diff options
author | Bill Richardson <wfrichar@chromium.org> | 2010-07-01 10:22:06 -0700 |
---|---|---|
committer | Bill Richardson <wfrichar@chromium.org> | 2010-07-01 10:22:06 -0700 |
commit | abf055045802cb06c57ff2d7b187736bdcb3b138 (patch) | |
tree | be0cc0aaa1d8c64fb5402b66c975e7e7c018acd1 /utility/vbutil_keyblock.c | |
parent | a08b5c9d032be485fe6e2790c23e8c9bb9fca2ad (diff) | |
download | vboot-abf055045802cb06c57ff2d7b187736bdcb3b138.tar.gz |
Switch to using .vbprivk for signing everything now.
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
Diffstat (limited to 'utility/vbutil_keyblock.c')
-rw-r--r-- | utility/vbutil_keyblock.c | 76 |
1 files changed, 31 insertions, 45 deletions
diff --git a/utility/vbutil_keyblock.c b/utility/vbutil_keyblock.c index dbdcbd3f..7c3f0279 100644 --- a/utility/vbutil_keyblock.c +++ b/utility/vbutil_keyblock.c @@ -9,6 +9,7 @@ #include <inttypes.h> /* For PRIu64 */ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "cryptolib.h" #include "host_common.h" @@ -22,7 +23,6 @@ enum { OPT_DATAPUBKEY, OPT_SIGNPUBKEY, OPT_SIGNPRIVATE, - OPT_ALGORITHM, OPT_FLAGS, }; @@ -32,45 +32,38 @@ static struct option long_opts[] = { {"datapubkey", 1, 0, OPT_DATAPUBKEY }, {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, {"signprivate", 1, 0, OPT_SIGNPRIVATE }, - {"algorithm", 1, 0, OPT_ALGORITHM }, {"flags", 1, 0, OPT_FLAGS }, {NULL, 0, 0, 0} }; /* Print help and return error */ -static int PrintHelp(void) { - int i; - - puts("vbutil_keyblock - Verified boot key block utility\n" - "\n" - "Usage: vbutil_keyblock <--pack|--unpack> <file> [OPTIONS]\n" - "\n" - "For '--pack <file>', required OPTIONS are:\n" - " --datapubkey <file> Data public key in .vbpubk format\n" - " --signprivate <file> Signing private key in .pem format\n" - " --algorithm <algoid> Signing algorithm for key, one of:"); - - for (i = 0; i < kNumAlgorithms; i++) - printf(" %d (%s)\n", i, algo_strings[i]); - - puts("\n" - "Optional OPTIONS are:\n" - " --flags <number> Flags\n" - "\n" - "For '--unpack <file>', required OPTIONS are:\n" - " --signpubkey <file> Signing public key in .vbpubk format\n" - "Optional OPTIONS are:\n" - " --datapubkey <file> Data public key output file\n" - ""); +static int PrintHelp(char *progname) { + fprintf(stderr, + "Verified boot key block utility\n" + "\n" + "Usage: %s <--pack|--unpack> <file> [OPTIONS]\n" + "\n" + "For '--pack <file>', required OPTIONS are:\n" + " --datapubkey <file> Data public key in .vbpubk format\n" + " --signprivate <file>" + " Signing private key in .vbprivk format\n" + "\n" + "Optional OPTIONS are:\n" + " --flags <number> Flags\n" + "\n" + "For '--unpack <file>', required OPTIONS are:\n" + " --signpubkey <file> Signing public key in .vbpubk format\n" + "Optional OPTIONS are:\n" + " --datapubkey <file> Data public key output file\n", + progname); return 1; } /* Pack a .keyblock */ static int Pack(const char* outfile, const char* datapubkey, - const char* signprivate, uint64_t algorithm, - uint64_t flags) { + const char* signprivate, uint64_t flags) { VbPublicKey* data_key; VbPrivateKey* signing_key; VbKeyBlockHeader* block; @@ -83,17 +76,13 @@ static int Pack(const char* outfile, const char* datapubkey, fprintf(stderr, "vbutil_keyblock: Must specify all keys\n"); return 1; } - if (algorithm >= kNumAlgorithms) { - fprintf(stderr, "Invalid algorithm\n"); - return 1; - } data_key = PublicKeyRead(datapubkey); if (!data_key) { fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); return 1; } - signing_key = PrivateKeyReadPem(signprivate, algorithm); + signing_key = PrivateKeyRead(signprivate); if (!signing_key) { fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); return 1; @@ -168,12 +157,17 @@ int main(int argc, char* argv[]) { char* signpubkey = NULL; char* signprivate = NULL; uint64_t flags = 0; - uint64_t algorithm = kNumAlgorithms; int mode = 0; int parse_error = 0; char* e; int i; + char *progname = strrchr(argv[0], '/'); + if (progname) + progname++; + else + progname = argv[0]; + while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { switch (i) { case '?': @@ -200,14 +194,6 @@ int main(int argc, char* argv[]) { signprivate = optarg; break; - case OPT_ALGORITHM: - algorithm = strtoul(optarg, &e, 0); - if (!*optarg || (e && *e)) { - printf("Invalid --algorithm\n"); - parse_error = 1; - } - break; - case OPT_FLAGS: flags = strtoul(optarg, &e, 0); if (!*optarg || (e && *e)) { @@ -219,15 +205,15 @@ int main(int argc, char* argv[]) { } if (parse_error) - return PrintHelp(); + return PrintHelp(progname); switch(mode) { case OPT_MODE_PACK: - return Pack(filename, datapubkey, signprivate, algorithm, flags); + return Pack(filename, datapubkey, signprivate, flags); case OPT_MODE_UNPACK: return Unpack(filename, datapubkey, signpubkey); default: printf("Must specify a mode.\n"); - return PrintHelp(); + return PrintHelp(progname); } } |