5 * Simple key manager program
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Header files ------------------------------------------------------*/
32 #define _FILE_OFFSET_BITS 64
43 #include <mLib/base64.h>
44 #include <mLib/mdwopt.h>
45 #include <mLib/quis.h>
46 #include <mLib/report.h>
74 #include "sha256-mgf.h"
75 #include "sha224-mgf.h"
76 #include "sha384-mgf.h"
77 #include "sha512-mgf.h"
78 #include "tiger-mgf.h"
79 #include "rmd128-mgf.h"
80 #include "rmd160-mgf.h"
81 #include "rmd256-mgf.h"
82 #include "rmd320-mgf.h"
86 /*----- Handy global state ------------------------------------------------*/
88 static const char *keyfile = "keyring";
90 /*----- Useful shared functions -------------------------------------------*/
94 * Arguments: @key_file *f@ = pointer to key file block
95 * @unsigned how@ = method to open file with
99 * Use: Opens a key file and handles errors by panicking
103 static void doopen(key_file *f, unsigned how)
105 if (key_open(f, keyfile, how, key_moan, 0))
106 die(1, "couldn't open keyring `%s': %s", keyfile, strerror(errno));
109 /* --- @doclose@ --- *
111 * Arguments: @key_file *f@ = pointer to key file block
115 * Use: Closes a key file and handles errors by panicking
119 static void doclose(key_file *f)
121 switch (key_close(f)) {
123 die(EXIT_FAILURE, "couldn't write file `%s': %s",
124 keyfile, strerror(errno));
126 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
127 keyfile, strerror(errno));
131 /* --- @setattr@ --- *
133 * Arguments: @key_file *f@ = pointer to key file block
134 * @key *k@ = pointer to key block
135 * @char *v[]@ = array of assignments (overwritten!)
139 * Use: Applies the attribute assignments to the key.
142 static void setattr(key_file *f, key *k, char *v[])
147 size_t eq = strcspn(p, "=");
149 moan("invalid assignment: `%s' (ignored)", p);
155 if ((err = key_putattr(f, k, *v, *p ? p : 0)) != 0)
156 die(EXIT_FAILURE, "couldn't set attributes: %s", key_strerror(err));
161 /*----- Seeding -----------------------------------------------------------*/
163 const struct seedalg { const char *p; grand *(*gen)(const void *, size_t); }
165 { "dsarand", dsarand_create },
166 { "rmd128-mgf", rmd128_mgfrand },
167 { "rmd160-mgf", rmd160_mgfrand },
168 { "rmd256-mgf", rmd256_mgfrand },
169 { "rmd320-mgf", rmd320_mgfrand },
170 { "sha-mgf", sha_mgfrand },
171 { "sha224-mgf", sha224_mgfrand },
172 { "sha256-mgf", sha256_mgfrand },
173 { "sha384-mgf", sha384_mgfrand },
174 { "sha512-mgf", sha512_mgfrand },
175 { "tiger-mgf", tiger_mgfrand },
179 #define SEEDALG_DEFAULT (seedtab + 2)
181 /*----- Key generation ----------------------------------------------------*/
183 /* --- Key generation parameters --- */
185 typedef struct keyopts {
186 key_file *kf; /* Pointer to key file */
187 key *k; /* Pointer to the actual key */
188 dstr tag; /* Full tag name for the key */
189 unsigned f; /* Flags for the new key */
190 unsigned bits, qbits; /* Bit length for the new key */
191 const char *curve; /* Elliptic curve name/info */
192 grand *r; /* Random number source */
193 key *p; /* Parameters key-data */
196 #define f_bogus 1u /* Error in parsing */
197 #define f_lock 2u /* Passphrase-lock private key */
198 #define f_quiet 4u /* Don't show a progress indicator */
199 #define f_limlee 8u /* Generate Lim-Lee primes */
200 #define f_subgroup 16u /* Generate a subgroup */
201 #define f_retag 32u /* Remove any existing tag */
202 #define f_kcdsa 64u /* Generate KCDSA primes */
204 /* --- @dolock@ --- *
206 * Arguments: @keyopts *k@ = key generation options
207 * @key_data **kd@ = pointer to key data to lock
208 * @const char *t@ = tag suffix or null
212 * Use: Does passphrase locking on new keys.
215 static void dolock(keyopts *k, key_data **kd, const char *t)
217 if (!(k->f & f_lock))
220 dstr_putf(&k->tag, ".%s", t);
221 if (key_plock(kd, 0, k->tag.buf))
222 die(EXIT_FAILURE, "couldn't lock key");
225 /* --- @copyparam@ --- *
227 * Arguments: @keyopts *k@ = pointer to key options
228 * @const char **pp@ = checklist of parameters
230 * Returns: Nonzero if parameters copied; zero if you have to generate
233 * Use: Copies parameters from a source key to the current one.
236 static int copyparam(keyopts *k, const char **pp)
246 /* --- Quick check if no parameters supplied --- */
251 /* --- Run through the checklist --- */
254 key_data *kd = key_structfind(k->p->k, *pp);
256 die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
257 if (!KEY_MATCH(kd, &kf))
258 die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
262 /* --- Copy over the parameters --- */
264 kd = key_copydata(k->p->k, &kf);
266 key_setkeydata(k->kf, k->k, kd);
269 /* --- Copy over attributes --- */
271 for (key_mkattriter(&i, k->p); key_nextattr(&i, &n, &v); )
272 key_putattr(k->kf, k->k, n, v);
281 * Arguments: @key_data *k@ = pointer to key data block
282 * @const char *tag@ = tag string to use
284 * Returns: Pointer to multiprecision integer key item.
286 * Use: Fetches an MP key component.
289 static mp *getmp(key_data *k, const char *tag)
291 k = key_structfind(k, tag);
293 die(EXIT_FAILURE, "unexpected failure looking up subkey `%s'", tag);
294 if ((k->e & KF_ENCMASK) != KENC_MP)
295 die(EXIT_FAILURE, "subkey `%s' has an incompatible type");
299 /* --- @keyrand@ --- *
301 * Arguments: @key_file *kf@ = pointer to key file
302 * @const char *id@ = pointer to key id (or null)
306 * Use: Keys the random number generator.
