Merge branch 'for-next/state'

4 files changed, 124 insertions, 4 deletions

diff --git a/commands/Kconfig b/commands/Kconfig
index 43b8deddde..ae2dc4b094 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -1967,6 +1967,12 @@ config CMD_FIRMWARELOAD
 	  Provides the "firmwareload" command which deals with devices which need
 	  firmware to work. It is also used to upload firmware to FPGA devices.
 
+config CMD_KEYSTORE
+	depends on CRYPTO_KEYSTORE
+	bool
+	prompt "keystore"
+	help
+	  keystore provides access to the barebox keystore.
 
 config CMD_LINUX_EXEC
 	bool "linux exec"
diff --git a/commands/Makefile b/commands/Makefile
index edd713c6bd..37486dceb1 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -93,6 +93,7 @@ obj-$(CONFIG_CMD_READLINK)	+= readlink.o
 obj-$(CONFIG_CMD_LET)		+= let.o
 obj-$(CONFIG_CMD_LN)		+= ln.o
 obj-$(CONFIG_CMD_CLK)		+= clk.o
+obj-$(CONFIG_CMD_KEYSTORE)	+= keystore.o
 obj-$(CONFIG_CMD_TFTP)		+= tftp.o
 obj-$(CONFIG_CMD_FILETYPE)	+= filetype.o
 obj-$(CONFIG_CMD_BAREBOX_UPDATE)+= barebox-update.o
diff --git a/commands/keystore.c b/commands/keystore.c
new file mode 100644
index 0000000000..52c4be2639
--- /dev/null
+++ b/commands/keystore.c
@@ -0,0 +1,100 @@
+#include <common.h>
+#include <command.h>
+#include <getopt.h>
+#include <libfile.h>
+#include <crypto/keystore.h>
+#include <linux/kernel.h>
+#include <fs.h>
+
+static int do_keystore(int argc, char *argv[])
+{
+	int opt;
+	int ret;
+	int do_remove = 0;
+	const char *name;
+	const char *file = NULL;
+	char *secret_str = NULL;
+	void *secret;
+	int s_len;
+
+	while ((opt = getopt(argc, argv, "rs:f:")) > 0) {
+		switch (opt) {
+		case 'r':
+			do_remove = 1;
+			break;
+		case 's':
+			secret_str = optarg;
+			break;
+		case 'f':
+			file = optarg;
+			break;
+		default:
+			return COMMAND_ERROR_USAGE;
+		}
+	}
+
+	if (argc == optind)
+		return COMMAND_ERROR_USAGE;
+
+	if (!do_remove && !file && !secret_str)
+		return COMMAND_ERROR_USAGE;
+
+	if (file && secret_str)
+		return COMMAND_ERROR_USAGE;
+
+	name = argv[optind];
+
+	if (do_remove) {
+		keystore_forget_secret(name);
+		printf("forgotten secret for key %s\n", name);
+		return 0;
+	}
+
+	if (file) {
+		ret = read_file_2(file, &s_len, (void *)&secret_str, FILESIZE_MAX);
+		if (ret) {
+			printf("Cannot open %s: %s\n", file, strerror(-ret));
+			return 1;
+		}
+	} else if (secret_str) {
+		s_len = strlen(secret_str);
+	}
+
+	if (s_len & 1) {
+		printf("invalid secret len. Must be whole bytes\n");
+		return 1;
+	}
+
+	secret = xzalloc(s_len / 2);
+	ret = hex2bin(secret, secret_str, s_len / 2);
+	if (ret) {
+		printf("Cannot convert %s to binary: %s\n", secret_str, strerror(-ret));
+		return 1;
+	}
+
+	ret = keystore_set_secret(name, secret, s_len / 2);
+	if (ret)
+		printf("cannot set secret for key %s: %s\n", name, strerror(-ret));
+	else
+		printf("Added secret for key %s\n", name);
+
+	free(secret);
+
+	return ret ? 1 : 0;
+}
+
+BAREBOX_CMD_HELP_START(keystore)
+BAREBOX_CMD_HELP_TEXT("")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT("-r", "remove a key from the keystore")
+BAREBOX_CMD_HELP_OPT("-s <key>", "set a key in the keystore")
+BAREBOX_CMD_HELP_OPT("-f <keyfile>", "set a key in the keystore, read secret from file")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(keystore)
+	.cmd	= do_keystore,
+	BAREBOX_CMD_DESC("manage keys")
+	BAREBOX_CMD_OPTS("[-rsf] <keyname>")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_keystore_help)
+BAREBOX_CMD_END
diff --git a/commands/state.c b/commands/state.c
index 4b51759e3e..c57a906ff0 100644
--- a/commands/state.c
+++ b/commands/state.c
@@ -21,20 +21,27 @@ static int do_state(int argc, char *argv[])
 {
 	int opt, ret = 0;
 	struct state *state = NULL;
-	int do_save = 0;
+	int do_save = 0, do_load = 0;
 	const char *statename = "state";
+	int no_auth = 0;
 
-	while ((opt = getopt(argc, argv, "s")) > 0) {
+	while ((opt = getopt(argc, argv, "sln")) > 0) {
 		switch (opt) {
 		case 's':
 			do_save = 1;
 			break;
+		case 'l':
+			do_load = 1;
+			break;
+		case 'n':
+			no_auth = 1;
+			break;
 		default:
 			return COMMAND_ERROR_USAGE;
 		}
 	}
 
-	if (!do_save) {
+	if (!do_save && !do_load) {
 		state_info();
 		return 0;
 	}
@@ -48,8 +55,14 @@ static int do_state(int argc, char *argv[])
 		return -ENOENT;
 	}
 
-	if (do_save)
+	if (do_load) {
+		if (no_auth)
+			ret = state_load_no_auth(state);
+		else
+			ret = state_load(state);
+	} else if (do_save) {
 		ret = state_save(state);
+	}
 
 	return ret;
 }