/* -*-c-*-
*
- * $Id: keyutil.c,v 1.23 2004/04/08 01:02:49 mdw Exp $
+ * $Id$
*
* Simple key manager program
*
* (c) 1999 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keyutil.c,v $
- * Revision 1.23 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.22 2004/04/03 15:45:06 mdw
- * Oops. Fix formatting. :-S
- *
- * Revision 1.21 2004/04/03 15:15:19 mdw
- * Fix stupid error in previous rashly-committed version.
- *
- * Revision 1.20 2004/04/03 15:14:28 mdw
- * Handle points at infinity properly in listings.
- *
- * Revision 1.19 2004/04/03 03:31:01 mdw
- * Allow explicit group parameters for DH groups.
- *
- * Revision 1.18 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.17 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.16 2003/10/15 09:31:45 mdw
- * Fix help message.
- *
- * Revision 1.15 2003/05/15 23:23:24 mdw
- * Fix behaviour with bogus trailing attributes.
- *
- * Revision 1.14 2001/02/23 09:03:27 mdw
- * Simplify usage message by removing nonexistant options.
- *
- * Revision 1.13 2001/02/21 20:04:27 mdw
- * Provide help on individual commands (some need it desparately). Allow
- * atomic retagging of keys.
- *
- * Revision 1.12 2001/02/03 11:58:22 mdw
- * Store the correct seed information and count for DSA keys now that it's
- * available.
- *
- * Revision 1.11 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.10 2000/10/08 12:02:21 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.9 2000/08/15 21:40:49 mdw
- * Minor formatting change in listing attributes.
- *
- * Revision 1.8 2000/07/29 09:59:13 mdw
- * Support Lim-Lee primes in Diffie-Hellman parameter generation.
- *
- * Revision 1.7 2000/07/01 11:18:51 mdw
- * Use new interfaces for key manipulation.
- *
- * Revision 1.6 2000/06/17 11:28:22 mdw
- * Use secure memory interface from MP library. `rand_getgood' is
- * deprecated.
- *
- * Revision 1.5 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.4 1999/12/22 15:48:10 mdw
- * Track new key-management changes. Support new key generation
- * algorithms.
- *
- * Revision 1.3 1999/11/02 15:23:24 mdw
- * Fix newlines in keyring list.
- *
- * Revision 1.2 1999/10/15 21:05:28 mdw
- * In `key list', show timezone for local times, and support `-u' option
- * for UTC output.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
+#define _FILE_OFFSET_BITS 64
+
#include "config.h"
+#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <noise.h>
#include <rand.h>
+#include "bintab.h"
#include "bbs.h"
#include "dh.h"
#include "dsa.h"
#include "ectab.h"
#include "fibrand.h"
#include "getdate.h"
+#include "gfreduce.h"
#include "key.h"
#include "mp.h"
#include "mpmont.h"
#include "ptab.h"
#include "rsa.h"
+#include "cc.h"
#include "sha-mgf.h"
#include "sha256-mgf.h"
#include "sha224-mgf.h"
const struct seedalg { const char *p; grand *(*gen)(const void *, size_t); }
seedtab[] = {
- { "dsarand", dsarand_create },
- { "rmd128-mgf", rmd128_mgfrand },
- { "rmd160-mgf", rmd160_mgfrand },
- { "rmd256-mgf", rmd256_mgfrand },
- { "rmd320-mgf", rmd320_mgfrand },
- { "sha-mgf", sha_mgfrand },
- { "sha224-mgf", sha224_mgfrand },
- { "sha256-mgf", sha256_mgfrand },
- { "sha384-mgf", sha384_mgfrand },
- { "sha512-mgf", sha512_mgfrand },
- { "tiger-mgf", tiger_mgfrand },
+ { "dsarand", dsarand_create },
+ { "rmd128-mgf", rmd128_mgfrand },
+ { "rmd160-mgf", rmd160_mgfrand },
+ { "rmd256-mgf", rmd256_mgfrand },
+ { "rmd320-mgf", rmd320_mgfrand },
+ { "sha-mgf", sha_mgfrand },
+ { "sha224-mgf", sha224_mgfrand },
+ { "sha256-mgf", sha256_mgfrand },
+ { "sha384-mgf", sha384_mgfrand },
+ { "sha512-mgf", sha512_mgfrand },
+ { "tiger-mgf", tiger_mgfrand },
{ 0, 0 }
};
#define f_limlee 8u /* Generate Lim-Lee primes */
#define f_subgroup 16u /* Generate a subgroup */
#define f_retag 32u /* Remove any existing tag */
+#define f_kcdsa 64u /* Generate KCDSA primes */
/* --- @dolock@ --- *
*
* Arguments: @keyopts *k@ = key generation options
- * @key_data *kd@ = pointer to key data to lock
+ * @key_data **kd@ = pointer to key data to lock
* @const char *t@ = tag suffix or null
*
* Returns: ---
* Use: Does passphrase locking on new keys.
*/
-static void dolock(keyopts *k, key_data *kd, const char *t)
+static void dolock(keyopts *k, key_data **kd, const char *t)
{
if (!(k->f & f_lock))
return;
if (t)
dstr_putf(&k->tag, ".%s", t);
- if (key_plock(k->tag.buf, kd, kd))
+ if (key_plock(kd, 0, k->tag.buf))
die(EXIT_FAILURE, "couldn't lock key");
}
-/* --- @mpkey@ --- *
- *
- * Arguments: @key_data *kd@ = pointer to parent key block
- * @const char *tag@ = pointer to tag string
- * @mp *m@ = integer to store
- * @unsigned f@ = flags to set
- *
- * Returns: ---
- *
- * Use: Sets a multiprecision integer subkey.
