mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH 32/42] commands: implement keystore command
Date: Fri, 31 Mar 2017 09:03:36 +0200	[thread overview]
Message-ID: <20170331070346.26878-33-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20170331070346.26878-1-s.hauer@pengutronix.de>

The keystore command provides access to the barebox keystore.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 commands/Kconfig    |   6 ++++
 commands/Makefile   |   1 +
 commands/keystore.c | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 107 insertions(+)
 create mode 100644 commands/keystore.c

diff --git a/commands/Kconfig b/commands/Kconfig
index bc0885c69d..6bb47d6363 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -1967,6 +1967,12 @@ config CMD_FIRMWARELOAD
 	  Provides the "firmwareload" command which deals with devices which need
 	  firmware to work. It is also used to upload firmware to FPGA devices.
 
+config CMD_KEYSTORE
+	depends on CRYPTO_KEYSTORE
+	bool
+	prompt "keystore"
+	help
+	  keystore provides access to the barebox keystore.
 
 config CMD_LINUX_EXEC
 	bool "linux exec"
diff --git a/commands/Makefile b/commands/Makefile
index 601f15fc38..a20c675929 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CMD_READLINK)	+= readlink.o
 obj-$(CONFIG_CMD_LET)		+= let.o
 obj-$(CONFIG_CMD_LN)		+= ln.o
 obj-$(CONFIG_CMD_CLK)		+= clk.o
+obj-$(CONFIG_CMD_KEYSTORE)	+= keystore.o
 obj-$(CONFIG_CMD_TFTP)		+= tftp.o
 obj-$(CONFIG_CMD_FILETYPE)	+= filetype.o
 obj-$(CONFIG_CMD_BAREBOX_UPDATE)+= barebox-update.o
diff --git a/commands/keystore.c b/commands/keystore.c
new file mode 100644
index 0000000000..52c4be2639
--- /dev/null
+++ b/commands/keystore.c
@@ -0,0 +1,100 @@
+#include <common.h>
+#include <command.h>
+#include <getopt.h>
+#include <libfile.h>
+#include <crypto/keystore.h>
+#include <linux/kernel.h>
+#include <fs.h>
+
+static int do_keystore(int argc, char *argv[])
+{
+	int opt;
+	int ret;
+	int do_remove = 0;
+	const char *name;
+	const char *file = NULL;
+	char *secret_str = NULL;
+	void *secret;
+	int s_len;
+
+	while ((opt = getopt(argc, argv, "rs:f:")) > 0) {
+		switch (opt) {
+		case 'r':
+			do_remove = 1;
+			break;
+		case 's':
+			secret_str = optarg;
+			break;
+		case 'f':
+			file = optarg;
+			break;
+		default:
+			return COMMAND_ERROR_USAGE;
+		}
+	}
+
+	if (argc == optind)
+		return COMMAND_ERROR_USAGE;
+
+	if (!do_remove && !file && !secret_str)
+		return COMMAND_ERROR_USAGE;
+
+	if (file && secret_str)
+		return COMMAND_ERROR_USAGE;
+
+	name = argv[optind];
+
+	if (do_remove) {
+		keystore_forget_secret(name);
+		printf("forgotten secret for key %s\n", name);
+		return 0;
+	}
+
+	if (file) {
+		ret = read_file_2(file, &s_len, (void *)&secret_str, FILESIZE_MAX);
+		if (ret) {
+			printf("Cannot open %s: %s\n", file, strerror(-ret));
+			return 1;
+		}
+	} else if (secret_str) {
+		s_len = strlen(secret_str);
+	}
+
+	if (s_len & 1) {
+		printf("invalid secret len. Must be whole bytes\n");
+		return 1;
+	}
+
+	secret = xzalloc(s_len / 2);
+	ret = hex2bin(secret, secret_str, s_len / 2);
+	if (ret) {
+		printf("Cannot convert %s to binary: %s\n", secret_str, strerror(-ret));
+		return 1;
+	}
+
+	ret = keystore_set_secret(name, secret, s_len / 2);
+	if (ret)
+		printf("cannot set secret for key %s: %s\n", name, strerror(-ret));
+	else
+		printf("Added secret for key %s\n", name);
+
+	free(secret);
+
+	return ret ? 1 : 0;
+}
+
+BAREBOX_CMD_HELP_START(keystore)
+BAREBOX_CMD_HELP_TEXT("")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT("-r", "remove a key from the keystore")
+BAREBOX_CMD_HELP_OPT("-s <key>", "set a key in the keystore")
+BAREBOX_CMD_HELP_OPT("-f <keyfile>", "set a key in the keystore, read secret from file")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(keystore)
+	.cmd	= do_keystore,
+	BAREBOX_CMD_DESC("manage keys")
+	BAREBOX_CMD_OPTS("[-rsf] <keyname>")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_keystore_help)
+BAREBOX_CMD_END
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

  parent reply	other threads:[~2017-03-31  7:04 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-31  7:03 State patches Sascha Hauer
2017-03-31  7:03 ` [PATCH 01/42] state: Make pointing to the backend using a phandle the only supported method Sascha Hauer
2017-05-15  9:18   ` Jan Remmet
2017-05-15 10:14     ` Jan Remmet
2017-05-16  5:33       ` Sascha Hauer
2017-05-17  9:13         ` Jan Remmet
2017-03-31  7:03 ` [PATCH 02/42] state: Use positive logic Sascha Hauer
2017-03-31  7:03 ` [PATCH 03/42] state: backend: remove .get_packed_len Sascha Hauer
2017-03-31  7:03 ` [PATCH 04/42] state: backend: remove len_hint argument from state_storage_read Sascha Hauer
2017-03-31  7:03 ` [PATCH 05/42] state: Drop backend as extra struct type Sascha Hauer
2017-03-31  7:03 ` [PATCH 06/42] state: merge backend.c into state.c Sascha Hauer
2017-03-31  7:03 ` [PATCH 07/42] state: open code state_backend_init in caller Sascha Hauer
2017-03-31  7:03 ` [PATCH 08/42] state: remove unnecessary argument from state_format_init Sascha Hauer
2017-03-31  7:03 ` [PATCH 09/42] state: pass struct state * to storage functions Sascha Hauer
2017-03-31  7:03 ` [PATCH 10/42] state: storage: initialize variable once outside loop Sascha Hauer
2017-03-31  7:03 ` [PATCH 11/42] state: backend_circular: Read whole PEB Sascha Hauer
2017-04-15  8:40   ` Sam Ravnborg
2017-03-31  7:03 ` [PATCH 12/42] state: drop lazy_init Sascha Hauer
2017-03-31  7:03 ` [PATCH 13/42] state: simplify direct backend Sascha Hauer
2017-03-31  7:03 ` [PATCH 14/42] state: replace len_hint logic Sascha Hauer
2017-03-31  7:03 ` [PATCH 15/42] state: Convert all bufs to void * Sascha Hauer
2017-03-31  7:03 ` [PATCH 16/42] state: Drop cache bucket Sascha Hauer
2017-04-15  8:53   ` Sam Ravnborg
2017-04-19  8:22     ` Sascha Hauer
2017-03-31  7:03 ` [PATCH 17/42] state: backend-direct: Fix max_size Sascha Hauer
2017-03-31  7:03 ` [PATCH 18/42] state: bucket: Make output more informative Sascha Hauer
2017-03-31  7:03 ` [PATCH 19/42] state: backend_bucket_direct: max_size is always given Sascha Hauer
2017-03-31  7:03 ` [PATCH 20/42] state: backend: Add more fields to struct state_backend_storage Sascha Hauer
2017-03-31  7:03 ` [PATCH 21/42] state: backend_circular: remove unnecessary warning Sascha Hauer
2017-03-31  7:03 ` [PATCH 22/42] state: storage: direct: do not close file that is not opened Sascha Hauer
2017-03-31  7:03 ` [PATCH 23/42] state: backend: Add some documentation Sascha Hauer
2017-03-31  7:03 ` [PATCH 24/42] state: backend_circular: default to circular storage Sascha Hauer
2017-03-31  7:03 ` [PATCH 25/42] state: backend_circular: rewrite function doc Sascha Hauer
2017-03-31  7:03 ` [PATCH 26/42] state: backend_storage: Rename variable nr_copies to n_buckets Sascha Hauer
2017-03-31  7:03 ` [PATCH 27/42] state: backend_storage: Rename variable desired_copies to desired_buckets Sascha Hauer
2017-03-31  7:03 ` [PATCH 28/42] state: backend_storage: rewrite function doc Sascha Hauer
2017-03-31  7:03 ` [PATCH 29/42] state: backend_storage: make locally used variable static Sascha Hauer
2017-03-31  7:03 ` [PATCH 30/42] state: backend_storage: rename more variables Sascha Hauer
2017-03-31  7:03 ` [PATCH 31/42] keystore: implement forgetting secrets Sascha Hauer
2017-03-31  7:03 ` Sascha Hauer [this message]
2017-03-31  7:03 ` [PATCH 33/42] commands: state: allow loading state with -l Sascha Hauer
2017-03-31  7:03 ` [PATCH 34/42] crypto: digest: initialize earlier Sascha Hauer
2017-03-31  7:03 ` [PATCH 35/42] state: backend_raw: alloc digest only when needed Sascha Hauer
2017-03-31  7:03 ` [PATCH 36/42] state: backend_circular: Set minumum writesize to 8 Sascha Hauer
2017-03-31  7:03 ` [PATCH 37/42] state: backend bucket circular: Explain metadata Sascha Hauer
2017-03-31  7:03 ` [PATCH 38/42] state: Allow to load without authentification Sascha Hauer
2017-03-31  7:03 ` [PATCH 39/42] state: Update documentation Sascha Hauer
2017-03-31  7:03 ` [PATCH 40/42] state: Do not load state during state_new_from_node Sascha Hauer
2017-03-31  7:03 ` [PATCH 41/42] state: Remove -EUCLEAN check from userspace tool Sascha Hauer
2017-03-31  7:03 ` [PATCH 42/42] state: find device node from device path, not from device node path Sascha Hauer
2017-04-03 20:15 ` State patches Sam Ravnborg
2017-04-04  6:19   ` Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170331070346.26878-33-s.hauer@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox