3 * $Id: keyutil.c,v 1.8 2000/07/29 09:59:13 mdw Exp $
5 * Simple key manager program
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.8 2000/07/29 09:59:13 mdw
34 * Support Lim-Lee primes in Diffie-Hellman parameter generation.
36 * Revision 1.7 2000/07/01 11:18:51 mdw
37 * Use new interfaces for key manipulation.
39 * Revision 1.6 2000/06/17 11:28:22 mdw
40 * Use secure memory interface from MP library. `rand_getgood' is
43 * Revision 1.5 2000/02/12 18:21:03 mdw
44 * Overhaul of key management (again).
46 * Revision 1.4 1999/12/22 15:48:10 mdw
47 * Track new key-management changes. Support new key generation
50 * Revision 1.3 1999/11/02 15:23:24 mdw
51 * Fix newlines in keyring list.
53 * Revision 1.2 1999/10/15 21:05:28 mdw
54 * In `key list', show timezone for local times, and support `-u' option
57 * Revision 1.1 1999/09/03 08:41:12 mdw
62 /*----- Header files ------------------------------------------------------*/
72 #include <mLib/base64.h>
73 #include <mLib/mdwopt.h>
74 #include <mLib/quis.h>
75 #include <mLib/report.h>
94 /*----- Handy global state ------------------------------------------------*/
96 static const char *keyfile = "keyring";
98 /*----- Useful shared functions -------------------------------------------*/
100 /* --- @doopen@ --- *
102 * Arguments: @key_file *f@ = pointer to key file block
103 * @unsigned how@ = method to open file with
107 * Use: Opens a key file and handles errors by panicking
111 static void doopen(key_file *f, unsigned how)
113 if (key_open(f, keyfile, how, key_moan, 0))
114 die(1, "couldn't open keyring `%s': %s", keyfile, strerror(errno));
117 /* --- @doclose@ --- *
119 * Arguments: @key_file *f@ = pointer to key file block
123 * Use: Closes a key file and handles errors by panicking
127 static void doclose(key_file *f)
129 switch (key_close(f)) {
131 die(EXIT_FAILURE, "couldn't write file `%s': %s",
132 keyfile, strerror(errno));
134 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
135 keyfile, strerror(errno));
139 /* --- @setattr@ --- *
141 * Arguments: @key_file *f@ = pointer to key file block
142 * @key *k@ = pointer to key block
143 * @char *v[]@ = array of assignments (overwritten!)
147 * Use: Applies the attribute assignments to the key.
150 static void setattr(key_file *f, key *k, char *v[])
155 size_t eq = strcspn(p, "=");
157 moan("invalid assignment: `%s'", p);
160 if ((err = key_putattr(f, k, *v, *p ? p : 0)) != 0)
161 die(EXIT_FAILURE, "couldn't set attributes: %s", key_strerror(err));
166 /*----- Key generation ----------------------------------------------------*/
168 /* --- Key generation parameters --- */
170 typedef struct keyopts {
171 key_file *kf; /* Pointer to key file */
172 key *k; /* Pointer to the actual key */
173 dstr tag; /* Full tag name for the key */
174 unsigned f; /* Flags for the new key */
175 unsigned bits, qbits; /* Bit length for the new key */
176 key *p; /* Parameters key-data */
180 f_bogus = 1, /* Error in parsing */
181 f_lock = 2, /* Passphrase-lock private key */
182 f_quiet = 4, /* Don't show a progress indicator */
183 f_limlee = 8, /* Generate Lim-Lee primes */
184 f_subgroup = 16 /* Generate a subgroup */
187 /* --- @dolock@ --- *
189 * Arguments: @keyopts *k@ = key generation options
190 * @key_data *kd@ = pointer to key data to lock
191 * @const char *t@ = tag suffix or null
195 * Use: Does passphrase locking on new keys.
198 static void dolock(keyopts *k, key_data *kd, const char *t)
200 if (!(k->f & f_lock))
203 dstr_putf(&k->tag, ".%s", t);
204 if (key_plock(k->tag.buf, kd, kd))
205 die(EXIT_FAILURE, "couldn't lock key");
210 * Arguments: @key_data *kd@ = pointer to parent key block
211 * @const char *tag@ = pointer to tag string
212 * @mp *m@ = integer to store
213 * @unsigned f@ = flags to set
217 * Use: Sets a multiprecision integer subkey.
220 static void mpkey(key_data *kd, const char *tag, mp *m, unsigned f)
222 key_data *kkd = key_structcreate(kd, tag);
227 /* --- @copyparam@ --- *
229 * Arguments: @keyopts *k@ = pointer to key options
230 * @const char **pp@ = checklist of parameters
232 * Returns: Nonzero if parameters copied; zero if you have to generate
235 * Use: Copies parameters from a source key to the current one.
238 static int copyparam(keyopts *k, const char **pp)
242 /* --- Quick check if no parameters supplied --- */
247 /* --- Run through the checklist --- */
250 key_data *kd = key_structfind(&k->p->k, *pp);
252 die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
253 if ((kd->e & KF_CATMASK) != KCAT_SHARE)
254 die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
258 /* --- Copy over the parameters --- */
262 if (!key_copy(&k->k->k, &k->p->k, &kf))
263 die(EXIT_FAILURE, "unexpected failure while copying parameters");
269 * Arguments: @key_data *k@ = pointer to key data block
270 * @const char *tag@ = tag string to use
272 * Returns: Pointer to multiprecision integer key item.
274 * Use: Fetches an MP key component.
277 static mp *getmp(key_data *k, const char *tag)
279 k = key_structfind(k, tag);
281 die(EXIT_FAILURE, "unexpected failure looking up subkey `%s'", tag);
282 if ((k->e & KF_ENCMASK) != KENC_MP)
283 die(EXIT_FAILURE, "subkey `%s' has an incompatible type");
287 /* --- @keyrand@ --- *
289 * Arguments: @key_file *kf@ = pointer to key file
290 * @const char *id@ = pointer to key id (or null)
294 * Use: Keys the random number generator.
297 static void keyrand(key_file *kf, const char *id)
301 /* --- Find the key --- */
304 if ((k = key_bytag(kf, id)) == 0)
305 die(EXIT_FAILURE, "key `%s' not found", id);
307 k = key_bytype(kf, "catacomb-rand");
310 key_data *kd = &k->k, kkd;
313 switch (kd->e & KF_ENCMASK) {
319 if (key_punlock(d.buf, kd, &kkd))
320 die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
327 die(EXIT_FAILURE, "bad encoding type for key `%s'", d.buf);
331 /* --- Key the generator --- */
333 rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
339 /* --- Key generation algorithms --- */
341 static void alg_binary(keyopts *k)
350 die(EXIT_FAILURE, "no shared parameters for binary keys");
352 sz = (k->bits + 7) >> 3;
354 m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
355 rand_get(RAND_GLOBAL, p, sz);
357 key_binary(&k->k->k, p, sz);
358 k->k->k.e |= KCAT_SYMM | KF_BURN;
361 dolock(k, &k->k->k, 0);
364 static void alg_des(keyopts *k)
373 die(EXIT_FAILURE, "no shared parameters for DES keys");
374 if (k->bits % 56 || k->bits > 168)
375 die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
379 rand_get(RAND_GLOBAL, p, sz); /* Too much work done here! */
380 for (i = 0; i < sz; i++) {
381 octet x = p[i] | 0x01;
385 p[i] = (p[i] & 0xfe) | (x & 0x01);
387 key_binary(&k->k->k, p, sz);
388 k->k->k.e |= KCAT_SYMM | KF_BURN;
391 dolock(k, &k->k->k, 0);
394 static void alg_rsa(keyopts *k)
399 /* --- Sanity checking --- */
402 die(EXIT_FAILURE, "no shared parameters for RSA keys");
406 /* --- Generate the RSA parameters --- */
408 if (rsa_gen(&rp, k->bits, &rand_global, 0,
409 (k->f & f_quiet) ? 0 : pgen_ev, 0))
410 die(EXIT_FAILURE, "RSA key generation failed");
412 /* --- Run a test encryption --- */
415 grand *g = fibrand_create(rand_global.ops->word(&rand_global));
417 mp *m = mprand_range(MP_NEW, rp.n, g, 0);
422 c = rsa_qpubop(&rpp, MP_NEW, m);
423 c = rsa_qprivop(&rp, c, c, g);
425 if (MP_CMP(c, !=, m))
426 die(EXIT_FAILURE, "test encryption failed");
432 /* --- Allrighty then --- */
436 mpkey(kd, "n", rp.n, KCAT_PUB);
437 mpkey(kd, "e", rp.e, KCAT_PUB);
439 kd = key_structcreate(kd, "private");
441 mpkey(kd, "d", rp.d, KCAT_PRIV | KF_BURN);
442 mpkey(kd, "p", rp.p, KCAT_PRIV | KF_BURN);
443 mpkey(kd, "q", rp.q, KCAT_PRIV | KF_BURN);
444 mpkey(kd, "q-inv", rp.q_inv, KCAT_PRIV | KF_BURN);
445 mpkey(kd, "d-mod-p", rp.dp, KCAT_PRIV | KF_BURN);
446 mpkey(kd, "d-mod-q", rp.dq, KCAT_PRIV | KF_BURN);
447 dolock(k, kd, "private");
452 static void alg_dsaparam(keyopts *k)
454 static const char *pl[] = { "q", "p", "g", 0 };
455 if (!copyparam(k, pl)) {
461 key_data *kd = &k->k->k;
463 /* --- Choose appropriate bit lengths if necessary --- */
470 /* --- Allocate a seed block --- */
472 sz = (k->qbits + 7) >> 3;
474 rand_get(RAND_GLOBAL, p, sz);
476 /* --- Allocate the parameters --- */
478 if (dsa_gen(&dp, k->qbits, k->bits, 0, p, sz,
479 (k->f & f_quiet) ? 0 : pgen_ev, 0))
480 die(EXIT_FAILURE, "DSA parameter generation failed");
482 /* --- Store the parameters --- */
485 mpkey(kd, "q", dp.q, KCAT_SHARE);
486 mpkey(kd, "p", dp.p, KCAT_SHARE);
487 mpkey(kd, "g", dp.g, KCAT_SHARE);
492 /* --- Store the seed for future verification --- */
497 base64_encode(&c, p, sz, &d);
498 base64_encode(&c, 0, 0, &d);
499 key_putattr(k->kf, k->k, "seed", d.buf);
505 static void alg_dsa(keyopts *k)
510 key_data *kd = &k->k->k;
512 /* --- Get the shared parameters --- */
519 /* --- Choose a private key --- */
521 x = mprand_range(MP_NEWSEC, q, &rand_global, 0);
522 mpmont_create(&mm, p);
523 y = mpmont_exp(&mm, MP_NEW, g, x);
525 /* --- Store everything away --- */
527 mpkey(kd, "y", y, KCAT_PUB);
529 kd = key_structcreate(kd, "private");
531 mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
532 dolock(k, kd, "private");
534 mp_drop(x); mp_drop(y);
537 static void alg_dhparam(keyopts *k)
539 static const char *pl[] = { "p", "q", "g", 0 };
540 if (!copyparam(k, pl)) {
542 key_data *kd = &k->k->k;
548 /* --- Choose a large safe prime number --- */
550 if (k->f & f_limlee) {
555 rc = dh_limlee(&dp, k->qbits, k->bits,
556 (k->f & f_subgroup) ? DH_SUBGROUP : 0,
557 0, &rand_global, (k->f & f_quiet) ? 0 : pgen_ev, 0,
558 (k->f & f_quiet) ? 0 : pgen_evspin, 0, &nf, &f);
562 for (i = 0; i < nf; i++) {
565 mp_writedstr(f[i], &d, 10);
568 key_putattr(k->kf, k->k, "factors", d.buf);
572 rc = dh_gen(&dp, k->qbits, k->bits, 0, &rand_global,
573 (k->f & f_quiet) ? 0 : pgen_ev, 0);
576 die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
579 mpkey(kd, "p", dp.p, KCAT_SHARE);
580 mpkey(kd, "q", dp.q, KCAT_SHARE);
581 mpkey(kd, "g", dp.g, KCAT_SHARE);
588 static void alg_dh(keyopts *k)
593 key_data *kd = &k->k->k;
595 /* --- Get the shared parameters --- */
602 /* --- Choose a suitable private key --- *
604 * Since %$g$% has order %$q$%, choose %$x < q$%.
607 x = mprand_range(MP_NEWSEC, q, &rand_global, 0);
609 /* --- Compute the public key %$y = g^x \bmod p$% --- */
611 mpmont_create(&mm, p);
612 y = mpmont_exp(&mm, MP_NEW, g, x);
615 /* --- Store everything away --- */
617 mpkey(kd, "y", y, KCAT_PUB);
619 kd = key_structcreate(kd, "private");
621 mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
622 dolock(k, kd, "private");
624 mp_drop(x); mp_drop(y);
627 static void alg_bbs(keyopts *k)
632 /* --- Sanity checking --- */
635 die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
639 /* --- Generate the BBS parameters --- */
641 if (bbs_gen(&bp, k->bits, &rand_global, 0,
642 (k->f & f_quiet) ? 0 : pgen_ev, 0))
643 die(EXIT_FAILURE, "Blum-Blum-Shub key generation failed");
645 /* --- Allrighty then --- */
649 mpkey(kd, "n", bp.n, KCAT_PUB);
651 kd = key_structcreate(kd, "private");
653 mpkey(kd, "p", bp.p, KCAT_PRIV | KF_BURN);
654 mpkey(kd, "q", bp.q, KCAT_PRIV | KF_BURN);
655 dolock(k, kd, "private");
660 /* --- The algorithm tables --- */
662 typedef struct keyalg {
664 void (*proc)(keyopts *o);
668 static keyalg algtab[] = {
669 { "binary", alg_binary, "Plain binary data" },
670 { "des", alg_des, "Binary with DES-style parity" },
671 { "rsa", alg_rsa, "RSA public-key encryption" },
672 { "dsa", alg_dsa, "DSA digital signatures" },
673 { "dsa-param", alg_dsaparam, "DSA shared parameters" },
674 { "dh", alg_dh, "Diffie-Hellman key exchange" },
675 { "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
676 { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
680 /* --- @cmd_add@ --- */
682 static int cmd_add(int argc, char *argv[])
685 time_t exp = KEXP_EXPIRE;
686 const char *tag = 0, *ptag = 0;
688 keyalg *alg = algtab;
689 const char *rtag = 0;
690 keyopts k = { 0, 0, DSTR_INIT, 0, 0, 0, 0 };
692 /* --- Parse options for the subcommand --- */
695 static struct option opt[] = {
696 { "algorithm", OPTF_ARGREQ, 0, 'a' },
697 { "bits", OPTF_ARGREQ, 0, 'b' },
698 { "qbits", OPTF_ARGREQ, 0, 'B' },
699 { "parameters", OPTF_ARGREQ, 0, 'p' },
700 { "expire", OPTF_ARGREQ, 0, 'e' },
701 { "comment", OPTF_ARGREQ, 0, 'c' },
702 { "tag", OPTF_ARGREQ, 0, 't' },
703 { "rand-id", OPTF_ARGREQ, 0, 'r' },
704 { "lock", 0, 0, 'l' },
705 { "quiet", 0, 0, 'q' },
706 { "lim-lee", 0, 0, 'L' },
707 { "subgroup", 0, 0, 'S' },
710 int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:r:lqLS", opt, 0, 0, 0);
714 /* --- Handle the various options --- */
718 /* --- Read an algorithm name --- */
722 size_t sz = strlen(optarg);
724 if (strcmp(optarg, "list") == 0) {
725 for (a = algtab; a->name; a++)
726 printf("%-10s %s\n", a->name, a->help);
731 for (a = algtab; a->name; a++) {
732 if (strncmp(optarg, a->name, sz) == 0) {
733 if (a->name[sz] == 0) {
737 die(EXIT_FAILURE, "ambiguous algorithm name `%s'", optarg);
743 die(EXIT_FAILURE, "unknown algorithm name `%s'", optarg);
746 /* --- Bits must be nonzero and a multiple of 8 --- */
750 k.bits = strtoul(optarg, &p, 0);
751 if (k.bits == 0 || *p != 0)
752 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
757 k.qbits = strtoul(optarg, &p, 0);
758 if (k.qbits == 0 || *p != 0)
759 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
762 /* --- Parameter selection --- */
768 /* --- Expiry dates get passed to @get_date@ for parsing --- */
771 if (strncmp(optarg, "forever", strlen(optarg)) == 0)
774 exp = get_date(optarg, 0);
776 die(EXIT_FAILURE, "bad expiry date `%s'", optarg);
780 /* --- Store comments without interpretation --- */
783 if (key_chkcomment(optarg))
784 die(EXIT_FAILURE, "bad comment string `%s'", optarg);
788 /* --- Store tags --- */
791 if (key_chkident(optarg))
792 die(EXIT_FAILURE, "bad tag string `%s'", optarg);
796 /* --- Other flags --- */
814 /* --- Other things are bogus --- */
822 /* --- Various sorts of bogosity --- */
824 if ((k.f & f_bogus) || optind + 1 > argc) {
826 "Usage: add [options] type [attr...]");
828 if (key_chkident(argv[optind]))
829 die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
831 /* --- Set up various bits of the state --- */
833 if (exp == KEXP_EXPIRE)
834 exp = time(0) + 14 * 24 * 60 * 60;
836 /* --- Open the file and create the basic key block --- *
838 * Keep on generating keyids until one of them doesn't collide.
841 doopen(&f, KOPEN_WRITE);
844 /* --- Key the generator --- */
849 uint32 id = rand_global.ops->word(&rand_global);
851 k.k = key_new(&f, id, argv[optind], exp, &err);
854 if (err != KERR_DUPID)
855 die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
858 /* --- Set various simple attributes --- */
861 int err = key_settag(&f, k.k, tag);
863 die(EXIT_FAILURE, "error setting key tag: %s", key_strerror(err));
867 int err = key_setcomment(&f, k.k, c);
869 die(EXIT_FAILURE, "error setting key comment: %s", key_strerror(err));
872 setattr(&f, k.k, argv + optind + 1);
874 key_fulltag(k.k, &k.tag);
876 /* --- Find the parameter key --- */
879 if ((k.p = key_bytag(&f, ptag)) == 0)
880 die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
881 if ((k.p->k.e & KF_ENCMASK) != KENC_STRUCT)
882 die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
885 /* --- Now generate the actual key data --- */
895 /*----- Key listing -------------------------------------------------------*/
897 /* --- Listing options --- */
899 typedef struct listopts {
900 const char *tfmt; /* Date format (@strftime@-style) */
901 int v; /* Verbosity level */
902 unsigned f; /* Various flags */
903 time_t t; /* Time now (for key expiry) */
904 key_filter kf; /* Filter for matching keys */
907 /* --- Listing flags --- */
910 f_newline = 2, /* Write newline before next entry */
911 f_attr = 4, /* Written at least one attribute */
912 f_utc = 8 /* Emit UTC time, not local time */
915 /* --- @showkeydata@ --- *
917 * Arguments: @key_data *k@ = pointer to key to write
918 * @int ind@ = indentation level
919 * @listopts *o@ = listing options
920 * @dstr *d@ = tag string for this subkey
924 * Use: Emits a piece of key data in a human-readable format.
927 static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
929 #define INDENT(i) do { \
931 for (_i = 0; _i < (i); _i++) { \
936 switch (k->e & KF_ENCMASK) {
938 /* --- Binary key data --- *
940 * Emit as a simple hex dump.
944 const octet *p = k->u.k.k;
945 const octet *l = p + k->u.k.sz;
953 } else if (sz % 8 == 0)
957 printf("%02x", *p++);
962 fputs("}\n", stdout);
965 /* --- Encrypted data --- *
967 * If the user is sufficiently keen, ask for a passphrase and decrypt the
968 * key. Otherwise just say that it's encrypted and move on.
973 fputs(" encrypted\n", stdout);
976 if (key_punlock(d->buf, k, &kd))
977 printf(" <failed to unlock %s>\n", d->buf);
979 fputs(" encrypted", stdout);
980 showkeydata(&kd, ind, o, d);
986 /* --- Integer keys --- *
988 * Emit as a large integer in decimal. This makes using the key in
989 * `calc' or whatever easier.
994 mp_writefile(k->u.m, stdout, 10);
998 /* --- Structured keys --- *
1000 * Just iterate over the subkeys.
1008 fputs(" {\n", stdout);
1009 for (sym_mkiter(&i, &k->u.s); (ks = sym_next(&i)) != 0; ) {
1010 if (!key_match(&ks->k, &o->kf))
1013 printf("%s =", SYM_NAME(ks));
1015 dstr_putf(d, ".%s", SYM_NAME(ks));
1016 showkeydata(&ks->k, ind + 2, o, d);
1019 fputs("}\n", stdout);
1026 /* --- @showkey@ --- *
1028 * Arguments: @key *k@ = pointer to key to show
1029 * @listopts *o@ = pointer to listing options
1033 * Use: Emits a listing of a particular key.
1036 static void showkey(key *k, listopts *o)
1038 char ebuf[24], dbuf[24];
1041 /* --- Skip the key if the filter doesn't match --- */
1043 if (!key_match(&k->k, &o->kf))
1046 /* --- Sort out the expiry and deletion times --- */
1048 if (KEY_EXPIRED(o->t, k->exp))
1049 strcpy(ebuf, "expired");
1050 else if (k->exp == KEXP_FOREVER)
1051 strcpy(ebuf, "forever");
1053 tm = (o->f & f_utc) ? gmtime(&k->exp) : localtime(&k->exp);
1054 strftime(ebuf, sizeof(ebuf), o->tfmt, tm);
1057 if (KEY_EXPIRED(o->t, k->del))
1058 strcpy(dbuf, "deleted");
1059 else if (k->del == KEXP_FOREVER)
1060 strcpy(dbuf, "forever");
1062 tm = (o->f & f_utc) ? gmtime(&k->del) : localtime(&k->del);
1063 strftime(dbuf, sizeof(dbuf), o->tfmt, tm);
1066 /* --- If in compact format, just display and quit --- */
1069 if (!(o->f & f_newline)) {
1070 printf("%8s %-20s %-20s %-10s %-10s\n",
1071 "Id", "Tag", "Type", "Expire", "Delete");
1073 printf("%08lx %-20s %-20s %-10s %-10s\n",
1074 (unsigned long)k->id, k->tag ? k->tag : "<none>",
1075 k->type, ebuf, dbuf);
1080 /* --- Display the standard header --- */
1082 if (o->f & f_newline)
1083 fputc('\n', stdout);
1084 printf("keyid: %08lx\n", (unsigned long)k->id);
1085 printf("tag: %s\n", k->tag ? k->tag : "<none>");
1086 printf("type: %s\n", k->type);
1087 printf("expiry: %s\n", ebuf);
1088 printf("delete: %s\n", dbuf);
1089 printf("comment: %s\n", k->c ? k->c : "<none>");
1091 /* --- Display the attributes --- */
1095 const char *av, *an;
1098 printf("attributes:");
1099 for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) {
1100 printf("\n\t%s = %s", an, av);
1104 fputc('\n', stdout);
1109 /* --- If dumping requested, dump the raw key data --- */
1113 fputs("key:", stdout);
1115 showkeydata(&k->k, 0, o, &d);
1122 /* --- @cmd_list@ --- */
1124 static int cmd_list(int argc, char *argv[])
1128 listopts o = { 0, 0, 0, 0, { 0, 0 } };
1130 /* --- Parse subcommand options --- */
1133 static struct option opt[] = {
1134 { "quiet", 0, 0, 'q' },
1135 { "verbose", 0, 0, 'v' },
1136 { "utc", 0, 0, 'u' },
1137 { "filter", OPTF_ARGREQ, 0, 'f' },
1140 int i = mdwopt(argc, argv, "+uqvf:", opt, 0, 0, 0);
1157 int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
1159 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1168 die(EXIT_FAILURE, "Usage: list [-uqv] [-f filter] [tag...]");
1170 /* --- Open the key file --- */
1172 doopen(&f, KOPEN_READ);
1175 /* --- Set up the time format --- */
1178 o.tfmt = "%Y-%m-%d";
1179 else if (o.f & f_utc)
1180 o.tfmt = "%Y-%m-%d %H:%M:%S UTC";
1182 o.tfmt = "%Y-%m-%d %H:%M:%S %Z";
1184 /* --- If specific keys were requested use them, otherwise do all --- *
1186 * Some day, this might turn into a wildcard match.
1189 if (optind < argc) {
1191 if ((k = key_bytag(&f, argv[optind])) != 0)
1194 moan("key `%s' not found", argv[optind]);
1198 } while (optind < argc);
1201 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1209 return (EXIT_FAILURE);
1214 /*----- Command implementation --------------------------------------------*/
1216 /* --- @cmd_expire@ --- */
1218 static int cmd_expire(int argc, char *argv[])
1226 die(EXIT_FAILURE, "Usage: expire tag...");
1227 doopen(&f, KOPEN_WRITE);
1228 for (i = 1; i < argc; i++) {
1229 if ((k = key_bytag(&f, argv[i])) != 0)
1232 moan("key `%s' not found", argv[i]);
1240 /* --- @cmd_delete@ --- */
1242 static int cmd_delete(int argc, char *argv[])
1250 die(EXIT_FAILURE, "Usage: delete tag...");
1251 doopen(&f, KOPEN_WRITE);
1252 for (i = 1; i < argc; i++) {
1253 if ((k = key_bytag(&f, argv[i])) != 0)
1256 moan("key `%s' not found", argv[i]);
1264 /* --- @cmd_setattr@ --- */
1266 static int cmd_setattr(int argc, char *argv[])
1272 die(EXIT_FAILURE, "Usage: setattr tag attr...");
1273 doopen(&f, KOPEN_WRITE);
1274 if ((k = key_bytag(&f, argv[1])) == 0)
1275 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1276 setattr(&f, k, argv + 2);
1281 /* --- @cmd_finger@ --- */
1283 static void fingerprint(key *k, const key_filter *kf)
1286 octet hash[RMD160_HASHSZ];
1290 if (!key_encode(&k->k, &d, kf))
1293 rmd160_hash(&r, d.buf, d.len);
1294 rmd160_done(&r, hash);
1298 for (i = 0; i < sizeof(hash); i++) {
1299 if (i && i % 4 == 0)
1301 printf("%02x", hash[i]);
1303 printf(" %s\n", d.buf);
1307 static int cmd_finger(int argc, char *argv[])
1311 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1314 static struct option opt[] = {
1315 { "filter", OPTF_ARGREQ, 0, 'f' },
1318 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1324 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1326 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1334 argv += optind; argc -= optind;
1336 die(EXIT_FAILURE, "Usage: fingerprint [-f filter] [tag...]");
1338 doopen(&f, KOPEN_READ);
1342 for (i = 0; i < argc; i++) {
1343 key *k = key_bytag(&f, argv[i]);
1345 fingerprint(k, &kf);
1348 moan("key `%s' not found", argv[i]);
1354 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1355 fingerprint(k, &kf);
1360 /* --- @cmd_comment@ --- */
1362 static int cmd_comment(int argc, char *argv[])
1368 if (argc < 2 || argc > 3)
1369 die(EXIT_FAILURE, "Usage: comment tag [comment]");
1370 doopen(&f, KOPEN_WRITE);
1371 if ((k = key_bytag(&f, argv[1])) == 0)
1372 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1373 if ((err = key_setcomment(&f, k, argv[2])) != 0)
1374 die(EXIT_FAILURE, "bad comment `%s': %s", argv[2], key_strerror(err));
1379 /* --- @cmd_tag@ --- */
1381 static int cmd_tag(int argc, char *argv[])
1387 if (argc < 2 || argc > 3)
1388 die(EXIT_FAILURE, "Usage: tag tag [new-tag]");
1389 doopen(&f, KOPEN_WRITE);
1390 if ((k = key_bytag(&f, argv[1])) == 0)
1391 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1392 if ((err = key_settag(&f, k, argv[2])) != 0)
1393 die(EXIT_FAILURE, "bad tag `%s': %s", argv[2], key_strerror(err));
1398 /* --- @cmd_lock@ --- */
1400 static int cmd_lock(int argc, char *argv[])
1408 die(EXIT_FAILURE, "Usage: lock qtag");
1409 doopen(&f, KOPEN_WRITE);
1410 if (key_qtag(&f, argv[1], &d, &k, &kd))
1411 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1412 if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
1413 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1414 if (key_plock(d.buf, kd, kd))
1415 die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
1421 /* --- @cmd_unlock@ --- */
1423 static int cmd_unlock(int argc, char *argv[])
1431 die(EXIT_FAILURE, "Usage: unlock qtag");
1432 doopen(&f, KOPEN_WRITE);
1433 if (key_qtag(&f, argv[1], &d, &k, &kd))
1434 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1435 if (kd->e != KENC_ENCRYPT)
1436 die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
1437 if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
1438 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1444 /* --- @cmd_extract@ --- */
1446 static int cmd_extract(int argc, char *argv[])
1452 key_filter kf = { 0, 0 };
1456 static struct option opt[] = {
1457 { "filter", OPTF_ARGREQ, 0, 'f' },
1460 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1466 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1468 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1476 argv += optind; argc -= optind;
1478 die(EXIT_FAILURE, "Usage: extract [-f filter] file [tag...]");
1479 if (strcmp(*argv, "-") == 0)
1481 else if (!(fp = fopen(*argv, "w"))) {
1482 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
1483 *argv, strerror(errno));
1486 doopen(&f, KOPEN_READ);
1490 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1491 key_extract(&f, k, fp, &kf);
1493 for (i = 1; i < argc; i++) {
1494 if ((k = key_bytag(&f, argv[i])) != 0)
1495 key_extract(&f, k, fp, &kf);
1497 moan("key `%s' not found", argv[i]);
1503 die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
1508 /* --- @cmd_tidy@ --- */
1510 static int cmd_tidy(int argc, char *argv[])
1514 die(EXIT_FAILURE, "usage: tidy");
1515 doopen(&f, KOPEN_WRITE);
1516 f.f |= KF_MODIFIED; /* Nasty hack */
1521 /* --- @cmd_merge@ --- */
1523 static int cmd_merge(int argc, char *argv[])
1529 die(EXIT_FAILURE, "Usage: merge file");
1530 if (strcmp(argv[1], "-") == 0)
1532 else if (!(fp = fopen(argv[1], "r"))) {
1533 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
1534 argv[1], strerror(errno));
1537 doopen(&f, KOPEN_WRITE);
1538 key_merge(&f, argv[1], fp, key_moan, 0);
1543 /*----- Main command table ------------------------------------------------*/
1547 int (*cmd)(int /*argc*/, char */*argv*/[]);
1551 "add [options] type [attr...]\n\
1552 Options: [-lqLS] [-a alg] [-b|-B bits] [-p param] [-r tag]\n\
1553 [-e expire] [-t tag] [-c comment]"
1555 { "expire", cmd_expire, "expire tag..." },
1556 { "delete", cmd_delete, "delete tag..." },
1557 { "tag", cmd_tag, "tag tag [new-tag]" },
1558 { "setattr", cmd_setattr, "setattr tag attr..." },
1559 { "comment", cmd_comment, "comment tag [comment]" },
1560 { "lock", cmd_lock, "lock qtag" },
1561 { "unlock", cmd_unlock, "unlock qtag" },
1562 { "list", cmd_list, "list [-uqv] [-f filter] [tag...]" },
1563 { "fingerprint", cmd_finger, "fingerprint [-f filter] [tag...]" },
1564 { "tidy", cmd_tidy, "tidy" },
1565 { "extract", cmd_extract, "extract [-f filter] file [tag...]" },
1566 { "merge", cmd_merge, "merge file" },
1570 typedef struct cmd cmd;
1572 /*----- Main code ---------------------------------------------------------*/
1574 /* --- Helpful GNUy functions --- */
1576 void usage(FILE *fp)
1578 pquis(fp, "Usage: $ [-k file] [-i tag] [-t type] command [args]\n");
1581 void version(FILE *fp)
1583 pquis(fp, "$, Catacomb version " VERSION "\n");
1593 Performs various simple key management operations. Command line options\n\
1596 -h, --help Display this help text.\n\
1597 -v, --version Display version number.\n\
1598 -u, --usage Display short usage summary.\n\
1600 -k, --keyring=FILE Read and write keys in FILE.\n\
1601 -i, --id=TAG Use key TAG for random number generator.\n\
1602 -t, --type=TYPE Use key TYPE for random number generator.\n\
1604 The following commands are understood:\n\n",
1606 for (c = cmds; c->name; c++)
1607 fprintf(fp, "%s\n", c->help);
1612 * Arguments: @int argc@ = number of command line arguments
1613 * @char *argv[]@ = array of command line arguments
1615 * Returns: Nonzero on failure.
1617 * Use: Main program. Performs simple key management functions.
1620 int main(int argc, char *argv[])
1628 /* --- Initialization --- */
1633 /* --- Parse command line options --- */
1636 static struct option opt[] = {
1638 /* --- Standard GNUy help options --- */
1640 { "help", 0, 0, 'h' },
1641 { "version", 0, 0, 'v' },
1642 { "usage", 0, 0, 'u' },
1644 /* --- Real live useful options --- */
1646 { "keyring", OPTF_ARGREQ, 0, 'k' },
1647 { "id", OPTF_ARGREQ, 0, 'i' },
1648 { "type", OPTF_ARGREQ, 0, 't' },
1650 /* --- Magic terminator --- */
1654 int i = mdwopt(argc, argv, "+hvu k:i:t:", opt, 0, 0, 0);
1660 /* --- GNU help options --- */
1671 /* --- Real useful options --- */
1677 /* --- Bogosity --- */
1685 /* --- Complain about excessive bogons --- */
1687 if (f & f_bogus || optind == argc) {
1692 /* --- Initialize the Catacomb random number generator --- */
1694 rand_noisesrc(RAND_GLOBAL, &noise_source);
1695 rand_seed(RAND_GLOBAL, 160);
1697 /* --- Dispatch to appropriate command handler --- */
1704 cmd *c, *chosen = 0;
1705 size_t sz = strlen(argv[0]);
1707 for (c = cmds; c->name; c++) {
1708 if (strncmp(argv[0], c->name, sz) == 0) {
1709 if (c->name[sz] == 0) {
1713 die(EXIT_FAILURE, "ambiguous command name `%s'", argv[0]);
1719 die(EXIT_FAILURE, "unknown command name `%s'", argv[0]);
1720 return (chosen->cmd(argc, argv));
1724 /*----- That's all, folks -------------------------------------------------*/