diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-06-22 16:46:23 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-08-10 15:30:35 -0700 |
commit | d46461cec2aa7547b3722623b85dcfb2f298f859 (patch) | |
tree | 11b05a5b426a2608d38ae19d28a0e9af70b9ec64 /futility/cmd_sign.c | |
parent | 939cc3a5c25a3333fadafc7fc341d7e320f72fab (diff) | |
download | vboot-d46461cec2aa7547b3722623b85dcfb2f298f859.tar.gz |
futility: Use vboot 2.0 APIs for private keys
This replaces calls to the vboot 1 host library with their vboot 2.0
equivalents.
BUG=chromium:611535
BRANCH=none
TEST=make runtests
Change-Id: Id061554fd82ea3efe35d0fe1485693b47599a863
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356540
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'futility/cmd_sign.c')
-rw-r--r-- | futility/cmd_sign.c | 32 |
1 files changed, 8 insertions, 24 deletions
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 23e298b9..3ff6ddac 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -78,15 +78,6 @@ int ft_sign_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data) sign_option.flags, sign_option.pem_external); } else { - sign_option.signprivate = PrivateKeyReadPem( - sign_option.pem_signpriv, - sign_option.pem_algo); - if (!sign_option.signprivate) { - fprintf(stderr, - "Unable to read PEM signing key: %s\n", - strerror(errno)); - return 1; - } sign_option.signprivate2 = vb2_read_private_key_pem( sign_option.pem_signpriv, sign_option.pem_algo); @@ -139,7 +130,7 @@ int ft_sign_raw_kernel(const char *name, uint8_t *buf, uint32_t len, sign_option.version, sign_option.kloadaddr, sign_option.keyblock, - sign_option.signprivate, + sign_option.signprivate2, sign_option.flags, &vblock_size); if (!vblock_data) { fprintf(stderr, "Unable to sign kernel blob\n"); @@ -226,7 +217,7 @@ int ft_sign_kern_preamble(const char *name, uint8_t *buf, uint32_t len, sign_option.version, sign_option.kloadaddr, keyblock, - sign_option.signprivate, + sign_option.signprivate2, sign_option.flags, &vblock_size); if (!vblock_data) { @@ -663,11 +654,6 @@ static int do_sign(int argc, char *argv[]) &longindex)) != -1) { switch (i) { case 's': - sign_option.signprivate = PrivateKeyRead(optarg); - if (!sign_option.signprivate) { - fprintf(stderr, "Error reading %s\n", optarg); - errorcnt++; - } sign_option.signprivate2 = vb2_read_private_key(optarg); if (!sign_option.signprivate2) { fprintf(stderr, "Error reading %s\n", optarg); @@ -922,13 +908,13 @@ static int do_sign(int argc, char *argv[]) switch (sign_option.type) { case FILE_TYPE_PUBKEY: sign_option.create_new_outfile = 1; - if (sign_option.signprivate && sign_option.pem_signpriv) { + if (sign_option.signprivate2 && sign_option.pem_signpriv) { fprintf(stderr, "Only one of --signprivate and --pem_signpriv" " can be specified\n"); errorcnt++; } - if ((sign_option.signprivate && + if ((sign_option.signprivate2 && sign_option.pem_algo_specified) || (sign_option.pem_signpriv && !sign_option.pem_algo_specified)) { @@ -946,18 +932,18 @@ static int do_sign(int argc, char *argv[]) break; case FILE_TYPE_BIOS_IMAGE: case FILE_TYPE_OLD_BIOS_IMAGE: - errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.kernel_subkey, "kernelkey"); break; case FILE_TYPE_KERN_PREAMBLE: - errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); if (sign_option.vblockonly || sign_option.inout_file_count > 1) sign_option.create_new_outfile = 1; break; case FILE_TYPE_RAW_FIRMWARE: sign_option.create_new_outfile = 1; - errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.kernel_subkey, "kernelkey"); errorcnt += no_opt_if(!sign_option.version_specified, @@ -965,7 +951,7 @@ static int do_sign(int argc, char *argv[]) break; case FILE_TYPE_RAW_KERNEL: sign_option.create_new_outfile = 1; - errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.version_specified, "version"); @@ -1058,8 +1044,6 @@ done: strerror(errno)); } - if (sign_option.signprivate) - free(sign_option.signprivate); if (sign_option.signprivate2) free(sign_option.signprivate2); if (sign_option.keyblock) |