309 static void keyrand(key_file *kf, const char *id)
313 /* --- Find the key --- */
316 if ((k = key_bytag(kf, id)) == 0)
317 die(EXIT_FAILURE, "key `%s' not found", id);
319 k = key_bytype(kf, "catacomb-rand");
322 key_data *kd = k->k, *kkd;
326 switch (kd->e & KF_ENCMASK) {
332 if (key_punlock(&kkd, kd, d.buf))
333 die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
341 die(EXIT_FAILURE, "bad encoding type for key `%s'", d.buf);
345 /* --- Key the generator --- */
347 rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
352 /* --- Key generation algorithms --- */
354 static void alg_binary(keyopts *k)
364 die(EXIT_FAILURE, "no shared parameters for binary keys");
366 sz = (k->bits + 7) >> 3;
368 m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
369 k->r->ops->fill(k->r, p, sz);
371 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
374 key_setkeydata(k->kf, k->k, kd);
379 static void alg_des(keyopts *k)
389 die(EXIT_FAILURE, "no shared parameters for DES keys");
390 if (k->bits % 56 || k->bits > 168)
391 die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
395 k->r->ops->fill(k->r, p, sz);
396 for (i = 0; i < sz; i++) {
397 octet x = p[i] | 0x01;
401 p[i] = (p[i] & 0xfe) | (x & 0x01);
403 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
406 key_setkeydata(k->kf, k->k, kd);
411 static void alg_rsa(keyopts *k)
416 /* --- Sanity checking --- */
419 die(EXIT_FAILURE, "no shared parameters for RSA keys");
423 /* --- Generate the RSA parameters --- */
425 if (rsa_gen(&rp, k->bits, k->r, 0,
426 (k->f & f_quiet) ? 0 : pgen_ev, 0))
427 die(EXIT_FAILURE, "RSA key generation failed");
429 /* --- Run a test encryption --- */
432 grand *g = fibrand_create(k->r->ops->word(k->r));
434 mp *m = mprand_range(MP_NEW, rp.n, g, 0);
439 c = rsa_qpubop(&rpp, MP_NEW, m);
440 c = rsa_qprivop(&rp, c, c, g);
443 die(EXIT_FAILURE, "test encryption failed");
449 /* --- Allrighty then --- */
451 kd = key_newstruct();
452 key_structsteal(kd, "n", key_newmp(KCAT_PUB, rp.n));
453 key_structsteal(kd, "e", key_newmp(KCAT_PUB, rp.e));
455 kkd = key_newstruct();
456 key_structsteal(kkd, "d", key_newmp(KCAT_PRIV | KF_BURN, rp.d));
457 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, rp.p));
458 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, rp.q));
459 key_structsteal(kkd, "q-inv", key_newmp(KCAT_PRIV | KF_BURN, rp.q_inv));
460 key_structsteal(kkd, "d-mod-p", key_newmp(KCAT_PRIV | KF_BURN, rp.dp));
461 key_structsteal(kkd, "d-mod-q", key_newmp(KCAT_PRIV | KF_BURN, rp.dq));
462 dolock(k, &kkd, "private");
463 key_structsteal(kd, "private", kkd);
464 key_setkeydata(k->kf, k->k, kd);
469 static void alg_dsaparam(keyopts *k)
471 static const char *pl[] = { "q", "p", "g", 0 };
472 if (!copyparam(k, pl)) {
481 /* --- Choose appropriate bit lengths if necessary --- */
488 /* --- Allocate a seed block --- */
490 sz = (k->qbits + 7) >> 3;
492 k->r->ops->fill(k->r, p, sz);
494 /* --- Allocate the parameters --- */
496 if (dsa_gen(&dp, k->qbits, k->bits, 0, p, sz, &ds,
497 (k->f & f_quiet) ? 0 : pgen_ev, 0))
498 die(EXIT_FAILURE, "DSA parameter generation failed");
500 /* --- Store the parameters --- */
502 kd = key_newstruct();
503 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
504 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
505 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
509 key_setkeydata(k->kf, k->k, kd);
512 /* --- Store the seed for future verification --- */
517 base64_encode(&c, ds.p, ds.sz, &d);
518 base64_encode(&c, 0, 0, &d);
520 key_putattr(k->kf, k->k, "seed", d.buf);
522 dstr_putf(&d, "%u", ds.count);
523 key_putattr(k->kf, k->k, "count", d.buf);
530 static void alg_dsa(keyopts *k)
537 /* --- Get the shared parameters --- */
540 key_split(&k->k->k); kd = k->k->k;
545 /* --- Choose a private key --- */
547 x = mprand_range(MP_NEWSEC, q, k->r, 0);
548 mpmont_create(&mm, p);
549 y = mpmont_exp(&mm, MP_NEW, g, x);
551 /* --- Store everything away --- */
553 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
555 kkd = key_newstruct();
556 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
557 dolock(k, &kkd, "private");
558 key_structsteal(kd, "private", kkd);
560 mp_drop(x); mp_drop(y);
563 static void alg_dhparam(keyopts *k)
565 static const char *pl[] = { "p", "q", "g", 0 };
567 if (!copyparam(k, pl)) {
576 if (strcmp(k->curve, "list") == 0) {
578 LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
582 if (dh_parse(&qd, &dp))
583 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
585 die(EXIT_FAILURE, "junk at end of field spec");
586 if ((g = group_prime(&dp)) == 0)
587 die(EXIT_FAILURE, "invalid prime field");
588 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
589 moan("WARNING! group check failed: %s", e);
597 /* --- Choose a large safe prime number --- */
599 if (k->f & f_limlee) {
604 rc = dh_limlee(&dp, k->qbits, k->bits,
605 (k->f & f_subgroup) ? DH_SUBGROUP : 0,
606 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0,
607 (k->f & f_quiet) ? 0 : pgen_evspin, 0, &nf, &f);
611 for (i = 0; i < nf; i++) {
614 mp_writedstr(f[i], &d, 10);
617 key_putattr(k->kf, k->k, "factors", d.buf);
620 } else if (k->f & f_kcdsa) {
623 rc = dh_kcdsagen(&dp, k->qbits, k->bits, 0,
624 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0);
629 mp_writedstr(dp.q, &d, 10);
630 mp_div(&v, 0, dp.p, dp.q);
633 mp_writedstr(v, &d, 10);
635 key_putattr(k->kf, k->k, "factors", d.buf);
639 rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
640 (k->f & f_quiet) ? 0 : pgen_ev, 0);
643 die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
646 kd = key_newstruct();
647 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
648 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
649 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
653 key_setkeydata(k->kf, k->k, kd);
658 static void alg_dh(keyopts *k)
665 /* --- Get the shared parameters --- */
668 key_split(&k->k->k); kd = k->k->k;
673 /* --- Choose a suitable private key --- *
675 * Since %$g$% has order %$q$%, choose %$x < q$%.
