1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// SPDX-License-Identifier: GPL-2.0-only
#include <common.h>
#include <command.h>
#include <getopt.h>
#include <blobgen.h>
#include <environment.h>
static int do_blobgen(int argc, char *argv[])
{
bool do_encrypt = false, do_decrypt = false;
int opt;
const char *varname = NULL;
const char *modifier = NULL;
const char *blobdev = NULL;
struct blobgen *bg;
int plainsize;
int ret;
const char *message = NULL;
while ((opt = getopt(argc, argv, "edm:V:b:")) > 0) {
switch (opt) {
case 'e':
do_encrypt = true;
break;
case 'd':
do_decrypt = true;
break;
case 'm':
modifier = optarg;
break;
case 'V':
varname = optarg;
break;
case 'b':
blobdev = optarg;
break;
}
}
if (!varname) {
printf("varname not specified\n");
return -EINVAL;
}
if (!modifier) {
printf("Modifier not specified\n");
return -EINVAL;
}
bg = blobgen_get(blobdev);
if (!bg) {
printf("blobdev \"%s\" not found\n", blobdev);
return -ENOENT;
}
if (do_encrypt && do_decrypt) {
printf("Both encrypt and decrypt given\n");
return -EINVAL;
}
if (!do_encrypt && !do_decrypt) {
printf("Specify either -e or -d option\n");
return -EINVAL;
}
if (argc > optind) {
message = argv[optind];
} else {
printf("No message to %scrypt provided\n",
do_encrypt ? "en" : "de");
return -EINVAL;
}
if (do_encrypt) {
ret = blob_encrypt_to_env(bg, modifier, message, strlen(message),
varname);
if (ret)
return ret;
}
if (do_decrypt) {
void *plain;
char *str;
ret = blob_decrypt_from_base64(bg, modifier, message, &plain,
&plainsize);
if (ret)
return ret;
str = malloc(plainsize + 1);
if (!str)
return -ENOMEM;
memcpy(str, plain, plainsize);
str[plainsize] = 0;
setenv(varname, str);
free(plain);
free(str);
}
return 0;
}
BAREBOX_CMD_HELP_START(blobgen)
BAREBOX_CMD_HELP_TEXT("This command utilizes hardware crypto engines to en/decrypt")
BAREBOX_CMD_HELP_TEXT("data blobs.")
BAREBOX_CMD_HELP_TEXT("Options:")
BAREBOX_CMD_HELP_OPT("-e\t", "encrypt")
BAREBOX_CMD_HELP_OPT("-d\t", "decrypt")
BAREBOX_CMD_HELP_OPT("-m <modifier>", "Set modifier")
BAREBOX_CMD_HELP_OPT("-V <varname>", "specify variable name to set with the result")
BAREBOX_CMD_HELP_OPT("-b <blobdev>", "specify blob device to use")
BAREBOX_CMD_HELP_END
BAREBOX_CMD_START(blobgen)
.cmd = do_blobgen,
BAREBOX_CMD_DESC("en/decrypt blobs")
BAREBOX_CMD_OPTS("[-edmVb] <plaintext/ciphertext>")
BAREBOX_CMD_GROUP(CMD_GRP_HWMANIP)
BAREBOX_CMD_HELP(cmd_blobgen_help)
BAREBOX_CMD_END
|
