key-generation algorithms have a subsidiary key size.
.TP
.BI "\-p, \-\-parameters " tag
-Selects a key containing parameter values to copy. Not all
-key-generation algorithms allow the use of shared parameters. A new key
-also inherits attributes from its parameter key.
+Selects a key containing parameter values to copy.
+A new key also inherits attributes from its parameter key.
.TP
.BI "\-A, \-\-seedalg " seed-alg
Use the deterministic random number generator algorithm
.I x
\(mu
.IR G .
+.TP
+.B empty
+Generate an empty key, with trivial contents.
+This is useful as a `parameters' key,
+carrying attributes to be applied to other keys
+if they don't require more detailed parameters.
.SS "expire"
Forces keys to immediately expire. An expired key is not chosen when a
program requests a key by its type. The keys to expire are listed by
/* --- @copyparam@ --- *
*
* Arguments: @keyopts *k@ = pointer to key options
- * @const char **pp@ = checklist of parameters
+ * @const char **pp@ = checklist of parameters, or null
*
* Returns: Nonzero if parameters copied; zero if you have to generate
* them.
if (!k->p)
return (0);
- /* --- Run through the checklist --- */
+ /* --- Copy the key data if there's anything we want --- */
- key_fulltag(k->p, &t);
- if ((k->p->k->e & KF_ENCMASK) != KENC_STRUCT)
- die(EXIT_FAILURE, "parameter key `%s' is not structured", t.buf);
- while (*pp) {
- key_data *kd = key_structfind(k->p->k, *pp);
- if (!kd) {
- die(EXIT_FAILURE,
- "bad parameter key `%s': parameter `%s' not found", t.buf, *pp);
- }
- if (!KEY_MATCH(kd, &kf)) {
- die(EXIT_FAILURE,
- "bad parameter key `%s': subkey `%s' is not shared", t.buf, *pp);
+ if (pp) {
+
+ /* --- Run through the checklist --- */
+
+ key_fulltag(k->p, &t);
+ if ((k->p->k->e & KF_ENCMASK) != KENC_STRUCT)
+ die(EXIT_FAILURE, "parameter key `%s' is not structured", t.buf);
+ while (*pp) {
+ key_data *kd = key_structfind(k->p->k, *pp);
+ if (!kd) {
+ die(EXIT_FAILURE,
+ "bad parameter key `%s': parameter `%s' not found", t.buf, *pp);
+ }
+ if (!KEY_MATCH(kd, &kf)) {
+ die(EXIT_FAILURE,
+ "bad parameter key `%s': subkey `%s' is not shared", t.buf, *pp);
+ }
+ pp++;
}
- pp++;
- }
- /* --- Copy over the parameters --- */
+ /* --- Copy over the parameters --- */
- kd = key_copydata(k->p->k, &kf);
- assert(kd);
- key_setkeydata(k->kf, k->k, kd);
- key_drop(kd);
+ kd = key_copydata(k->p->k, &kf);
+ assert(kd);
+ key_setkeydata(k->kf, k->k, kd);
+ key_drop(kd);
+ }
/* --- Copy over attributes --- */
/* --- Key generation algorithms --- */
+static void alg_empty(keyopts *k)
+{
+ copyparam(k, 0);
+ key_setkeydata(k->kf, k->k,
+ key_newstring(KCAT_SHARE, k->curve ? k->curve : "."));
+}
+
static void alg_binary(keyopts *k)
{
unsigned sz;
if (!k->bits)
k->bits = 128;
- if (k->p)
- die(EXIT_FAILURE, "no shared parameters for binary keys");
+ copyparam(k, 0);
sz = (k->bits + 7) >> 3;
p = sub_alloc(sz);
if (!k->bits)
k->bits = 168;
- if (k->p)
- die(EXIT_FAILURE, "no shared parameters for DES keys");
+ copyparam(k, 0);
if (k->bits % 56 || k->bits > 168)
die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
/* --- Sanity checking --- */
- if (k->p)
- die(EXIT_FAILURE, "no shared parameters for RSA keys");
+ copyparam(k, 0);
if (!k->bits)
k->bits = 1024;
/* --- Sanity checking --- */
- if (k->p)
- die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
+ copyparam(k, 0);
if (!k->bits)
k->bits = 1024;
{ "bindh-param", alg_binparam, "Binary-field DH parameters" },
{ "ec-param", alg_ecparam, "Elliptic curve parameters" },
{ "ec", alg_ec, "Elliptic curve crypto" },
+ { "empty", alg_empty, "Empty parametrs-only key" },
{ 0, 0 }
};
~mdw / catacomb / commitdiff