678 x = mprand_range(MP_NEWSEC, q, k->r, 0);
680 /* --- Compute the public key %$y = g^x \bmod p$% --- */
682 mpmont_create(&mm, p);
683 y = mpmont_exp(&mm, MP_NEW, g, x);
686 /* --- Store everything away --- */
688 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
690 kkd = key_newstruct();
691 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
692 dolock(k, &kkd, "private");
693 key_structsteal(kd, "private", kkd);
695 mp_drop(x); mp_drop(y);
698 static void alg_bbs(keyopts *k)
703 /* --- Sanity checking --- */
706 die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
710 /* --- Generate the BBS parameters --- */
712 if (bbs_gen(&bp, k->bits, k->r, 0,
713 (k->f & f_quiet) ? 0 : pgen_ev, 0))
714 die(EXIT_FAILURE, "Blum-Blum-Shub key generation failed");
716 /* --- Allrighty then --- */
718 kd = key_newstruct();
719 key_structsteal(kd, "n", key_newmp(KCAT_PUB, bp.n));
721 kkd = key_newstruct();
722 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, bp.p));
723 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, bp.q));
724 dolock(k, &kkd, "private");
725 key_structsteal(kd, "private", kkd);
726 key_setkeydata(k->kf, k->k, kd);
732 static void alg_binparam(keyopts *k)
734 static const char *pl[] = { "p", "q", "g", 0 };
735 if (!copyparam(k, pl)) {
742 /* --- Decide on a field --- */
744 if (!k->bits) k->bits = 128;
745 if (k->curve && strcmp(k->curve, "list") == 0) {
747 LIST("Built-in binary fields", stdout,
748 bintab[i].name, bintab[i].name);
752 if (k->bits <= 40) k->curve = "p1363-40";
753 else if (k->bits <= 56) k->curve = "p1363-56";
754 else if (k->bits <= 64) k->curve = "p1363-64";
755 else if (k->bits <= 80) k->curve = "p1363-80";
756 else if (k->bits <= 112) k->curve = "p1363-112";
757 else if (k->bits <= 128) k->curve = "p1363-128";
760 "no built-in binary fields provide %u-bit security",
765 /* --- Check it --- */
769 if (dhbin_parse(&qd, &gb))
770 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
772 die(EXIT_FAILURE, "junk at end of field spec");
773 if ((g = group_binary(&gb)) == 0)
774 die(EXIT_FAILURE, "invalid binary field");
775 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
776 moan("WARNING! group check failed: %s", e);
779 /* --- Write out the answer --- */
781 kd = key_newstruct();
782 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, gb.p));
783 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, gb.q));
784 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, gb.g));
788 key_setkeydata(k->kf, k->k, kd);
793 static void alg_bin(keyopts *k)
800 /* --- Get the shared parameters --- */
803 key_split(&k->k->k); kd = k->k->k;
808 /* --- Choose a suitable private key --- *
810 * Since %$g$% has order %$q$%, choose %$x < q$%.
813 x = mprand_range(MP_NEWSEC, q, k->r, 0);
815 /* --- Compute the public key %$y = g^x \bmod p$% --- */
817 gfreduce_create(&r, p);
818 y = gfreduce_exp(&r, MP_NEW, g, x);
819 gfreduce_destroy(&r);
821 /* --- Store everything away --- */
823 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
825 kkd = key_newstruct();
826 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
827 dolock(k, &kkd, "private");
828 key_structsteal(kd, "private", kkd);
830 mp_drop(x); mp_drop(y);
833 static void alg_ecparam(keyopts *k)
835 static const char *pl[] = { "curve", 0 };
836 if (!copyparam(k, pl)) {
841 /* --- Decide on a curve --- */
843 if (!k->bits) k->bits = 256;
844 if (k->curve && strcmp(k->curve, "list") == 0) {
846 LIST("Built-in elliptic curves", stdout,
847 ectab[i].name, ectab[i].name);
851 if (k->bits <= 56) k->curve = "secp112r1";
852 else if (k->bits <= 64) k->curve = "secp128r1";
853 else if (k->bits <= 80) k->curve = "secp160r1";
854 else if (k->bits <= 96) k->curve = "secp192r1";
855 else if (k->bits <= 112) k->curve = "secp224r1";
856 else if (k->bits <= 128) k->curve = "secp256r1";
857 else if (k->bits <= 192) k->curve = "secp384r1";
858 else if (k->bits <= 256) k->curve = "secp521r1";
860 die(EXIT_FAILURE, "no built-in curves provide %u-bit security",
864 /* --- Check it --- */
866 if ((e = ec_getinfo(&ei, k->curve)) != 0)
867 die(EXIT_FAILURE, "error in curve spec: %s", e);
868 if (!(k->f & f_quiet) && (e = ec_checkinfo(&ei, k->r)) != 0)
869 moan("WARNING! curve check failed: %s", e);
872 /* --- Write out the answer --- */
874 kd = key_newstruct();
875 key_structsteal(kd, "curve", key_newstring(KCAT_SHARE, k->curve));
876 key_setkeydata(k->kf, k->k, kd);
881 static void alg_ec(keyopts *k)
890 /* --- Get the curve --- */
893 key_split(&k->k->k); kd = k->k->k;
894 if ((kkd = key_structfind(kd, "curve")) == 0)
895 die(EXIT_FAILURE, "unexpected failure looking up subkey `curve')");
896 if ((kkd->e & KF_ENCMASK) != KENC_STRING)
897 die(EXIT_FAILURE, "subkey `curve' is not a string");
898 if ((e = ec_getinfo(&ei, kkd->u.p)) != 0)
899 die(EXIT_FAILURE, "error in curve spec: %s", e);
901 /* --- Invent a private exponent and compute the public key --- */
903 x = mprand_range(MP_NEWSEC, ei.r, k->r, 0);
904 ec_mul(ei.c, &p, &ei.g, x);
906 /* --- Store everything away --- */
908 key_structsteal(kd, "p", key_newec(KCAT_PUB, &p));
