From 90a88ae35f5abc82ba02687650b30dccec572820 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@ncipher.com>
Date: Wed, 22 Nov 2006 11:36:49 +0000
Subject: [PATCH] keyutil: Allow explicit setting of key-id.

This is useful (indeed, essential!) for reproducibility of, say, domain
parameters, since otherwise the fingerprints will come out different and
you have to do the comparison by hand.
---
 keyutil.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/keyutil.c b/keyutil.c
index 1adb840..9bfc6bc 100644
--- a/keyutil.c
+++ b/keyutil.c
@@ -941,6 +941,7 @@ static int cmd_add(int argc, char *argv[])
 {
   key_file f;
   time_t exp = KEXP_EXPIRE;
+  uint32 kid = rand_global.ops->word(&rand_global);
   const char *tag = 0, *ptag = 0;
   const char *c = 0;
   keyalg *alg = algtab;
@@ -962,6 +963,7 @@ static int cmd_add(int argc, char *argv[])
       { "comment",	OPTF_ARGREQ,	0,	'c' },
       { "tag",		OPTF_ARGREQ,	0,	't' },
       { "rand-id",	OPTF_ARGREQ,	0,	'R' },
+      { "key-id",	OPTF_ARGREQ,	0,	'I' },
       { "curve",	OPTF_ARGREQ,	0,	'C' },
       { "seedalg",	OPTF_ARGREQ,	0,	'A' },
       { "seed",		OPTF_ARGREQ,	0,	's' },
@@ -973,7 +975,7 @@ static int cmd_add(int argc, char *argv[])
       { "kcdsa",	0,		0,	'K' },
       { 0,		0,		0,	0 }
     };
-    int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:C:A:s:n:lqrLKS",
+    int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
 		   opt, 0, 0, 0);
     if (i < 0)
       break;
@@ -1118,6 +1120,19 @@ static int cmd_add(int argc, char *argv[])
 	seed = d.buf;
 	k.r = sa->gen(p, n);
       } break;
+
+      /* --- Key id --- */
+
+      case 'I': {
+	char *p;
+	unsigned long id;
+
+	errno = 0;
+	id = strtoul(optarg, &p, 16);
+	if (errno || *p || id > MASK32)
+	  die(EXIT_FAILURE, "bad key-id `%s'", optarg);
+	kid = id;
+      } break;
 	
       /* --- Other flags --- */
 
@@ -1175,9 +1190,8 @@ static int cmd_add(int argc, char *argv[])
   keyrand(&f, rtag);
 
   for (;;) {
-    uint32 id = rand_global.ops->word(&rand_global);
     int err;
-    if ((err = key_new(&f, id, argv[optind], exp, &k.k)) == 0)
+    if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
       break;
     else if (err != KERR_DUPID)
       die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
@@ -2126,7 +2140,7 @@ Options:\n\
   { "add", cmd_add,
     "add [-OPTIONS] TYPE [ATTR...]\n\
 	Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
-	         [-A SEEDALG] [-s SEED] [-n BITS]\n\
+	         [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
 	         [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
 Options:\n\
 \n\
@@ -2146,6 +2160,7 @@ Options:\n\
 -t, --tag=TAG		Tag the key with the name TAG.\n\
 -r, --retag		Untag any key currently with that tag.\n\
 -R, --rand-id=TAG	Use key named TAG for the random number generator.\n\
+-I, --key-id=ID		Force the key-id for the new key.\n\
 -l, --lock		Lock the generated key with a passphrase.\n\
 -q, --quiet		Don't give progress indicators while working.\n\
 -L, --lim-lee		Generate Lim-Lee primes for Diffie-Hellman groups.\n\
-- 
2.11.0