3 * $Id: keyutil.c,v 1.6 2000/06/17 11:28:22 mdw Exp $
5 * Simple key manager program
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.6 2000/06/17 11:28:22 mdw
34 * Use secure memory interface from MP library. `rand_getgood' is
37 * Revision 1.5 2000/02/12 18:21:03 mdw
38 * Overhaul of key management (again).
40 * Revision 1.4 1999/12/22 15:48:10 mdw
41 * Track new key-management changes. Support new key generation
44 * Revision 1.3 1999/11/02 15:23:24 mdw
45 * Fix newlines in keyring list.
47 * Revision 1.2 1999/10/15 21:05:28 mdw
48 * In `key list', show timezone for local times, and support `-u' option
51 * Revision 1.1 1999/09/03 08:41:12 mdw
56 /*----- Header files ------------------------------------------------------*/
66 #include <mLib/base64.h>
67 #include <mLib/mdwopt.h>
68 #include <mLib/quis.h>
69 #include <mLib/report.h>
88 /*----- Handy global state ------------------------------------------------*/
90 static const char *keyfile = "keyring";
92 /*----- Useful shared functions -------------------------------------------*/
96 * Arguments: @key_file *f@ = pointer to key file block
97 * @unsigned how@ = method to open file with
101 * Use: Opens a key file and handles errors by panicking
105 static void doopen(key_file *f, unsigned how)
107 if (key_open(f, keyfile, how, key_moan, 0))
108 die(1, "couldn't open keyring `%s': %s", keyfile, strerror(errno));
111 /* --- @doclose@ --- *
113 * Arguments: @key_file *f@ = pointer to key file block
117 * Use: Closes a key file and handles errors by panicking
121 static void doclose(key_file *f)
123 switch (key_close(f)) {
125 die(EXIT_FAILURE, "couldn't write file `%s': %s",
126 keyfile, strerror(errno));
128 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
129 keyfile, strerror(errno));
133 /* --- @setattr@ --- *
135 * Arguments: @key_file *f@ = pointer to key file block
136 * @key *k@ = pointer to key block
137 * @char *v[]@ = array of assignments (overwritten!)
141 * Use: Applies the attribute assignments to the key.
144 static void setattr(key_file *f, key *k, char *v[])
149 size_t eq = strcspn(p, "=");
151 moan("invalid assignment: `%s'", p);
154 if ((err = key_putattr(f, k, *v, *p ? p : 0)) != 0)
155 die(EXIT_FAILURE, "couldn't set attributes: %s", key_strerror(err));
160 /*----- Key generation ----------------------------------------------------*/
162 /* --- Key generation parameters --- */
164 typedef struct keyopts {
165 key_file *kf; /* Pointer to key file */
166 key *k; /* Pointer to the actual key */
167 dstr tag; /* Full tag name for the key */
168 unsigned f; /* Flags for the new key */
169 unsigned bits, qbits; /* Bit length for the new key */
170 key *p; /* Parameters key-data */
174 f_bogus = 1, /* Error in parsing */
175 f_lock = 2, /* Passphrase-lock private key */
176 f_quiet = 4 /* Don't show a progress indicator */
179 /* --- @dolock@ --- *
181 * Arguments: @keyopts *k@ = key generation options
182 * @key_data *kd@ = pointer to key data to lock
183 * @const char *t@ = tag suffix or null
187 * Use: Does passphrase locking on new keys.
190 static void dolock(keyopts *k, key_data *kd, const char *t)
192 if (!(k->f & f_lock))
195 dstr_putf(&k->tag, ".%s", t);
196 if (key_plock(k->tag.buf, kd, kd))
197 die(EXIT_FAILURE, "couldn't lock key");
202 * Arguments: @key_data *kd@ = pointer to parent key block
203 * @const char *tag@ = pointer to tag string
204 * @mp *m@ = integer to store
205 * @unsigned f@ = flags to set
209 * Use: Sets a multiprecision integer subkey.
212 static void mpkey(key_data *kd, const char *tag, mp *m, unsigned f)
214 key_data *kkd = key_structcreate(kd, tag);
219 /* --- @copyparam@ --- *
221 * Arguments: @keyopts *k@ = pointer to key options
222 * @const char **pp@ = checklist of parameters
224 * Returns: Nonzero if parameters copied; zero if you have to generate
227 * Use: Copies parameters from a source key to the current one.
230 static int copyparam(keyopts *k, const char **pp)
234 /* --- Quick check if no parameters supplied --- */
239 /* --- Run through the checklist --- */
242 key_data *kd = key_structfind(&k->p->k, *pp);
244 die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
245 if ((kd->e & KF_CATMASK) != KCAT_SHARE)
246 die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
250 /* --- Copy over the parameters --- */
254 if (!key_copy(&k->k->k, &k->p->k, &kf))
255 die(EXIT_FAILURE, "unexpected failure while copying parameters");
261 * Arguments: @key_data *k@ = pointer to key data block
262 * @const char *tag@ = tag string to use
264 * Returns: Pointer to multiprecision integer key item.
266 * Use: Fetches an MP key component.
269 static mp *getmp(key_data *k, const char *tag)
271 k = key_structfind(k, tag);
273 die(EXIT_FAILURE, "unexpected failure looking up subkey `%s'", tag);
274 if ((k->e & KF_ENCMASK) != KENC_MP)
275 die(EXIT_FAILURE, "subkey `%s' has an incompatible type");
279 /* --- @keyrand@ --- *
281 * Arguments: @key_file *kf@ = pointer to key file
282 * @const char *id@ = pointer to key id (or null)
286 * Use: Keys the random number generator.
289 static void keyrand(key_file *kf, const char *id)
293 /* --- Find the key --- */
296 if ((k = key_bytag(kf, id)) == 0)
297 die(EXIT_FAILURE, "key `%s' not found", id);
299 k = key_bytype(kf, "catacomb-rand");
302 key_data *kd = &k->k, kkd;
305 switch (kd->e & KF_ENCMASK) {
311 if (key_punlock(d.buf, kd, &kkd))
312 die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
319 die(EXIT_FAILURE, "bad encoding type for key `%s'", d.buf);
323 /* --- Key the generator --- */
325 rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
331 /* --- Key generation algorithms --- */
333 static void alg_binary(keyopts *k)
342 die(EXIT_FAILURE, "no shared parameters for binary keys");
344 sz = (k->bits + 7) >> 3;
346 m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
347 rand_get(RAND_GLOBAL, p, sz);
349 key_binary(&k->k->k, p, sz);
350 k->k->k.e |= KCAT_SYMM | KF_BURN;
353 dolock(k, &k->k->k, 0);
356 static void alg_des(keyopts *k)
365 die(EXIT_FAILURE, "no shared parameters for DES keys");
366 if (k->bits % 56 || k->bits > 168)
367 die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
371 rand_get(RAND_GLOBAL, p, sz); /* Too much work done here! */
372 for (i = 0; i < sz; i++) {
373 octet x = p[i] | 0x01;
377 p[i] = (p[i] & 0xfe) | (x & 0x01);
379 key_binary(&k->k->k, p, sz);
380 k->k->k.e |= KCAT_SYMM | KF_BURN;
383 dolock(k, &k->k->k, 0);
386 static void alg_rsa(keyopts *k)
391 /* --- Sanity checking --- */
394 die(EXIT_FAILURE, "no shared parameters for RSA keys");
398 /* --- Generate the RSA parameters --- */
400 if (rsa_gen(&rp, k->bits, &rand_global, 0,
401 (k->f & f_quiet) ? 0 : pgen_ev, 0))
402 die(EXIT_FAILURE, "RSA key generation failed");
404 /* --- Run a test encryption --- */
407 grand *g = fibrand_create(rand_global.ops->word(&rand_global));
409 mp *m = mprand_range(MP_NEW, rp.n, g, 0);
412 /* --- Encrypt the plaintext --- */
414 mpmont_create(&mm, rp.n);
415 c = mpmont_exp(&mm, MP_NEW, m, rp.e);
418 /* --- Decrypt the ciphertext --- */
420 c = rsa_decrypt(&rp, c, c, g);
422 /* --- Check everything went OK --- */
424 if (MP_CMP(c, !=, m))
425 die(EXIT_FAILURE, "test encryption failed");
431 /* --- Allrighty then --- */
435 mpkey(kd, "n", rp.n, KCAT_PUB);
436 mpkey(kd, "e", rp.e, KCAT_PUB);
438 kd = key_structcreate(kd, "private");
440 mpkey(kd, "d", rp.d, KCAT_PRIV | KF_BURN);
441 mpkey(kd, "p", rp.p, KCAT_PRIV | KF_BURN);
442 mpkey(kd, "q", rp.q, KCAT_PRIV | KF_BURN);
443 mpkey(kd, "q-inv", rp.q_inv, KCAT_PRIV | KF_BURN);
444 mpkey(kd, "d-mod-p", rp.dp, KCAT_PRIV | KF_BURN);
445 mpkey(kd, "d-mod-q", rp.dq, KCAT_PRIV | KF_BURN);
446 dolock(k, kd, "private");
448 mp_drop(rp.p); mp_drop(rp.q); mp_drop(rp.n); mp_drop(rp.q_inv);
449 mp_drop(rp.e); mp_drop(rp.d); mp_drop(rp.dp); mp_drop(rp.dq);
452 static void alg_dsaparam(keyopts *k)
454 static const char *pl[] = { "q", "p", "g", 0 };
455 if (!copyparam(k, pl)) {
461 key_data *kd = &k->k->k;
463 /* --- Choose appropriate bit lengths if necessary --- */
470 /* --- Allocate a seed block --- */
472 sz = (k->qbits + 7) >> 3;
474 rand_get(RAND_GLOBAL, p, sz);
476 /* --- Allocate the parameters --- */
478 if (dsa_seed(&dp, k->qbits, k->bits, 0, p, sz,
479 (k->f & f_quiet) ? 0 : pgen_ev, 0))
480 die(EXIT_FAILURE, "DSA parameter generation failed");
482 /* --- Store the parameters --- */
485 mpkey(kd, "q", dp.q, KCAT_SHARE);
486 mpkey(kd, "p", dp.p, KCAT_SHARE);
487 mpkey(kd, "g", dp.g, KCAT_SHARE);
492 /* --- Store the seed for future verification --- */
497 base64_encode(&c, p, sz, &d);
498 base64_encode(&c, 0, 0, &d);
499 key_putattr(k->kf, k->k, "seed", d.buf);
505 static void alg_dsa(keyopts *k)
510 key_data *kd = &k->k->k;
512 /* --- Get the shared parameters --- */
519 /* --- Choose a private key --- */
521 x = mprand_range(MP_NEWSEC, q, &rand_global, 0);
522 mpmont_create(&mm, p);
523 y = mpmont_exp(&mm, MP_NEW, g, x);
525 /* --- Store everything away --- */
527 mpkey(kd, "y", y, KCAT_PUB);
529 kd = key_structcreate(kd, "private");
531 mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
532 dolock(k, kd, "private");
534 mp_drop(x); mp_drop(y);
537 static void alg_dhparam(keyopts *k)
539 static const char *pl[] = { "p", "q", "g", 0 };
540 if (!copyparam(k, pl)) {
542 key_data *kd = &k->k->k;
547 /* --- Choose a large safe prime number --- */
549 if (dh_gen(&dp, k->qbits, k->bits, 0, &rand_global,
550 (k->f & f_quiet) ? 0 : pgen_ev, 0))
551 die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
554 mpkey(kd, "p", dp.p, KCAT_SHARE);
555 mpkey(kd, "q", dp.q, KCAT_SHARE);
556 mpkey(kd, "g", dp.g, KCAT_SHARE);
563 static void alg_dh(keyopts *k)
568 key_data *kd = &k->k->k;
570 /* --- Get the shared parameters --- */
577 /* --- Choose a suitable private key --- *
579 * Since %$g$% has order %$q$%, choose %$x < q$%.
