.h"
#include "mpmont.h"
const struct seedalg { const char *p; grand *(*gen)(const void *, size_t); }
seedtab[] = {
- { "dsarand", dsarand_create },
- { "rmd128-mgf", rmd128_mgfrand },
- { "rmd160-mgf", rmd160_mgfrand },
- { "rmd256-mgf", rmd256_mgfrand },
- { "rmd320-mgf", rmd320_mgfrand },
- { "sha-mgf", sha_mgfrand },
- { "sha224-mgf", sha224_mgfrand },
- { "sha256-mgf", sha256_mgfrand },
- { "sha384-mgf", sha384_mgfrand },
- { "sha512-mgf", sha512_mgfrand },
- { "tiger-mgf", tiger_mgfrand },
+ { "dsarand", dsarand_create },
+ { "rmd128-mgf", rmd128_mgfrand },
+ { "rmd160-mgf", rmd160_mgfrand },
+ { "rmd256-mgf", rmd256_mgfrand },
+ { "rmd320-mgf", rmd320_mgfrand },
+ { "sha-mgf", sha_mgfrand },
+ { "sha224-mgf", sha224_mgfrand },
+ { "sha256-mgf", sha256_mgfrand },
+ { "sha384-mgf", sha384_mgfrand },
+ { "sha512-mgf", sha512_mgfrand },
+ { "tiger-mgf", tiger_mgfrand },
{ 0, 0 }
};
#define f_limlee 8u /* Generate Lim-Lee primes */
#define f_subgroup 16u /* Generate a subgroup */
#define f_retag 32u /* Remove any existing tag */
+#define f_kcdsa 64u /* Generate KCDSA primes */
/* --- @dolock@ --- *
*
* Arguments: @keyopts *k@ = key generation options
- * @key_data *kd@ = pointer to key data to lock
+ * @key_data **kd@ = pointer to key data to lock
* @const char *t@ = tag suffix or null
*
* Returns: ---
* Use: Does passphrase locking on new keys.
*/
-static void dolock(keyopts *k, key_data *kd, const char *t)
+static void dolock(keyopts *k, key_data **kd, const char *t)
{
if (!(k->f & f_lock))
return;
if (t)
dstr_putf(&k->tag, ".%s", t);
- if (key_plock(k->tag.buf, kd, kd))
+ if (key_plock(kd, 0, k->tag.buf))
die(EXIT_FAILURE, "couldn't lock key");
}
-/* --- @mpkey@ --- *
- *
- * Arguments: @key_data *kd@ = pointer to parent key block
- * @const char *tag@ = pointer to tag string
- * @mp *m@ = integer to store
- * @unsigned f@ = flags to set
- *
- * Returns: ---
- *
- * Use: Sets a multiprecision integer subkey.
- */
-
-static void mpkey(key_data *kd, const char *tag, mp *m, unsigned f)
-{
- key_data *kkd = key_structcreate(kd, tag);
- key_mp(kkd, m);
- kkd->e |= f;
-}
-
/* --- @copyparam@ --- *
*
* Arguments: @keyopts *k@ = pointer to key options
{
key_filter kf;
key_attriter i;
+ key_data *kd;
const char *n, *v;
+ kf.f = KCAT_SHARE;
+ kf.m = KF_CATMASK;
+
/* --- Quick check if no parameters supplied --- */
if (!k->p)
/* --- Run through the checklist --- */
while (*pp) {
- key_data *kd = key_structfind(&k->p->k, *pp);
+ key_data *kd = key_structfind(k->p->k, *pp);
if (!kd)
die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
- if ((kd->e & KF_CATMASK) != KCAT_SHARE)
+ if (!KEY_MATCH(kd, &kf))
die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
pp++;
}
/* --- Copy over the parameters --- */
- kf.f = KCAT_SHARE;
- kf.m = KF_CATMASK;
- if (!key_copy(&k->k->k, &k->p->k, &kf))
- die(EXIT_FAILURE, "unexpected failure while copying parameters");
+ kd = key_copydata(k->p->k, &kf);
+ assert(kd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
/* --- Copy over attributes --- */
k = key_bytype(kf, "catacomb-rand");
if (k) {
- key_data *kd = &k->k, kkd;
+ key_data *kd = k->k, *kkd;
+ key_incref(kd);
again:
switch (kd->e & KF_ENCMASK) {
case KENC_ENCRYPT: {
dstr d = DSTR_INIT;
key_fulltag(k, &d);
- if (key_punlock(d.buf, kd, &kkd))
+ if (key_punlock(&kkd, kd, d.buf))
die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
dstr_destroy(&d);
- kd = &kkd;
+ key_drop(kd);
+ kd = kkd;
} goto again;
default: {
dstr d = DSTR_INIT;
/* --- Key the generator --- */
rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
- if (kd == &kkd)
- key_destroy(&kkd);
+ key_drop(kd);
}
}
{
unsigned sz;
unsigned m;
+ key_data *kd;
octet *p;
if (!k->bits)
m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
k->r->ops->fill(k->r, p, sz);
*p &= m;
- key_binary(&k->k->k, p, sz);
- k->k->k.e |= KCAT_SYMM | KF_BURN;
+ kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
memset(p, 0, sz);
+ dolock(k, &kd, 0);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
sub_free(p, sz);
- dolock(k, &k->k->k, 0);
}
static void alg_des(keyopts *k)
{
unsigned sz;
octet *p;
+ key_data *kd;
int i;
if (!k->bits)
x = x ^ (x >> 1);
p[i] = (p[i] & 0xfe) | (x & 0x01);
}
- key_binary(&k->k->k, p, sz);
- k->k->k.e |= KCAT_SYMM | KF_BURN;
+ kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
memset(p, 0, sz);
+ dolock(k, &kd, 0);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
sub_free(p, sz);
- dolock(k, &k->k->k, 0);
}
static void alg_rsa(keyopts *k)
{
rsa_priv rp;
- key_data *kd;
+ key_data *kd, *kkd;
/* --- Sanity checking --- */
/* --- Allrighty then --- */
- kd = &k->k->k;
- key_structure(kd);
- mpkey(kd, "n", rp.n, KCAT_PUB);
- mpkey(kd, "e", rp.e, KCAT_PUB);
-
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "d", rp.d, KCAT_PRIV | KF_BURN);
- mpkey(kd, "p", rp.p, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q", rp.q, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q-inv", rp.q_inv, KCAT_PRIV | KF_BURN);
- mpkey(kd, "d-mod-p", rp.dp, KCAT_PRIV | KF_BURN);
- mpkey(kd, "d-mod-q", rp.dq, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
-
+ kd = key_newstruct();
+ key_structsteal(kd, "n", key_newmp(KCAT_PUB, rp.n));
+ key_structsteal(kd, "e", key_newmp(KCAT_PUB, rp.e));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "d", key_newmp(KCAT_PRIV | KF_BURN, rp.d));
+ key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, rp.p));
+ key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, rp.q));
+ key_structsteal(kkd, "q-inv", key_newmp(KCAT_PRIV | KF_BURN, rp.q_inv));
+ key_structsteal(kkd, "d-mod-p", key_newmp(KCAT_PRIV | KF_BURN, rp.dp));
+ key_structsteal(kkd, "d-mod-q", key_newmp(KCAT_PRIV | KF_BURN, rp.dq));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
rsa_privfree(&rp);
}
size_t sz;
dstr d = DSTR_INIT;
base64_ctx c;
- key_data *kd = &k->k->k;
+ key_data *kd;
dsa_seed ds;
/* --- Choose appropriate bit lengths if necessary --- */
if (!k->qbits)
k->qbits = 160;
if (!k->bits)
- k->bits = 768;
+ k->bits = 1024;
/* --- Allocate a seed block --- */
/* --- Store the parameters --- */
- key_structure(kd);
- mpkey(kd, "q", dp.q, KCAT_SHARE);
- mpkey(kd, "p", dp.p, KCAT_SHARE);
- mpkey(kd, "g", dp.g, KCAT_SHARE);
+ kd = key_newstruct();
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
mp_drop(dp.q);
mp_drop(dp.p);
mp_drop(dp.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
/* --- Store the seed for future verification --- */
c.indent = "";
base64_encode(&c, ds.p, ds.sz, &d);
base64_encode(&c, 0, 0, &d);
+ DPUTZ(&d);
key_putattr(k->kf, k->k, "seed", d.buf);
DRESET(&d);
dstr_putf(&d, "%u", ds.count);
mp *q, *p, *g;
mp *x, *y;
mpmont mm;
- key_data *kd = &k->k->k;
+ key_data *kd, *kkd;
/* --- Get the shared parameters --- */
alg_dsaparam(k);
+ key_split(&k->k->k); kd = k->k->k;
q = getmp(kd, "q");
p = getmp(kd, "p");
g = getmp(kd, "g");
/* --- Store everything away --- */
- mpkey(kd, "y", y, KCAT_PUB);
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
mp_drop(x); mp_drop(y);
}
static void alg_dhparam(keyopts *k)
{
static const char *pl[] = { "p", "q", "g", 0 };
- key_data *kd = &k->k->k;
+ key_data *kd;
if (!copyparam(k, pl)) {
dh_param dp;
int rc;
if (k->curve) {
qd_parse qd;
-
+ group *g;
+ const char *e;
+
if (strcmp(k->curve, "list") == 0) {
unsigned i, w;
- LIST("Built-in prime groups", stdout, ptab[i].name, ptab[i].name);
+ LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
exit(0);
}
qd.p = k->curve;
if (dh_parse(&qd, &dp))
- die(EXIT_FAILURE, "error in group spec: %s", qd.e);
+ die(EXIT_FAILURE, "error in field spec: %s", qd.e);
+ if (!qd_eofp(&qd))
+ die(EXIT_FAILURE, "junk at end of field spec");
+ if ((g = group_prime(&dp)) == 0)
+ die(EXIT_FAILURE, "invalid prime field");
+ if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
+ moan("WARNING! group check failed: %s", e);
+ G_DESTROYGROUP(g);
goto done;
}
key_putattr(k->kf, k->k, "factors", d.buf);
dstr_destroy(&d);
}
+ } else if (k->f & f_kcdsa) {
+ if (!k->qbits)
+ k->qbits = 256;
+ rc = dh_kcdsagen(&dp, k->qbits, k->bits, 0,
+ 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0);
+ if (!rc) {
+ dstr d = DSTR_INIT;
+ mp *v = MP_NEW;
+
+ mp_writedstr(dp.q, &d, 10);
+ mp_div(&v, 0, dp.p, dp.q);
+ v = mp_lsr(v, v, 1);
+ dstr_puts(&d, ", ");
+ mp_writedstr(v, &d, 10);
+ mp_drop(v);
+ key_putattr(k->kf, k->k, "factors", d.buf);
+ dstr_destroy(&d);
+ }
} else
rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
(k->f & f_quiet) ? 0 : pgen_ev, 0);
die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
done:
- key_structure(kd);
- mpkey(kd, "p", dp.p, KCAT_SHARE);
- mpkey(kd, "q", dp.q, KCAT_SHARE);
- mpkey(kd, "g", dp.g, KCAT_SHARE);
+ kd = key_newstruct();
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
mp_drop(dp.q);
mp_drop(dp.p);
mp_drop(dp.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
}
}
mp *x, *y;
mp *p, *q, *g;
mpmont mm;
- key_data *kd = &k->k->k;
+ key_data *kd, *kkd;
/* --- Get the shared parameters --- */
alg_dhparam(k);
+ key_split(&k->k->k); kd = k->k->k;
p = getmp(kd, "p");
q = getmp(kd, "q");
g = getmp(kd, "g");
/* --- Store everything away --- */
- mpkey(kd, "y", y, KCAT_PUB);
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
mp_drop(x); mp_drop(y);
}
static void alg_bbs(keyopts *k)
{
bbs_priv bp;
- key_data *kd;
+ key_data *kd, *kkd;
/* --- Sanity checking --- */
/* --- Allrighty then --- */
- kd = &k->k->k;
- key_structure(kd);
- mpkey(kd, "n", bp.n, KCAT_PUB);
+ kd = key_newstruct();
+ key_structsteal(kd, "n", key_newmp(KCAT_PUB, bp.n));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "p", bp.p, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q", bp.q, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, bp.p));
+ key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, bp.q));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
bbs_privfree(&bp);
}
+static void alg_binparam(keyopts *k)
+{
+ static const char *pl[] = { "p", "q", "g", 0 };
+ if (!copyparam(k, pl)) {
+ gbin_param gb;
+ qd_parse qd;
+ group *g;
+ const char *e;
+ key_data *kd;
+
+ /* --- Decide on a field --- */
+
+ if (!k->bits) k->bits = 128;
+ if (k->curve && strcmp(k->curve, "list") == 0) {
+ unsigned i, w;
+ LIST("Built-in binary fields", stdout,
+ bintab[i].name, bintab[i].name);
+ exit(0);
+ }
+ if (!k->curve) {
+ if (k->bits <= 40) k->curve = "p1363-40";
+ else if (k->bits <= 56) k->curve = "p1363-56";
+ else if (k->bits <= 64) k->curve = "p1363-64";
+ else if (k->bits <= 80) k->curve = "p1363-80";
+ else if (k->bits <= 112) k->curve = "p1363-112";
+ else if (k->bits <= 128) k->curve = "p1363-128";
+ else {
+ die(EXIT_FAILURE,
+ "no built-in binary fields provide %u-bit security",
+ k->bits);
+ }
+ }
+
+ /* --- Check it --- */
+
+ qd.e = 0;
+ qd.p = k->curve;
+ if (dhbin_parse(&qd, &gb))
+ die(EXIT_FAILURE, "error in field spec: %s", qd.e);
+ if (!qd_eofp(&qd))
+ die(EXIT_FAILURE, "junk at end of field spec");
+ if ((g = group_binary(&gb)) == 0)
+ die(EXIT_FAILURE, "invalid binary field");
+ if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
+ moan("WARNING! group check failed: %s", e);
+ G_DESTROYGROUP(g);
+
+ /* --- Write out the answer --- */
+
+ kd = key_newstruct();
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, gb.p));
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, gb.q));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, gb.g));
+ mp_drop(gb.q);
+ mp_drop(gb.p);
+ mp_drop(gb.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
+ }
+}
+
+static void alg_bin(keyopts *k)
+{
+ mp *x, *y;
+ mp *p, *q, *g;
+ gfreduce r;
+ key_data *kd, *kkd;
+
+ /* --- Get the shared parameters --- */
+
+ alg_binparam(k);
+ key_split(&k->k->k); kd = k->k->k;
+ p = getmp(kd, "p");
+ q = getmp(kd, "q");
+ g = getmp(kd, "g");
+
+ /* --- Choose a suitable private key --- *
+ *
+ * Since %$g$% has order %$q$%, choose %$x < q$%.
+ */
+
+ x = mprand_range(MP_NEWSEC, q, k->r, 0);
+
+ /* --- Compute the public key %$y = g^x \bmod p$% --- */
+
+ gfreduce_create(&r, p);
+ y = gfreduce_exp(&r, MP_NEW, g, x);
+ gfreduce_destroy(&r);
+
+ /* --- Store everything away --- */
+
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+
+ mp_drop(x); mp_drop(y);
+}
+
static void alg_ecparam(keyopts *k)
{
static const char *pl[] = { "curve", 0 };
if (!copyparam(k, pl)) {
ec_info ei;
const char *e;
- key_data *kd = &k->k->k;
+ key_data *kd;
/* --- Decide on a curve --- */
/* --- Write out the answer --- */
- key_structure(kd);
- kd = key_structcreate(kd, "curve");
- key_string(kd, k->curve);
- kd->e |= KCAT_SHARE;
+ kd = key_newstruct();
+ key_structsteal(kd, "curve", key_newstring(KCAT_SHARE, k->curve));
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
}
}
static void alg_ec(keyopts *k)
{
- key_data *kd = &k->k->k;
+ key_data *kd;
key_data *kkd;
mp *x = MP_NEW;
ec p = EC_INIT;
/* --- Get the curve --- */
alg_ecparam(k);
+ key_split(&k->k->k); kd = k->k->k;
if ((kkd = key_structfind(kd, "curve")) == 0)
die(EXIT_FAILURE, "unexpected failure looking up subkey `curve')");