910 kkd = key_newstruct();
911 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
912 dolock(k, &kkd, "private");
913 key_structsteal(kd, "private", kkd);
921 /* --- The algorithm tables --- */
923 typedef struct keyalg {
925 void (*proc)(keyopts *o);
929 static keyalg algtab[] = {
930 { "binary", alg_binary, "Plain binary data" },
931 { "des", alg_des, "Binary with DES-style parity" },
932 { "rsa", alg_rsa, "RSA public-key encryption" },
933 { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
934 { "dsa", alg_dsa, "DSA digital signatures" },
935 { "dsa-param", alg_dsaparam, "DSA shared parameters" },
936 { "dh", alg_dh, "Diffie-Hellman key exchange" },
937 { "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
938 { "bindh", alg_bin, "DH over a binary field" },
939 { "bindh-param", alg_binparam, "Binary-field DH parameters" },
940 { "ec-param", alg_ecparam, "Elliptic curve parameters" },
941 { "ec", alg_ec, "Elliptic curve crypto" },
945 /* --- @cmd_add@ --- */
947 static int cmd_add(int argc, char *argv[])
950 time_t exp = KEXP_EXPIRE;
951 uint32 kid = rand_global.ops->word(&rand_global);
952 const char *tag = 0, *ptag = 0;
954 keyalg *alg = algtab;
955 const char *rtag = 0;
956 const struct seedalg *sa = SEEDALG_DEFAULT;
957 keyopts k = { 0, 0, DSTR_INIT, 0, 0, 0, 0, 0 };
958 const char *seed = 0;
961 /* --- Parse options for the subcommand --- */
964 static struct option opt[] = {
965 { "algorithm", OPTF_ARGREQ, 0, 'a' },
966 { "bits", OPTF_ARGREQ, 0, 'b' },
967 { "qbits", OPTF_ARGREQ, 0, 'B' },
968 { "parameters", OPTF_ARGREQ, 0, 'p' },
969 { "expire", OPTF_ARGREQ, 0, 'e' },
970 { "comment", OPTF_ARGREQ, 0, 'c' },
971 { "tag", OPTF_ARGREQ, 0, 't' },
972 { "rand-id", OPTF_ARGREQ, 0, 'R' },
973 { "key-id", OPTF_ARGREQ, 0, 'I' },
974 { "curve", OPTF_ARGREQ, 0, 'C' },
975 { "seedalg", OPTF_ARGREQ, 0, 'A' },
976 { "seed", OPTF_ARGREQ, 0, 's' },
977 { "newseed", OPTF_ARGREQ, 0, 'n' },
978 { "lock", 0, 0, 'l' },
979 { "quiet", 0, 0, 'q' },
980 { "lim-lee", 0, 0, 'L' },
981 { "subgroup", 0, 0, 'S' },
982 { "kcdsa", 0, 0, 'K' },
985 int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
990 /* --- Handle the various options --- */
994 /* --- Read an algorithm name --- */
998 size_t sz = strlen(optarg);
1000 if (strcmp(optarg, "list") == 0) {
1001 for (a = algtab; a->name; a++)
1002 printf("%-10s %s\n", a->name, a->help);
1007 for (a = algtab; a->name; a++) {
1008 if (strncmp(optarg, a->name, sz) == 0) {
1009 if (a->name[sz] == 0) {
1013 die(EXIT_FAILURE, "ambiguous algorithm name `%s'", optarg);
1019 die(EXIT_FAILURE, "unknown algorithm name `%s'", optarg);
1022 /* --- Bits must be nonzero and a multiple of 8 --- */
1026 k.bits = strtoul(optarg, &p, 0);
1027 if (k.bits == 0 || *p != 0)
1028 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1033 k.qbits = strtoul(optarg, &p, 0);
1034 if (k.qbits == 0 || *p != 0)
1035 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1038 /* --- Parameter selection --- */
1044 /* --- Expiry dates get passed to @get_date@ for parsing --- */
1047 if (strcmp(optarg, "forever") == 0)
1050 exp = get_date(optarg, 0);
1052 die(EXIT_FAILURE, "bad expiry date `%s'", optarg);
1056 /* --- Store comments without interpretation --- */
1059 if (key_chkcomment(optarg))
1060 die(EXIT_FAILURE, "bad comment string `%s'", optarg);
1064 /* --- Elliptic curve parameters --- */
1070 /* --- Store tags --- */
1073 if (key_chkident(optarg))
1074 die(EXIT_FAILURE, "bad tag string `%s'", optarg);
1081 /* --- Seeding --- */
1084 const struct seedalg *ss;
1085 if (strcmp(optarg, "list") == 0) {
1086 printf("Seed algorithms:\n");
1087 for (ss = seedtab; ss->p; ss++)
1088 printf(" %s\n", ss->p);
1091 if (seed) die(EXIT_FAILURE, "seed already set -- put -A first");
1093 for (ss = seedtab; ss->p; ss++) {
1094 if (strcmp(optarg, ss->p) == 0)
1098 die(EXIT_FAILURE, "seed algorithm `%s' not known", optarg);
1104 if (seed) die(EXIT_FAILURE, "seed already set");
1106 base64_decode(&b, optarg, strlen(optarg), &d);
1107 base64_decode(&b, 0, 0, &d);
1108 k.r = sa->gen(d.buf, d.len);
1117 unsigned n = strtoul(optarg, &p, 0);
1118 if (n == 0 || *p != 0 || n % 8 != 0)
1119 die(EXIT_FAILURE, "bad seed length `%s'", optarg);
1120 if (seed) die(EXIT_FAILURE, "seed already set");
1123 rand_get(RAND_GLOBAL, p, n);
1125 base64_encode(&b, p, n, &d);
1126 base64_encode(&b, 0, 0, &d);
1128 k.r = sa->gen(p, n);
1131 /* --- Key id --- */
1138 id = strtoul(optarg, &p, 16);
1139 if (errno || *p || id > MASK32)
1140 die(EXIT_FAILURE, "bad key-id `%s'", optarg);
1144 /* --- Other flags --- */
1165 /* --- Other things are bogus --- */
1173 /* --- Various sorts of bogosity --- */
1175 if ((k.f & f_bogus) || optind + 1 > argc) {
1177 "Usage: add [OPTIONS] TYPE [ATTR...]");
1179 if (key_chkident(argv[optind]))
1180 die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
1182 /* --- Set up various bits of the state --- */
1184 if (exp == KEXP_EXPIRE)
1185 exp = time(0) + 14 * 24 * 60 * 60;
1187 /* --- Open the file and create the basic key block --- *
1189 * Keep on generating keyids until one of them doesn't collide.
1192 doopen(&f, KOPEN_WRITE);
1195 /* --- Key the generator --- */
1201 if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
1203 else if (err != KERR_DUPID)
1204 die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
1207 /* --- Set various simple attributes --- */
1212 if (k.f & f_retag) {
1213 if ((kk = key_bytag(&f, tag)) != 0 &&
1215 strcmp(kk->tag, tag) == 0)
1216 key_settag(&f, kk, 0);
1218 if ((err = key_settag(&f, k.k, tag)) != 0)
1219 die(EXIT_FAILURE, "error setting key tag: %s", key_strerror(err));
1223 int err = key_setcomment(&f, k.k, c);
1225 die(EXIT_FAILURE, "error setting key comment: %s", key_strerror(err));
1228 setattr(&f, k.k, argv + optind + 1);
1230 key_putattr(&f, k.k, "genseed", seed);
1231 key_putattr(&f, k.k, "seedalg", sa->p);
1234 key_fulltag(k.k, &k.tag);
1236 /* --- Find the parameter key --- */
1239 if ((k.p = key_bytag(&f, ptag)) == 0)
1240 die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
1241 if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
1242 die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
1245 /* --- Now generate the actual key data --- */
1251 dstr_destroy(&k.tag);
1256 /*----- Key listing -------------------------------------------------------*/
1258 /* --- Listing options --- */
1260 typedef struct listopts {
1261 const char *tfmt; /* Date format (@strftime@-style) */
1262 int v; /* Verbosity level */
1263 unsigned f; /* Various flags */
1264 time_t t; /* Time now (for key expiry) */
1265 key_filter kf; /* Filter for matching keys */
1268 /* --- Listing flags --- */
1270 #define f_newline 2u /* Write newline before next entry */
1271 #define f_attr 4u /* Written at least one attribute */
1272 #define f_utc 8u /* Emit UTC time, not local time */
1274 /* --- @showkeydata@ --- *
1276 * Arguments: @key_data *k@ = pointer to key to write
1277 * @int ind@ = indentation level
1278 * @listopts *o@ = listing options
1279 * @dstr *d@ = tag string for this subkey
1283 * Use: Emits a piece of key data in a human-readable format.
1286 static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
1288 #define INDENT(i) do { \
1290 for (_i = 0; _i < (i); _i++) { \
1295 switch (k->e & KF_ENCMASK) {
1297 /* --- Binary key data --- *
1299 * Emit as a simple hex dump.
1303 const octet *p = k->u.k.k;
1304 const octet *l = p + k->u.k.sz;
1307 fputs(" {", stdout);
1312 } else if (sz % 8 == 0)
1316 printf("%02x", *p++);
1321 fputs("}\n", stdout);
1324 /* --- Encrypted data --- *
1326 * If the user is sufficiently keen, ask for a passphrase and decrypt the
1327 * key. Otherwise just say that it's encrypted and move on.
1332 fputs(" encrypted\n", stdout);
1335 if (key_punlock(&kd, k, d->buf))
1336 printf(" <failed to unlock %s>\n", d->buf);
1338 fputs(" encrypted", stdout);
1339 showkeydata(kd, ind, o, d);
1345 /* --- Integer keys --- *
1347 * Emit as a large integer in decimal. This makes using the key in
1348 * `calc' or whatever easier.
1353 mp_writefile(k->u.m, stdout, 10);
1357 /* --- Strings --- */
1360 printf(" `%s'\n", k->u.p);
1363 /* --- Elliptic curve points --- */
1366 if (EC_ATINF(&k->u.e))
1367 fputs(" inf\n", stdout);
1369 fputs(" 0x", stdout); mp_writefile(k->u.e.x, stdout, 16);
1370 fputs(", 0x", stdout); mp_writefile(k->u.e.y, stdout, 16);
1375 /* --- Structured keys --- *
1377 * Just iterate over the subkeys.
1385 fputs(" {\n", stdout);
1386 for (key_mksubkeyiter(&i, k); key_nextsubkey(&i, &tag, &k); ) {
1387 if (!key_match(k, &o->kf))
1390 printf("%s =", tag);
1392 dstr_putf(d, ".%s", tag);
1393 showkeydata(k, ind + 2, o, d);
1396 fputs("}\n", stdout);
1403 /* --- @showkey@ --- *
1405 * Arguments: @key *k@ = pointer to key to show
1406 * @listopts *o@ = pointer to listing options
1410 * Use: Emits a listing of a particular key.
