3 * Simple key manager program
5 * (c) 1999 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
30 #define _FILE_OFFSET_BITS 64
41 #include <mLib/codec.h>
42 #include <mLib/base64.h>
43 #include <mLib/mdwopt.h>
44 #include <mLib/quis.h>
45 #include <mLib/report.h>
73 #include "sha256-mgf.h"
74 #include "sha224-mgf.h"
75 #include "sha384-mgf.h"
76 #include "sha512-mgf.h"
77 #include "tiger-mgf.h"
78 #include "rmd128-mgf.h"
79 #include "rmd160-mgf.h"
80 #include "rmd256-mgf.h"
81 #include "rmd320-mgf.h"
85 /*----- Handy global state ------------------------------------------------*/
87 static const char *keyfile = "keyring";
89 /*----- Useful shared functions -------------------------------------------*/
93 * Arguments: @key_file *f@ = pointer to key file block
94 * @unsigned how@ = method to open file with
98 * Use: Opens a key file and handles errors by panicking
102 static void doopen(key_file *f, unsigned how)
104 if (key_open(f, keyfile, how, key_moan, 0)){
105 die(EXIT_FAILURE, "couldn't open keyring `%s': %s",
106 keyfile, strerror(errno));
110 /* --- @doclose@ --- *
112 * Arguments: @key_file *f@ = pointer to key file block
116 * Use: Closes a key file and handles errors by panicking
120 static void doclose(key_file *f)
122 switch (key_close(f)) {
124 die(EXIT_FAILURE, "couldn't write file `%s': %s",
125 keyfile, strerror(errno));
127 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
128 keyfile, strerror(errno));
132 /* --- @setattr@ --- *
134 * Arguments: @key_file *f@ = pointer to key file block
135 * @key *k@ = pointer to key block
136 * @char *v[]@ = array of assignments (overwritten!)
140 * Use: Applies the attribute assignments to the key.
143 static void setattr(key_file *f, key *k, char *v[])
148 size_t eq = strcspn(p, "=");
150 moan("invalid assignment: `%s' (ignored)", p);
156 if ((err = key_putattr(f, k, *v, *p ? p : 0)) != 0)
157 die(EXIT_FAILURE, "couldn't set attributes: %s", key_strerror(err));
162 /*----- Seeding -----------------------------------------------------------*/
164 const struct seedalg { const char *p; grand *(*gen)(const void *, size_t); }
166 { "dsarand", dsarand_create },
167 { "rmd128-mgf", rmd128_mgfrand },
168 { "rmd160-mgf", rmd160_mgfrand },
169 { "rmd256-mgf", rmd256_mgfrand },
170 { "rmd320-mgf", rmd320_mgfrand },
171 { "sha-mgf", sha_mgfrand },
172 { "sha224-mgf", sha224_mgfrand },
173 { "sha256-mgf", sha256_mgfrand },
174 { "sha384-mgf", sha384_mgfrand },
175 { "sha512-mgf", sha512_mgfrand },
176 { "tiger-mgf", tiger_mgfrand },
180 #define SEEDALG_DEFAULT (seedtab + 2)
182 /*----- Key generation ----------------------------------------------------*/
184 /* --- Key generation parameters --- */
186 typedef struct keyopts {
187 key_file *kf; /* Pointer to key file */
188 key *k; /* Pointer to the actual key */
189 dstr tag; /* Full tag name for the key */
190 unsigned f; /* Flags for the new key */
191 unsigned bits, qbits; /* Bit length for the new key */
192 const char *curve; /* Elliptic curve name/info */
193 grand *r; /* Random number source */
194 key *p; /* Parameters key-data */
197 #define f_bogus 1u /* Error in parsing */
198 #define f_lock 2u /* Passphrase-lock private key */
199 #define f_quiet 4u /* Don't show a progress indicator */
200 #define f_limlee 8u /* Generate Lim-Lee primes */
201 #define f_subgroup 16u /* Generate a subgroup */
202 #define f_retag 32u /* Remove any existing tag */
203 #define f_kcdsa 64u /* Generate KCDSA primes */
205 /* --- @dolock@ --- *
207 * Arguments: @keyopts *k@ = key generation options
208 * @key_data **kd@ = pointer to key data to lock
209 * @const char *t@ = tag suffix or null
213 * Use: Does passphrase locking on new keys.
216 static void dolock(keyopts *k, key_data **kd, const char *t)
218 if (!(k->f & f_lock))
221 dstr_putf(&k->tag, ".%s", t);
222 if (key_plock(kd, 0, k->tag.buf))
223 die(EXIT_FAILURE, "couldn't lock key");
226 /* --- @copyparam@ --- *
228 * Arguments: @keyopts *k@ = pointer to key options
229 * @const char **pp@ = checklist of parameters
231 * Returns: Nonzero if parameters copied; zero if you have to generate
234 * Use: Copies parameters from a source key to the current one.
237 static int copyparam(keyopts *k, const char **pp)
247 /* --- Quick check if no parameters supplied --- */
252 /* --- Run through the checklist --- */
255 key_data *kd = key_structfind(k->p->k, *pp);
257 die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
258 if (!KEY_MATCH(kd, &kf))
259 die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
263 /* --- Copy over the parameters --- */
265 kd = key_copydata(k->p->k, &kf);
267 key_setkeydata(k->kf, k->k, kd);
270 /* --- Copy over attributes --- */
272 for (key_mkattriter(&i, k->p); key_nextattr(&i, &n, &v); )
273 key_putattr(k->kf, k->k, n, v);
282 * Arguments: @key_data *k@ = pointer to key data block
283 * @const char *tag@ = tag string to use
285 * Returns: Pointer to multiprecision integer key item.
287 * Use: Fetches an MP key component.
290 static mp *getmp(key_data *k, const char *tag)
292 k = key_structfind(k, tag);
294 die(EXIT_FAILURE, "unexpected failure looking up subkey `%s'", tag);
295 if ((k->e & KF_ENCMASK) != KENC_MP)
296 die(EXIT_FAILURE, "subkey `%s' has an incompatible type", tag);
300 /* --- @keyrand@ --- *
302 * Arguments: @key_file *kf@ = pointer to key file
303 * @const char *id@ = pointer to key id (or null)
307 * Use: Keys the random number generator.
310 static void keyrand(key_file *kf, const char *id)
314 /* --- Find the key --- */
317 if ((k = key_bytag(kf, id)) == 0)
318 die(EXIT_FAILURE, "key `%s' not found", id);
320 k = key_bytype(kf, "catacomb-rand");
323 key_data *kd = k->k, *kkd;
327 switch (kd->e & KF_ENCMASK) {
333 if (key_punlock(&kkd, kd, d.buf))
334 die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
342 die(EXIT_FAILURE, "bad encoding type for key `%s'", d.buf);
346 /* --- Key the generator --- */
348 rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
353 /* --- Key generation algorithms --- */
355 static void alg_binary(keyopts *k)
365 die(EXIT_FAILURE, "no shared parameters for binary keys");
367 sz = (k->bits + 7) >> 3;
369 m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
370 k->r->ops->fill(k->r, p, sz);
372 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
375 key_setkeydata(k->kf, k->k, kd);
380 static void alg_des(keyopts *k)
390 die(EXIT_FAILURE, "no shared parameters for DES keys");
391 if (k->bits % 56 || k->bits > 168)
392 die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
396 k->r->ops->fill(k->r, p, sz);
397 for (i = 0; i < sz; i++) {
398 octet x = p[i] | 0x01;
402 p[i] = (p[i] & 0xfe) | (x & 0x01);
404 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
407 key_setkeydata(k->kf, k->k, kd);
412 static void alg_rsa(keyopts *k)
417 /* --- Sanity checking --- */
420 die(EXIT_FAILURE, "no shared parameters for RSA keys");
424 /* --- Generate the RSA parameters --- */
426 if (rsa_gen(&rp, k->bits, k->r, 0,
427 (k->f & f_quiet) ? 0 : pgen_ev, 0))
428 die(EXIT_FAILURE, "RSA key generation failed");
430 /* --- Run a test encryption --- */
433 grand *g = fibrand_create(k->r->ops->word(k->r));
435 mp *m = mprand_range(MP_NEW, rp.n, g, 0);
440 c = rsa_qpubop(&rpp, MP_NEW, m);
441 c = rsa_qprivop(&rp, c, c, g);
444 die(EXIT_FAILURE, "test encryption failed");
450 /* --- Allrighty then --- */
452 kd = key_newstruct();
453 key_structsteal(kd, "n", key_newmp(KCAT_PUB, rp.n));
454 key_structsteal(kd, "e", key_newmp(KCAT_PUB, rp.e));
456 kkd = key_newstruct();
457 key_structsteal(kkd, "d", key_newmp(KCAT_PRIV | KF_BURN, rp.d));
458 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, rp.p));
459 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, rp.q));
460 key_structsteal(kkd, "q-inv", key_newmp(KCAT_PRIV | KF_BURN, rp.q_inv));
461 key_structsteal(kkd, "d-mod-p", key_newmp(KCAT_PRIV | KF_BURN, rp.dp));
462 key_structsteal(kkd, "d-mod-q", key_newmp(KCAT_PRIV | KF_BURN, rp.dq));
463 dolock(k, &kkd, "private");
464 key_structsteal(kd, "private", kkd);
465 key_setkeydata(k->kf, k->k, kd);
470 static void alg_dsaparam(keyopts *k)
472 static const char *pl[] = { "q", "p", "g", 0 };
473 if (!copyparam(k, pl)) {
482 /* --- Choose appropriate bit lengths if necessary --- */
489 /* --- Allocate a seed block --- */
491 sz = (k->qbits + 7) >> 3;
493 k->r->ops->fill(k->r, p, sz);
495 /* --- Allocate the parameters --- */
497 if (dsa_gen(&dp, k->qbits, k->bits, 0, p, sz, &ds,
498 (k->f & f_quiet) ? 0 : pgen_ev, 0))
499 die(EXIT_FAILURE, "DSA parameter generation failed");
501 /* --- Store the parameters --- */
503 kd = key_newstruct();
504 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
505 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
506 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
510 key_setkeydata(k->kf, k->k, kd);
513 /* --- Store the seed for future verification --- */
515 c = base64_class.encoder(0, "", 0);
516 c->ops->code(c, ds.p, ds.sz, &d); c->ops->code(c, 0, 0, &d);
519 key_putattr(k->kf, k->k, "seed", d.buf);
521 dstr_putf(&d, "%u", ds.count);
522 key_putattr(k->kf, k->k, "count", d.buf);
529 static void alg_dsa(keyopts *k)
536 /* --- Get the shared parameters --- */
539 key_split(&k->k->k); kd = k->k->k;
544 /* --- Choose a private key --- */
546 x = mprand_range(MP_NEWSEC, q, k->r, 0);
547 mpmont_create(&mm, p);
548 y = mpmont_exp(&mm, MP_NEW, g, x);
550 /* --- Store everything away --- */
552 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
554 kkd = key_newstruct();
555 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
556 dolock(k, &kkd, "private");
557 key_structsteal(kd, "private", kkd);
559 mp_drop(x); mp_drop(y);
562 static void alg_dhparam(keyopts *k)
564 static const char *pl[] = { "p", "q", "g", 0 };
566 if (!copyparam(k, pl)) {
575 if (strcmp(k->curve, "list") == 0) {
577 LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
581 if (dh_parse(&qd, &dp))
582 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
584 die(EXIT_FAILURE, "junk at end of field spec");
585 if ((g = group_prime(&dp)) == 0)
586 die(EXIT_FAILURE, "invalid prime field");
587 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
588 moan("WARNING! group check failed: %s", e);
596 /* --- Choose a large safe prime number --- */
598 if (k->f & f_limlee) {
603 rc = dh_limlee(&dp, k->qbits, k->bits,
604 (k->f & f_subgroup) ? DH_SUBGROUP : 0,
605 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0,
606 (k->f & f_quiet) ? 0 : pgen_evspin, 0, &nf, &f);
610 for (i = 0; i < nf; i++) {
613 mp_writedstr(f[i], &d, 10);
616 key_putattr(k->kf, k->k, "factors", d.buf);
619 } else if (k->f & f_kcdsa) {
622 rc = dh_kcdsagen(&dp, k->qbits, k->bits, 0,
623 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0);
628 mp_writedstr(dp.q, &d, 10);
629 mp_div(&v, 0, dp.p, dp.q);
632 mp_writedstr(v, &d, 10);
634 key_putattr(k->kf, k->k, "factors", d.buf);
638 rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
639 (k->f & f_quiet) ? 0 : pgen_ev, 0);
642 die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
645 kd = key_newstruct();
646 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
647 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
648 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
652 key_setkeydata(k->kf, k->k, kd);
657 static void alg_dh(keyopts *k)
664 /* --- Get the shared parameters --- */
667 key_split(&k->k->k); kd = k->k->k;
672 /* --- Choose a suitable private key --- *
674 * Since %$g$% has order %$q$%, choose %$x < q$%.
