summaryrefslogtreecommitdiffstats
path: root/commands/keystore.c
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2017-03-24 15:45:52 +0100
committerSascha Hauer <s.hauer@pengutronix.de>2017-03-31 18:43:53 +0200
commite18b4ad84db80e6a0442fd521f84dd113314e29e (patch)
treedf6dee14a3adc628862113f0ea05de4284d36ba1 /commands/keystore.c
parent8f329292316dd38297bb0b95d9f10d7f3935a07b (diff)
downloadbarebox-e18b4ad84db80e6a0442fd521f84dd113314e29e.tar.gz
commands: implement keystore command
The keystore command provides access to the barebox keystore. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'commands/keystore.c')
-rw-r--r--commands/keystore.c100
1 files changed, 100 insertions, 0 deletions
diff --git a/commands/keystore.c b/commands/keystore.c
new file mode 100644
index 0000000..52c4be2
--- /dev/null
+++ b/commands/keystore.c
@@ -0,0 +1,100 @@
+#include <common.h>
+#include <command.h>
+#include <getopt.h>
+#include <libfile.h>
+#include <crypto/keystore.h>
+#include <linux/kernel.h>
+#include <fs.h>
+
+static int do_keystore(int argc, char *argv[])
+{
+ int opt;
+ int ret;
+ int do_remove = 0;
+ const char *name;
+ const char *file = NULL;
+ char *secret_str = NULL;
+ void *secret;
+ int s_len;
+
+ while ((opt = getopt(argc, argv, "rs:f:")) > 0) {
+ switch (opt) {
+ case 'r':
+ do_remove = 1;
+ break;
+ case 's':
+ secret_str = optarg;
+ break;
+ case 'f':
+ file = optarg;
+ break;
+ default:
+ return COMMAND_ERROR_USAGE;
+ }
+ }
+
+ if (argc == optind)
+ return COMMAND_ERROR_USAGE;
+
+ if (!do_remove && !file && !secret_str)
+ return COMMAND_ERROR_USAGE;
+
+ if (file && secret_str)
+ return COMMAND_ERROR_USAGE;
+
+ name = argv[optind];
+
+ if (do_remove) {
+ keystore_forget_secret(name);
+ printf("forgotten secret for key %s\n", name);
+ return 0;
+ }
+
+ if (file) {
+ ret = read_file_2(file, &s_len, (void *)&secret_str, FILESIZE_MAX);
+ if (ret) {
+ printf("Cannot open %s: %s\n", file, strerror(-ret));
+ return 1;
+ }
+ } else if (secret_str) {
+ s_len = strlen(secret_str);
+ }
+
+ if (s_len & 1) {
+ printf("invalid secret len. Must be whole bytes\n");
+ return 1;
+ }
+
+ secret = xzalloc(s_len / 2);
+ ret = hex2bin(secret, secret_str, s_len / 2);
+ if (ret) {
+ printf("Cannot convert %s to binary: %s\n", secret_str, strerror(-ret));
+ return 1;
+ }
+
+ ret = keystore_set_secret(name, secret, s_len / 2);
+ if (ret)
+ printf("cannot set secret for key %s: %s\n", name, strerror(-ret));
+ else
+ printf("Added secret for key %s\n", name);
+
+ free(secret);
+
+ return ret ? 1 : 0;
+}
+
+BAREBOX_CMD_HELP_START(keystore)
+BAREBOX_CMD_HELP_TEXT("")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT("-r", "remove a key from the keystore")
+BAREBOX_CMD_HELP_OPT("-s <key>", "set a key in the keystore")
+BAREBOX_CMD_HELP_OPT("-f <keyfile>", "set a key in the keystore, read secret from file")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(keystore)
+ .cmd = do_keystore,
+ BAREBOX_CMD_DESC("manage keys")
+ BAREBOX_CMD_OPTS("[-rsf] <keyname>")
+ BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+ BAREBOX_CMD_HELP(cmd_keystore_help)
+BAREBOX_CMD_END