diff options
Diffstat (limited to 'commands')
-rw-r--r-- | commands/Kconfig | 10 | ||||
-rw-r--r-- | commands/Makefile | 1 | ||||
-rw-r--r-- | commands/blobgen.c | 122 | ||||
-rw-r--r-- | commands/hwclock.c | 2 | ||||
-rw-r--r-- | commands/timeout.c | 2 |
5 files changed, 135 insertions, 2 deletions
diff --git a/commands/Kconfig b/commands/Kconfig index 4f5d84ac18..039fd7d1ac 100644 --- a/commands/Kconfig +++ b/commands/Kconfig @@ -1964,6 +1964,16 @@ config CMD_BAREBOX_UPDATE -y autom. use 'yes' when asking confirmations -f LEVEL set force level +config CMD_BLOBGEN + bool + select BLOBGEN + prompt "blobgen" + help + Provides the "blobgen" command. This command encrypts and decrypts + plaintext to/from blobs. This is done with hardware crypto engines, + so this command is only useful when you also enable a blobgen capable + driver. + config CMD_FIRMWARELOAD bool select FIRMWARE diff --git a/commands/Makefile b/commands/Makefile index 358671bb5b..e69fb5046f 100644 --- a/commands/Makefile +++ b/commands/Makefile @@ -84,6 +84,7 @@ obj-$(CONFIG_CMD_LINUX_EXEC) += linux_exec.o obj-$(CONFIG_CMD_AUTOMOUNT) += automount.o obj-$(CONFIG_CMD_GLOBAL) += global.o obj-$(CONFIG_CMD_DMESG) += dmesg.o +obj-$(CONFIG_CMD_BLOBGEN) += blobgen.o obj-$(CONFIG_CMD_BASENAME) += basename.o obj-$(CONFIG_CMD_HAB) += hab.o obj-$(CONFIG_CMD_DIRNAME) += dirname.o diff --git a/commands/blobgen.c b/commands/blobgen.c new file mode 100644 index 0000000000..49107d037c --- /dev/null +++ b/commands/blobgen.c @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <common.h> +#include <command.h> +#include <getopt.h> +#include <blobgen.h> +#include <environment.h> + +static int do_blobgen(int argc, char *argv[]) +{ + bool do_encrypt = false, do_decrypt = false; + int opt; + const char *varname = NULL; + const char *modifier = NULL; + const char *blobdev = NULL; + struct blobgen *bg; + int plainsize; + int ret; + const char *message = NULL; + + while ((opt = getopt(argc, argv, "edm:V:b:")) > 0) { + switch (opt) { + case 'e': + do_encrypt = true; + break; + case 'd': + do_decrypt = true; + break; + case 'm': + modifier = optarg; + break; + case 'V': + varname = optarg; + break; + case 'b': + blobdev = optarg; + break; + } + } + + if (!varname) { + printf("varname not specified\n"); + return -EINVAL; + } + + if (!modifier) { + printf("Modifier not specified\n"); + return -EINVAL; + } + + bg = blobgen_get(blobdev); + if (!bg) { + printf("blobdev \"%s\" not found\n", blobdev); + return -ENOENT; + } + + if (do_encrypt && do_decrypt) { + printf("Both encrypt and decrypt given\n"); + return -EINVAL; + } + + if (!do_encrypt && !do_decrypt) { + printf("Specify either -e or -d option\n"); + return -EINVAL; + } + + if (argc > optind) { + message = argv[optind]; + } else { + printf("No message to %scrypt provided\n", + do_encrypt ? "en" : "de"); + return -EINVAL; + } + + if (do_encrypt) { + ret = blob_encrypt_to_env(bg, modifier, message, strlen(message), + varname); + if (ret) + return ret; + } + + if (do_decrypt) { + void *plain; + char *str; + + ret = blob_decrypt_from_base64(bg, modifier, message, &plain, + &plainsize); + if (ret) + return ret; + + str = malloc(plainsize + 1); + if (!str) + return -ENOMEM; + + memcpy(str, plain, plainsize); + str[plainsize] = 0; + + setenv(varname, str); + free(plain); + free(str); + } + + return 0; +} + +BAREBOX_CMD_HELP_START(blobgen) +BAREBOX_CMD_HELP_TEXT("This command utilizes hardware crypto engines to en/decrypt") +BAREBOX_CMD_HELP_TEXT("data blobs.") +BAREBOX_CMD_HELP_TEXT("Options:") +BAREBOX_CMD_HELP_OPT("-e\t", "encrypt") +BAREBOX_CMD_HELP_OPT("-d\t", "decrypt") +BAREBOX_CMD_HELP_OPT("-m <modifier>", "Set modifier") +BAREBOX_CMD_HELP_OPT("-V <varname>", "specify variable name to set with the result") +BAREBOX_CMD_HELP_OPT("-b <blobdev>", "specify blob device to use") +BAREBOX_CMD_HELP_END + +BAREBOX_CMD_START(blobgen) + .cmd = do_blobgen, + BAREBOX_CMD_DESC("en/decrypt blobs") + BAREBOX_CMD_OPTS("[-edmVb] <plaintext/ciphertext>") + BAREBOX_CMD_GROUP(CMD_GRP_HWMANIP) + BAREBOX_CMD_HELP(cmd_blobgen_help) +BAREBOX_CMD_END diff --git a/commands/hwclock.c b/commands/hwclock.c index 5073618675..1b5c2cd100 100644 --- a/commands/hwclock.c +++ b/commands/hwclock.c @@ -175,7 +175,7 @@ BAREBOX_CMD_HELP_START(hwclock) BAREBOX_CMD_HELP_TEXT("Options:") BAREBOX_CMD_HELP_OPT ("-f NAME\t\t\t", "RTC device name (default rtc0)") BAREBOX_CMD_HELP_OPT ("-e VARNAME\t\t", "store RTC readout into variable VARNAME") -BAREBOX_CMD_HELP_OPT ("-n NTPSERVER\t", "set RTC from NTP server") +BAREBOX_CMD_HELP_OPT ("-n NTPSERVER\t\t", "set RTC from NTP server") BAREBOX_CMD_HELP_OPT ("-s ccyymmddHHMM[.SS]\t", "set time") BAREBOX_CMD_HELP_END diff --git a/commands/timeout.c b/commands/timeout.c index d197cedd8b..db88900287 100644 --- a/commands/timeout.c +++ b/commands/timeout.c @@ -61,7 +61,7 @@ static int do_timeout(int argc, char *argv[]) return COMMAND_ERROR_USAGE; timeout = simple_strtoul(argv[optind], NULL, 0); - ret = console_countdown(timeout, flags, str); + ret = console_countdown(timeout, flags, NULL, str); if (varname && str[0]) setenv(varname, str); |