582 x = mprand_range(MP_NEWSEC, q, &rand_global, 0);
584 /* --- Compute the public key %$y = g^x \bmod p$% --- */
586 mpmont_create(&mm, p);
587 y = mpmont_exp(&mm, MP_NEW, g, x);
590 /* --- Store everything away --- */
592 mpkey(kd, "y", y, KCAT_PUB);
594 kd = key_structcreate(kd, "private");
596 mpkey(kd, "x", x, KCAT_PRIV | KF_BURN);
597 dolock(k, kd, "private");
599 mp_drop(x); mp_drop(y);
602 static void alg_bbs(keyopts *k)
607 /* --- Sanity checking --- */
610 die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
614 /* --- Generate the BBS parameters --- */
616 if (bbs_gen(&bp, k->bits, &rand_global, 0,
617 (k->f & f_quiet) ? 0 : pgen_ev, 0))
618 die(EXIT_FAILURE, "Blum-Blum-Shub key generation failed");
620 /* --- Allrighty then --- */
624 mpkey(kd, "n", bp.n, KCAT_PUB);
626 kd = key_structcreate(kd, "private");
628 mpkey(kd, "p", bp.p, KCAT_PRIV | KF_BURN);
629 mpkey(kd, "q", bp.q, KCAT_PRIV | KF_BURN);
630 dolock(k, kd, "private");
632 mp_drop(bp.p); mp_drop(bp.q); mp_drop(bp.n);
635 /* --- The algorithm tables --- */
637 typedef struct keyalg {
639 void (*proc)(keyopts *o);
643 static keyalg algtab[] = {
644 { "binary", alg_binary, "Plain binary data" },
645 { "des", alg_des, "Binary with DES-style parity" },
646 { "rsa", alg_rsa, "RSA public-key encryption" },
647 { "dsa", alg_dsa, "DSA digital signatures" },
648 { "dsa-param", alg_dsaparam, "DSA shared parameters" },
649 { "dh", alg_dh, "Diffie-Hellman key exchange" },
650 { "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
651 { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
655 /* --- @cmd_add@ --- */
657 static int cmd_add(int argc, char *argv[])
660 time_t exp = KEXP_EXPIRE;
661 const char *tag = 0, *ptag = 0;
663 keyalg *alg = algtab;
664 const char *rtag = 0;
665 keyopts k = { 0, 0, DSTR_INIT, 0, 0, 0, 0 };
667 /* --- Parse options for the subcommand --- */
670 static struct option opt[] = {
671 { "algorithm", OPTF_ARGREQ, 0, 'a' },
672 { "bits", OPTF_ARGREQ, 0, 'b' },
673 { "qbits", OPTF_ARGREQ, 0, 'B' },
674 { "parameters", OPTF_ARGREQ, 0, 'p' },
675 { "expire", OPTF_ARGREQ, 0, 'e' },
676 { "comment", OPTF_ARGREQ, 0, 'c' },
677 { "tag", OPTF_ARGREQ, 0, 't' },
678 { "rand-id", OPTF_ARGREQ, 0, 'r' },
679 { "lock", 0, 0, 'l' },
680 { "quiet", 0, 0, 'q' },
683 int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:r:lq", opt, 0, 0, 0);
687 /* --- Handle the various options --- */
691 /* --- Read an algorithm name --- */
695 size_t sz = strlen(optarg);
697 if (strcmp(optarg, "list") == 0) {
698 for (a = algtab; a->name; a++)
699 printf("%-10s %s\n", a->name, a->help);
704 for (a = algtab; a->name; a++) {
705 if (strncmp(optarg, a->name, sz) == 0) {
706 if (a->name[sz] == 0) {
710 die(EXIT_FAILURE, "ambiguous algorithm name `%s'", optarg);
716 die(EXIT_FAILURE, "unknown algorithm name `%s'", optarg);
719 /* --- Bits must be nonzero and a multiple of 8 --- */
723 k.bits = strtoul(optarg, &p, 0);
724 if (k.bits == 0 || *p != 0)
725 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
730 k.qbits = strtoul(optarg, &p, 0);
731 if (k.qbits == 0 || *p != 0)
732 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
735 /* --- Parameter selection --- */
741 /* --- Expiry dates get passed to @get_date@ for parsing --- */
744 if (strncmp(optarg, "forever", strlen(optarg)) == 0)
747 exp = get_date(optarg, 0);
749 die(EXIT_FAILURE, "bad expiry date `%s'", optarg);
753 /* --- Store comments without interpretation --- */
756 if (key_chkcomment(optarg))
757 die(EXIT_FAILURE, "bad comment string `%s'", optarg);
761 /* --- Store tags --- */
764 if (key_chkident(optarg))
765 die(EXIT_FAILURE, "bad tag string `%s'", optarg);
769 /* --- Other flags --- */
781 /* --- Other things are bogus --- */
789 /* --- Various sorts of bogosity --- */
791 if ((k.f & f_bogus) || optind + 1 > argc) {
793 "Usage: add [options] type [attr...]");
795 if (key_chkident(argv[optind]))
796 die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
798 /* --- Set up various bits of the state --- */
800 if (exp == KEXP_EXPIRE)
801 exp = time(0) + 14 * 24 * 60 * 60;
803 /* --- Open the file and create the basic key block --- *
805 * Keep on generating keyids until one of them doesn't collide.
808 doopen(&f, KOPEN_WRITE);
811 /* --- Key the generator --- */
816 uint32 id = rand_global.ops->word(&rand_global);
818 k.k = key_new(&f, id, argv[optind], exp, &err);
821 if (err != KERR_DUPID)
822 die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
825 /* --- Set various simple attributes --- */
828 int err = key_settag(&f, k.k, tag);
830 die(EXIT_FAILURE, "error setting key tag: %s", key_strerror(err));
834 int err = key_setcomment(&f, k.k, c);
836 die(EXIT_FAILURE, "error setting key comment: %s", key_strerror(err));
839 setattr(&f, k.k, argv + optind + 1);
841 key_fulltag(k.k, &k.tag);
843 /* --- Find the parameter key --- */
846 if ((k.p = key_bytag(&f, ptag)) == 0)
847 die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
848 if ((k.p->k.e & KF_ENCMASK) != KENC_STRUCT)
849 die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
852 /* --- Now generate the actual key data --- */
862 /*----- Key listing -------------------------------------------------------*/
864 /* --- Listing options --- */
866 typedef struct listopts {
867 const char *tfmt; /* Date format (@strftime@-style) */
868 int v; /* Verbosity level */
869 unsigned f; /* Various flags */
870 time_t t; /* Time now (for key expiry) */
871 key_filter kf; /* Filter for matching keys */
874 /* --- Listing flags --- */
877 f_newline = 2, /* Write newline before next entry */
878 f_attr = 4, /* Written at least one attribute */
879 f_utc = 8 /* Emit UTC time, not local time */
882 /* --- @showkeydata@ --- *
884 * Arguments: @key_data *k@ = pointer to key to write
885 * @int ind@ = indentation level
886 * @listopts *o@ = listing options
887 * @dstr *d@ = tag string for this subkey
891 * Use: Emits a piece of key data in a human-readable format.
894 static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
896 #define INDENT(i) do { \
898 for (_i = 0; _i < (i); _i++) { \
903 switch (k->e & KF_ENCMASK) {
905 /* --- Binary key data --- *
907 * Emit as a simple hex dump.
911 const octet *p = k->u.k.k;
912 const octet *l = p + k->u.k.sz;
920 } else if (sz % 8 == 0)
924 printf("%02x", *p++);
929 fputs("}\n", stdout);
932 /* --- Encrypted data --- *
934 * If the user is sufficiently keen, ask for a passphrase and decrypt the
935 * key. Otherwise just say that it's encrypted and move on.
940 fputs(" encrypted\n", stdout);
943 if (key_punlock(d->buf, k, &kd))
944 printf(" <failed to unlock %s>\n", d->buf);
946 fputs(" encrypted", stdout);
947 showkeydata(&kd, ind, o, d);
953 /* --- Integer keys --- *
955 * Emit as a large integer in decimal. This makes using the key in
956 * `calc' or whatever easier.
961 mp_writefile(k->u.m, stdout, 10);
965 /* --- Structured keys --- *
967 * Just iterate over the subkeys.
975 fputs(" {\n", stdout);
976 for (sym_mkiter(&i, &k->u.s); (ks = sym_next(&i)) != 0; ) {
977 if (!key_match(&ks->k, &o->kf))
980 printf("%s =", SYM_NAME(ks));
982 dstr_putf(d, ".%s", SYM_NAME(ks));
983 showkeydata(&ks->k, ind + 2, o, d);
986 fputs("}\n", stdout);
993 /* --- @showkey@ --- *
995 * Arguments: @key *k@ = pointer to key to show
996 * @listopts *o@ = pointer to listing options
1000 * Use: Emits a listing of a particular key.
1003 static void showkey(key *k, listopts *o)
1005 char ebuf[24], dbuf[24];
1008 /* --- Skip the key if the filter doesn't match --- */
1010 if (!key_match(&k->k, &o->kf))
1013 /* --- Sort out the expiry and deletion times --- */
1015 if (KEY_EXPIRED(o->t, k->exp))
1016 strcpy(ebuf, "expired");
1017 else if (k->exp == KEXP_FOREVER)
1018 strcpy(ebuf, "forever");
1020 tm = (o->f & f_utc) ? gmtime(&k->exp) : localtime(&k->exp);
1021 strftime(ebuf, sizeof(ebuf), o->tfmt, tm);
1024 if (KEY_EXPIRED(o->t, k->del))
1025 strcpy(dbuf, "deleted");
1026 else if (k->del == KEXP_FOREVER)
1027 strcpy(dbuf, "forever");
1029 tm = (o->f & f_utc) ? gmtime(&k->del) : localtime(&k->del);
1030 strftime(dbuf, sizeof(dbuf), o->tfmt, tm);
1033 /* --- If in compact format, just display and quit --- */
1036 if (!(o->f & f_newline)) {
1037 printf("%8s %-20s %-20s %-10s %-10s\n",
1038 "Id", "Tag", "Type", "Expire", "Delete");
1040 printf("%08lx %-20s %-20s %-10s %-10s\n",
1041 (unsigned long)k->id, k->tag ? k->tag : "<none>",
1042 k->type, ebuf, dbuf);
1047 /* --- Display the standard header --- */
1049 if (o->f & f_newline)
1050 fputc('\n', stdout);
1051 printf("keyid: %08lx\n", (unsigned long)k->id);
1052 printf("tag: %s\n", k->tag ? k->tag : "<none>");
1053 printf("type: %s\n", k->type);
1054 printf("expiry: %s\n", ebuf);
1055 printf("delete: %s\n", dbuf);
1056 printf("comment: %s\n", k->c ? k->c : "<none>");
1058 /* --- Display the attributes --- */
1062 const char *av, *an;
1065 printf("attributes:");
1066 for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) {
1067 printf("\n\t%s = %s", an, av);
1071 fputc('\n', stdout);
1076 /* --- If dumping requested, dump the raw key data --- */
1080 fputs("key:", stdout);
1082 showkeydata(&k->k, 0, o, &d);
1089 /* --- @cmd_list@ --- */
1091 static int cmd_list(int argc, char *argv[])
1095 listopts o = { 0, 0, 0, 0, { 0, 0 } };
1097 /* --- Parse subcommand options --- */
1100 static struct option opt[] = {
1101 { "quiet", 0, 0, 'q' },
1102 { "verbose", 0, 0, 'v' },
1103 { "utc", 0, 0, 'u' },
1104 { "filter", OPTF_ARGREQ, 0, 'f' },
1107 int i = mdwopt(argc, argv, "+uqvf:", opt, 0, 0, 0);
1124 int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
1126 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1135 die(EXIT_FAILURE, "Usage: list [-uqv] [-f filter] [tag...]");
1137 /* --- Open the key file --- */
1139 doopen(&f, KOPEN_READ);
1142 /* --- Set up the time format --- */
1145 o.tfmt = "%Y-%m-%d";
1146 else if (o.f & f_utc)
1147 o.tfmt = "%Y-%m-%d %H:%M:%S UTC";
1149 o.tfmt = "%Y-%m-%d %H:%M:%S %Z";
1151 /* --- If specific keys were requested use them, otherwise do all --- *
1153 * Some day, this might turn into a wildcard match.
1156 if (optind < argc) {
1158 if ((k = key_bytag(&f, argv[optind])) != 0)
1161 moan("key `%s' not found", argv[optind]);
1165 } while (optind < argc);
1168 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1176 return (EXIT_FAILURE);
1181 /*----- Command implementation --------------------------------------------*/
1183 /* --- @cmd_expire@ --- */
1185 static int cmd_expire(int argc, char *argv[])
1193 die(EXIT_FAILURE, "Usage: expire tag...");
1194 doopen(&f, KOPEN_WRITE);
1195 for (i = 1; i < argc; i++) {
1196 if ((k = key_bytag(&f, argv[i])) != 0)
1199 moan("key `%s' not found", argv[i]);
1207 /* --- @cmd_delete@ --- */
1209 static int cmd_delete(int argc, char *argv[])
1217 die(EXIT_FAILURE, "Usage: delete tag...");
1218 doopen(&f, KOPEN_WRITE);
1219 for (i = 1; i < argc; i++) {
1220 if ((k = key_bytag(&f, argv[i])) != 0)
1223 moan("key `%s' not found", argv[i]);
1231 /* --- @cmd_setattr@ --- */
1233 static int cmd_setattr(int argc, char *argv[])
1239 die(EXIT_FAILURE, "Usage: setattr tag attr...");
1240 doopen(&f, KOPEN_WRITE);
1241 if ((k = key_bytag(&f, argv[1])) == 0)
1242 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1243 setattr(&f, k, argv + 2);
1248 /* --- @cmd_finger@ --- */
1250 static void fingerprint(key *k, const key_filter *kf)
1253 octet hash[RMD160_HASHSZ];
1257 if (!key_encode(&k->k, &d, kf))
1260 rmd160_hash(&r, d.buf, d.len);
1261 rmd160_done(&r, hash);
1265 for (i = 0; i < sizeof(hash); i++) {
1266 if (i && i % 4 == 0)
1268 printf("%02x", hash[i]);
1270 printf(" %s\n", d.buf);
1274 static int cmd_finger(int argc, char *argv[])
1278 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1281 static struct option opt[] = {
1282 { "filter", OPTF_ARGREQ, 0, 'f' },
1285 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1291 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1293 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1301 argv += optind; argc -= optind;
1303 die(EXIT_FAILURE, "Usage: fingerprint [-f filter] [tag...]");
1305 doopen(&f, KOPEN_READ);
1309 for (i = 0; i < argc; i++) {
1310 key *k = key_bytag(&f, argv[i]);
1312 fingerprint(k, &kf);
1315 moan("key `%s' not found", argv[i]);
1321 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1322 fingerprint(k, &kf);
1327 /* --- @cmd_comment@ --- */
1329 static int cmd_comment(int argc, char *argv[])
1335 if (argc < 2 || argc > 3)
1336 die(EXIT_FAILURE, "Usage: comment tag [comment]");
1337 doopen(&f, KOPEN_WRITE);
1338 if ((k = key_bytag(&f, argv[1])) == 0)
1339 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1340 if ((err = key_setcomment(&f, k, argv[2])) != 0)
1341 die(EXIT_FAILURE, "bad comment `%s': %s", argv[2], key_strerror(err));
1346 /* --- @cmd_tag@ --- */
1348 static int cmd_tag(int argc, char *argv[])
1354 if (argc < 2 || argc > 3)
1355 die(EXIT_FAILURE, "Usage: tag tag [new-tag]");
1356 doopen(&f, KOPEN_WRITE);
1357 if ((k = key_bytag(&f, argv[1])) == 0)
1358 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1359 if ((err = key_settag(&f, k, argv[2])) != 0)
1360 die(EXIT_FAILURE, "bad tag `%s': %s", argv[2], key_strerror(err));
1365 /* --- @cmd_lock@ --- */
1367 static int cmd_lock(int argc, char *argv[])
1375 die(EXIT_FAILURE, "Usage: lock qtag");
1376 doopen(&f, KOPEN_WRITE);
1377 if (key_qtag(&f, argv[1], &d, &k, &kd))
1378 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1379 if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
1380 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1381 if (key_plock(d.buf, kd, kd))
1382 die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
1388 /* --- @cmd_unlock@ --- */
1390 static int cmd_unlock(int argc, char *argv[])
1398 die(EXIT_FAILURE, "Usage: unlock qtag");
1399 doopen(&f, KOPEN_WRITE);
1400 if (key_qtag(&f, argv[1], &d, &k, &kd))
1401 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1402 if (kd->e != KENC_ENCRYPT)
1403 die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
1404 if (kd->e == KENC_ENCRYPT && key_punlock(d.buf, kd, kd))
1405 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1411 /* --- @cmd_extract@ --- */
1413 static int cmd_extract(int argc, char *argv[])
1419 key_filter kf = { 0, 0 };
1423 static struct option opt[] = {
1424 { "filter", OPTF_ARGREQ, 0, 'f' },
1427 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1433 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1435 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1443 argv += optind; argc -= optind;
1445 die(EXIT_FAILURE, "Usage: extract [-f filter] file [tag...]");
1446 if (strcmp(*argv, "-") == 0)
1448 else if (!(fp = fopen(*argv, "w"))) {
1449 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
1450 *argv, strerror(errno));
1453 doopen(&f, KOPEN_READ);
1457 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1458 key_extract(&f, k, fp, &kf);
1460 for (i = 1; i < argc; i++) {
1461 if ((k = key_bytag(&f, argv[i])) != 0)
1462 key_extract(&f, k, fp, &kf);
1464 moan("key `%s' not found", argv[i]);
1470 die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
1475 /* --- @cmd_tidy@ --- */
1477 static int cmd_tidy(int argc, char *argv[])
1481 die(EXIT_FAILURE, "usage: tidy");
1482 doopen(&f, KOPEN_WRITE);
1483 f.f |= KF_MODIFIED; /* Nasty hack */
1488 /* --- @cmd_merge@ --- */
1490 static int cmd_merge(int argc, char *argv[])
1496 die(EXIT_FAILURE, "Usage: merge file");
1497 if (strcmp(argv[1], "-") == 0)
1499 else if (!(fp = fopen(argv[1], "r"))) {
1500 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
1501 argv[1], strerror(errno));
1504 doopen(&f, KOPEN_WRITE);
1505 key_merge(&f, argv[1], fp, key_moan, 0);
1510 /*----- Main command table ------------------------------------------------*/
1514 int (*cmd)(int /*argc*/, char */*argv*/[]);
1518 "add [options] type [attr...]\n\
1519 Options: [-lq] [-a alg] [-b|-B bits] [-p param] [-r tag]\n\
1520 [-e expire] [-t tag] [-c comment]"
1522 { "expire", cmd_expire, "expire tag..." },
1523 { "delete", cmd_delete, "delete tag..." },
1524 { "tag", cmd_tag, "tag tag [new-tag]" },
1525 { "setattr", cmd_setattr, "setattr tag attr..." },
1526 { "comment", cmd_comment, "comment tag [comment]" },
1527 { "lock", cmd_lock, "lock qtag" },
1528 { "unlock", cmd_unlock, "unlock qtag" },
1529 { "list", cmd_list, "list [-uqv] [-f filter] [tag...]" },
1530 { "fingerprint", cmd_finger, "fingerprint [-f filter] [tag...]" },
1531 { "tidy", cmd_tidy, "tidy" },
1532 { "extract", cmd_extract, "extract [-f filter] file [tag...]" },
1533 { "merge", cmd_merge, "merge file" },
1537 typedef struct cmd cmd;
1539 /*----- Main code ---------------------------------------------------------*/
1541 /* --- Helpful GNUy functions --- */
1543 void usage(FILE *fp)
1545 pquis(fp, "Usage: $ [-k file] [-i tag] [-t type] command [args]\n");
1548 void version(FILE *fp)
1550 pquis(fp, "$, Catacomb version " VERSION "\n");
1560 Performs various simple key management operations. Command line options\n\
1563 -h, --help Display this help text.\n\
1564 -v, --version Display version number.\n\
1565 -u, --usage Display short usage summary.\n\
1567 -k, --keyring=FILE Read and write keys in FILE.\n\
1568 -i, --id=TAG Use key TAG for random number generator.\n\
1569 -t, --type=TYPE Use key TYPE for random number generator.\n\
1571 The following commands are understood:\n\n",
1573 for (c = cmds; c->name; c++)
1574 fprintf(fp, "%s\n", c->help);
1579 * Arguments: @int argc@ = number of command line arguments
1580 * @char *argv[]@ = array of command line arguments
1582 * Returns: Nonzero on failure.
1584 * Use: Main program. Performs simple key management functions.
1587 int main(int argc, char *argv[])
1595 /* --- Initialization --- */
1600 /* --- Parse command line options --- */
1603 static struct option opt[] = {
1605 /* --- Standard GNUy help options --- */
1607 { "help", 0, 0, 'h' },
1608 { "version", 0, 0, 'v' },
1609 { "usage", 0, 0, 'u' },
1611 /* --- Real live useful options --- */
1613 { "keyring", OPTF_ARGREQ, 0, 'k' },
1614 { "id", OPTF_ARGREQ, 0, 'i' },
1615 { "type", OPTF_ARGREQ, 0, 't' },
1617 /* --- Magic terminator --- */
1621 int i = mdwopt(argc, argv, "+hvu k:i:t:", opt, 0, 0, 0);
1627 /* --- GNU help options --- */
1638 /* --- Real useful options --- */
1644 /* --- Bogosity --- */
1652 /* --- Complain about excessive bogons --- */
1654 if (f & f_bogus || optind == argc) {
1659 /* --- Initialize the Catacomb random number generator --- */
1661 rand_noisesrc(RAND_GLOBAL, &noise_source);
1662 rand_seed(RAND_GLOBAL, 160);
1664 /* --- Dispatch to appropriate command handler --- */
1671 cmd *c, *chosen = 0;
1672 size_t sz = strlen(argv[0]);
1674 for (c = cmds; c->name; c++) {
1675 if (strncmp(argv[0], c->name, sz) == 0) {
1676 if (c->name[sz] == 0) {
1680 die(EXIT_FAILURE, "ambiguous command name `%s'", argv[0]);
1686 die(EXIT_FAILURE, "unknown command name `%s'", argv[0]);
1687 return (chosen->cmd(argc, argv));
1691 /*----- That's all, folks -------------------------------------------------*/