if ((kkd->e & KF_ENCMASK) != KENC_STRING)
/* --- Store everything away --- */
- kkd = key_structcreate(kd, "p");
- key_ec(kkd, &p);
- kkd->e |= KCAT_PUB;
- kkd = key_structcreate(kd, "private");
- key_structure(kkd);
- mpkey(kkd, "x", x, KCAT_PRIV | KF_BURN);
+ key_structsteal(kd, "p", key_newec(KCAT_PUB, &p));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
/* --- Done --- */
{ "binary", alg_binary, "Plain binary data" },
{ "des", alg_des, "Binary with DES-style parity" },
{ "rsa", alg_rsa, "RSA public-key encryption" },
+ { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
{ "dsa", alg_dsa, "DSA digital signatures" },
{ "dsa-param", alg_dsaparam, "DSA shared parameters" },
{ "dh", alg_dh, "Diffie-Hellman key exchange" },
{ "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
- { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
+ { "bindh", alg_bin, "DH over a binary field" },
+ { "bindh-param", alg_binparam, "Binary-field DH parameters" },
{ "ec-param", alg_ecparam, "Elliptic curve parameters" },
{ "ec", alg_ec, "Elliptic curve crypto" },
{ 0, 0 }
{
key_file f;
time_t exp = KEXP_EXPIRE;
+ uint32 kid = rand_global.ops->word(&rand_global);
const char *tag = 0, *ptag = 0;
const char *c = 0;
keyalg *alg = algtab;
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
+ { "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
{ "seedalg", OPTF_ARGREQ, 0, 'A' },
{ "seed", OPTF_ARGREQ, 0, 's' },
{ "quiet", 0, 0, 'q' },
{ "lim-lee", 0, 0, 'L' },
{ "subgroup", 0, 0, 'S' },
+ { "kcdsa", 0, 0, 'K' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:C:A:s:n:lqrLS",
+ int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
opt, 0, 0, 0);
if (i < 0)
break;
/* --- Expiry dates get passed to @get_date@ for parsing --- */
case 'e':
- if (strncmp(optarg, "forever", strlen(optarg)) == 0)
+ if (strcmp(optarg, "forever") == 0)
exp = KEXP_FOREVER;
else {
exp = get_date(optarg, 0);
case 's': {
base64_ctx b;
dstr d = DSTR_INIT;
- if (seed) die(EXIT_FAILURE, "seed already set");
+ if (seed) die(EXIT_FAILURE, "seed already set");
base64_init(&b);
base64_decode(&b, optarg, strlen(optarg), &d);
base64_decode(&b, 0, 0, &d);
seed = optarg;
dstr_destroy(&d);
} break;
-
+
case 'n': {
base64_ctx b;
dstr d = DSTR_INIT;
unsigned n = strtoul(optarg, &p, 0);
if (n == 0 || *p != 0 || n % 8 != 0)
die(EXIT_FAILURE, "bad seed length `%s'", optarg);
- if (seed) die(EXIT_FAILURE, "seed already set");
+ if (seed) die(EXIT_FAILURE, "seed already set");
n /= 8;
p = xmalloc(n);
rand_get(RAND_GLOBAL, p, n);
seed = d.buf;
k.r = sa->gen(p, n);
} break;
-
+
+ /* --- Key id --- */
+
+ case 'I': {
+ char *p;
+ unsigned long id;
+
+ errno = 0;
+ id = strtoul(optarg, &p, 16);
+ if (errno || *p || id > MASK32)
+ die(EXIT_FAILURE, "bad key-id `%s'", optarg);
+ kid = id;
+ } break;
+
/* --- Other flags --- */
case 'R':
case 'L':
k.f |= f_limlee;
break;
+ case 'K':
+ k.f |= f_kcdsa;
+ break;
case 'S':
k.f |= f_subgroup;
break;
keyrand(&f, rtag);
for (;;) {
- uint32 id = rand_global.ops->word(&rand_global);
int err;
- k.k = key_new(&f, id, argv[optind], exp, &err);
- if (k.k)
+ if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
break;
- if (err != KERR_DUPID)
+ else if (err != KERR_DUPID)
die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
}
int err;
key *kk;
if (k.f & f_retag) {
- if ((kk = key_bytag(&f, tag)) != 0 && strcmp(kk->tag, tag) == 0)
+ if ((kk = key_bytag(&f, tag)) != 0 &&
+ kk->tag &&
+ strcmp(kk->tag, tag) == 0)
key_settag(&f, kk, 0);
}
if ((err = key_settag(&f, k.k, tag)) != 0)
if (ptag) {
if ((k.p = key_bytag(&f, ptag)) == 0)
die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
- if ((k.p->k.e & KF_ENCMASK) != KENC_STRUCT)
+ if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
}
/* --- Done --- */
+ dstr_destroy(&k.tag);
doclose(&f);
return (0);
}
if (o->v <= 3)
fputs(" encrypted\n", stdout);
else {
- key_data kd;
- if (key_punlock(d->buf, k, &kd))
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
printf(" <failed to unlock %s>\n", d->buf);
else {
fputs(" encrypted", stdout);
- showkeydata(&kd, ind, o, d);
- key_destroy(&kd);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
}
}
break;
fputs(", 0x", stdout); mp_writefile(k->u.e.y, stdout, 16);
putchar('\n');
}
- break;
+ break;
/* --- Structured keys --- *
*
*/
case KENC_STRUCT: {
- sym_iter i;
- key_struct *ks;
+ key_subkeyiter i;
+ const char *tag;
size_t n = d->len;
fputs(" {\n", stdout);
- for (sym_mkiter(&i, &k->u.s); (ks = sym_next(&i)) != 0; ) {
- if (!key_match(&ks->k, &o->kf))
+ for (key_mksubkeyiter(&i, k); key_nextsubkey(&i, &tag, &k); ) {
+ if (!key_match(k, &o->kf))
continue;
INDENT(ind + 2);
- printf("%s =", SYM_NAME(ks));
+ printf("%s =", tag);
d->len = n;
- dstr_putf(d, ".%s", SYM_NAME(ks));
- showkeydata(&ks->k, ind + 2, o, d);
+ dstr_putf(d, ".%s", tag);
+ showkeydata(k, ind + 2, o, d);
}
INDENT(ind);
fputs("}\n", stdout);
- } break;
+ } break;
}
#undef INDENT
/* --- Skip the key if the filter doesn't match --- */
- if (!key_match(&k->k, &o->kf))
+ if (!key_match(k->k, &o->kf))
return;
/* --- Sort out the expiry and deletion times --- */
if (!o->v) {
if (!(o->f & f_newline)) {
- printf("%8s %-20s %-20s %-10s %-10s\n",
+ printf("%8s %-20s %-20s %-10s %s\n",
"Id", "Tag", "Type", "Expire", "Delete");
}
- printf("%08lx %-20s %-20s %-10s %-10s\n",
+ printf("%08lx %-20s %-20s %-10s %s\n",
(unsigned long)k->id, k->tag ? k->tag : "<none>",
k->type, ebuf, dbuf);
o->f |= f_newline;
dstr d = DSTR_INIT;
fputs("key:", stdout);
key_fulltag(k, &d);
- showkeydata(&k->k, 0, o, &d);
+ showkeydata(k->k, 0, o, &d);
dstr_destroy(&d);
}
-
+
o->f |= f_newline;
}
int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
if (e || *p)
die(EXIT_FAILURE, "bad filter string `%s'", optarg);
- } break;
+ } break;
default:
o.f |= f_bogus;
break;
return (0);
}
+/* --- @cmd_getattr@ --- */
+
+static int cmd_getattr(int argc, char *argv[])
+{
+ key_file f;
+ key *k;
+ dstr d = DSTR_INIT;
+ const char *p;
+
+ if (argc != 3)
+ die(EXIT_FAILURE, "Usage: getattr TAG ATTR");
+ doopen(&f, KOPEN_READ);
+ if ((k = key_bytag(&f, argv[1])) == 0)
+ die(EXIT_FAILURE, "key `%s' not found", argv[1]);
+ key_fulltag(k, &d);
+ if ((p = key_getattr(&f, k, argv[2])) == 0)
+ die(EXIT_FAILURE, "no attribute `%s' for key `%s'", argv[2], d.buf);
+ puts(p);
+ dstr_destroy(&d);
+ doclose(&f);
+ return (0);
+}
+
/* --- @cmd_finger@ --- */
static void fingerprint(key *k, const gchash *ch, const key_filter *kf)
return (rc);
}
+/* --- @cmd_verify@ --- */
+
+static unsigned xdigit(char c)
+{
+ if ('A' <= c && c <= 'Z') return (c + 10 - 'A');
+ if ('a' <= c && c <= 'z') return (c + 10 - 'a');
+ if ('0' <= c && c <= '9') return (c - '0');
+ return (~0u);
+}
+
+static void unhexify(octet *q, char *p, size_t n)
+{
+ unsigned a = 0;
+ int i = 0;
+
+ for (;;) {
+ if (*p == '-' || *p == ':' || isspace((unsigned char)*p)) {
+ p++;
+ continue;
+ }
+ if (!n && !*p)
+ break;
+ if (!*p)
+ die(EXIT_FAILURE, "hex string too short");
+ if (!isxdigit((unsigned char)*p))
+ die(EXIT_FAILURE, "bad hex string");
+ if (!n)
+ die(EXIT_FAILURE, "hex string too long");
+ a = (a << 4) | xdigit(*p++);
+ i++;
+ if (i == 2) {
+ *q++ = U8(a);
+ a = 0;
+ i = 0;
+ n--;
+ }
+ }
+}
+
+static int cmd_verify(int argc, char *argv[])
+{
+ key_file f;
+ int rc = 0;
+ const gchash *ch = &rmd160;
+ ghash *h;
+ key *k;
+ octet *buf;
+ const octet *fpr;
+ key_filter kf = { KF_NONSECRET, KF_NONSECRET };
+
+ for (;;) {
+ static struct option opt[] = {
+ { "filter", OPTF_ARGREQ, 0, 'f' },
+ { "algorithm", OPTF_ARGREQ, 0, 'a' },
+ { 0, 0, 0, 0 }
+ };
+ int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
+ if (i < 0)
+ break;
+ switch (i) {
+ case 'f': {
+ char *p;
+ int err = key_readflags(optarg, &p, &kf.f, &kf.m);
+ if (err || *p)
+ die(EXIT_FAILURE, "bad filter string `%s'", optarg);
+ } break;
+ case 'a':
+ if ((ch = ghash_byname(optarg)) == 0)
+ die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
+ break;
+ default:
+ rc = 1;
+ break;
+ }
+ }
+
+ argv += optind; argc -= optind;
+ if (rc || argc != 2)
+ die(EXIT_FAILURE, "Usage: verify [-f FILTER] TAG FINGERPRINT");
+
+ doopen(&f, KOPEN_READ);
+
+ if ((k = key_bytag(&f, argv[0])) == 0)
+ die(EXIT_FAILURE, "key `%s' not found", argv[0]);
+ buf = xmalloc(ch->hashsz);
+ unhexify(buf, argv[1], ch->hashsz);
+ h = GH_INIT(ch);
+ if (!key_fingerprint(k, h, &kf))
+ die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
+ fpr = GH_DONE(h, 0);
+ if (memcmp(fpr, buf, ch->hashsz) != 0)
+ die(EXIT_FAILURE, "key fingerprint mismatch");
+ doclose(&f);
+ return (0);
+}
+
/* --- @cmd_comment@ --- */
static int cmd_comment(int argc, char *argv[])
{
key_file f;
key *k;
- key_data *kd;
+ key_data **kd;
dstr d = DSTR_INIT;
if (argc != 2)
doopen(&f, KOPEN_WRITE);
if (key_qtag(&f, argv[1], &d, &k, &kd))
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
- if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
+ if ((*kd)->e == KENC_ENCRYPT && key_punlock(kd, 0, d.buf))
die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
- if (key_plock(d.buf, kd, kd))
+ if (key_plock(kd, 0, d.buf))
die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
f.f |= KF_MODIFIED;
doclose(&f);
{
key_file f;
key *k;
- key_data *kd;
+ key_data **kd;
dstr d = DSTR_INIT;
if (argc != 2)
doopen(&f, KOPEN_WRITE);
if (key_qtag(&f, argv[1], &d, &k, &kd))
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
- if (kd->e != KENC_ENCRYPT)
+ if ((*kd)->e != KENC_ENCRYPT)
die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
- if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
+ if (key_punlock(kd, 0, d.buf))
die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
f.f |= KF_MODIFIED;
doclose(&f);
int i;
int rc = 0;
key_filter kf = { 0, 0 };
+ dstr d = DSTR_INIT;
+ const char *outfile = 0;