1413 static void showkey(key *k, listopts *o)
1415 char ebuf[24], dbuf[24];
1418 /* --- Skip the key if the filter doesn't match --- */
1420 if (!key_match(k->k, &o->kf))
1423 /* --- Sort out the expiry and deletion times --- */
1425 if (KEY_EXPIRED(o->t, k->exp))
1426 strcpy(ebuf, "expired");
1427 else if (k->exp == KEXP_FOREVER)
1428 strcpy(ebuf, "forever");
1430 tm = (o->f & f_utc) ? gmtime(&k->exp) : localtime(&k->exp);
1431 strftime(ebuf, sizeof(ebuf), o->tfmt, tm);
1434 if (KEY_EXPIRED(o->t, k->del))
1435 strcpy(dbuf, "deleted");
1436 else if (k->del == KEXP_FOREVER)
1437 strcpy(dbuf, "forever");
1439 tm = (o->f & f_utc) ? gmtime(&k->del) : localtime(&k->del);
1440 strftime(dbuf, sizeof(dbuf), o->tfmt, tm);
1443 /* --- If in compact format, just display and quit --- */
1446 if (!(o->f & f_newline)) {
1447 printf("%8s %-20s %-20s %-10s %s\n",
1448 "Id", "Tag", "Type", "Expire", "Delete");
1450 printf("%08lx %-20s %-20s %-10s %s\n",
1451 (unsigned long)k->id, k->tag ? k->tag : "<none>",
1452 k->type, ebuf, dbuf);
1457 /* --- Display the standard header --- */
1459 if (o->f & f_newline)
1460 fputc('\n', stdout);
1461 printf("keyid: %08lx\n", (unsigned long)k->id);
1462 printf("tag: %s\n", k->tag ? k->tag : "<none>");
1463 printf("type: %s\n", k->type);
1464 printf("expiry: %s\n", ebuf);
1465 printf("delete: %s\n", dbuf);
1466 printf("comment: %s\n", k->c ? k->c : "<none>");
1468 /* --- Display the attributes --- */
1472 const char *av, *an;
1475 printf("attributes:");
1476 for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) {
1477 printf("\n %s = %s", an, av);
1481 fputc('\n', stdout);
1486 /* --- If dumping requested, dump the raw key data --- */
1490 fputs("key:", stdout);
1492 showkeydata(k->k, 0, o, &d);
1499 /* --- @cmd_list@ --- */
1501 static int cmd_list(int argc, char *argv[])
1505 listopts o = { 0, 0, 0, 0, { 0, 0 } };
1507 /* --- Parse subcommand options --- */
1510 static struct option opt[] = {
1511 { "quiet", 0, 0, 'q' },
1512 { "verbose", 0, 0, 'v' },
1513 { "utc", 0, 0, 'u' },
1514 { "filter", OPTF_ARGREQ, 0, 'f' },
1517 int i = mdwopt(argc, argv, "+uqvf:", opt, 0, 0, 0);
1534 int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
1536 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1545 die(EXIT_FAILURE, "Usage: list [-uqv] [-f FILTER] [TAG...]");
1547 /* --- Open the key file --- */
1549 doopen(&f, KOPEN_READ);
1552 /* --- Set up the time format --- */
1555 o.tfmt = "%Y-%m-%d";
1556 else if (o.f & f_utc)
1557 o.tfmt = "%Y-%m-%d %H:%M:%S UTC";
1559 o.tfmt = "%Y-%m-%d %H:%M:%S %Z";
1561 /* --- If specific keys were requested use them, otherwise do all --- *
1563 * Some day, this might turn into a wildcard match.
1566 if (optind < argc) {
1568 if ((k = key_bytag(&f, argv[optind])) != 0)
1571 moan("key `%s' not found", argv[optind]);
1575 } while (optind < argc);
1578 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1586 return (EXIT_FAILURE);
1591 /*----- Command implementation --------------------------------------------*/
1593 /* --- @cmd_expire@ --- */
1595 static int cmd_expire(int argc, char *argv[])
1603 die(EXIT_FAILURE, "Usage: expire TAG...");
1604 doopen(&f, KOPEN_WRITE);
1605 for (i = 1; i < argc; i++) {
1606 if ((k = key_bytag(&f, argv[i])) != 0)
1609 moan("key `%s' not found", argv[i]);
1617 /* --- @cmd_delete@ --- */
1619 static int cmd_delete(int argc, char *argv[])
1627 die(EXIT_FAILURE, "Usage: delete TAG...");
1628 doopen(&f, KOPEN_WRITE);
1629 for (i = 1; i < argc; i++) {
1630 if ((k = key_bytag(&f, argv[i])) != 0)
1633 moan("key `%s' not found", argv[i]);
1641 /* --- @cmd_setattr@ --- */
1643 static int cmd_setattr(int argc, char *argv[])
1649 die(EXIT_FAILURE, "Usage: setattr TAG ATTR...");
1650 doopen(&f, KOPEN_WRITE);
1651 if ((k = key_bytag(&f, argv[1])) == 0)
1652 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1653 setattr(&f, k, argv + 2);
1658 /* --- @cmd_getattr@ --- */
1660 static int cmd_getattr(int argc, char *argv[])
1668 die(EXIT_FAILURE, "Usage: getattr TAG ATTR");
1669 doopen(&f, KOPEN_READ);
1670 if ((k = key_bytag(&f, argv[1])) == 0)
1671 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1673 if ((p = key_getattr(&f, k, argv[2])) == 0)
1674 die(EXIT_FAILURE, "no attribute `%s' for key `%s'", argv[2], d.buf);
1681 /* --- @cmd_finger@ --- */
1683 static void fingerprint(key *k, const gchash *ch, const key_filter *kf)
1691 if (key_fingerprint(k, h, kf)) {
1694 for (i = 0; i < ch->hashsz; i++) {
1695 if (i && i % 4 == 0)
1697 printf("%02x", p[i]);
1699 printf(" %s\n", d.buf);
1705 static int cmd_finger(int argc, char *argv[])
1709 const gchash *ch = &rmd160;
1710 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1713 static struct option opt[] = {
1714 { "filter", OPTF_ARGREQ, 0, 'f' },
1715 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1718 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1724 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1726 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1729 if ((ch = ghash_byname(optarg)) == 0)
1730 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1738 argv += optind; argc -= optind;
1740 die(EXIT_FAILURE, "Usage: fingerprint [-f FILTER] [TAG...]");
1742 doopen(&f, KOPEN_READ);
1746 for (i = 0; i < argc; i++) {
1747 key *k = key_bytag(&f, argv[i]);
1749 fingerprint(k, ch, &kf);
1752 moan("key `%s' not found", argv[i]);
1758 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1759 fingerprint(k, ch, &kf);
1764 /* --- @cmd_verify@ --- */
1766 static unsigned xdigit(char c)
1768 if ('A' <= c && c <= 'Z') return (c + 10 - 'A');
1769 if ('a' <= c && c <= 'z') return (c + 10 - 'a');
1770 if ('0' <= c && c <= '9') return (c - '0');
1774 static void unhexify(octet *q, char *p, size_t n)
1780 if (*p == '-' || *p == ':' || isspace((unsigned char)*p)) {
1787 die(EXIT_FAILURE, "hex string too short");
1788 if (!isxdigit((unsigned char)*p))
1789 die(EXIT_FAILURE, "bad hex string");
1791 die(EXIT_FAILURE, "hex string too long");
1792 a = (a << 4) | xdigit(*p++);
1803 static int cmd_verify(int argc, char *argv[])
1807 const gchash *ch = &rmd160;
1812 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1815 static struct option opt[] = {
1816 { "filter", OPTF_ARGREQ, 0, 'f' },
1817 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1820 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1826 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1828 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1831 if ((ch = ghash_byname(optarg)) == 0)
1832 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1840 argv += optind; argc -= optind;
1841 if (rc || argc != 2)
1842 die(EXIT_FAILURE, "Usage: verify [-f FILTER] TAG FINGERPRINT");
1844 doopen(&f, KOPEN_READ);
1846 if ((k = key_bytag(&f, argv[0])) == 0)
1847 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1848 buf = xmalloc(ch->hashsz);
1849 unhexify(buf, argv[1], ch->hashsz);
1851 if (!key_fingerprint(k, h, &kf))
1852 die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
1853 fpr = GH_DONE(h, 0);
1854 if (memcmp(fpr, buf, ch->hashsz) != 0)
1855 die(EXIT_FAILURE, "key fingerprint mismatch");
1860 /* --- @cmd_comment@ --- */
1862 static int cmd_comment(int argc, char *argv[])
1868 if (argc < 2 || argc > 3)
1869 die(EXIT_FAILURE, "Usage: comment TAG [COMMENT]");
1870 doopen(&f, KOPEN_WRITE);
1871 if ((k = key_bytag(&f, argv[1])) == 0)
1872 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1873 if ((err = key_setcomment(&f, k, argv[2])) != 0)
1874 die(EXIT_FAILURE, "bad comment `%s': %s", argv[2], key_strerror(err));
1879 /* --- @cmd_tag@ --- */
1881 static int cmd_tag(int argc, char *argv[])
1890 static struct option opt[] = {
1891 { "retag", 0, 0, 'r' },
1894 int i = mdwopt(argc, argv, "+r", opt, 0, 0, 0);
1907 argv += optind; argc -= optind;
1908 if (argc < 1 || argc > 2 || rc)
1909 die(EXIT_FAILURE, "Usage: tag [-r] TAG [NEW-TAG]");
1910 doopen(&f, KOPEN_WRITE);
1911 if (flags & f_retag) {
1912 if ((k = key_bytag(&f, argv[1])) != 0 && strcmp(k->tag, argv[1]) == 0)
1913 key_settag(&f, k, 0);
1915 if ((k = key_bytag(&f, argv[0])) == 0)
1916 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1917 if ((err = key_settag(&f, k, argv[1])) != 0)
1918 die(EXIT_FAILURE, "bad tag `%s': %s", argv[1], key_strerror(err));
1923 /* --- @cmd_lock@ --- */
1925 static int cmd_lock(int argc, char *argv[])
1933 die(EXIT_FAILURE, "Usage: lock QTAG");
1934 doopen(&f, KOPEN_WRITE);
1935 if (key_qtag(&f, argv[1], &d, &k, &kd))
1936 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1937 if ((*kd)->e == KENC_ENCRYPT && key_punlock(kd, 0, d.buf))
1938 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1939 if (key_plock(kd, 0, d.buf))
1940 die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
1946 /* --- @cmd_unlock@ --- */
1948 static int cmd_unlock(int argc, char *argv[])
1956 die(EXIT_FAILURE, "Usage: unlock QTAG");
1957 doopen(&f, KOPEN_WRITE);
1958 if (key_qtag(&f, argv[1], &d, &k, &kd))
1959 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1960 if ((*kd)->e != KENC_ENCRYPT)
1961 die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
1962 if (key_punlock(kd, 0, d.buf))
1963 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1969 /* --- @cmd_extract@ --- */
1971 static int cmd_extract(int argc, char *argv[])
1977 key_filter kf = { 0, 0 };
1979 const char *outfile = 0;
1983 static struct option opt[] = {
1984 { "filter", OPTF_ARGREQ, 0, 'f' },
1987 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1993 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1995 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
2003 argv += optind; argc -= optind;
2005 die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
2006 if (strcmp(*argv, "-") == 0)
2010 dstr_putf(&d, "%s.new", outfile);
2011 if (!(fp = fopen(d.buf, "w"))) {
2012 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
2013 d.buf, strerror(errno));
2017 doopen(&f, KOPEN_READ);
2021 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
2022 key_extract(&f, k, fp, &kf);
2024 for (i = 1; i < argc; i++) {
2025 if ((k = key_bytag(&f, argv[i])) != 0)
2026 key_extract(&f, k, fp, &kf);
2028 moan("key `%s' not found", argv[i]);
2033 if (fclose(fp) || (outfile && rename(d.buf, outfile)))
2034 die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
2040 /* --- @cmd_tidy@ --- */
2042 static int cmd_tidy(int argc, char *argv[])
2046 die(EXIT_FAILURE, "Usage: tidy");
2047 doopen(&f, KOPEN_WRITE);
2048 f.f |= KF_MODIFIED; /* Nasty hack */
2053 /* --- @cmd_merge@ --- */
2055 static int cmd_merge(int argc, char *argv[])
2061 die(EXIT_FAILURE, "Usage: merge FILE");
2062 if (strcmp(argv[1], "-") == 0)
2064 else if (!(fp = fopen(argv[1], "r"))) {
2065 die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
2066 argv[1], strerror(errno));
2069 doopen(&f, KOPEN_WRITE);
2070 key_merge(&f, argv[1], fp, key_moan, 0);
2075 /* --- @cmd_show@ --- */
2079 listtab[i].name, listtab[i].name) \
2080 LI("Hash functions", hash, \
2081 ghashtab[i], ghashtab[i]->name) \
2082 LI("Elliptic curves", ec, \
2083 ectab[i].name, ectab[i].name) \