677 x = mprand_range(MP_NEWSEC, q, k->r, 0);
679 /* --- Compute the public key %$y = g^x \bmod p$% --- */
681 mpmont_create(&mm, p);
682 y = mpmont_exp(&mm, MP_NEW, g, x);
685 /* --- Store everything away --- */
687 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
689 kkd = key_newstruct();
690 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
691 dolock(k, &kkd, "private");
692 key_structsteal(kd, "private", kkd);
694 mp_drop(x); mp_drop(y);
697 static void alg_bbs(keyopts *k)
702 /* --- Sanity checking --- */
705 die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
709 /* --- Generate the BBS parameters --- */
711 if (bbs_gen(&bp, k->bits, k->r, 0,
712 (k->f & f_quiet) ? 0 : pgen_ev, 0))
713 die(EXIT_FAILURE, "Blum-Blum-Shub key generation failed");
715 /* --- Allrighty then --- */
717 kd = key_newstruct();
718 key_structsteal(kd, "n", key_newmp(KCAT_PUB, bp.n));
720 kkd = key_newstruct();
721 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, bp.p));
722 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, bp.q));
723 dolock(k, &kkd, "private");
724 key_structsteal(kd, "private", kkd);
725 key_setkeydata(k->kf, k->k, kd);
731 static void alg_binparam(keyopts *k)
733 static const char *pl[] = { "p", "q", "g", 0 };
734 if (!copyparam(k, pl)) {
741 /* --- Decide on a field --- */
743 if (!k->bits) k->bits = 128;
744 if (k->curve && strcmp(k->curve, "list") == 0) {
746 LIST("Built-in binary fields", stdout,
747 bintab[i].name, bintab[i].name);
751 if (k->bits <= 40) k->curve = "p1363-40";
752 else if (k->bits <= 56) k->curve = "p1363-56";
753 else if (k->bits <= 64) k->curve = "p1363-64";
754 else if (k->bits <= 80) k->curve = "p1363-80";
755 else if (k->bits <= 112) k->curve = "p1363-112";
756 else if (k->bits <= 128) k->curve = "p1363-128";
759 "no built-in binary fields provide %u-bit security",
764 /* --- Check it --- */
768 if (dhbin_parse(&qd, &gb))
769 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
771 die(EXIT_FAILURE, "junk at end of field spec");
772 if ((g = group_binary(&gb)) == 0)
773 die(EXIT_FAILURE, "invalid binary field");
774 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
775 moan("WARNING! group check failed: %s", e);
778 /* --- Write out the answer --- */
780 kd = key_newstruct();
781 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, gb.p));
782 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, gb.q));
783 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, gb.g));
787 key_setkeydata(k->kf, k->k, kd);
792 static void alg_bin(keyopts *k)
799 /* --- Get the shared parameters --- */
802 key_split(&k->k->k); kd = k->k->k;
807 /* --- Choose a suitable private key --- *
809 * Since %$g$% has order %$q$%, choose %$x < q$%.
812 x = mprand_range(MP_NEWSEC, q, k->r, 0);
814 /* --- Compute the public key %$y = g^x \bmod p$% --- */
816 gfreduce_create(&r, p);
817 y = gfreduce_exp(&r, MP_NEW, g, x);
818 gfreduce_destroy(&r);
820 /* --- Store everything away --- */
822 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
824 kkd = key_newstruct();
825 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
826 dolock(k, &kkd, "private");
827 key_structsteal(kd, "private", kkd);
829 mp_drop(x); mp_drop(y);
832 static void alg_ecparam(keyopts *k)
834 static const char *pl[] = { "curve", 0 };
835 if (!copyparam(k, pl)) {
840 /* --- Decide on a curve --- */
842 if (!k->bits) k->bits = 256;
843 if (k->curve && strcmp(k->curve, "list") == 0) {
845 LIST("Built-in elliptic curves", stdout,
846 ectab[i].name, ectab[i].name);
850 if (k->bits <= 56) k->curve = "secp112r1";
851 else if (k->bits <= 64) k->curve = "secp128r1";
852 else if (k->bits <= 80) k->curve = "secp160r1";
853 else if (k->bits <= 96) k->curve = "secp192r1";
854 else if (k->bits <= 112) k->curve = "secp224r1";
855 else if (k->bits <= 128) k->curve = "secp256r1";
856 else if (k->bits <= 192) k->curve = "secp384r1";
857 else if (k->bits <= 256) k->curve = "secp521r1";
859 die(EXIT_FAILURE, "no built-in curves provide %u-bit security",
863 /* --- Check it --- */
865 if ((e = ec_getinfo(&ei, k->curve)) != 0)
866 die(EXIT_FAILURE, "error in curve spec: %s", e);
867 if (!(k->f & f_quiet) && (e = ec_checkinfo(&ei, k->r)) != 0)
868 moan("WARNING! curve check failed: %s", e);
871 /* --- Write out the answer --- */
873 kd = key_newstruct();
874 key_structsteal(kd, "curve", key_newstring(KCAT_SHARE, k->curve));
875 key_setkeydata(k->kf, k->k, kd);
880 static void alg_ec(keyopts *k)
889 /* --- Get the curve --- */
892 key_split(&k->k->k); kd = k->k->k;
893 if ((kkd = key_structfind(kd, "curve")) == 0)
894 die(EXIT_FAILURE, "unexpected failure looking up subkey `curve')");
895 if ((kkd->e & KF_ENCMASK) != KENC_STRING)
896 die(EXIT_FAILURE, "subkey `curve' is not a string");
897 if ((e = ec_getinfo(&ei, kkd->u.p)) != 0)
898 die(EXIT_FAILURE, "error in curve spec: %s", e);
900 /* --- Invent a private exponent and compute the public key --- */
902 x = mprand_range(MP_NEWSEC, ei.r, k->r, 0);
903 ec_mul(ei.c, &p, &ei.g, x);
905 /* --- Store everything away --- */
907 key_structsteal(kd, "p", key_newec(KCAT_PUB, &p));
909 kkd = key_newstruct();
910 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
911 dolock(k, &kkd, "private");
912 key_structsteal(kd, "private", kkd);
920 /* --- The algorithm tables --- */
922 typedef struct keyalg {
924 void (*proc)(keyopts *o);
928 static keyalg algtab[] = {
929 { "binary", alg_binary, "Plain binary data" },
930 { "des", alg_des, "Binary with DES-style parity" },
931 { "rsa", alg_rsa, "RSA public-key encryption" },
932 { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
933 { "dsa", alg_dsa, "DSA digital signatures" },
934 { "dsa-param", alg_dsaparam, "DSA shared parameters" },
935 { "dh", alg_dh, "Diffie-Hellman key exchange" },
936 { "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
937 { "bindh", alg_bin, "DH over a binary field" },
938 { "bindh-param", alg_binparam, "Binary-field DH parameters" },
939 { "ec-param", alg_ecparam, "Elliptic curve parameters" },
940 { "ec", alg_ec, "Elliptic curve crypto" },
944 /* --- @cmd_add@ --- */
946 static int cmd_add(int argc, char *argv[])
949 time_t exp = KEXP_EXPIRE;
950 uint32 kid = rand_global.ops->word(&rand_global);
951 const char *tag = 0, *ptag = 0;
953 keyalg *alg = algtab;
954 const char *rtag = 0;
955 const struct seedalg *sa = SEEDALG_DEFAULT;
956 keyopts k = { 0, 0, DSTR_INIT, 0, 0, 0, 0, 0 };
957 const char *seed = 0;
960 /* --- Parse options for the subcommand --- */
963 static struct option opt[] = {
964 { "algorithm", OPTF_ARGREQ, 0, 'a' },
965 { "bits", OPTF_ARGREQ, 0, 'b' },
966 { "qbits", OPTF_ARGREQ, 0, 'B' },
967 { "parameters", OPTF_ARGREQ, 0, 'p' },
968 { "expire", OPTF_ARGREQ, 0, 'e' },
969 { "comment", OPTF_ARGREQ, 0, 'c' },
970 { "tag", OPTF_ARGREQ, 0, 't' },
971 { "rand-id", OPTF_ARGREQ, 0, 'R' },
972 { "key-id", OPTF_ARGREQ, 0, 'I' },
973 { "curve", OPTF_ARGREQ, 0, 'C' },
974 { "seedalg", OPTF_ARGREQ, 0, 'A' },
975 { "seed", OPTF_ARGREQ, 0, 's' },
976 { "newseed", OPTF_ARGREQ, 0, 'n' },
977 { "lock", 0, 0, 'l' },
978 { "quiet", 0, 0, 'q' },
979 { "lim-lee", 0, 0, 'L' },
980 { "subgroup", 0, 0, 'S' },
981 { "kcdsa", 0, 0, 'K' },
984 int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:I:C:A:s:n:lqrLKS",
989 /* --- Handle the various options --- */
993 /* --- Read an algorithm name --- */
997 size_t sz = strlen(optarg);
999 if (strcmp(optarg, "list") == 0) {
1000 for (a = algtab; a->name; a++)
1001 printf("%-10s %s\n", a->name, a->help);
1006 for (a = algtab; a->name; a++) {
1007 if (strncmp(optarg, a->name, sz) == 0) {
1008 if (a->name[sz] == 0) {
1012 die(EXIT_FAILURE, "ambiguous algorithm name `%s'", optarg);
1018 die(EXIT_FAILURE, "unknown algorithm name `%s'", optarg);
1021 /* --- Bits must be nonzero and a multiple of 8 --- */
1025 k.bits = strtoul(optarg, &p, 0);
1026 if (k.bits == 0 || *p != 0)
1027 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1032 k.qbits = strtoul(optarg, &p, 0);
1033 if (k.qbits == 0 || *p != 0)
1034 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1037 /* --- Parameter selection --- */
1043 /* --- Expiry dates get passed to @get_date@ for parsing --- */
1046 if (strcmp(optarg, "forever") == 0)
1049 exp = get_date(optarg, 0);
1051 die(EXIT_FAILURE, "bad expiry date `%s'", optarg);
1055 /* --- Store comments without interpretation --- */
1058 if (key_chkcomment(optarg))
1059 die(EXIT_FAILURE, "bad comment string `%s'", optarg);
1063 /* --- Elliptic curve parameters --- */
1069 /* --- Store tags --- */
1072 if (key_chkident(optarg))
1073 die(EXIT_FAILURE, "bad tag string `%s'", optarg);
1080 /* --- Seeding --- */
1083 const struct seedalg *ss;
1084 if (strcmp(optarg, "list") == 0) {
1085 printf("Seed algorithms:\n");
1086 for (ss = seedtab; ss->p; ss++)
1087 printf(" %s\n", ss->p);
1090 if (seed) die(EXIT_FAILURE, "seed already set -- put -A first");
1092 for (ss = seedtab; ss->p; ss++) {
1093 if (strcmp(optarg, ss->p) == 0)
1097 die(EXIT_FAILURE, "seed algorithm `%s' not known", optarg);
1104 if (seed) die(EXIT_FAILURE, "seed already set");
1105 c = base64_class.decoder(CDCF_IGNEQPAD);
1106 if ((rc = c->ops->code(c, optarg, strlen(optarg), &d)) != 0 ||
1107 (rc = c->ops->code(c, 0, 0, &d)) != 0)
1108 die(EXIT_FAILURE, "invalid seed base64: %s", codec_strerror(rc));
1110 k.r = sa->gen(d.buf, d.len);
1119 unsigned n = strtoul(optarg, &p, 0);
1120 if (n == 0 || *p != 0 || n % 8 != 0)
1121 die(EXIT_FAILURE, "bad seed length `%s'", optarg);
1122 if (seed) die(EXIT_FAILURE, "seed already set");
1125 rand_get(RAND_GLOBAL, p, n);
1126 c = base64_class.encoder(0, "", 0);
1127 c->ops->code(c, p, n, &d); c->ops->code(c, 0, 0, &d);
1130 k.r = sa->gen(p, n);
1133 /* --- Key id --- */
1140 id = strtoul(optarg, &p, 16);
1141 if (errno || *p || id > MASK32)
1142 die(EXIT_FAILURE, "bad key-id `%s'", optarg);
1146 /* --- Other flags --- */
1167 /* --- Other things are bogus --- */
1175 /* --- Various sorts of bogosity --- */
1177 if ((k.f & f_bogus) || optind + 1 > argc) {
1179 "Usage: add [OPTIONS] TYPE [ATTR...]");
1181 if (key_chkident(argv[optind]))
1182 die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
1184 /* --- Set up various bits of the state --- */
1186 if (exp == KEXP_EXPIRE)
1187 exp = time(0) + 14 * 24 * 60 * 60;
1189 /* --- Open the file and create the basic key block --- *
1191 * Keep on generating keyids until one of them doesn't collide.
1194 doopen(&f, KOPEN_WRITE);
1197 /* --- Key the generator --- */
1203 if ((err = key_new(&f, kid, argv[optind], exp, &k.k)) == 0)
1205 else if (err != KERR_DUPID)
1206 die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
1209 /* --- Set various simple attributes --- */
1214 if (k.f & f_retag) {
1215 if ((kk = key_bytag(&f, tag)) != 0 &&
1217 strcmp(kk->tag, tag) == 0)
1218 key_settag(&f, kk, 0);
1220 if ((err = key_settag(&f, k.k, tag)) != 0)
1221 die(EXIT_FAILURE, "error setting key tag: %s", key_strerror(err));
1225 int err = key_setcomment(&f, k.k, c);
1227 die(EXIT_FAILURE, "error setting key comment: %s", key_strerror(err));
1230 setattr(&f, k.k, argv + optind + 1);
1232 key_putattr(&f, k.k, "genseed", seed);
1233 key_putattr(&f, k.k, "seedalg", sa->p);
1236 key_fulltag(k.k, &k.tag);
1238 /* --- Find the parameter key --- */
1241 if ((k.p = key_bytag(&f, ptag)) == 0)
1242 die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
1243 if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
1244 die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
1247 /* --- Now generate the actual key data --- */
1253 dstr_destroy(&k.tag);
1258 /*----- Key listing -------------------------------------------------------*/
1260 /* --- Listing options --- */
1262 typedef struct listopts {
1263 const char *tfmt; /* Date format (@strftime@-style) */
1264 int v; /* Verbosity level */
1265 unsigned f; /* Various flags */
1266 time_t t; /* Time now (for key expiry) */
1267 key_filter kf; /* Filter for matching keys */
1270 /* --- Listing flags --- */
1272 #define f_newline 2u /* Write newline before next entry */
1273 #define f_attr 4u /* Written at least one attribute */
1274 #define f_utc 8u /* Emit UTC time, not local time */
1276 /* --- @showkeydata@ --- *
1278 * Arguments: @key_data *k@ = pointer to key to write
1279 * @int ind@ = indentation level
1280 * @listopts *o@ = listing options
1281 * @dstr *d@ = tag string for this subkey
1285 * Use: Emits a piece of key data in a human-readable format.
1288 static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
1290 #define INDENT(i) do { \
1292 for (_i = 0; _i < (i); _i++) { \
1297 switch (k->e & KF_ENCMASK) {
1299 /* --- Binary key data --- *
1301 * Emit as a simple hex dump.
1305 const octet *p = k->u.k.k;
1306 const octet *l = p + k->u.k.sz;
1309 fputs(" {", stdout);
1314 } else if (sz % 8 == 0)
1318 printf("%02x", *p++);
1323 fputs("}\n", stdout);
1326 /* --- Encrypted data --- *
1328 * If the user is sufficiently keen, ask for a passphrase and decrypt the
1329 * key. Otherwise just say that it's encrypted and move on.
1334 fputs(" encrypted\n", stdout);
1337 if (key_punlock(&kd, k, d->buf))
1338 printf(" <failed to unlock %s>\n", d->buf);
1340 fputs(" encrypted", stdout);
1341 showkeydata(kd, ind, o, d);
1347 /* --- Integer keys --- *
1349 * Emit as a large integer in decimal. This makes using the key in
1350 * `calc' or whatever easier.
1355 mp_writefile(k->u.m, stdout, 10);
1359 /* --- Strings --- */
1362 printf(" `%s'\n", k->u.p);
1365 /* --- Elliptic curve points --- */
1368 if (EC_ATINF(&k->u.e))
1369 fputs(" inf\n", stdout);
1371 fputs(" 0x", stdout); mp_writefile(k->u.e.x, stdout, 16);
1372 fputs(", 0x", stdout); mp_writefile(k->u.e.y, stdout, 16);
1377 /* --- Structured keys --- *
1379 * Just iterate over the subkeys.
1387 fputs(" {\n", stdout);
1388 for (key_mksubkeyiter(&i, k); key_nextsubkey(&i, &tag, &k); ) {
1389 if (!key_match(k, &o->kf))
1392 printf("%s =", tag);
1394 dstr_putf(d, ".%s", tag);
1395 showkeydata(k, ind + 2, o, d);
1398 fputs("}\n", stdout);
1405 /* --- @showkey@ --- *
1407 * Arguments: @key *k@ = pointer to key to show
1408 * @listopts *o@ = pointer to listing options
1412 * Use: Emits a listing of a particular key.
1415 static void showkey(key *k, listopts *o)
1417 char ebuf[24], dbuf[24];
1420 /* --- Skip the key if the filter doesn't match --- */
1422 if (!key_match(k->k, &o->kf))
1425 /* --- Sort out the expiry and deletion times --- */
1427 if (KEY_EXPIRED(o->t, k->exp))
1428 strcpy(ebuf, "expired");
1429 else if (k->exp == KEXP_FOREVER)
1430 strcpy(ebuf, "forever");
1432 tm = (o->f & f_utc) ? gmtime(&k->exp) : localtime(&k->exp);
1433 strftime(ebuf, sizeof(ebuf), o->tfmt, tm);
1436 if (KEY_EXPIRED(o->t, k->del))
1437 strcpy(dbuf, "deleted");
1438 else if (k->del == KEXP_FOREVER)
1439 strcpy(dbuf, "forever");
1441 tm = (o->f & f_utc) ? gmtime(&k->del) : localtime(&k->del);
1442 strftime(dbuf, sizeof(dbuf), o->tfmt, tm);
1445 /* --- If in compact format, just display and quit --- */
1448 if (!(o->f & f_newline)) {
1449 printf("%8s %-20s %-20s %-10s %s\n",
1450 "Id", "Tag", "Type", "Expire", "Delete");
1452 printf("%08lx %-20s %-20s %-10s %s\n",
1453 (unsigned long)k->id, k->tag ? k->tag : "<none>",
1454 k->type, ebuf, dbuf);
1459 /* --- Display the standard header --- */
1461 if (o->f & f_newline)
1462 fputc('\n', stdout);
1463 printf("keyid: %08lx\n", (unsigned long)k->id);
1464 printf("tag: %s\n", k->tag ? k->tag : "<none>");
1465 printf("type: %s\n", k->type);
1466 printf("expiry: %s\n", ebuf);
1467 printf("delete: %s\n", dbuf);
1468 printf("comment: %s\n", k->c ? k->c : "<none>");
1470 /* --- Display the attributes --- */
1474 const char *av, *an;
1477 printf("attributes:");
1478 for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) {
1479 printf("\n %s = %s", an, av);
1483 fputc('\n', stdout);
1488 /* --- If dumping requested, dump the raw key data --- */
1492 fputs("key:", stdout);
1494 showkeydata(k->k, 0, o, &d);
1501 /* --- @cmd_list@ --- */
1503 static int cmd_list(int argc, char *argv[])
1507 listopts o = { 0, 0, 0, 0, { 0, 0 } };
1509 /* --- Parse subcommand options --- */
1512 static struct option opt[] = {
1513 { "quiet", 0, 0, 'q' },
1514 { "verbose", 0, 0, 'v' },
1515 { "utc", 0, 0, 'u' },
1516 { "filter", OPTF_ARGREQ, 0, 'f' },
1519 int i = mdwopt(argc, argv, "+uqvf:", opt, 0, 0, 0);
1536 int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
1538 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1547 die(EXIT_FAILURE, "Usage: list [-uqv] [-f FILTER] [TAG...]");
1549 /* --- Open the key file --- */
1551 doopen(&f, KOPEN_READ);
1554 /* --- Set up the time format --- */
1557 o.tfmt = "%Y-%m-%d";
1558 else if (o.f & f_utc)
1559 o.tfmt = "%Y-%m-%d %H:%M:%S UTC";
1561 o.tfmt = "%Y-%m-%d %H:%M:%S %Z";
1563 /* --- If specific keys were requested use them, otherwise do all --- *
1565 * Some day, this might turn into a wildcard match.
1568 if (optind < argc) {
1570 if ((k = key_bytag(&f, argv[optind])) != 0)
1573 moan("key `%s' not found", argv[optind]);
1577 } while (optind < argc);
1580 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1588 return (EXIT_FAILURE);
1593 /*----- Command implementation --------------------------------------------*/
1595 /* --- @cmd_expire@ --- */
1597 static int cmd_expire(int argc, char *argv[])
1605 die(EXIT_FAILURE, "Usage: expire TAG...");
1606 doopen(&f, KOPEN_WRITE);
1607 for (i = 1; i < argc; i++) {
1608 if ((k = key_bytag(&f, argv[i])) != 0)
1611 moan("key `%s' not found", argv[i]);
1619 /* --- @cmd_delete@ --- */
1621 static int cmd_delete(int argc, char *argv[])
1629 die(EXIT_FAILURE, "Usage: delete TAG...");
1630 doopen(&f, KOPEN_WRITE);
1631 for (i = 1; i < argc; i++) {
1632 if ((k = key_bytag(&f, argv[i])) != 0)
1635 moan("key `%s' not found", argv[i]);
1643 /* --- @cmd_setattr@ --- */
1645 static int cmd_setattr(int argc, char *argv[])
1651 die(EXIT_FAILURE, "Usage: setattr TAG ATTR...");
1652 doopen(&f, KOPEN_WRITE);
1653 if ((k = key_bytag(&f, argv[1])) == 0)
1654 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1655 setattr(&f, k, argv + 2);
1660 /* --- @cmd_getattr@ --- */
1662 static int cmd_getattr(int argc, char *argv[])
1670 die(EXIT_FAILURE, "Usage: getattr TAG ATTR");
1671 doopen(&f, KOPEN_READ);
1672 if ((k = key_bytag(&f, argv[1])) == 0)
1673 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1675 if ((p = key_getattr(&f, k, argv[2])) == 0)
1676 die(EXIT_FAILURE, "no attribute `%s' for key `%s'", argv[2], d.buf);
1683 /* --- @cmd_finger@ --- */
1685 static void fingerprint(key *k, const gchash *ch, const key_filter *kf)
1693 if (key_fingerprint(k, h, kf)) {
1696 for (i = 0; i < ch->hashsz; i++) {
1697 if (i && i % 4 == 0)
1699 printf("%02x", p[i]);
1701 printf(" %s\n", d.buf);
1707 static int cmd_finger(int argc, char *argv[])
1711 const gchash *ch = &rmd160;
1712 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1715 static struct option opt[] = {
1716 { "filter", OPTF_ARGREQ, 0, 'f' },
1717 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1720 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1726 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1728 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1731 if ((ch = ghash_byname(optarg)) == 0)
1732 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1740 argv += optind; argc -= optind;
1742 die(EXIT_FAILURE, "Usage: fingerprint [-f FILTER] [TAG...]");
1744 doopen(&f, KOPEN_READ);
1748 for (i = 0; i < argc; i++) {
1749 key *k = key_bytag(&f, argv[i]);
1751 fingerprint(k, ch, &kf);
1754 moan("key `%s' not found", argv[i]);
1760 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1761 fingerprint(k, ch, &kf);
1766 /* --- @cmd_verify@ --- */
1768 static unsigned xdigit(char c)
1770 if ('A' <= c && c <= 'Z') return (c + 10 - 'A');
1771 if ('a' <= c && c <= 'z') return (c + 10 - 'a');
1772 if ('0' <= c && c <= '9') return (c - '0');
1776 static void unhexify(octet *q, char *p, size_t n)
1782 if (*p == '-' || *p == ':' || isspace((unsigned char)*p)) {
1789 die(EXIT_FAILURE, "hex string too short");
1790 if (!isxdigit((unsigned char)*p))
1791 die(EXIT_FAILURE, "bad hex string");
1793 die(EXIT_FAILURE, "hex string too long");
1794 a = (a << 4) | xdigit(*p++);
1805 static int cmd_verify(int argc, char *argv[])
1809 const gchash *ch = &rmd160;
1814 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1817 static struct option opt[] = {
1818 { "filter", OPTF_ARGREQ, 0, 'f' },
1819 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1822 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1828 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1830 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1833 if ((ch = ghash_byname(optarg)) == 0)
1834 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1842 argv += optind; argc -= optind;
1843 if (rc || argc != 2)
1844 die(EXIT_FAILURE, "Usage: verify [-f FILTER] TAG FINGERPRINT");
1846 doopen(&f, KOPEN_READ);
1848 if ((k = key_bytag(&f, argv[0])) == 0)
1849 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1850 buf = xmalloc(ch->hashsz);
1851 unhexify(buf, argv[1], ch->hashsz);
1853 if (!key_fingerprint(k, h, &kf))
1854 die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
1855 fpr = GH_DONE(h, 0);
1856 if (memcmp(fpr, buf, ch->hashsz) != 0)
1857 die(EXIT_FAILURE, "key fingerprint mismatch");
1862 /* --- @cmd_comment@ --- */
1864 static int cmd_comment(int argc, char *argv[])
1870 if (argc < 2 || argc > 3)
1871 die(EXIT_FAILURE, "Usage: comment TAG [COMMENT]");
1872 doopen(&f, KOPEN_WRITE);
1873 if ((k = key_bytag(&f, argv[1])) == 0)
1874 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1875 if ((err = key_setcomment(&f, k, argv[2])) != 0)
1876 die(EXIT_FAILURE, "bad comment `%s': %s", argv[2], key_strerror(err));
1881 /* --- @cmd_tag@ --- */
1883 static int cmd_tag(int argc, char *argv[])
1892 static struct option opt[] = {
1893 { "retag", 0, 0, 'r' },
1896 int i = mdwopt(argc, argv, "+r", opt, 0, 0, 0);
1909 argv += optind; argc -= optind;
1910 if (argc < 1 || argc > 2 || rc)
1911 die(EXIT_FAILURE, "Usage: tag [-r] TAG [NEW-TAG]");
1912 doopen(&f, KOPEN_WRITE);
1913 if (flags & f_retag) {
1914 if ((k = key_bytag(&f, argv[1])) != 0 && strcmp(k->tag, argv[1]) == 0)
1915 key_settag(&f, k, 0);
1917 if ((k = key_bytag(&f, argv[0])) == 0)
1918 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1919 if ((err = key_settag(&f, k, argv[1])) != 0)
1920 die(EXIT_FAILURE, "bad tag `%s': %s", argv[1], key_strerror(err));
1925 /* --- @cmd_lock@ --- */
1927 static int cmd_lock(int argc, char *argv[])
1935 die(EXIT_FAILURE, "Usage: lock QTAG");
1936 doopen(&f, KOPEN_WRITE);
1937 if (key_qtag(&f, argv[1], &d, &k, &kd))
1938 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1939 if ((*kd)->e == KENC_ENCRYPT && key_punlock(kd, 0, d.buf))
1940 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1941 if (key_plock(kd, 0, d.buf))
1942 die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
1948 /* --- @cmd_unlock@ --- */
1950 static int cmd_unlock(int argc, char *argv[])
1958 die(EXIT_FAILURE, "Usage: unlock QTAG");
1959 doopen(&f, KOPEN_WRITE);
1960 if (key_qtag(&f, argv[1], &d, &k, &kd))
1961 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1962 if ((*kd)->e != KENC_ENCRYPT)
1963 die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
1964 if (key_punlock(kd, 0, d.buf))
1965 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1971 /* --- @cmd_extract@ --- */
1973 static int cmd_extract(int argc, char *argv[])
1979 key_filter kf = { 0, 0 };
1981 const char *outfile = 0;
1985 static struct option opt[] = {
1986 { "filter", OPTF_ARGREQ, 0, 'f' },
1989 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1995 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1997 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
2005 argv += optind; argc -= optind;
2007 die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
2008 if (strcmp(*argv, "-") == 0)
2012 dstr_putf(&d, "%s.new", outfile);
2013 if (!(fp = fopen(d.buf, "w"))) {
2014 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
2015 d.buf, strerror(errno));
2019 doopen(&f, KOPEN_READ);
2023 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
2024 key_extract(&f, k, fp, &kf);
2026 for (i = 1; i < argc; i++) {
2027 if ((k = key_bytag(&f, argv[i])) != 0)
2028 key_extract(&f, k, fp, &kf);
2030 moan("key `%s' not found", argv[i]);
2035 if (fclose(fp) || (outfile && rename(d.buf, outfile)))
2036 die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
2042 /* --- @cmd_tidy@ --- */
2044 static int cmd_tidy(int argc, char *argv[])
2048 die(EXIT_FAILURE, "Usage: tidy");
2049 doopen(&f, KOPEN_WRITE);
2050 f.f |= KF_MODIFIED; /* Nasty hack */
2055 /* --- @cmd_merge@ --- */
2057 static int cmd_merge(int argc, char *argv[])
2063 die(EXIT_FAILURE, "Usage: merge FILE");
2064 if (strcmp(argv[1], "-") == 0)
2066 else if (!(fp = fopen(argv[1], "r"))) {
2067 die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
2068 argv[1], strerror(errno));
2071 doopen(&f, KOPEN_WRITE);
2072 key_merge(&f, argv[1], fp, key_moan, 0);
2077 /* --- @cmd_show@ --- */
2081 listtab[i].name, listtab[i].name) \
2082 LI("Hash functions", hash, \
2083 ghashtab[i], ghashtab[i]->name) \
2084 LI("Elliptic curves", ec, \
2085 ectab[i].name, ectab[i].name) \
2086 LI("Prime Diffie-Hellman groups", dh, \
2087 ptab[i].name, ptab[i].name) \
2088 LI("Binary Diffie-Hellman groups", bindh, \
2089 bintab[i].name, bintab[i].name) \
2090 LI("Key-generation algorithms", keygen, \
2091 algtab[i].name, algtab[i].name) \
2092 LI("Random seeding algorithms", seed, \
2093 seedtab[i].p, seedtab[i].p)
2095 MAKELISTTAB(listtab, LISTS)
2097 static int cmd_show(int argc, char *argv[])
2099 return (displaylists(listtab, argv + 1));
2102 /*----- Main command table ------------------------------------------------*/
2104 static int cmd_help(int argc, char *argv[]);
2106 static cmd cmds[] = {
2107 { "help", cmd_help, "help [COMMAND...]" },
2108 { "show", cmd_show, "show [ITEM...]" },
2109 { "list", cmd_list, "list [-uqv] [-f FILTER] [TAG...]", "\
2112 -u, --utc Display expiry times etc. in UTC, not local time.\n\
2113 -q, --quiet Show less information.\n\
2114 -v, --verbose Show more information.\n\
2116 { "fingerprint", cmd_finger, "fingerprint [-f FILTER] [TAG...]", "\
2119 -f, --filter=FILT Only hash key components matching FILT.\n\
2120 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2121 ($ show hash for list.)\n\
2123 { "verify", cmd_verify, "verify [-f FILTER] TAG FINGERPRINT", "\
2126 -f, --filter=FILT Only hash key components matching FILT.\n\
2127 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2128 ($ show hash for list.)\n\
2130 { "extract", cmd_extract, "extract [-f FILTER] FILE [TAG...]", "\
2133 -f, --filter=FILT Only extract key components matching FILT.\n\
2135 { "merge", cmd_merge, "merge FILE" },
2136 { "expire", cmd_expire, "expire TAG..." },
2137 { "delete", cmd_delete, "delete TAG..." },
2138 { "setattr", cmd_setattr, "setattr TAG ATTR..." },
2139 { "getattr", cmd_getattr, "getattr TAG ATTR" },
2140 { "comment", cmd_comment, "comment TAG [COMMENT]" },
2141 { "lock", cmd_lock, "lock QTAG" },
2142 { "unlock", cmd_unlock, "unlock QTAG" },
2143 { "tag", cmd_tag, "tag [-r] TAG [NEW-TAG]", "\
2146 -r, --retag Untag any key currently called new-tag.\n\
2148 { "tidy", cmd_tidy, "tidy" },
2150 "add [-OPTIONS] TYPE [ATTR...]\n\
2151 Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
2152 [-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
2153 [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
2156 -a, --algorithm=ALG Generate keys suitable for ALG.\n\
2157 ($ show keygen for list.)\n\
2158 -b, --bits=N Generate an N-bit key.\n\
2159 -B, --qbits=N Use an N-bit subgroup or factors.\n\
2160 -p, --parameters=TAG Get group parameters from TAG.\n\
2161 -C, --curve=NAME Use elliptic curve or DH group NAME.\n\
2162 ($ show ec or $ show dh for list.)\n\
2163 -A, --seedalg=ALG Use pseudorandom generator ALG to generate key.\n\
2164 ($ show seed for list.)\n\
2165 -s, --seed=BASE64 Use Base64-encoded string BASE64 as seed.\n\
2166 -n, --newseed=COUNT Generate new COUNT-bit seed.\n\
2167 -e, --expire=TIME Make the key expire after TIME.\n\
2168 -c, --comment=STRING Attach the command STRING to the key.\n\
2169 -t, --tag=TAG Tag the key with the name TAG.\n\
2170 -r, --retag Untag any key currently with that tag.\n\
2171 -R, --rand-id=TAG Use key named TAG for the random number generator.\n\
2172 -I, --key-id=ID Force the key-id for the new key.\n\
2173 -l, --lock Lock the generated key with a passphrase.\n\
2174 -q, --quiet Don't give progress indicators while working.\n\
2175 -L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
2176 -K, --kcdsa Generate KCDSA-style Lim-Lee primes for DH groups.\n\
2177 -S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
2182 static int cmd_help(int argc, char *argv[])
2184 sc_help(cmds, stdout, argv + 1);
2188 /*----- Main code ---------------------------------------------------------*/
2190 /* --- Helpful GNUy functions --- */
2192 static void usage(FILE *fp)
2194 pquis(fp, "Usage: $ [-k KEYRING] COMMAND [ARGS]\n");
2197 void version(FILE *fp)
2199 pquis(fp, "$, Catacomb version " VERSION "\n");
2202 void help_global(FILE *fp)
2206 Performs various simple key management operations.\n\
2208 Global command line options:\n\
2210 -h, --help [COMMAND...] Display this help text (or help for COMMANDs).\n\
2211 -v, --version Display version number.\n\
2212 -u, --usage Display short usage summary.\n\
2214 -k, --keyring=FILE Read and write keys in FILE.\n",
2220 * Arguments: @int argc@ = number of command line arguments
2221 * @char *argv[]@ = array of command line arguments
2223 * Returns: Nonzero on failure.
2225 * Use: Main program. Performs simple key management functions.
2228 int main(int argc, char *argv[])
2234 /* --- Initialization --- */
2239 /* --- Parse command line options --- */
2242 static struct option opt[] = {
2244 /* --- Standard GNUy help options --- */
2246 { "help", 0, 0, 'h' },
2247 { "version", 0, 0, 'v' },
2248 { "usage", 0, 0, 'u' },
2250 /* --- Real live useful options --- */
2252 { "keyring", OPTF_ARGREQ, 0, 'k' },
2254 /* --- Magic terminator --- */
2258 int i = mdwopt(argc, argv, "+hvu k:", opt, 0, 0, 0);
2264 /* --- GNU help options --- */
2267 sc_help(cmds, stdout, argv + optind);
2276 /* --- Real useful options --- */
2282 /* --- Bogosity --- */
2290 /* --- Complain about excessive bogons --- */
2292 if (f & f_bogus || optind == argc) {
2297 /* --- Initialize the Catacomb random number generator --- */
2299 rand_noisesrc(RAND_GLOBAL, &noise_source);
2300 rand_seed(RAND_GLOBAL, 160);
2302 /* --- Dispatch to appropriate command handler --- */
2307 return (findcmd(cmds, argv[0])->cmd(argc, argv));
2310 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob