From f7559e4b4652134b1e15de3ce31ee50a3de00f69 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Thu, 23 Jun 2016 13:45:59 -0700 Subject: futility: Use vboot 2.0 APIs for public keys This replaces calls to the old vboot 1 APIs with their vboot 2.0 equivalents. BUG=chromium:611535 BRANCH=none TEST=make runtests Change-Id: Ieb1a127577c6428c47ac088c3aaa0d0dad6275a8 Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/356541 Reviewed-by: Daisuke Nojiri --- futility/cmd_sign.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'futility/cmd_sign.c') diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 3ff6ddac..0792081e 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -78,22 +78,22 @@ int ft_sign_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data) sign_option.flags, sign_option.pem_external); } else { - sign_option.signprivate2 = vb2_read_private_key_pem( + sign_option.signprivate = vb2_read_private_key_pem( sign_option.pem_signpriv, sign_option.pem_algo); - if (!sign_option.signprivate2) { + if (!sign_option.signprivate) { fprintf(stderr, "Unable to read PEM signing key: %s\n", strerror(errno)); return 1; } block = vb2_create_keyblock(data_key, - sign_option.signprivate2, + sign_option.signprivate, sign_option.flags); } } else { /* Not PEM. Should already have a signing key. */ - block = vb2_create_keyblock(data_key, sign_option.signprivate2, + block = vb2_create_keyblock(data_key, sign_option.signprivate, sign_option.flags); } @@ -130,7 +130,7 @@ int ft_sign_raw_kernel(const char *name, uint8_t *buf, uint32_t len, sign_option.version, sign_option.kloadaddr, sign_option.keyblock, - sign_option.signprivate2, + sign_option.signprivate, sign_option.flags, &vblock_size); if (!vblock_data) { fprintf(stderr, "Unable to sign kernel blob\n"); @@ -217,7 +217,7 @@ int ft_sign_kern_preamble(const char *name, uint8_t *buf, uint32_t len, sign_option.version, sign_option.kloadaddr, keyblock, - sign_option.signprivate2, + sign_option.signprivate, sign_option.flags, &vblock_size); if (!vblock_data) { @@ -255,7 +255,7 @@ int ft_sign_raw_firmware(const char *name, uint8_t *buf, uint32_t len, struct vb2_fw_preamble *preamble; int rv; - body_sig = vb2_calculate_signature(buf, len, sign_option.signprivate2); + body_sig = vb2_calculate_signature(buf, len, sign_option.signprivate); if (!body_sig) { fprintf(stderr, "Error calculating body signature\n"); return 1; @@ -265,7 +265,7 @@ int ft_sign_raw_firmware(const char *name, uint8_t *buf, uint32_t len, sign_option.version, (struct vb2_packed_key *)sign_option.kernel_subkey, body_sig, - sign_option.signprivate2, + sign_option.signprivate, sign_option.flags); if (!preamble) { fprintf(stderr, "Error creating firmware preamble.\n"); @@ -654,8 +654,8 @@ static int do_sign(int argc, char *argv[]) &longindex)) != -1) { switch (i) { case 's': - sign_option.signprivate2 = vb2_read_private_key(optarg); - if (!sign_option.signprivate2) { + sign_option.signprivate = vb2_read_private_key(optarg); + if (!sign_option.signprivate) { fprintf(stderr, "Error reading %s\n", optarg); errorcnt++; } @@ -668,7 +668,7 @@ static int do_sign(int argc, char *argv[]) } break; case 'k': - sign_option.kernel_subkey = PublicKeyRead(optarg); + sign_option.kernel_subkey = vb2_read_packed_key(optarg); if (!sign_option.kernel_subkey) { fprintf(stderr, "Error reading %s\n", optarg); errorcnt++; @@ -908,13 +908,13 @@ static int do_sign(int argc, char *argv[]) switch (sign_option.type) { case FILE_TYPE_PUBKEY: sign_option.create_new_outfile = 1; - if (sign_option.signprivate2 && sign_option.pem_signpriv) { + if (sign_option.signprivate && sign_option.pem_signpriv) { fprintf(stderr, "Only one of --signprivate and --pem_signpriv" " can be specified\n"); errorcnt++; } - if ((sign_option.signprivate2 && + if ((sign_option.signprivate && sign_option.pem_algo_specified) || (sign_option.pem_signpriv && !sign_option.pem_algo_specified)) { @@ -932,18 +932,18 @@ static int do_sign(int argc, char *argv[]) break; case FILE_TYPE_BIOS_IMAGE: case FILE_TYPE_OLD_BIOS_IMAGE: - errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.kernel_subkey, "kernelkey"); break; case FILE_TYPE_KERN_PREAMBLE: - errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); if (sign_option.vblockonly || sign_option.inout_file_count > 1) sign_option.create_new_outfile = 1; break; case FILE_TYPE_RAW_FIRMWARE: sign_option.create_new_outfile = 1; - errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.kernel_subkey, "kernelkey"); errorcnt += no_opt_if(!sign_option.version_specified, @@ -951,7 +951,7 @@ static int do_sign(int argc, char *argv[]) break; case FILE_TYPE_RAW_KERNEL: sign_option.create_new_outfile = 1; - errorcnt += no_opt_if(!sign_option.signprivate2, "signprivate"); + errorcnt += no_opt_if(!sign_option.signprivate, "signprivate"); errorcnt += no_opt_if(!sign_option.keyblock, "keyblock"); errorcnt += no_opt_if(!sign_option.version_specified, "version"); @@ -1044,8 +1044,8 @@ done: strerror(errno)); } - if (sign_option.signprivate2) - free(sign_option.signprivate2); + if (sign_option.signprivate) + free(sign_option.signprivate); if (sign_option.keyblock) free(sign_option.keyblock); if (sign_option.kernel_subkey) -- cgit v1.2.1