FILE *fp;
for (;;) {
die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
if (strcmp(*argv, "-") == 0)
fp = stdout;
- else if (!(fp = fopen(*argv, "w"))) {
- die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
- *argv, strerror(errno));
+ else {
+ outfile = *argv;
+ dstr_putf(&d, "%s.new", outfile);
+ if (!(fp = fopen(d.buf, "w"))) {
+ die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
+ d.buf, strerror(errno));
+ }
}
doopen(&f, KOPEN_READ);
key *k;
for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
key_extract(&f, k, fp, &kf);
- } else {
+ } else {
for (i = 1; i < argc; i++) {
if ((k = key_bytag(&f, argv[i])) != 0)
key_extract(&f, k, fp, &kf);
}
}
}
- if (fclose(fp))
+ if (fclose(fp) || (outfile && rename(d.buf, outfile)))
die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
+ dstr_destroy(&d);
doclose(&f);
return (rc);
}
if (strcmp(argv[1], "-") == 0)
fp = stdin;
else if (!(fp = fopen(argv[1], "r"))) {
- die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
+ die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
argv[1], strerror(errno));
}
ghashtab[i], ghashtab[i]->name) \
LI("Elliptic curves", ec, \
ectab[i].name, ectab[i].name) \
- LI("Diffie-Hellman groups", dh, \
+ LI("Prime Diffie-Hellman groups", dh, \
ptab[i].name, ptab[i].name) \
+ LI("Binary Diffie-Hellman groups", bindh, \
+ bintab[i].name, bintab[i].name) \
LI("Key-generation algorithms", keygen, \
algtab[i].name, algtab[i].name) \
LI("Random seeding algorithms", seed, \
-a, --algorithm=HASH Use the named HASH algorithm.\n\
($ show hash for list.)\n\
" },
+ { "verify", cmd_verify, "verify [-f FILTER] TAG FINGERPRINT", "\
+Options:\n\
+\n\
+-f, --filter=FILT Only hash key components matching FILT.\n\
+-a, --algorithm=HASH Use the named HASH algorithm.\n\
+ ($ show hash for list.)\n\
+" },
{ "extract", cmd_extract, "extract [-f FILTER] FILE [TAG...]", "\
Options:\n\
\n\
{ "expire", cmd_expire, "expire TAG..." },
{ "delete", cmd_delete, "delete TAG..." },
{ "setattr", cmd_setattr, "setattr TAG ATTR..." },
+ { "getattr", cmd_getattr, "getattr TAG ATTR" },
{ "comment", cmd_comment, "comment TAG [COMMENT]" },
{ "lock", cmd_lock, "lock QTAG" },
{ "unlock", cmd_unlock, "unlock QTAG" },
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
- Options: [-lqrLS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
- [-A SEEDALG] [-s SEED] [-n BITS]\n\
- [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
+ Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
+ [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
+ [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
\n\
-a, --algorithm=ALG Generate keys suitable for ALG.\n\
-t, --tag=TAG Tag the key with the name TAG.\n\
-r, --retag Untag any key currently with that tag.\n\
-R, --rand-id=TAG Use key named TAG for the random number generator.\n\
+-I, --key-id=ID Force the key-id for the new key.\n\
-l, --lock Lock the generated key with a passphrase.\n\
-q, --quiet Don't give progress indicators while working.\n\
-L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
+-K, --kcdsa Generate KCDSA-style Lim-Lee primes for DH groups.\n\
-S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
" },
{ 0, 0, 0 }
projects / u / mdw / catacomb / blobdiff