pub/, progs/: Implement Bernstein's Ed25519 signature scheme.

[catacomb] / progs / key.c

diff --git a/progs/key.c b/progs/key.c
index 0549469..b2b9080 100644 (file)
--- a/progs/key.c
+++ b/progs/key.c
@@ -69,6 +69,8 @@
 #include "pgen.h"
 #include "ptab.h"
 #include "rsa.h"
+#include "x25519.h"
+#include "ed25519.h"
 
 #include "cc.h"
 #include "sha-mgf.h"
@@ -228,7 +230,7 @@ static void dolock(keyopts *k, key_data **kd, const char *t)
 /* --- @copyparam@ --- *
  *
  * Arguments:  @keyopts *k@ = pointer to key options
- *             @const char **pp@ = checklist of parameters
+ *             @const char **pp@ = checklist of parameters, or null
  *
  * Returns:    Nonzero if parameters copied; zero if you have to generate
  *             them.
@@ -242,6 +244,7 @@ static int copyparam(keyopts *k, const char **pp)
   key_attriter i;
   key_data *kd;
   const char *n, *v;
+  dstr t = DSTR_INIT;
 
   kf.f = KCAT_SHARE;
   kf.m = KF_CATMASK;
@@ -251,23 +254,35 @@ static int copyparam(keyopts *k, const char **pp)
   if (!k->p)
     return (0);
 
-  /* --- Run through the checklist --- */
+  /* --- Copy the key data if there's anything we want --- */
 
-  while (*pp) {
-    key_data *kd = key_structfind(k->p->k, *pp);
-    if (!kd)
-      die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
-    if (!KEY_MATCH(kd, &kf))
-      die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
-    pp++;
-  }
+  if (pp) {
 
-  /* --- Copy over the parameters --- */
+    /* --- Run through the checklist --- */
 
-  kd = key_copydata(k->p->k, &kf);
-  assert(kd);
-  key_setkeydata(k->kf, k->k, kd);
-  key_drop(kd);
+    key_fulltag(k->p, &t);
+    if ((k->p->k->e & KF_ENCMASK) != KENC_STRUCT)
+      die(EXIT_FAILURE, "parameter key `%s' is not structured", t.buf);
+    while (*pp) {
+      key_data *kd = key_structfind(k->p->k, *pp);
+      if (!kd) {
+       die(EXIT_FAILURE,
+           "bad parameter key `%s': parameter `%s' not found", t.buf, *pp);
+      }
+      if (!KEY_MATCH(kd, &kf)) {
+       die(EXIT_FAILURE,
+           "bad parameter key `%s': subkey `%s' is not shared", t.buf, *pp);
+      }
+      pp++;
+    }
+
+    /* --- Copy over the parameters --- */
+
+    kd = key_copydata(k->p->k, &kf);
+    assert(kd);
+    key_setkeydata(k->kf, k->k, kd);
+    key_drop(kd);
+  }
 
   /* --- Copy over attributes --- */
 
@@ -276,6 +291,7 @@ static int copyparam(keyopts *k, const char **pp)
 
   /* --- Done --- */
 
+  dstr_destroy(&t);
   return (1);
 }
 
@@ -354,6 +370,13 @@ static void keyrand(key_file *kf, const char *id)
 
 /* --- Key generation algorithms --- */
 
+static void alg_empty(keyopts *k)
+{
+  copyparam(k, 0);
+  key_setkeydata(k->kf, k->k,
+                key_newstring(KCAT_SHARE, k->curve ? k->curve : "."));
+}
+
 static void alg_binary(keyopts *k)
 {
   unsigned sz;
@@ -363,8 +386,7 @@ static void alg_binary(keyopts *k)
 
   if (!k->bits)
     k->bits = 128;
-  if (k->p)
-    die(EXIT_FAILURE, "no shared parameters for binary keys");
+  copyparam(k, 0);
 
   sz = (k->bits + 7) >> 3;
   p = sub_alloc(sz);
@@ -388,8 +410,7 @@ static void alg_des(keyopts *k)
 
   if (!k->bits)
     k->bits = 168;
-  if (k->p)
-    die(EXIT_FAILURE, "no shared parameters for DES keys");
+  copyparam(k, 0);
   if (k->bits % 56 || k->bits > 168)
     die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
 
@@ -418,8 +439,7 @@ static void alg_rsa(keyopts *k)
 
   /* --- Sanity checking --- */
 
-  if (k->p)
-    die(EXIT_FAILURE, "no shared parameters for RSA keys");
+  copyparam(k, 0);
   if (!k->bits)
     k->bits = 1024;
 
@@ -703,8 +723,7 @@ static void alg_bbs(keyopts *k)
 
   /* --- Sanity checking --- */
 
-  if (k->p)
-    die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
+  copyparam(k, 0);
   if (!k->bits)
     k->bits = 1024;
 
@@ -919,6 +938,42 @@ static void alg_ec(keyopts *k)
   mp_drop(x);
 }
 
+static void alg_x25519(keyopts *k)
+{
+  key_data *kd, *kkd;
+  octet priv[X25519_KEYSZ], pub[X25519_PUBSZ];
+
+  copyparam(k, 0);
+  k->r->ops->fill(k->r, priv, sizeof(priv));
+  x25519(pub, priv, x25519_base);
+  kkd = key_newstruct();
+  key_structsteal(kkd, "priv",
+                 key_newbinary(KCAT_PRIV | KF_BURN, priv, sizeof(priv)));
+  kd = key_newstruct();
+  key_structsteal(kd, "private", kkd);
+  key_structsteal(kd, "pub", key_newbinary(KCAT_PUB, pub, sizeof(pub)));
+
+  key_setkeydata(k->kf, k->k, kd);
+}
+
+static void alg_ed25519(keyopts *k)
+{
+  key_data *kd, *kkd;
+  octet priv[ED25519_KEYSZ], pub[ED25519_PUBSZ];
+
+  copyparam(k, 0);
+  k->r->ops->fill(k->r, priv, sizeof(priv));
+  ed25519_pubkey(pub, priv, sizeof(priv));
+  kkd = key_newstruct();
+  key_structsteal(kkd, "priv",
+                 key_newbinary(KCAT_PRIV | KF_BURN, priv, sizeof(priv)));
+  kd = key_newstruct();
+  key_structsteal(kd, "private", kkd);
+  key_structsteal(kd, "pub", key_newbinary(KCAT_PUB, pub, sizeof(pub)));
+
+  key_setkeydata(k->kf, k->k, kd);
+}
+
 /* --- The algorithm tables --- */
 
 typedef struct keyalg {
@@ -940,6 +995,9 @@ static keyalg algtab[] = {
   { "bindh-param",     alg_binparam,   "Binary-field DH parameters" },
   { "ec-param",                alg_ecparam,    "Elliptic curve parameters" },
   { "ec",              alg_ec,         "Elliptic curve crypto" },
+  { "x25519",          alg_x25519,     "X25519 key exchange" },
+  { "ed25519",         alg_ed25519,    "Ed25519 digital signatures" },
+  { "empty",           alg_empty,      "Empty parametrs-only key" },
   { 0,                 0 }
 };
 
@@ -1239,12 +1297,8 @@ static int cmd_add(int argc, char *argv[])
 
   /* --- Find the parameter key --- */
 
-  if (ptag) {
-    if ((k.p = key_bytag(&f, ptag)) == 0)
-      die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
-    if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
-      die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
-  }
+  if (ptag && (k.p = key_bytag(&f, ptag)) == 0)
+    die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
 
   /* --- Now generate the actual key data --- */