diff options
| author | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-10-16 14:12:41 +0200 |
|---|---|---|
| committer | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-10-16 14:12:41 +0200 |
| commit | c56aaa8a91602a04a5c42d2dc5f6d810e6323f67 (patch) | |
| tree | d3eed805db68ac34ed0252a417273d28cff35b06 | |
| parent | f54a00e158207fb2e13380af48b4b4abcf767f8d (diff) | |
| download | dt-utils-c56aaa8a91602a04a5c42d2dc5f6d810e6323f67.tar.gz dt-utils-c56aaa8a91602a04a5c42d2dc5f6d810e6323f67.tar.xz | |
keystore: add imx6 caam based keystore implementation
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | src/keystore-blob.c | 104 | ||||
| -rw-r--r-- | src/keystore.c | 21 |
3 files changed, 105 insertions, 22 deletions
diff --git a/Makefile.am b/Makefile.am index 9e45325..28a8bef 100644 --- a/Makefile.am +++ b/Makefile.am @@ -49,7 +49,7 @@ barebox_state_SOURCES = \ src/crypto/hmac.c \ src/crypto/sha1.c \ src/crypto/sha2.c \ - src/keystore.c \ + src/keystore-blob.c \ src/base64.c \ src/barebox-state.c \ \ diff --git a/src/keystore-blob.c b/src/keystore-blob.c new file mode 100644 index 0000000..032adb6 --- /dev/null +++ b/src/keystore-blob.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2015 Pengutronix, Marc Kleine-Budde <kernel@pengutronix.de> + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License version 2 as published by the + * Free Software Foundation. + */ + +#include <common.h> +#include <barebox-state.h> +#include <keystore.h> +#include <base64.h> + +static const char keystore_state_name[] = "/blobs"; +static const char blob_gen_payload[] = "/sys/devices/soc0/soc/2100000.aips-bus/2100000.caam/blob_gen/payload"; +static const char blob_gen_modifier[] = "/sys/devices/soc0/soc/2100000.aips-bus/2100000.caam/blob_gen/modifier"; +static const char blob_gen_blob[] = "/sys/devices/soc0/soc/2100000.aips-bus/2100000.caam/blob_gen/blob"; + +static struct state *state; + +int keystore_get_secret(const char *name, const unsigned char **key, int *key_len) +{ + FILE *fp; + char *blob, *modifier, *payload; + u8 *blob_bin, *payload_bin; + ssize_t len; + int fd, ret; + + if (!state) { + struct state *tmp; + + tmp = state_get(keystore_state_name); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); + state = tmp; + } + + /* modifier */ + fp = fopen(blob_gen_modifier, "w"); + if (!fp) + return -errno; + + ret = fprintf(fp, "user:%s", name); + if (ret < 0) { + fclose(fp); + return ret; + } + + ret = fclose(fp); + if (ret == EOF) + return -errno; + + + /* blob */ + blob = state_get_var(state, name); + if (!blob) + return -ENOENT; + + len = strlen(blob) + 1; + blob_bin = xzalloc(len); + len = decode_base64(blob_bin, len, blob); + free(blob); + + fd = open(blob_gen_blob, O_WRONLY); + if (fd < 0) { + free(blob_bin); + return -errno; + } + + ret = write(fd, blob_bin, len); + free(blob_bin); + if (ret != len) { + return -errno; + } + + ret = close(fd); + if (ret) + return -errno; + + + /* payload */ + fd = open(blob_gen_payload, O_RDONLY); + if (fd < 0) { + free(blob_bin); + return -errno; + } + + payload = xzalloc(len); + len = read(fd, payload, len); + close(fd); + if (len <= 0) { + free(payload); + return -errno; + } + + payload_bin = xzalloc(len); + len = decode_base64(payload_bin, len, payload); + free(payload); + + *key = payload_bin; + *key_len = len; + + return 0; +} diff --git a/src/keystore.c b/src/keystore.c deleted file mode 100644 index c4c7d5e..0000000 --- a/src/keystore.c +++ /dev/null @@ -1,21 +0,0 @@ -/* - * keystore - simple keystore - * - * Copyright (c) 2015 Pengutronix, Marc Kleine-Budde <kernel@pengutronix.de> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <errno.h> - -int __attribute__((weak)) keystore_get_secret(const char *name, const unsigned char **key, int *key_len) -{ - return -ENOENT; -} |