diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2017-04-07 09:59:38 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2017-04-07 09:59:38 +0200 |
commit | 5d834decbe062273393acfcf172fdd29ead6a166 (patch) | |
tree | 1eeea5cf915f7779aaa77421327caaa7525e91e0 /commands | |
parent | 53adf0648c330357103e4a7103c3d7f05c0c4bcf (diff) | |
parent | 7b3d284f4bad78d61e9f5d32ec5aa1efc19ce733 (diff) | |
download | barebox-5d834decbe062273393acfcf172fdd29ead6a166.tar.gz barebox-5d834decbe062273393acfcf172fdd29ead6a166.tar.xz |
Merge branch 'for-next/state'
Diffstat (limited to 'commands')
-rw-r--r-- | commands/Kconfig | 6 | ||||
-rw-r--r-- | commands/Makefile | 1 | ||||
-rw-r--r-- | commands/keystore.c | 100 | ||||
-rw-r--r-- | commands/state.c | 21 |
4 files changed, 124 insertions, 4 deletions
diff --git a/commands/Kconfig b/commands/Kconfig index 43b8deddde..ae2dc4b094 100644 --- a/commands/Kconfig +++ b/commands/Kconfig @@ -1967,6 +1967,12 @@ config CMD_FIRMWARELOAD Provides the "firmwareload" command which deals with devices which need firmware to work. It is also used to upload firmware to FPGA devices. +config CMD_KEYSTORE + depends on CRYPTO_KEYSTORE + bool + prompt "keystore" + help + keystore provides access to the barebox keystore. config CMD_LINUX_EXEC bool "linux exec" diff --git a/commands/Makefile b/commands/Makefile index edd713c6bd..37486dceb1 100644 --- a/commands/Makefile +++ b/commands/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_CMD_READLINK) += readlink.o obj-$(CONFIG_CMD_LET) += let.o obj-$(CONFIG_CMD_LN) += ln.o obj-$(CONFIG_CMD_CLK) += clk.o +obj-$(CONFIG_CMD_KEYSTORE) += keystore.o obj-$(CONFIG_CMD_TFTP) += tftp.o obj-$(CONFIG_CMD_FILETYPE) += filetype.o obj-$(CONFIG_CMD_BAREBOX_UPDATE)+= barebox-update.o diff --git a/commands/keystore.c b/commands/keystore.c new file mode 100644 index 0000000000..52c4be2639 --- /dev/null +++ b/commands/keystore.c @@ -0,0 +1,100 @@ +#include <common.h> +#include <command.h> +#include <getopt.h> +#include <libfile.h> +#include <crypto/keystore.h> +#include <linux/kernel.h> +#include <fs.h> + +static int do_keystore(int argc, char *argv[]) +{ + int opt; + int ret; + int do_remove = 0; + const char *name; + const char *file = NULL; + char *secret_str = NULL; + void *secret; + int s_len; + + while ((opt = getopt(argc, argv, "rs:f:")) > 0) { + switch (opt) { + case 'r': + do_remove = 1; + break; + case 's': + secret_str = optarg; + break; + case 'f': + file = optarg; + break; + default: + return COMMAND_ERROR_USAGE; + } + } + + if (argc == optind) + return COMMAND_ERROR_USAGE; + + if (!do_remove && !file && !secret_str) + return COMMAND_ERROR_USAGE; + + if (file && secret_str) + return COMMAND_ERROR_USAGE; + + name = argv[optind]; + + if (do_remove) { + keystore_forget_secret(name); + printf("forgotten secret for key %s\n", name); + return 0; + } + + if (file) { + ret = read_file_2(file, &s_len, (void *)&secret_str, FILESIZE_MAX); + if (ret) { + printf("Cannot open %s: %s\n", file, strerror(-ret)); + return 1; + } + } else if (secret_str) { + s_len = strlen(secret_str); + } + + if (s_len & 1) { + printf("invalid secret len. Must be whole bytes\n"); + return 1; + } + + secret = xzalloc(s_len / 2); + ret = hex2bin(secret, secret_str, s_len / 2); + if (ret) { + printf("Cannot convert %s to binary: %s\n", secret_str, strerror(-ret)); + return 1; + } + + ret = keystore_set_secret(name, secret, s_len / 2); + if (ret) + printf("cannot set secret for key %s: %s\n", name, strerror(-ret)); + else + printf("Added secret for key %s\n", name); + + free(secret); + + return ret ? 1 : 0; +} + +BAREBOX_CMD_HELP_START(keystore) +BAREBOX_CMD_HELP_TEXT("") +BAREBOX_CMD_HELP_TEXT("Options:") +BAREBOX_CMD_HELP_OPT("-r", "remove a key from the keystore") +BAREBOX_CMD_HELP_OPT("-s <key>", "set a key in the keystore") +BAREBOX_CMD_HELP_OPT("-f <keyfile>", "set a key in the keystore, read secret from file") +BAREBOX_CMD_HELP_END + +BAREBOX_CMD_START(keystore) + .cmd = do_keystore, + BAREBOX_CMD_DESC("manage keys") + BAREBOX_CMD_OPTS("[-rsf] <keyname>") + BAREBOX_CMD_GROUP(CMD_GRP_MISC) + BAREBOX_CMD_HELP(cmd_keystore_help) +BAREBOX_CMD_END diff --git a/commands/state.c b/commands/state.c index 4b51759e3e..c57a906ff0 100644 --- a/commands/state.c +++ b/commands/state.c @@ -21,20 +21,27 @@ static int do_state(int argc, char *argv[]) { int opt, ret = 0; struct state *state = NULL; - int do_save = 0; + int do_save = 0, do_load = 0; const char *statename = "state"; + int no_auth = 0; - while ((opt = getopt(argc, argv, "s")) > 0) { + while ((opt = getopt(argc, argv, "sln")) > 0) { switch (opt) { case 's': do_save = 1; break; + case 'l': + do_load = 1; + break; + case 'n': + no_auth = 1; + break; default: return COMMAND_ERROR_USAGE; } } - if (!do_save) { + if (!do_save && !do_load) { state_info(); return 0; } @@ -48,8 +55,14 @@ static int do_state(int argc, char *argv[]) return -ENOENT; } - if (do_save) + if (do_load) { + if (no_auth) + ret = state_load_no_auth(state); + else + ret = state_load(state); + } else if (do_save) { ret = state_save(state); + } return ret; } |