X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/052b36d05a622a93733b735acce2de865b14627b..22bab86c9df047bdd258283c6567821319ba7a6f:/keyutil.c diff --git a/keyutil.c b/keyutil.c index 673f4ea..174bbfe 100644 --- a/keyutil.c +++ b/keyutil.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keyutil.c,v 1.5 2000/02/12 18:21:03 mdw Exp $ + * $Id: keyutil.c,v 1.10 2000/10/08 12:02:21 mdw Exp $ * * Simple key manager program * @@ -30,6 +30,22 @@ /*----- Revision history --------------------------------------------------* * * $Log: keyutil.c,v $ + * Revision 1.10 2000/10/08 12:02:21 mdw + * Use @MP_EQ@ instead of @MP_CMP@. + * + * Revision 1.9 2000/08/15 21:40:49 mdw + * Minor formatting change in listing attributes. + * + * Revision 1.8 2000/07/29 09:59:13 mdw + * Support Lim-Lee primes in Diffie-Hellman parameter generation. + * + * Revision 1.7 2000/07/01 11:18:51 mdw + * Use new interfaces for key manipulation. + * + * Revision 1.6 2000/06/17 11:28:22 mdw + * Use secure memory interface from MP library. `rand_getgood' is + * deprecated. + * * Revision 1.5 2000/02/12 18:21:03 mdw * Overhaul of key management (again). * @@ -169,7 +185,9 @@ typedef struct keyopts { enum { f_bogus = 1, /* Error in parsing */ f_lock = 2, /* Passphrase-lock private key */ - f_quiet = 4 /* Don't show a progress indicator */ + f_quiet = 4, /* Don't show a progress indicator */ + f_limlee = 8, /* Generate Lim-Lee primes */ + f_subgroup = 16 /* Generate a subgroup */ }; /* --- @dolock@ --- * @@ -340,7 +358,7 @@ static void alg_binary(keyopts *k) sz = (k->bits + 7) >> 3; p = sub_alloc(sz); m = (1 << (((k->bits - 1) & 7) + 1)) - 1; - rand_getgood(RAND_GLOBAL, p, sz); + rand_get(RAND_GLOBAL, p, sz); *p &= m; key_binary(&k->k->k, p, sz); k->k->k.e |= KCAT_SYMM | KF_BURN; @@ -364,7 +382,7 @@ static void alg_des(keyopts *k) sz = k->bits / 7; p = sub_alloc(sz); - rand_getgood(RAND_GLOBAL, p, sz); /* Too much work done here! */ + rand_get(RAND_GLOBAL, p, sz); /* Too much work done here! */ for (i = 0; i < sz; i++) { octet x = p[i] | 0x01; x = x ^ (x >> 4); @@ -381,7 +399,7 @@ static void alg_des(keyopts *k) static void alg_rsa(keyopts *k) { - rsa_param rp; + rsa_priv rp; key_data *kd; /* --- Sanity checking --- */ @@ -401,23 +419,16 @@ static void alg_rsa(keyopts *k) { grand *g = fibrand_create(rand_global.ops->word(&rand_global)); - mpmont mm; + rsa_pub rpp; mp *m = mprand_range(MP_NEW, rp.n, g, 0); mp *c; - /* --- Encrypt the plaintext --- */ - - mpmont_create(&mm, rp.n); - c = mpmont_exp(&mm, MP_NEW, m, rp.e); - mpmont_destroy(&mm); - - /* --- Decrypt the ciphertext --- */ - - c = rsa_decrypt(&rp, c, c, g); + rpp.n = rp.n; + rpp.e = rp.e; + c = rsa_qpubop(&rpp, MP_NEW, m); + c = rsa_qprivop(&rp, c, c, g); - /* --- Check everything went OK --- */ - - if (MP_CMP(c, !=, m)) + if (!MP_EQ(c, m)) die(EXIT_FAILURE, "test encryption failed"); mp_drop(c); mp_drop(m); @@ -441,8 +452,7 @@ static void alg_rsa(keyopts *k) mpkey(kd, "d-mod-q", rp.dq, KCAT_PRIV | KF_BURN); dolock(k, kd, "private"); - mp_drop(rp.p); mp_drop(rp.q); mp_drop(rp.n); mp_drop(rp.q_inv); - mp_drop(rp.e); mp_drop(rp.d); mp_drop(rp.dp); mp_drop(rp.dq); + rsa_privfree(&rp); } static void alg_dsaparam(keyopts *k) @@ -467,12 +477,12 @@ static void alg_dsaparam(keyopts *k) sz = (k->qbits + 7) >> 3; p = sub_alloc(sz); - rand_getgood(RAND_GLOBAL, p, sz); + rand_get(RAND_GLOBAL, p, sz); /* --- Allocate the parameters --- */ - if (dsa_seed(&dp, k->qbits, k->bits, 0, p, sz, - (k->f & f_quiet) ? 0 : pgen_ev, 0)) + if (dsa_gen(&dp, k->qbits, k->bits, 0, p, sz, + (k->f & f_quiet) ? 0 : pgen_ev, 0)) die(EXIT_FAILURE, "DSA parameter generation failed"); /* --- Store the parameters --- */ @@ -514,8 +524,7 @@ static void alg_dsa(keyopts *k) /* --- Choose a private key --- */ - x = mprand_range(MP_NEW, q, &rand_global, 0); - mp_burn(x); + x = mprand_range(MP_NEWSEC, q, &rand_global, 0); mpmont_create(&mm, p); y = mpmont_exp(&mm, MP_NEW, g, x); @@ -537,14 +546,39 @@ static void alg_dhparam(keyopts *k) if (!copyparam(k, pl)) { dh_param dp; key_data *kd = &k->k->k; + int rc; if (!k->bits) k->bits = 1024; /* --- Choose a large safe prime number --- */ - if (dh_gen(&dp, k->qbits, k->bits, 0, &rand_global, - (k->f & f_quiet) ? 0 : pgen_ev, 0)) + if (k->f & f_limlee) { + mp **f; + size_t nf; + if (!k->qbits) + k->qbits = 256; + rc = dh_limlee(&dp, k->qbits, k->bits, + (k->f & f_subgroup) ? DH_SUBGROUP : 0, + 0, &rand_global, (k->f & f_quiet) ? 0 : pgen_ev, 0, + (k->f & f_quiet) ? 0 : pgen_evspin, 0, &nf, &f); + if (!rc) { + dstr d = DSTR_INIT; + size_t i; + for (i = 0; i < nf; i++) { + if (i) + dstr_puts(&d, ", "); + mp_writedstr(f[i], &d, 10); + mp_drop(f[i]); + } + key_putattr(k->kf, k->k, "factors", d.buf); + dstr_destroy(&d); + } + } else + rc = dh_gen(&dp, k->qbits, k->bits, 0, &rand_global, + (k->f & f_quiet) ? 0 : pgen_ev, 0); + + if (rc) die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed"); key_structure(kd); @@ -576,8 +610,7 @@ static void alg_dh(keyopts *k) * Since %$g$% has order %$q$%, choose %$x < q$%. */ - x = mprand_range(MP_NEW, q, &rand_global, 0); - mp_burn(x); + x = mprand_range(MP_NEWSEC, q, &rand_global, 0); /* --- Compute the public key %$y = g^x \bmod p$% --- */ @@ -599,7 +632,7 @@ static void alg_dh(keyopts *k) static void alg_bbs(keyopts *k) { - bbs_param bp; + bbs_priv bp; key_data *kd; /* --- Sanity checking --- */ @@ -627,7 +660,7 @@ static void alg_bbs(keyopts *k) mpkey(kd, "q", bp.q, KCAT_PRIV | KF_BURN); dolock(k, kd, "private"); - mp_drop(bp.p); mp_drop(bp.q); mp_drop(bp.n); + bbs_privfree(&bp); } /* --- The algorithm tables --- */ @@ -676,9 +709,11 @@ static int cmd_add(int argc, char *argv[]) { "rand-id", OPTF_ARGREQ, 0, 'r' }, { "lock", 0, 0, 'l' }, { "quiet", 0, 0, 'q' }, + { "lim-lee", 0, 0, 'L' }, + { "subgroup", 0, 0, 'S' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:r:lq", opt, 0, 0, 0); + int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:r:lqLS", opt, 0, 0, 0); if (i < 0) break; @@ -775,6 +810,12 @@ static int cmd_add(int argc, char *argv[]) case 'q': k.f |= f_quiet; break; + case 'L': + k.f |= f_limlee; + break; + case 'S': + k.f |= f_subgroup; + break; /* --- Other things are bogus --- */ @@ -1062,7 +1103,7 @@ static void showkey(key *k, listopts *o) o->f &= ~f_attr; printf("attributes:"); for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) { - printf("\n\t%s = %s", an, av); + printf("\n %s = %s", an, av); o->f |= f_attr; } if (o->f & f_attr) @@ -1514,7 +1555,7 @@ static struct cmd { } cmds[] = { { "add", cmd_add, "add [options] type [attr...]\n\ - Options: [-lq] [-a alg] [-b|-B bits] [-p param] [-r tag]\n\ + Options: [-lqLS] [-a alg] [-b|-B bits] [-p param] [-r tag]\n\ [-e expire] [-t tag] [-c comment]" }, { "expire", cmd_expire, "expire tag..." }, @@ -1656,8 +1697,8 @@ int main(int argc, char *argv[]) /* --- Initialize the Catacomb random number generator --- */ - rand_init(RAND_GLOBAL); rand_noisesrc(RAND_GLOBAL, &noise_source); + rand_seed(RAND_GLOBAL, 160); /* --- Dispatch to appropriate command handler --- */