| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Verified boot key block utility | 5 * Verified boot key block utility |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include <getopt.h> | 8 #include <getopt.h> |
| 9 #include <inttypes.h> /* For PRIu64 */ | 9 #include <inttypes.h> /* For PRIu64 */ |
| 10 #include <stdio.h> | 10 #include <stdio.h> |
| 11 #include <stdlib.h> | 11 #include <stdlib.h> |
| 12 #include <string.h> |
| 12 | 13 |
| 13 #include "cryptolib.h" | 14 #include "cryptolib.h" |
| 14 #include "host_common.h" | 15 #include "host_common.h" |
| 15 #include "vboot_common.h" | 16 #include "vboot_common.h" |
| 16 | 17 |
| 17 | 18 |
| 18 /* Command line options */ | 19 /* Command line options */ |
| 19 enum { | 20 enum { |
| 20 OPT_MODE_PACK = 1000, | 21 OPT_MODE_PACK = 1000, |
| 21 OPT_MODE_UNPACK, | 22 OPT_MODE_UNPACK, |
| 22 OPT_DATAPUBKEY, | 23 OPT_DATAPUBKEY, |
| 23 OPT_SIGNPUBKEY, | 24 OPT_SIGNPUBKEY, |
| 24 OPT_SIGNPRIVATE, | 25 OPT_SIGNPRIVATE, |
| 25 OPT_ALGORITHM, | |
| 26 OPT_FLAGS, | 26 OPT_FLAGS, |
| 27 }; | 27 }; |
| 28 | 28 |
| 29 static struct option long_opts[] = { | 29 static struct option long_opts[] = { |
| 30 {"pack", 1, 0, OPT_MODE_PACK }, | 30 {"pack", 1, 0, OPT_MODE_PACK }, |
| 31 {"unpack", 1, 0, OPT_MODE_UNPACK }, | 31 {"unpack", 1, 0, OPT_MODE_UNPACK }, |
| 32 {"datapubkey", 1, 0, OPT_DATAPUBKEY }, | 32 {"datapubkey", 1, 0, OPT_DATAPUBKEY }, |
| 33 {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, | 33 {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, |
| 34 {"signprivate", 1, 0, OPT_SIGNPRIVATE }, | 34 {"signprivate", 1, 0, OPT_SIGNPRIVATE }, |
| 35 {"algorithm", 1, 0, OPT_ALGORITHM }, | |
| 36 {"flags", 1, 0, OPT_FLAGS }, | 35 {"flags", 1, 0, OPT_FLAGS }, |
| 37 {NULL, 0, 0, 0} | 36 {NULL, 0, 0, 0} |
| 38 }; | 37 }; |
| 39 | 38 |
| 40 | 39 |
| 41 /* Print help and return error */ | 40 /* Print help and return error */ |
| 42 static int PrintHelp(void) { | 41 static int PrintHelp(char *progname) { |
| 43 int i; | 42 fprintf(stderr, |
| 44 | 43 "Verified boot key block utility\n" |
| 45 puts("vbutil_keyblock - Verified boot key block utility\n" | 44 "\n" |
| 46 "\n" | 45 "Usage: %s <--pack|--unpack> <file> [OPTIONS]\n" |
| 47 "Usage: vbutil_keyblock <--pack|--unpack> <file> [OPTIONS]\n" | 46 "\n" |
| 48 "\n" | 47 "For '--pack <file>', required OPTIONS are:\n" |
| 49 "For '--pack <file>', required OPTIONS are:\n" | 48 " --datapubkey <file> Data public key in .vbpubk format\n" |
| 50 " --datapubkey <file> Data public key in .vbpubk format\n" | 49 " --signprivate <file>" |
| 51 " --signprivate <file> Signing private key in .pem format\n" | 50 " Signing private key in .vbprivk format\n" |
| 52 " --algorithm <algoid> Signing algorithm for key, one of:"); | 51 "\n" |
| 53 | 52 "Optional OPTIONS are:\n" |
| 54 for (i = 0; i < kNumAlgorithms; i++) | 53 " --flags <number> Flags\n" |
| 55 printf(" %d (%s)\n", i, algo_strings[i]); | 54 "\n" |
| 56 | 55 "For '--unpack <file>', required OPTIONS are:\n" |
| 57 puts("\n" | 56 " --signpubkey <file> Signing public key in .vbpubk format\n" |
| 58 "Optional OPTIONS are:\n" | 57 "Optional OPTIONS are:\n" |
| 59 " --flags <number> Flags\n" | 58 " --datapubkey <file> Data public key output file\n", |
| 60 "\n" | 59 progname); |
| 61 "For '--unpack <file>', required OPTIONS are:\n" | |
| 62 " --signpubkey <file> Signing public key in .vbpubk format\n" | |
| 63 "Optional OPTIONS are:\n" | |
| 64 " --datapubkey <file> Data public key output file\n" | |
| 65 ""); | |
| 66 return 1; | 60 return 1; |
| 67 } | 61 } |
| 68 | 62 |
| 69 | 63 |
| 70 /* Pack a .keyblock */ | 64 /* Pack a .keyblock */ |
| 71 static int Pack(const char* outfile, const char* datapubkey, | 65 static int Pack(const char* outfile, const char* datapubkey, |
| 72 const char* signprivate, uint64_t algorithm, | 66 const char* signprivate, uint64_t flags) { |
| 73 uint64_t flags) { | |
| 74 VbPublicKey* data_key; | 67 VbPublicKey* data_key; |
| 75 VbPrivateKey* signing_key; | 68 VbPrivateKey* signing_key; |
| 76 VbKeyBlockHeader* block; | 69 VbKeyBlockHeader* block; |
| 77 | 70 |
| 78 if (!outfile) { | 71 if (!outfile) { |
| 79 fprintf(stderr, "vbutil_keyblock: Must specify output filename\n"); | 72 fprintf(stderr, "vbutil_keyblock: Must specify output filename\n"); |
| 80 return 1; | 73 return 1; |
| 81 } | 74 } |
| 82 if (!datapubkey || !signprivate) { | 75 if (!datapubkey || !signprivate) { |
| 83 fprintf(stderr, "vbutil_keyblock: Must specify all keys\n"); | 76 fprintf(stderr, "vbutil_keyblock: Must specify all keys\n"); |
| 84 return 1; | 77 return 1; |
| 85 } | 78 } |
| 86 if (algorithm >= kNumAlgorithms) { | |
| 87 fprintf(stderr, "Invalid algorithm\n"); | |
| 88 return 1; | |
| 89 } | |
| 90 | 79 |
| 91 data_key = PublicKeyRead(datapubkey); | 80 data_key = PublicKeyRead(datapubkey); |
| 92 if (!data_key) { | 81 if (!data_key) { |
| 93 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); | 82 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); |
| 94 return 1; | 83 return 1; |
| 95 } | 84 } |
| 96 signing_key = PrivateKeyReadPem(signprivate, algorithm); | 85 signing_key = PrivateKeyRead(signprivate); |
| 97 if (!signing_key) { | 86 if (!signing_key) { |
| 98 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); | 87 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); |
| 99 return 1; | 88 return 1; |
| 100 } | 89 } |
| 101 | 90 |
| 102 block = KeyBlockCreate(data_key, signing_key, flags); | 91 block = KeyBlockCreate(data_key, signing_key, flags); |
| 103 Free(data_key); | 92 Free(data_key); |
| 104 Free(signing_key); | 93 Free(signing_key); |
| 105 | 94 |
| 106 if (0 != KeyBlockWrite(outfile, block)) { | 95 if (0 != KeyBlockWrite(outfile, block)) { |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 } | 150 } |
| 162 | 151 |
| 163 | 152 |
| 164 int main(int argc, char* argv[]) { | 153 int main(int argc, char* argv[]) { |
| 165 | 154 |
| 166 char* filename = NULL; | 155 char* filename = NULL; |
| 167 char* datapubkey = NULL; | 156 char* datapubkey = NULL; |
| 168 char* signpubkey = NULL; | 157 char* signpubkey = NULL; |
| 169 char* signprivate = NULL; | 158 char* signprivate = NULL; |
| 170 uint64_t flags = 0; | 159 uint64_t flags = 0; |
| 171 uint64_t algorithm = kNumAlgorithms; | |
| 172 int mode = 0; | 160 int mode = 0; |
| 173 int parse_error = 0; | 161 int parse_error = 0; |
| 174 char* e; | 162 char* e; |
| 175 int i; | 163 int i; |
| 176 | 164 |
| 165 char *progname = strrchr(argv[0], '/'); |
| 166 if (progname) |
| 167 progname++; |
| 168 else |
| 169 progname = argv[0]; |
| 170 |
| 177 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { | 171 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { |
| 178 switch (i) { | 172 switch (i) { |
| 179 case '?': | 173 case '?': |
| 180 /* Unhandled option */ | 174 /* Unhandled option */ |
| 181 printf("Unknown option\n"); | 175 printf("Unknown option\n"); |
| 182 parse_error = 1; | 176 parse_error = 1; |
| 183 break; | 177 break; |
| 184 | 178 |
| 185 case OPT_MODE_PACK: | 179 case OPT_MODE_PACK: |
| 186 case OPT_MODE_UNPACK: | 180 case OPT_MODE_UNPACK: |
| 187 mode = i; | 181 mode = i; |
| 188 filename = optarg; | 182 filename = optarg; |
| 189 break; | 183 break; |
| 190 | 184 |
| 191 case OPT_DATAPUBKEY: | 185 case OPT_DATAPUBKEY: |
| 192 datapubkey = optarg; | 186 datapubkey = optarg; |
| 193 break; | 187 break; |
| 194 | 188 |
| 195 case OPT_SIGNPUBKEY: | 189 case OPT_SIGNPUBKEY: |
| 196 signpubkey = optarg; | 190 signpubkey = optarg; |
| 197 break; | 191 break; |
| 198 | 192 |
| 199 case OPT_SIGNPRIVATE: | 193 case OPT_SIGNPRIVATE: |
| 200 signprivate = optarg; | 194 signprivate = optarg; |
| 201 break; | 195 break; |
| 202 | 196 |
| 203 case OPT_ALGORITHM: | |
| 204 algorithm = strtoul(optarg, &e, 0); | |
| 205 if (!*optarg || (e && *e)) { | |
| 206 printf("Invalid --algorithm\n"); | |
| 207 parse_error = 1; | |
| 208 } | |
| 209 break; | |
| 210 | |
| 211 case OPT_FLAGS: | 197 case OPT_FLAGS: |
| 212 flags = strtoul(optarg, &e, 0); | 198 flags = strtoul(optarg, &e, 0); |
| 213 if (!*optarg || (e && *e)) { | 199 if (!*optarg || (e && *e)) { |
| 214 printf("Invalid --flags\n"); | 200 printf("Invalid --flags\n"); |
| 215 parse_error = 1; | 201 parse_error = 1; |
| 216 } | 202 } |
| 217 break; | 203 break; |
| 218 } | 204 } |
| 219 } | 205 } |
| 220 | 206 |
| 221 if (parse_error) | 207 if (parse_error) |
| 222 return PrintHelp(); | 208 return PrintHelp(progname); |
| 223 | 209 |
| 224 switch(mode) { | 210 switch(mode) { |
| 225 case OPT_MODE_PACK: | 211 case OPT_MODE_PACK: |
| 226 return Pack(filename, datapubkey, signprivate, algorithm, flags); | 212 return Pack(filename, datapubkey, signprivate, flags); |
| 227 case OPT_MODE_UNPACK: | 213 case OPT_MODE_UNPACK: |
| 228 return Unpack(filename, datapubkey, signpubkey); | 214 return Unpack(filename, datapubkey, signpubkey); |
| 229 default: | 215 default: |
| 230 printf("Must specify a mode.\n"); | 216 printf("Must specify a mode.\n"); |
| 231 return PrintHelp(); | 217 return PrintHelp(progname); |
| 232 } | 218 } |
| 233 } | 219 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2871033:
Switch to using .vbprivk for signing everything now. (Closed)
Base URL: ssh://git@chromiumos-git//vboot_reference.git