2084 LI("Prime Diffie-Hellman groups", dh, \
2085 ptab[i].name, ptab[i].name) \
2086 LI("Binary Diffie-Hellman groups", bindh, \
2087 bintab[i].name, bintab[i].name) \
2088 LI("Key-generation algorithms", keygen, \
2089 algtab[i].name, algtab[i].name) \
2090 LI("Random seeding algorithms", seed, \
2091 seedtab[i].p, seedtab[i].p)
2093 MAKELISTTAB(listtab, LISTS)
2095 static int cmd_show(int argc, char *argv[])
2097 return (displaylists(listtab, argv + 1));
2100 /*----- Main command table ------------------------------------------------*/
2102 static int cmd_help(int argc, char *argv[]);
2104 static cmd cmds[] = {
2105 { "help", cmd_help, "help [COMMAND...]" },
2106 { "show", cmd_show, "show [ITEM...]" },
2107 { "list", cmd_list, "list [-uqv] [-f FILTER] [TAG...]", "\
2110 -u, --utc Display expiry times etc. in UTC, not local time.\n\
2111 -q, --quiet Show less information.\n\
2112 -v, --verbose Show more information.\n\
2114 { "fingerprint", cmd_finger, "fingerprint [-f FILTER] [TAG...]", "\
2117 -f, --filter=FILT Only hash key components matching FILT.\n\
2118 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2119 ($ show hash for list.)\n\
2121 { "verify", cmd_verify, "verify [-f FILTER] TAG FINGERPRINT", "\
2124 -f, --filter=FILT Only hash key components matching FILT.\n\
2125 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2126 ($ show hash for list.)\n\
2128 { "extract", cmd_extract, "extract [-f FILTER] FILE [TAG...]", "\
2131 -f, --filter=FILT Only extract key components matching FILT.\n\
2133 { "merge", cmd_merge, "merge FILE" },
2134 { "expire", cmd_expire, "expire TAG..." },
2135 { "delete", cmd_delete, "delete TAG..." },
2136 { "setattr", cmd_setattr, "setattr TAG ATTR..." },
2137 { "getattr", cmd_getattr, "getattr TAG ATTR" },
2138 { "comment", cmd_comment, "comment TAG [COMMENT]" },
2139 { "lock", cmd_lock, "lock QTAG" },
2140 { "unlock", cmd_unlock, "unlock QTAG" },
2141 { "tag", cmd_tag, "tag [-r] TAG [NEW-TAG]", "\
2144 -r, --retag Untag any key currently called new-tag.\n\
2146 { "tidy", cmd_tidy, "tidy" },
2148 "add [-OPTIONS] TYPE [ATTR...]\n\
2149 Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
2150 [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
2151 [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
2154 -a, --algorithm=ALG Generate keys suitable for ALG.\n\
2155 ($ show keygen for list.)\n\
2156 -b, --bits=N Generate an N-bit key.\n\
2157 -B, --qbits=N Use an N-bit subgroup or factors.\n\
2158 -p, --parameters=TAG Get group parameters from TAG.\n\
2159 -C, --curve=NAME Use elliptic curve or DH group NAME.\n\
2160 ($ show ec or $ show dh for list.)\n\
2161 -A, --seedalg=ALG Use pseudorandom generator ALG to generate key.\n\
2162 ($ show seed for list.)\n\
2163 -s, --seed=BASE64 Use Base64-encoded string BASE64 as seed.\n\
2164 -n, --newseed=COUNT Generate new COUNT-bit seed.\n\
2165 -e, --expire=TIME Make the key expire after TIME.\n\
2166 -c, --comment=STRING Attach the command STRING to the key.\n\
2167 -t, --tag=TAG Tag the key with the name TAG.\n\
2168 -r, --retag Untag any key currently with that tag.\n\
2169 -R, --rand-id=TAG Use key named TAG for the random number generator.\n\
2170 -I, --key-id=ID Force the key-id for the new key.\n\
2171 -l, --lock Lock the generated key with a passphrase.\n\
2172 -q, --quiet Don't give progress indicators while working.\n\
2173 -L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
2174 -K, --kcdsa Generate KCDSA-style Lim-Lee primes for DH groups.\n\
2175 -S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
2180 static int cmd_help(int argc, char *argv[])
2182 sc_help(cmds, stdout, argv + 1);
2186 /*----- Main code ---------------------------------------------------------*/
2188 /* --- Helpful GNUy functions --- */
2190 static void usage(FILE *fp)
2192 pquis(fp, "Usage: $ [-k KEYRING] COMMAND [ARGS]\n");
2195 void version(FILE *fp)
2197 pquis(fp, "$, Catacomb version " VERSION "\n");
2200 void help_global(FILE *fp)
2204 Performs various simple key management operations.\n\
2206 Global command line options:\n\
2208 -h, --help [COMMAND...] Display this help text (or help for COMMANDs).\n\
2209 -v, --version Display version number.\n\
2210 -u, --usage Display short usage summary.\n\
2212 -k, --keyring=FILE Read and write keys in FILE.\n",
2218 * Arguments: @int argc@ = number of command line arguments
2219 * @char *argv[]@ = array of command line arguments
2221 * Returns: Nonzero on failure.
2223 * Use: Main program. Performs simple key management functions.
2226 int main(int argc, char *argv[])
2232 /* --- Initialization --- */
2237 /* --- Parse command line options --- */
2240 static struct option opt[] = {
2242 /* --- Standard GNUy help options --- */
2244 { "help", 0, 0, 'h' },
2245 { "version", 0, 0, 'v' },
2246 { "usage", 0, 0, 'u' },
2248 /* --- Real live useful options --- */
2250 { "keyring", OPTF_ARGREQ, 0, 'k' },
2252 /* --- Magic terminator --- */
2256 int i = mdwopt(argc, argv, "+hvu k:", opt, 0, 0, 0);
2262 /* --- GNU help options --- */
2265 sc_help(cmds, stdout, argv + optind);
2274 /* --- Real useful options --- */
2280 /* --- Bogosity --- */
2288 /* --- Complain about excessive bogons --- */
2290 if (f & f_bogus || optind == argc) {
2295 /* --- Initialize the Catacomb random number generator --- */
2297 rand_noisesrc(RAND_GLOBAL, &noise_source);
2298 rand_seed(RAND_GLOBAL, 160);
2300 /* --- Dispatch to appropriate command handler --- */
2305 return (findcmd(cmds, argv[0])->cmd(argc, argv));
2308 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob