OLD | NEW |
---|---|
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Verified boot key utility | 5 * Verified boot key utility |
6 */ | 6 */ |
7 | 7 |
8 #include <getopt.h> | 8 #include <getopt.h> |
9 #include <inttypes.h> /* For PRIu64 */ | 9 #include <inttypes.h> /* For PRIu64 */ |
10 #include <stdarg.h> | |
10 #include <stdio.h> | 11 #include <stdio.h> |
11 #include <stdlib.h> | 12 #include <stdlib.h> |
13 #include <string.h> | |
12 | 14 |
13 #include "cryptolib.h" | 15 #include "cryptolib.h" |
14 #include "host_common.h" | 16 #include "host_common.h" |
15 #include "vboot_common.h" | 17 #include "vboot_common.h" |
16 | 18 |
17 | 19 |
18 /* Command line options */ | 20 /* Command line options */ |
19 enum { | 21 enum { |
20 OPT_IN = 1000, | 22 OPT_INKEY = 1000, |
21 OPT_OUT, | |
22 OPT_KEY_VERSION, | 23 OPT_KEY_VERSION, |
23 OPT_ALGORITHM, | 24 OPT_ALGORITHM, |
24 OPT_MODE_PACK, | 25 OPT_MODE_PACK, |
25 OPT_MODE_UNPACK, | 26 OPT_MODE_UNPACK, |
26 }; | 27 }; |
27 | 28 |
28 static struct option long_opts[] = { | 29 static struct option long_opts[] = { |
29 {"in", 1, 0, OPT_IN }, | 30 {"key", 1, 0, OPT_INKEY }, |
30 {"out", 1, 0, OPT_OUT }, | |
31 {"version", 1, 0, OPT_KEY_VERSION }, | 31 {"version", 1, 0, OPT_KEY_VERSION }, |
32 {"algorithm", 1, 0, OPT_ALGORITHM }, | 32 {"algorithm", 1, 0, OPT_ALGORITHM }, |
33 {"pack", 0, 0, OPT_MODE_PACK }, | 33 {"pack", 1, 0, OPT_MODE_PACK }, |
34 {"unpack", 0, 0, OPT_MODE_UNPACK }, | 34 {"unpack", 1, 0, OPT_MODE_UNPACK }, |
35 {NULL, 0, 0, 0} | 35 {NULL, 0, 0, 0} |
36 }; | 36 }; |
37 | 37 |
38 | 38 |
39 /* Print help and return error */ | 39 /* Print help and return error */ |
40 static int PrintHelp(void) { | 40 static int PrintHelp(char *progname) { |
41 int i; | 41 int i; |
42 | 42 |
43 puts("vbutil_key - Verified boot key utility\n" | 43 fprintf(stderr, |
44 "\n" | 44 "This program wraps RSA keys with verified boot headers\n"); |
45 "Usage: vbutil_key <--pack|--unpack> [OPTIONS]\n" | 45 fprintf(stderr, |
46 "\n" | 46 "\n" |
47 "For '--pack', required OPTIONS are:\n" | 47 "Usage: %s --pack <outfile> [PARAMETERS]\n" |
48 " --in <infile> Input key in .keyb format\n" | 48 "\n" |
49 " --out <outfile> Output file for .vbpubk format\n" | 49 " Required parameters:\n" |
50 " --version <number> Key version number\n" | 50 " --key <infile> RSA key file (.keyb or .pem)\n" |
51 " --algorithm <algoid> Signing algorithm for key, one of:"); | 51 " --version <number> Key version number " |
52 "(required for .keyb, ignored for .pem)\n" | |
53 " --algorithm <number> Signing algorithm to use with key:\n" , | |
54 progname); | |
52 | 55 |
53 for (i = 0; i < kNumAlgorithms; i++) | 56 for (i = 0; i < kNumAlgorithms; i++) { |
54 printf(" %d (%s)\n", i, algo_strings[i]); | 57 fprintf(stderr, |
58 " %d = (%s)\n", | |
59 i, algo_strings[i]); | |
60 } | |
55 | 61 |
56 puts("\n" | 62 fprintf(stderr, |
57 "For '--unpack', required OPTIONS are:\n" | 63 "\nOR\n\n" |
58 " --in <infile> Input key in .vbpubk format\n" | 64 "Usage: %s --unpack <infile>\n" |
59 "Optional OPTIONS are:\n" | 65 "\n", |
60 " --out <outfile> Output file for .keyb format\n" | 66 progname); |
61 ""); | 67 |
62 return 1; | 68 return 1; |
63 } | 69 } |
64 | 70 |
65 | |
66 /* Pack a .keyb file into a .vbpubk */ | 71 /* Pack a .keyb file into a .vbpubk */ |
Randall Spangler
2010/07/01 16:10:01
or a .pem into a .vbprivk
| |
67 static int Pack(const char *infile, const char *outfile, uint64_t algorithm, | 72 static int Pack(const char *infile, const char *outfile, uint64_t algorithm, |
68 uint64_t version) { | 73 uint64_t version) { |
69 VbPublicKey* key; | 74 VbPublicKey* pubkey; |
75 VbPrivateKey* privkey; | |
70 | 76 |
71 if (!infile || !outfile) { | 77 if (!infile || !outfile) { |
72 fprintf(stderr, "vbutil_key: Must specify --in and --out\n"); | 78 fprintf(stderr, "vbutil_key: Must specify --in and --out\n"); |
73 return 1; | 79 return 1; |
74 } | 80 } |
75 | 81 |
76 key = PublicKeyReadKeyb(infile, algorithm, version); | 82 if ((pubkey = PublicKeyReadKeyb(infile, algorithm, version))) { |
77 if (!key) { | 83 if (0 != PublicKeyWrite(outfile, pubkey)) { |
78 fprintf(stderr, "vbutil_key: Error reading key.\n"); | 84 fprintf(stderr, "vbutil_key: Error writing key.\n"); |
79 return 1; | 85 return 1; |
86 } | |
87 Free(pubkey); | |
88 return 0; | |
80 } | 89 } |
81 | 90 |
82 if (0 != PublicKeyWrite(outfile, key)) { | 91 if ((privkey = PrivateKeyReadPem(infile, algorithm))) { |
83 fprintf(stderr, "vbutil_key: Error writing key.\n"); | 92 if (0 != PrivateKeyWrite(outfile, privkey)) { |
84 return 1; | 93 fprintf(stderr, "vbutil_key: Error writing key.\n"); |
85 } | 94 return 1; |
95 } | |
96 Free(privkey); | |
97 return 0; | |
98 } | |
86 | 99 |
87 Free(key); | 100 error("Unable to parse either .keyb or .pem from %s\n", infile); |
88 return 0; | 101 return 1; |
89 } | 102 } |
90 | 103 |
91 | 104 |
92 /* Unpack a .vbpubk */ | 105 /* Unpack a .vbpubk */ |
Randall Spangler
2010/07/01 16:10:01
or .vbprivk
| |
93 static int Unpack(const char *infile, const char *outfile) { | 106 static int Unpack(const char *infile, const char *outfile) { |
94 VbPublicKey* key; | 107 VbPublicKey* pubkey; |
108 VbPrivateKey* privkey; | |
95 | 109 |
96 if (!infile) { | 110 if (!infile) { |
97 fprintf(stderr, "vbutil_key: Must specify --in\n"); | 111 fprintf(stderr, "Need file to unpack\n"); |
98 return 1; | 112 return 1; |
99 } | 113 } |
100 | 114 |
101 key = PublicKeyRead(infile); | 115 if ((pubkey = PublicKeyRead(infile))) { |
102 if (!key) { | 116 printf("Public Key file: %s\n", infile); |
103 fprintf(stderr, "vbutil_key: Error reading key.\n"); | 117 printf("Algorithm: %" PRIu64 " %s\n", pubkey->algorithm, |
104 return 1; | 118 (pubkey->algorithm < kNumAlgorithms ? |
119 algo_strings[pubkey->algorithm] : "(invalid)")); | |
120 printf("Key Version: %" PRIu64 "\n", pubkey->key_version); | |
121 Free(pubkey); | |
122 return 0; | |
105 } | 123 } |
106 | 124 |
107 printf("Key file: %s\n", infile); | 125 |
108 printf("Algorithm: %" PRIu64 " %s\n", key->algorithm, | 126 if ((privkey = PrivateKeyRead(infile))) { |
109 (key->algorithm < kNumAlgorithms ? | 127 printf("Private Key file: %s\n", infile); |
110 algo_strings[key->algorithm] : "(invalid)")); | 128 printf("Algorithm: %" PRIu64 " %s\n", privkey->algorithm, |
111 printf("Version: %" PRIu64 "\n", key->key_version); | 129 (privkey->algorithm < kNumAlgorithms ? |
130 algo_strings[privkey->algorithm] : "(invalid)")); | |
131 Free(privkey); | |
132 return 0; | |
133 } | |
134 | |
112 | 135 |
113 /* TODO: write key data, if any */ | 136 /* TODO: write key data, if any */ |
114 | 137 |
115 Free(key); | 138 error("Unable to parse either .vbpubk or vbprivk from %s\n", infile); |
116 return 0; | 139 return 1; |
117 } | 140 } |
118 | 141 |
119 | 142 |
120 int main(int argc, char* argv[]) { | 143 int main(int argc, char* argv[]) { |
121 | 144 |
122 char *infile = NULL; | 145 char *infile = NULL; |
123 char *outfile = NULL; | 146 char *outfile = NULL; |
124 int mode = 0; | 147 int mode = 0; |
125 int parse_error = 0; | 148 int parse_error = 0; |
126 uint64_t version = 1; | 149 uint64_t version = 1; |
127 uint64_t algorithm = kNumAlgorithms; | 150 uint64_t algorithm = kNumAlgorithms; |
128 char* e; | 151 char* e; |
129 int i; | 152 int i; |
130 | 153 |
154 char *progname = strrchr(argv[0], '/'); | |
155 if (progname) | |
156 progname++; | |
157 else | |
158 progname = argv[0]; | |
159 | |
131 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { | 160 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { |
132 switch (i) { | 161 switch (i) { |
133 case '?': | 162 case '?': |
134 /* Unhandled option */ | 163 /* Unhandled option */ |
135 printf("Unknown option\n"); | 164 error("Unknown option\n"); |
136 parse_error = 1; | 165 parse_error = 1; |
137 break; | 166 break; |
138 | 167 |
139 case OPT_IN: | 168 case OPT_INKEY: |
140 infile = optarg; | 169 infile = optarg; |
141 break; | 170 break; |
142 | 171 |
143 case OPT_OUT: | |
144 outfile = optarg; | |
145 break; | |
146 | |
147 case OPT_KEY_VERSION: | 172 case OPT_KEY_VERSION: |
148 version = strtoul(optarg, &e, 0); | 173 version = strtoul(optarg, &e, 0); |
149 if (!*optarg || (e && *e)) { | 174 if (!*optarg || (e && *e)) { |
150 printf("Invalid --version\n"); | 175 error("Invalid --version\n"); |
151 parse_error = 1; | 176 parse_error = 1; |
152 } | 177 } |
153 break; | 178 break; |
154 | 179 |
155 case OPT_ALGORITHM: | 180 case OPT_ALGORITHM: |
156 algorithm = strtoul(optarg, &e, 0); | 181 algorithm = strtoul(optarg, &e, 0); |
157 if (!*optarg || (e && *e)) { | 182 if (!*optarg || (e && *e)) { |
158 printf("Invalid --algorithm\n"); | 183 error("Invalid --algorithm\n"); |
159 parse_error = 1; | 184 parse_error = 1; |
160 } | 185 } |
161 break; | 186 break; |
162 | 187 |
163 case OPT_MODE_PACK: | 188 case OPT_MODE_PACK: |
189 mode = i; | |
190 outfile = optarg; | |
191 break; | |
192 | |
164 case OPT_MODE_UNPACK: | 193 case OPT_MODE_UNPACK: |
165 mode = i; | 194 mode = i; |
195 infile = optarg; | |
166 break; | 196 break; |
167 } | 197 } |
168 } | 198 } |
169 | 199 |
170 if (parse_error) | 200 if (parse_error) |
171 return PrintHelp(); | 201 return PrintHelp(progname); |
172 | 202 |
173 switch(mode) { | 203 switch(mode) { |
174 case OPT_MODE_PACK: | 204 case OPT_MODE_PACK: |
175 return Pack(infile, outfile, algorithm, version); | 205 return Pack(infile, outfile, algorithm, version); |
176 case OPT_MODE_UNPACK: | 206 case OPT_MODE_UNPACK: |
177 return Unpack(infile, outfile); | 207 return Unpack(infile, outfile); |
178 default: | 208 default: |
179 printf("Must specify a mode.\n"); | 209 printf("Must specify a mode.\n"); |
180 return PrintHelp(); | 210 return PrintHelp(progname); |
181 } | 211 } |
182 } | 212 } |
OLD | NEW |