- */
-
-static void mpkey(key_data *kd, const char *tag, mp *m, unsigned f)
-{
- key_data *kkd = key_structcreate(kd, tag);
- key_mp(kkd, m);
- kkd->e |= f;
-}
-
/* --- @copyparam@ --- *
*
* Arguments: @keyopts *k@ = pointer to key options
static int copyparam(keyopts *k, const char **pp)
{
key_filter kf;
+ key_attriter i;
+ key_data *kd;
+ const char *n, *v;
+
+ kf.f = KCAT_SHARE;
+ kf.m = KF_CATMASK;
/* --- Quick check if no parameters supplied --- */
/* --- Run through the checklist --- */
while (*pp) {
- key_data *kd = key_structfind(&k->p->k, *pp);
+ key_data *kd = key_structfind(k->p->k, *pp);
if (!kd)
die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
- if ((kd->e & KF_CATMASK) != KCAT_SHARE)
+ if (!KEY_MATCH(kd, &kf))
die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
pp++;
}
/* --- Copy over the parameters --- */
- kf.f = KCAT_SHARE;
- kf.m = KF_CATMASK;
- if (!key_copy(&k->k->k, &k->p->k, &kf))
- die(EXIT_FAILURE, "unexpected failure while copying parameters");
+ kd = key_copydata(k->p->k, &kf);
+ assert(kd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
+
+ /* --- Copy over attributes --- */
+
+ for (key_mkattriter(&i, k->p); key_nextattr(&i, &n, &v); )
+ key_putattr(k->kf, k->k, n, v);
+
+ /* --- Done --- */
+
return (1);
}
k = key_bytype(kf, "catacomb-rand");
if (k) {
- key_data *kd = &k->k, kkd;
+ key_data *kd = k->k, *kkd;
+ key_incref(kd);
again:
switch (kd->e & KF_ENCMASK) {
case KENC_ENCRYPT: {
dstr d = DSTR_INIT;
key_fulltag(k, &d);
- if (key_punlock(d.buf, kd, &kkd))
+ if (key_punlock(&kkd, kd, d.buf))
die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
dstr_destroy(&d);
- kd = &kkd;
+ key_drop(kd);
+ kd = kkd;
} goto again;
default: {
dstr d = DSTR_INIT;
/* --- Key the generator --- */
rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
- if (kd == &kkd)
- key_destroy(&kkd);
+ key_drop(kd);
}
}
{
unsigned sz;
unsigned m;
+ key_data *kd;
octet *p;
if (!k->bits)
m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
k->r->ops->fill(k->r, p, sz);
*p &= m;
- key_binary(&k->k->k, p, sz);
- k->k->k.e |= KCAT_SYMM | KF_BURN;
+ kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
memset(p, 0, sz);
+ dolock(k, &kd, 0);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
sub_free(p, sz);
- dolock(k, &k->k->k, 0);
}
static void alg_des(keyopts *k)
{
unsigned sz;
octet *p;
+ key_data *kd;
int i;
if (!k->bits)
x = x ^ (x >> 1);
p[i] = (p[i] & 0xfe) | (x & 0x01);
}
- key_binary(&k->k->k, p, sz);
- k->k->k.e |= KCAT_SYMM | KF_BURN;
+ kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
memset(p, 0, sz);
+ dolock(k, &kd, 0);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
sub_free(p, sz);
- dolock(k, &k->k->k, 0);
}
static void alg_rsa(keyopts *k)
{
rsa_priv rp;
- key_data *kd;
+ key_data *kd, *kkd;
/* --- Sanity checking --- */
/* --- Allrighty then --- */
- kd = &k->k->k;
- key_structure(kd);
- mpkey(kd, "n", rp.n, KCAT_PUB);
- mpkey(kd, "e", rp.e, KCAT_PUB);
-
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "d", rp.d, KCAT_PRIV | KF_BURN);
- mpkey(kd, "p", rp.p, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q", rp.q, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q-inv", rp.q_inv, KCAT_PRIV | KF_BURN);
- mpkey(kd, "d-mod-p", rp.dp, KCAT_PRIV | KF_BURN);
- mpkey(kd, "d-mod-q", rp.dq, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
-
+ kd = key_newstruct();
+ key_structsteal(kd, "n", key_newmp(KCAT_PUB, rp.n));
+ key_structsteal(kd, "e", key_newmp(KCAT_PUB, rp.e));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "d", key_newmp(KCAT_PRIV | KF_BURN, rp.d));
+ key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, rp.p));
+ key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, rp.q));
+ key_structsteal(kkd, "q-inv", key_newmp(KCAT_PRIV | KF_BURN, rp.q_inv));
+ key_structsteal(kkd, "d-mod-p", key_newmp(KCAT_PRIV | KF_BURN, rp.dp));
+ key_structsteal(kkd, "d-mod-q", key_newmp(KCAT_PRIV | KF_BURN, rp.dq));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
rsa_privfree(&rp);
}
size_t sz;
dstr d = DSTR_INIT;
base64_ctx c;
- key_data *kd = &k->k->k;
+ key_data *kd;
dsa_seed ds;
/* --- Choose appropriate bit lengths if necessary --- */
if (!k->qbits)
k->qbits = 160;
if (!k->bits)
- k->bits = 768;
+ k->bits = 1024;
/* --- Allocate a seed block --- */
/* --- Store the parameters --- */
- key_structure(kd);
- mpkey(kd, "q", dp.q, KCAT_SHARE);
- mpkey(kd, "p", dp.p, KCAT_SHARE);
- mpkey(kd, "g", dp.g, KCAT_SHARE);
+ kd = key_newstruct();
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
mp_drop(dp.q);
mp_drop(dp.p);
mp_drop(dp.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
/* --- Store the seed for future verification --- */
c.indent = "";
base64_encode(&c, ds.p, ds.sz, &d);
base64_encode(&c, 0, 0, &d);
+ DPUTZ(&d);
key_putattr(k->kf, k->k, "seed", d.buf);
DRESET(&d);
dstr_putf(&d, "%u", ds.count);
mp *q, *p, *g;
mp *x, *y;
mpmont mm;
- key_data *kd = &k->k->k;
+ key_data *kd, *kkd;
/* --- Get the shared parameters --- */
alg_dsaparam(k);
+ key_split(&k->k->k); kd = k->k->k;
q = getmp(kd, "q");
p = getmp(kd, "p");
g = getmp(kd, "g");
/* --- Store everything away --- */
- mpkey(kd, "y", y, KCAT_PUB);
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
mp_drop(x); mp_drop(y);
}
static void alg_dhparam(keyopts *k)
{
static const char *pl[] = { "p", "q", "g", 0 };
- key_data *kd = &k->k->k;
+ key_data *kd;
if (!copyparam(k, pl)) {
dh_param dp;
int rc;
if (k->curve) {
qd_parse qd;
-
+ group *g;
+ const char *e;
+
if (strcmp(k->curve, "list") == 0) {
- const pentry *pe;
- printf("Built-in prime groups:\n");
- for (pe = ptab; pe->name; pe++)
- printf(" %s\n", pe->name);
+ unsigned i, w;
+ LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
exit(0);
}
qd.p = k->curve;
if (dh_parse(&qd, &dp))
- die(EXIT_FAILURE, "error in group spec: %s", qd.e);
+ die(EXIT_FAILURE, "error in field spec: %s", qd.e);
+ if (!qd_eofp(&qd))
+ die(EXIT_FAILURE, "junk at end of field spec");
+ if ((g = group_prime(&dp)) == 0)
+ die(EXIT_FAILURE, "invalid prime field");
+ if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
+ moan("WARNING! group check failed: %s", e);
+ G_DESTROYGROUP(g);
goto done;
}
key_putattr(k->kf, k->k, "factors", d.buf);
dstr_destroy(&d);
}
+ } else if (k->f & f_kcdsa) {
+ if (!k->qbits)
+ k->qbits = 256;
+ rc = dh_kcdsagen(&dp, k->qbits, k->bits, 0,
+ 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0);
+ if (!rc) {
+ dstr d = DSTR_INIT;
+ mp *v = MP_NEW;
+
+ mp_writedstr(dp.q, &d, 10);
+ mp_div(&v, 0, dp.p, dp.q);
+ v = mp_lsr(v, v, 1);
+ dstr_puts(&d, ", ");
+ mp_writedstr(v, &d, 10);
+ mp_drop(v);
+ key_putattr(k->kf, k->k, "factors", d.buf);
+ dstr_destroy(&d);
+ }
} else
rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
(k->f & f_quiet) ? 0 : pgen_ev, 0);
die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
done:
- key_structure(kd);
- mpkey(kd, "p", dp.p, KCAT_SHARE);
- mpkey(kd, "q", dp.q, KCAT_SHARE);
- mpkey(kd, "g", dp.g, KCAT_SHARE);
+ kd = key_newstruct();
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
mp_drop(dp.q);
mp_drop(dp.p);
mp_drop(dp.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
}
}
mp *x, *y;
mp *p, *q, *g;
mpmont mm;
- key_data *kd = &k->k->k;
+ key_data *kd, *kkd;
/* --- Get the shared parameters --- */
alg_dhparam(k);
+ key_split(&k->k->k); kd = k->k->k;
p = getmp(kd, "p");
q = getmp(kd, "q");
g = getmp(kd, "g");
/* --- Store everything away --- */
- mpkey(kd, "y", y, KCAT_PUB);
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
mp_drop(x); mp_drop(y);
}
static void alg_bbs(keyopts *k)
{
bbs_priv bp;
- key_data *kd;
+ key_data *kd, *kkd;
/* --- Sanity checking --- */
/* --- Allrighty then --- */
- kd = &k->k->k;
- key_structure(kd);
- mpkey(kd, "n", bp.n, KCAT_PUB);
+ kd = key_newstruct();
+ key_structsteal(kd, "n", key_newmp(KCAT_PUB, bp.n));
- kd = key_structcreate(kd, "private");
- key_structure(kd);
- mpkey(kd, "p", bp.p, KCAT_PRIV | KF_BURN);
- mpkey(kd, "q", bp.q, KCAT_PRIV | KF_BURN);
- dolock(k, kd, "private");
+ kkd = key_newstruct();
+ key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, bp.p));
+ key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, bp.q));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
bbs_privfree(&bp);
}
+static void alg_binparam(keyopts *k)
+{
+ static const char *pl[] = { "p", "q", "g", 0 };
+ if (!copyparam(k, pl)) {
+ gbin_param gb;
+ qd_parse qd;
+ group *g;
+ const char *e;
+ key_data *kd;
+
+ /* --- Decide on a field --- */
+
+ if (!k->bits) k->bits = 128;
+ if (k->curve && strcmp(k->curve, "list") == 0) {
+ unsigned i, w;
+ LIST("Built-in binary fields", stdout,
+ bintab[i].name, bintab[i].name);
+ exit(0);
+ }
+ if (!k->curve) {
+ if (k->bits <= 40) k->curve = "p1363-40";
+ else if (k->bits <= 56) k->curve = "p1363-56";
+ else if (k->bits <= 64) k->curve = "p1363-64";
+ else if (k->bits <= 80) k->curve = "p1363-80";
+ else if (k->bits <= 112) k->curve = "p1363-112";
+ else if (k->bits <= 128) k->curve = "p1363-128";
+ else {
+ die(EXIT_FAILURE,
+ "no built-in binary fields provide %u-bit security",
+ k->bits);
+ }
+ }
+
+ /* --- Check it --- */
+
+ qd.e = 0;
+ qd.p = k->curve;
+ if (dhbin_parse(&qd, &gb))
+ die(EXIT_FAILURE, "error in field spec: %s", qd.e);
+ if (!qd_eofp(&qd))
+ die(EXIT_FAILURE, "junk at end of field spec");
+ if ((g = group_binary(&gb)) == 0)
+ die(EXIT_FAILURE, "invalid binary field");
+ if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
+ moan("WARNING! group check failed: %s", e);
+ G_DESTROYGROUP(g);
+
+ /* --- Write out the answer --- */
+
+ kd = key_newstruct();
+ key_structsteal(kd, "p", key_newmp(KCAT_SHARE, gb.p));
+ key_structsteal(kd, "q", key_newmp(KCAT_SHARE, gb.q));
+ key_structsteal(kd, "g", key_newmp(KCAT_SHARE, gb.g));
+ mp_drop(gb.q);
+ mp_drop(gb.p);
+ mp_drop(gb.g);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
+ }
+}
+
+static void alg_bin(keyopts *k)
+{
+ mp *x, *y;
+ mp *p, *q, *g;
+ gfreduce r;
+ key_data *kd, *kkd;
+
+ /* --- Get the shared parameters --- */
+
+ alg_binparam(k);
+ key_split(&k->k->k); kd = k->k->k;
+ p = getmp(kd, "p");
+ q = getmp(kd, "q");
+ g = getmp(kd, "g");
+
+ /* --- Choose a suitable private key --- *
+ *
+ * Since %$g$% has order %$q$%, choose %$x < q$%.
+ */
+
+ x = mprand_range(MP_NEWSEC, q, k->r, 0);
+
+ /* --- Compute the public key %$y = g^x \bmod p$% --- */
+
+ gfreduce_create(&r, p);
+ y = gfreduce_exp(&r, MP_NEW, g, x);
+ gfreduce_destroy(&r);
+
+ /* --- Store everything away --- */
+
+ key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
+
+ mp_drop(x); mp_drop(y);
+}
+
static void alg_ecparam(keyopts *k)
{
static const char *pl[] = { "curve", 0 };
if (!copyparam(k, pl)) {
ec_info ei;
const char *e;
- key_data *kd = &k->k->k;
+ key_data *kd;
/* --- Decide on a curve --- */
if (!k->bits) k->bits = 256;
if (k->curve && strcmp(k->curve, "list") == 0) {
- const ecentry *ee;
- printf("Built-in elliptic curves:\n");
- for (ee = ectab; ee->name; ee++)
- printf(" %s\n", ee->name);
+ unsigned i, w;
+ LIST("Built-in elliptic curves", stdout,
+ ectab[i].name, ectab[i].name);
exit(0);
}
if (!k->curve) {
/* --- Write out the answer --- */
- key_structure(kd);
- kd = key_structcreate(kd, "curve");
- key_string(kd, k->curve);
- kd->e |= KCAT_SHARE;
+ kd = key_newstruct();
+ key_structsteal(kd, "curve", key_newstring(KCAT_SHARE, k->curve));
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
}
}
static void alg_ec(keyopts *k)
{
- key_data *kd = &k->k->k;
+ key_data *kd;
key_data *kkd;
mp *x = MP_NEW;
ec p = EC_INIT;
/* --- Get the curve --- */
alg_ecparam(k);
+ key_split(&k->k->k); kd = k->k->k;
if ((kkd = key_structfind(kd, "curve")) == 0)
die(EXIT_FAILURE, "unexpected failure looking up subkey `curve')");
if ((kkd->e & KF_ENCMASK) != KENC_STRING)
/* --- Store everything away --- */
- kkd = key_structcreate(kd, "p");
- key_ec(kkd, &p);
- kkd->e |= KCAT_PUB;
- kkd = key_structcreate(kd, "private");
- key_structure(kkd);
- mpkey(kkd, "x", x, KCAT_PRIV | KF_BURN);
+ key_structsteal(kd, "p", key_newec(KCAT_PUB, &p));
+
+ kkd = key_newstruct();
+ key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
+ dolock(k, &kkd, "private");
+ key_structsteal(kd, "private", kkd);
/* --- Done --- */
{ "binary", alg_binary, "Plain binary data" },
{ "des", alg_des, "Binary with DES-style parity" },
{ "rsa", alg_rsa, "RSA public-key encryption" },
+ { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
{ "dsa", alg_dsa, "DSA digital signatures" },
{ "dsa-param", alg_dsaparam, "DSA shared parameters" },
{ "dh", alg_dh, "Diffie-Hellman key exchange" },
{ "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
- { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
+ { "bindh", alg_bin, "DH over a binary field" },
+ { "bindh-param", alg_binparam, "Binary-field DH parameters" },
{ "ec-param", alg_ecparam, "Elliptic curve parameters" },
{ "ec", alg_ec, "Elliptic curve crypto" },
{ 0, 0 }
{
key_file f;
time_t exp = KEXP_EXPIRE;
+ uint32 kid = rand_global.ops->word(&rand_global);
const char *tag = 0, *ptag = 0;
const char *c = 0;
keyalg *alg = algtab;
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
+ { "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
{ "seedalg", OPTF_ARGREQ, 0, 'A' },
{ "seed", OPTF_ARGREQ, 0, 's' },
{ "quiet", 0, 0, 'q' },
{ "lim-lee", 0, 0, 'L' },
{ "subgroup", 0, 0, 'S' },
+ { "kcdsa", 0, 0, 'K' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:C:A:s:n:lqrLS",
+ int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
opt, 0, 0, 0);
if (i < 0)
break;
/* --- Expiry dates get passed to @get_date@ for parsing --- */
case 'e':
- if (strncmp(optarg, "forever", strlen(optarg)) == 0)
+ if (strcmp(optarg, "forever") == 0)
exp = KEXP_FOREVER;
else {
exp = get_date(optarg, 0);
case 's': {
base64_ctx b;
dstr d = DSTR_INIT;
- if (seed) die(EXIT_FAILURE, "seed already set");
+ if (seed) die(EXIT_FAILURE, "seed already set");
base64_init(&b);
base64_decode(&b, optarg, strlen(optarg), &d);
base64_decode(&b, 0, 0, &d);
seed = optarg;
dstr_destroy(&d);
} break;
-
+
case 'n': {
base64_ctx b;
dstr d = DSTR_INIT;
unsigned n = strtoul(optarg, &p, 0);
if (n == 0 || *p != 0 || n % 8 != 0)
die(EXIT_FAILURE, "bad seed length `%s'", optarg);
- if (seed) die(EXIT_FAILURE, "seed already set");
+ if (seed) die(EXIT_FAILURE, "seed already set");
n /= 8;
p = xmalloc(n);
rand_get(RAND_GLOBAL, p, n);
seed = d.buf;
k.r = sa->gen(p, n);
} break;
-
+
+ /* --- Key id --- */
+
+ case 'I': {
+ char *p;
+ unsigned long id;
+
+ errno = 0;
+ id = strtoul(optarg, &p, 16);
+ if (errno || *p || id > MASK32)
+ die(EXIT_FAILURE, "bad key-id `%s'", optarg);
+ kid = id;
+ } break;
+
/* --- Other flags --- */
case 'R':
case 'L':
k.f |= f_limlee;
break;
+ case 'K':
+ k.f |= f_kcdsa;
+ break;
case 'S':
k.f |= f_subgroup;
break;
if ((k.f & f_bogus) || optind + 1 > argc) {
die(EXIT_FAILURE,
- "Usage: add [options] type [attr...]");
+ "Usage: add [OPTIONS] TYPE [ATTR...]");
}
if (key_chkident(argv[optind]))
die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
keyrand(&f, rtag);
for (;;) {
- uint32 id = rand_global.ops->word(&rand_global);
int err;
- k.k = key_new(&f, id, argv[optind], exp, &err);
- if (k.k)
+ if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
break;
- if (err != KERR_DUPID)
+ else if (err != KERR_DUPID)
die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
}
int err;
key *kk;
if (k.f & f_retag) {
- if ((kk = key_bytag(&f, tag)) != 0 && strcmp(kk->tag, tag) == 0)
+ if ((kk = key_bytag(&f, tag)) != 0 &&
+ kk->tag &&
+ strcmp(kk->tag, tag) == 0)
key_settag(&f, kk, 0);
}
if ((err = key_settag(&f, k.k, tag)) != 0)
if (ptag) {
if ((k.p = key_bytag(&f, ptag)) == 0)
die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
- if ((k.p->k.e & KF_ENCMASK) != KENC_STRUCT)
+ if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
}
/* --- Done --- */
+ dstr_destroy(&k.tag);
doclose(&f);
return (0);
}
if (o->v <= 3)
fputs(" encrypted\n", stdout);
else {
- key_data kd;
- if (key_punlock(d->buf, k, &kd))
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
printf(" <failed to unlock %s>\n", d->buf);
else {
fputs(" encrypted", stdout);
- showkeydata(&kd, ind, o, d);
- key_destroy(&kd);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
}
}
break;
fputs(", 0x", stdout); mp_writefile(k->u.e.y, stdout, 16);
putchar('\n');
}
- break;
+ break;
/* --- Structured keys --- *
*
*/
case KENC_STRUCT: {
- sym_iter i;
- key_struct *ks;
+ key_subkeyiter i;
+ const char *tag;
size_t n = d->len;
fputs(" {\n", stdout);
- for (sym_mkiter(&i, &k->u.s); (ks = sym_next(&i)) != 0; ) {
- if (!key_match(&ks->k, &o->kf))
+ for (key_mksubkeyiter(&i, k); key_nextsubkey(&i, &tag, &k); ) {
+ if (!key_match(k, &o->kf))
continue;
INDENT(ind + 2);
- printf("%s =", SYM_NAME(ks));
+ printf("%s =", tag);
d->len = n;
- dstr_putf(d, ".%s", SYM_NAME(ks));
- showkeydata(&ks->k, ind + 2, o, d);
+ dstr_putf(d, ".%s", tag);
+ showkeydata(k, ind + 2, o, d);
}
INDENT(ind);
fputs("}\n", stdout);
- } break;
+ } break;
}
#undef INDENT
/* --- Skip the key if the filter doesn't match --- */
- if (!key_match(&k->k, &o->kf))
+ if (!key_match(k->k, &o->kf))
return;
/* --- Sort out the expiry and deletion times --- */
if (!o->v) {
if (!(o->f & f_newline)) {
- printf("%8s %-20s %-20s %-10s %-10s\n",
+ printf("%8s %-20s %-20s %-10s %s\n",
"Id", "Tag", "Type", "Expire", "Delete");
}
- printf("%08lx %-20s %-20s %-10s %-10s\n",
+ printf("%08lx %-20s %-20s %-10s %s\n",
(unsigned long)k->id, k->tag ? k->tag : "<none>",
k->type, ebuf, dbuf);
o->f |= f_newline;
dstr d = DSTR_INIT;
fputs("key:", stdout);
key_fulltag(k, &d);
- showkeydata(&k->k, 0, o, &d);
+ showkeydata(k->k, 0, o, &d);
dstr_destroy(&d);
}
-
+
o->f |= f_newline;
}
int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
if (e || *p)
die(EXIT_FAILURE, "bad filter string `%s'", optarg);
- } break;
+ } break;
default:
o.f |= f_bogus;
break;
}
if (o.f & f_bogus)
- die(EXIT_FAILURE, "Usage: list [-uqv] [-f filter] [tag...]");
+ die(EXIT_FAILURE, "Usage: list [-uqv] [-f FILTER] [TAG...]");
/* --- Open the key file --- */
int rc = 0;
if (argc < 2)
- die(EXIT_FAILURE, "Usage: expire tag...");
+ die(EXIT_FAILURE, "Usage: expire TAG...");
doopen(&f, KOPEN_WRITE);
for (i = 1; i < argc; i++) {
if ((k = key_bytag(&f, argv[i])) != 0)
int rc = 0;
if (argc < 2)
- die(EXIT_FAILURE, "Usage: delete tag...");
+ die(EXIT_FAILURE, "Usage: delete TAG...");
doopen(&f, KOPEN_WRITE);
for (i = 1; i < argc; i++) {
if ((k = key_bytag(&f, argv[i])) != 0)
key *k;
if (argc < 3)
- die(EXIT_FAILURE, "Usage: setattr tag attr...");
+ die(EXIT_FAILURE, "Usage: setattr TAG ATTR...");
doopen(&f, KOPEN_WRITE);
if ((k = key_bytag(&f, argv[1])) == 0)
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
return (0);
}
+/* --- @cmd_getattr@ --- */
+
+static int cmd_getattr(int argc, char *argv[])
+{
+ key_file f;
+ key *k;
+ dstr d = DSTR_INIT;
+ const char *p;
+
+ if (argc != 3)
+ die(EXIT_FAILURE, "Usage: getattr TAG ATTR");
+ doopen(&f, KOPEN_READ);
+ if ((k = key_bytag(&f, argv[1])) == 0)
+ die(EXIT_FAILURE, "key `%s' not found", argv[1]);
+ key_fulltag(k, &d);
+ if ((p = key_getattr(&f, k, argv[2])) == 0)
+ die(EXIT_FAILURE, "no attribute `%s' for key `%s'", argv[2], d.buf);
+ puts(p);
+ dstr_destroy(&d);
+ doclose(&f);
+ return (0);
+}
+
/* --- @cmd_finger@ --- */
static void fingerprint(key *k, const gchash *ch, const key_filter *kf)
argv += optind; argc -= optind;
if (rc)
- die(EXIT_FAILURE, "Usage: fingerprint [-f filter] [tag...]");
+ die(EXIT_FAILURE, "Usage: fingerprint [-f FILTER] [TAG...]");
doopen(&f, KOPEN_READ);
return (rc);
}
+/* --- @cmd_verify@ --- */
+
+static unsigned xdigit(char c)
+{
+ if ('A' <= c && c <= 'Z') return (c + 10 - 'A');
+ if ('a' <= c && c <= 'z') return (c + 10 - 'a');
+ if ('0' <= c && c <= '9') return (c - '0');
+ return (~0u);
+}
+
+static void unhexify(octet *q, char *p, size_t n)
+{
+ unsigned a = 0;
+ int i = 0;
+
+ for (;;) {
+ if (*p == '-' || *p == ':' || isspace((unsigned char)*p)) {
+ p++;
+ continue;
+ }
+ if (!n && !*p)
+ break;
+ if (!*p)
+ die(EXIT_FAILURE, "hex string too short");
+ if (!isxdigit((unsigned char)*p))
+ die(EXIT_FAILURE, "bad hex string");
+ if (!n)
+ die(EXIT_FAILURE, "hex string too long");
+ a = (a << 4) | xdigit(*p++);
+ i++;
+ if (i == 2) {
+ *q++ = U8(a);
+ a = 0;
+ i = 0;
+ n--;
+ }
+ }
+}
+
+static int cmd_verify(int argc, char *argv[])
+{
+ key_file f;
+ int rc = 0;
+ const gchash *ch = &rmd160;
+ ghash *h;
+ key *k;
+ octet *buf;
+ const octet *fpr;
+ key_filter kf = { KF_NONSECRET, KF_NONSECRET };
+
+ for (;;) {
+ static struct option opt[] = {
+ { "filter", OPTF_ARGREQ, 0, 'f' },
+ { "algorithm", OPTF_ARGREQ, 0, 'a' },
+ { 0, 0, 0, 0 }
+ };
+ int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
+ if (i < 0)
+ break;
+ switch (i) {
+ case 'f': {
+ char *p;
+ int err = key_readflags(optarg, &p, &kf.f, &kf.m);
+ if (err || *p)
+ die(EXIT_FAILURE, "bad filter string `%s'", optarg);
+ } break;
+ case 'a':
+ if ((ch = ghash_byname(optarg)) == 0)
+ die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
+ break;
+ default:
+ rc = 1;
+ break;
+ }
+ }
+
+ argv += optind; argc -= optind;
+ if (rc || argc != 2)
+ die(EXIT_FAILURE, "Usage: verify [-f FILTER] TAG FINGERPRINT");
+
+ doopen(&f, KOPEN_READ);
+
+ if ((k = key_bytag(&f, argv[0])) == 0)
+ die(EXIT_FAILURE, "key `%s' not found", argv[0]);
+ buf = xmalloc(ch->hashsz);
+ unhexify(buf, argv[1], ch->hashsz);
+ h = GH_INIT(ch);
+ if (!key_fingerprint(k, h, &kf))
+ die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
+ fpr = GH_DONE(h, 0);
+ if (memcmp(fpr, buf, ch->hashsz) != 0)
+ die(EXIT_FAILURE, "key fingerprint mismatch");
+ doclose(&f);
+ return (0);
+}
+
/* --- @cmd_comment@ --- */
static int cmd_comment(int argc, char *argv[])
int err;
if (argc < 2 || argc > 3)
- die(EXIT_FAILURE, "Usage: comment tag [comment]");
+ die(EXIT_FAILURE, "Usage: comment TAG [COMMENT]");
doopen(&f, KOPEN_WRITE);
if ((k = key_bytag(&f, argv[1])) == 0)
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
argv += optind; argc -= optind;
if (argc < 1 || argc > 2 || rc)
- die(EXIT_FAILURE, "Usage: tag [-r] tag [new-tag]");
+ die(EXIT_FAILURE, "Usage: tag [-r] TAG [NEW-TAG]");
doopen(&f, KOPEN_WRITE);
if (flags & f_retag) {
if ((k = key_bytag(&f, argv[1])) != 0 && strcmp(k->tag, argv[1]) == 0)
{
key_file f;
key *k;
- key_data *kd;
+ key_data **kd;
dstr d = DSTR_INIT;
if (argc != 2)
- die(EXIT_FAILURE, "Usage: lock qtag");
+ die(EXIT_FAILURE, "Usage: lock QTAG");
doopen(&f, KOPEN_WRITE);
if (key_qtag(&f, argv[1], &d, &k, &kd))
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
- if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
+ if ((*kd)->e == KENC_ENCRYPT && key_punlock(kd, 0, d.buf))
die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
- if (key_plock(d.buf, kd, kd))
+ if (key_plock(kd, 0, d.buf))
die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
f.f |= KF_MODIFIED;
doclose(&f);
{
key_file f;
key *k;
- key_data *kd;
+ key_data **kd;
dstr d = DSTR_INIT;
if (argc != 2)
- die(EXIT_FAILURE, "Usage: unlock qtag");
+ die(EXIT_FAILURE, "Usage: unlock QTAG");
doopen(&f, KOPEN_WRITE);
if (key_qtag(&f, argv[1], &d, &k, &kd))
die(EXIT_FAILURE, "key `%s' not found", argv[1]);
- if (kd->e != KENC_ENCRYPT)
+ if ((*kd)->e != KENC_ENCRYPT)
die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
- if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
+ if (key_punlock(kd, 0, d.buf))
die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
f.f |= KF_MODIFIED;
doclose(&f);
int i;
int rc = 0;
key_filter kf = { 0, 0 };
+ dstr d = DSTR_INIT;
+ const char *outfile = 0;
FILE *fp;
for (;;) {
argv += optind; argc -= optind;
if (rc || argc < 1)
- die(EXIT_FAILURE, "Usage: extract [-f filter] file [tag...]");
+ die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
if (strcmp(*argv, "-") == 0)
fp = stdout;
- else if (!(fp = fopen(*argv, "w"))) {
- die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
- *argv, strerror(errno));
+ else {
+ outfile = *argv;
+ dstr_putf(&d, "%s.new", outfile);
+ if (!(fp = fopen(d.buf, "w"))) {
+ die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
+ d.buf, strerror(errno));
+ }
}
doopen(&f, KOPEN_READ);
key *k;
for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
key_extract(&f, k, fp, &kf);
- } else {
+ } else {
for (i = 1; i < argc; i++) {
if ((k = key_bytag(&f, argv[i])) != 0)
key_extract(&f, k, fp, &kf);
}
}
}
- if (fclose(fp))
+ if (fclose(fp) || (outfile && rename(d.buf, outfile)))
die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
+ dstr_destroy(&d);
doclose(&f);
return (rc);
}
{
key_file f;
if (argc != 1)
- die(EXIT_FAILURE, "usage: tidy");
+ die(EXIT_FAILURE, "Usage: tidy");
doopen(&f, KOPEN_WRITE);
f.f |= KF_MODIFIED; /* Nasty hack */
doclose(&f);
FILE *fp;
if (argc != 2)
- die(EXIT_FAILURE, "Usage: merge file");
+ die(EXIT_FAILURE, "Usage: merge FILE");
if (strcmp(argv[1], "-") == 0)
fp = stdin;
else if (!(fp = fopen(argv[1], "r"))) {
- die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
+ die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
argv[1], strerror(errno));
}
return (0);
}
+/* --- @cmd_show@ --- */
+
+#define LISTS(LI) \
+ LI("Lists", list, \
+ listtab[i].name, listtab[i].name) \
+ LI("Hash functions", hash, \
+ ghashtab[i], ghashtab[i]->name) \
+ LI("Elliptic curves", ec, \
+ ectab[i].name, ectab[i].name) \
+ LI("Prime Diffie-Hellman groups", dh, \
+ ptab[i].name, ptab[i].name) \
+ LI("Binary Diffie-Hellman groups", bindh, \
+ bintab[i].name, bintab[i].name) \
+ LI("Key-generation algorithms", keygen, \
+ algtab[i].name, algtab[i].name) \
+ LI("Random seeding algorithms", seed, \
+ seedtab[i].p, seedtab[i].p)
+
+MAKELISTTAB(listtab, LISTS)
+
+static int cmd_show(int argc, char *argv[])
+{
+ return (displaylists(listtab, argv + 1));
+}
+
/*----- Main command table ------------------------------------------------*/
-static struct cmd {
- const char *name;
- int (*cmd)(int /*argc*/, char */*argv*/[]);
- const char *usage;
- const char *help;
-} cmds[] = {
+static int cmd_help(int argc, char *argv[]);
+
+static cmd cmds[] = {
+ { "help", cmd_help, "help [COMMAND...]" },
+ { "show", cmd_show, "show [ITEM...]" },
+ { "list", cmd_list, "list [-uqv] [-f FILTER] [TAG...]", "\
+Options:\n\
+\n\
+-u, --utc Display expiry times etc. in UTC, not local time.\n\
+-q, --quiet Show less information.\n\
+-v, --verbose Show more information.\n\
+" },
+ { "fingerprint", cmd_finger, "fingerprint [-f FILTER] [TAG...]", "\
+Options:\n\
+\n\
+-f, --filter=FILT Only hash key components matching FILT.\n\
+-a, --algorithm=HASH Use the named HASH algorithm.\n\
+ ($ show hash for list.)\n\
+" },
+ { "verify", cmd_verify, "verify [-f FILTER] TAG FINGERPRINT", "\
+Options:\n\
+\n\
+-f, --filter=FILT Only hash key components matching FILT.\n\
+-a, --algorithm=HASH Use the named HASH algorithm.\n\
+ ($ show hash for list.)\n\
+" },
+ { "extract", cmd_extract, "extract [-f FILTER] FILE [TAG...]", "\
+Options:\n\
+\n\
+-f, --filter=FILT Only extract key components matching FILT.\n\
+" },
+ { "merge", cmd_merge, "merge FILE" },
+ { "expire", cmd_expire, "expire TAG..." },
+ { "delete", cmd_delete, "delete TAG..." },
+ { "setattr", cmd_setattr, "setattr TAG ATTR..." },
+ { "getattr", cmd_getattr, "getattr TAG ATTR" },
+ { "comment", cmd_comment, "comment TAG [COMMENT]" },
+ { "lock", cmd_lock, "lock QTAG" },
+ { "unlock", cmd_unlock, "unlock QTAG" },
+ { "tag", cmd_tag, "tag [-r] TAG [NEW-TAG]", "\
+Options:\n\
+\n\
+-r, --retag Untag any key currently called new-tag.\n\
+" },
+ { "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
- "add [options] type [attr...]\n\
- Options: [-lqrLS] [-a alg] [-bB bits] [-p param] [-R tag]\n\
- [-e expire] [-t tag] [-c comment]", "\
+ "add [-OPTIONS] TYPE [ATTR...]\n\
+ Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
+ [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
+ [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
\n\
-a, --algorithm=ALG Generate keys suitable for ALG.\n\
+ ($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
--C, --curve=CURVE Use elliptic curve CURVE.\n\
+-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
+ ($ show ec or $ show dh for list.)\n\
+-A, --seedalg=ALG Use pseudorandom generator ALG to generate key.\n\
+ ($ show seed for list.)\n\
+-s, --seed=BASE64 Use Base64-encoded string BASE64 as seed.\n\
+-n, --newseed=COUNT Generate new COUNT-bit seed.\n\
-e, --expire=TIME Make the key expire after TIME.\n\
-c, --comment=STRING Attach the command STRING to the key.\n\
-t, --tag=TAG Tag the key with the name TAG.\n\
-r, --retag Untag any key currently with that tag.\n\
-R, --rand-id=TAG Use key named TAG for the random number generator.\n\
+-I, --key-id=ID Force the key-id for the new key.\n\
-l, --lock Lock the generated key with a passphrase.\n\
-q, --quiet Don't give progress indicators while working.\n\
-L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
+-K, --kcdsa Generate KCDSA-style Lim-Lee primes for DH groups.\n\
-S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
" },
- { "expire", cmd_expire, "expire tag..." },
- { "delete", cmd_delete, "delete tag..." },
- { "tag", cmd_tag, "tag [-r] tag [new-tag]", "\
-Options:\n\
-\n\
--r, --retag Untag any key currently called new-tag.\n\
-" },
- { "setattr", cmd_setattr, "setattr tag attr..." },
- { "comment", cmd_comment, "comment tag [comment]" },
- { "lock", cmd_lock, "lock qtag" },
- { "unlock", cmd_unlock, "unlock qtag" },
- { "list", cmd_list, "list [-uqv] [-f filter] [tag...]", "\
-Options:\n\
-\n\
--u, --utc Display expiry times etc. in UTC, not local time.\n\
--q, --quiet Show less information.\n\
--v, --verbose Show more information.\n\
-" },
- { "fingerprint", cmd_finger, "fingerprint [-f filter] [tag...]", "\
-Options:\n\
-\n\
--f, --filter=FILT Only hash key components matching FILT.\n\
--a, --algorithm=HASH Use the named HASH algorithm.\n\
-" },
- { "tidy", cmd_tidy, "tidy" },
- { "extract", cmd_extract, "extract [-f filter] file [tag...]", "\
-Options:\n\
-\n\
--f, --filter=FILT Only extract key components matching FILT.\n\
-" },
- { "merge", cmd_merge, "merge file" },
{ 0, 0, 0 }
};
-typedef struct cmd cmd;
-
-/*----- Main code ---------------------------------------------------------*/
-
-/* --- @findcmd@ --- *
- *
- * Arguments: @const char *name@ = a command name
- *
- * Returns: Pointer to the command structure.
- *
- * Use: Looks up a command by name. If the command isn't found, an
- * error is reported and the program is terminated.
- */
-
-static cmd *findcmd(const char *name)
+static int cmd_help(int argc, char *argv[])
{
- cmd *c, *chosen = 0;
- size_t sz = strlen(name);
-
- for (c = cmds; c->name; c++) {
- if (strncmp(name, c->name, sz) == 0) {
- if (c->name[sz] == 0) {
- chosen = c;
- break;
- } else if (chosen)
- die(EXIT_FAILURE, "ambiguous command name `%s'", name);
- else
- chosen = c;
- }
- }
- if (!chosen)
- die(EXIT_FAILURE, "unknown command name `%s'", name);
- return (chosen);
+ sc_help(cmds, stdout, argv + 1);
+ return (0);
}
+/*----- Main code ---------------------------------------------------------*/
+
/* --- Helpful GNUy functions --- */
-void usage(FILE *fp)
+static void usage(FILE *fp)
{
- pquis(fp, "Usage: $ [-k keyring] command [args]\n");
+ pquis(fp, "Usage: $ [-k KEYRING] COMMAND [ARGS]\n");
}
void version(FILE *fp)
pquis(fp, "$, Catacomb version " VERSION "\n");
}
-void help(FILE *fp, char **argv)
+void help_global(FILE *fp)
{
- cmd *c;
-
- version(fp);
- fputc('\n', fp);
- if (*argv) {
- c = findcmd(*argv);
- fprintf(fp, "Usage: %s [-k keyring] %s\n", QUIS, c->usage);
- if (c->help) {
- fputc('\n', fp);
- fputs(c->help, fp);
- }
- } else {
- usage(fp);
- fputs("\n\
-Performs various simple key management operations. Command line options\n\
-recognized are:\n\
+ usage(fp);
+ fputs("\n\
+Performs various simple key management operations.\n\
+\n\
+Global command line options:\n\
\n\
--h, --help [COMMAND] Display this help text (or help for COMMAND).\n\
+-h, --help [COMMAND...] Display this help text (or help for COMMANDs).\n\
-v, --version Display version number.\n\
-u, --usage Display short usage summary.\n\
\n\
--k, --keyring=FILE Read and write keys in FILE.\n\
--i, --id=TAG Use key TAG for random number generator.\n\
--t, --type=TYPE Use key TYPE for random number generator.\n\
-\n\
-The following commands are understood:\n\n",
- fp);
- for (c = cmds; c->name; c++)
- fprintf(fp, "%s\n", c->usage);
- }
+-k, --keyring=FILE Read and write keys in FILE.\n",
+ fp);
}
/* --- @main@ --- *
/* --- GNU help options --- */
case 'h':
- help(stdout, argv + optind);
+ sc_help(cmds, stdout, argv + optind);
exit(0);
case 'v':
version(stdout);
argc -= optind;
argv += optind;
optind = 0;
- return (findcmd(argv[0])->cmd(argc, argv));
+ return (findcmd(cmds, argv[0])->cmd(argc, argv));
}
/*----- That's all, folks -------------------------------------------------*/