OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Verified boot key block utility | 5 * Verified boot key block utility |
6 */ | 6 */ |
7 | 7 |
8 #include <getopt.h> | 8 #include <getopt.h> |
9 #include <inttypes.h> /* For PRIu64 */ | 9 #include <inttypes.h> /* For PRIu64 */ |
10 #include <stdio.h> | 10 #include <stdio.h> |
11 #include <stdlib.h> | 11 #include <stdlib.h> |
| 12 #include <string.h> |
12 | 13 |
13 #include "cryptolib.h" | 14 #include "cryptolib.h" |
14 #include "host_common.h" | 15 #include "host_common.h" |
15 #include "vboot_common.h" | 16 #include "vboot_common.h" |
16 | 17 |
17 | 18 |
18 /* Command line options */ | 19 /* Command line options */ |
19 enum { | 20 enum { |
20 OPT_MODE_PACK = 1000, | 21 OPT_MODE_PACK = 1000, |
21 OPT_MODE_UNPACK, | 22 OPT_MODE_UNPACK, |
22 OPT_DATAPUBKEY, | 23 OPT_DATAPUBKEY, |
23 OPT_SIGNPUBKEY, | 24 OPT_SIGNPUBKEY, |
24 OPT_SIGNPRIVATE, | 25 OPT_SIGNPRIVATE, |
25 OPT_ALGORITHM, | |
26 OPT_FLAGS, | 26 OPT_FLAGS, |
27 }; | 27 }; |
28 | 28 |
29 static struct option long_opts[] = { | 29 static struct option long_opts[] = { |
30 {"pack", 1, 0, OPT_MODE_PACK }, | 30 {"pack", 1, 0, OPT_MODE_PACK }, |
31 {"unpack", 1, 0, OPT_MODE_UNPACK }, | 31 {"unpack", 1, 0, OPT_MODE_UNPACK }, |
32 {"datapubkey", 1, 0, OPT_DATAPUBKEY }, | 32 {"datapubkey", 1, 0, OPT_DATAPUBKEY }, |
33 {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, | 33 {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, |
34 {"signprivate", 1, 0, OPT_SIGNPRIVATE }, | 34 {"signprivate", 1, 0, OPT_SIGNPRIVATE }, |
35 {"algorithm", 1, 0, OPT_ALGORITHM }, | |
36 {"flags", 1, 0, OPT_FLAGS }, | 35 {"flags", 1, 0, OPT_FLAGS }, |
37 {NULL, 0, 0, 0} | 36 {NULL, 0, 0, 0} |
38 }; | 37 }; |
39 | 38 |
40 | 39 |
41 /* Print help and return error */ | 40 /* Print help and return error */ |
42 static int PrintHelp(void) { | 41 static int PrintHelp(char *progname) { |
43 int i; | 42 fprintf(stderr, |
44 | 43 "Verified boot key block utility\n" |
45 puts("vbutil_keyblock - Verified boot key block utility\n" | 44 "\n" |
46 "\n" | 45 "Usage: %s <--pack|--unpack> <file> [OPTIONS]\n" |
47 "Usage: vbutil_keyblock <--pack|--unpack> <file> [OPTIONS]\n" | 46 "\n" |
48 "\n" | 47 "For '--pack <file>', required OPTIONS are:\n" |
49 "For '--pack <file>', required OPTIONS are:\n" | 48 " --datapubkey <file> Data public key in .vbpubk format\n" |
50 " --datapubkey <file> Data public key in .vbpubk format\n" | 49 " --signprivate <file>" |
51 " --signprivate <file> Signing private key in .pem format\n" | 50 " Signing private key in .vbprivk format\n" |
52 " --algorithm <algoid> Signing algorithm for key, one of:"); | 51 "\n" |
53 | 52 "Optional OPTIONS are:\n" |
54 for (i = 0; i < kNumAlgorithms; i++) | 53 " --flags <number> Flags\n" |
55 printf(" %d (%s)\n", i, algo_strings[i]); | 54 "\n" |
56 | 55 "For '--unpack <file>', required OPTIONS are:\n" |
57 puts("\n" | 56 " --signpubkey <file> Signing public key in .vbpubk format\n" |
58 "Optional OPTIONS are:\n" | 57 "Optional OPTIONS are:\n" |
59 " --flags <number> Flags\n" | 58 " --datapubkey <file> Data public key output file\n", |
60 "\n" | 59 progname); |
61 "For '--unpack <file>', required OPTIONS are:\n" | |
62 " --signpubkey <file> Signing public key in .vbpubk format\n" | |
63 "Optional OPTIONS are:\n" | |
64 " --datapubkey <file> Data public key output file\n" | |
65 ""); | |
66 return 1; | 60 return 1; |
67 } | 61 } |
68 | 62 |
69 | 63 |
70 /* Pack a .keyblock */ | 64 /* Pack a .keyblock */ |
71 static int Pack(const char* outfile, const char* datapubkey, | 65 static int Pack(const char* outfile, const char* datapubkey, |
72 const char* signprivate, uint64_t algorithm, | 66 const char* signprivate, uint64_t flags) { |
73 uint64_t flags) { | |
74 VbPublicKey* data_key; | 67 VbPublicKey* data_key; |
75 VbPrivateKey* signing_key; | 68 VbPrivateKey* signing_key; |
76 VbKeyBlockHeader* block; | 69 VbKeyBlockHeader* block; |
77 | 70 |
78 if (!outfile) { | 71 if (!outfile) { |
79 fprintf(stderr, "vbutil_keyblock: Must specify output filename\n"); | 72 fprintf(stderr, "vbutil_keyblock: Must specify output filename\n"); |
80 return 1; | 73 return 1; |
81 } | 74 } |
82 if (!datapubkey || !signprivate) { | 75 if (!datapubkey || !signprivate) { |
83 fprintf(stderr, "vbutil_keyblock: Must specify all keys\n"); | 76 fprintf(stderr, "vbutil_keyblock: Must specify all keys\n"); |
84 return 1; | 77 return 1; |
85 } | 78 } |
86 if (algorithm >= kNumAlgorithms) { | |
87 fprintf(stderr, "Invalid algorithm\n"); | |
88 return 1; | |
89 } | |
90 | 79 |
91 data_key = PublicKeyRead(datapubkey); | 80 data_key = PublicKeyRead(datapubkey); |
92 if (!data_key) { | 81 if (!data_key) { |
93 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); | 82 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); |
94 return 1; | 83 return 1; |
95 } | 84 } |
96 signing_key = PrivateKeyReadPem(signprivate, algorithm); | 85 signing_key = PrivateKeyRead(signprivate); |
97 if (!signing_key) { | 86 if (!signing_key) { |
98 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); | 87 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); |
99 return 1; | 88 return 1; |
100 } | 89 } |
101 | 90 |
102 block = KeyBlockCreate(data_key, signing_key, flags); | 91 block = KeyBlockCreate(data_key, signing_key, flags); |
103 Free(data_key); | 92 Free(data_key); |
104 Free(signing_key); | 93 Free(signing_key); |
105 | 94 |
106 if (0 != KeyBlockWrite(outfile, block)) { | 95 if (0 != KeyBlockWrite(outfile, block)) { |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 } | 150 } |
162 | 151 |
163 | 152 |
164 int main(int argc, char* argv[]) { | 153 int main(int argc, char* argv[]) { |
165 | 154 |
166 char* filename = NULL; | 155 char* filename = NULL; |
167 char* datapubkey = NULL; | 156 char* datapubkey = NULL; |
168 char* signpubkey = NULL; | 157 char* signpubkey = NULL; |
169 char* signprivate = NULL; | 158 char* signprivate = NULL; |
170 uint64_t flags = 0; | 159 uint64_t flags = 0; |
171 uint64_t algorithm = kNumAlgorithms; | |
172 int mode = 0; | 160 int mode = 0; |
173 int parse_error = 0; | 161 int parse_error = 0; |
174 char* e; | 162 char* e; |
175 int i; | 163 int i; |
176 | 164 |
| 165 char *progname = strrchr(argv[0], '/'); |
| 166 if (progname) |
| 167 progname++; |
| 168 else |
| 169 progname = argv[0]; |
| 170 |
177 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { | 171 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { |
178 switch (i) { | 172 switch (i) { |
179 case '?': | 173 case '?': |
180 /* Unhandled option */ | 174 /* Unhandled option */ |
181 printf("Unknown option\n"); | 175 printf("Unknown option\n"); |
182 parse_error = 1; | 176 parse_error = 1; |
183 break; | 177 break; |
184 | 178 |
185 case OPT_MODE_PACK: | 179 case OPT_MODE_PACK: |
186 case OPT_MODE_UNPACK: | 180 case OPT_MODE_UNPACK: |
187 mode = i; | 181 mode = i; |
188 filename = optarg; | 182 filename = optarg; |
189 break; | 183 break; |
190 | 184 |
191 case OPT_DATAPUBKEY: | 185 case OPT_DATAPUBKEY: |
192 datapubkey = optarg; | 186 datapubkey = optarg; |
193 break; | 187 break; |
194 | 188 |
195 case OPT_SIGNPUBKEY: | 189 case OPT_SIGNPUBKEY: |
196 signpubkey = optarg; | 190 signpubkey = optarg; |
197 break; | 191 break; |
198 | 192 |
199 case OPT_SIGNPRIVATE: | 193 case OPT_SIGNPRIVATE: |
200 signprivate = optarg; | 194 signprivate = optarg; |
201 break; | 195 break; |
202 | 196 |
203 case OPT_ALGORITHM: | |
204 algorithm = strtoul(optarg, &e, 0); | |
205 if (!*optarg || (e && *e)) { | |
206 printf("Invalid --algorithm\n"); | |
207 parse_error = 1; | |
208 } | |
209 break; | |
210 | |
211 case OPT_FLAGS: | 197 case OPT_FLAGS: |
212 flags = strtoul(optarg, &e, 0); | 198 flags = strtoul(optarg, &e, 0); |
213 if (!*optarg || (e && *e)) { | 199 if (!*optarg || (e && *e)) { |
214 printf("Invalid --flags\n"); | 200 printf("Invalid --flags\n"); |
215 parse_error = 1; | 201 parse_error = 1; |
216 } | 202 } |
217 break; | 203 break; |
218 } | 204 } |
219 } | 205 } |
220 | 206 |
221 if (parse_error) | 207 if (parse_error) |
222 return PrintHelp(); | 208 return PrintHelp(progname); |
223 | 209 |
224 switch(mode) { | 210 switch(mode) { |
225 case OPT_MODE_PACK: | 211 case OPT_MODE_PACK: |
226 return Pack(filename, datapubkey, signprivate, algorithm, flags); | 212 return Pack(filename, datapubkey, signprivate, flags); |
227 case OPT_MODE_UNPACK: | 213 case OPT_MODE_UNPACK: |
228 return Unpack(filename, datapubkey, signpubkey); | 214 return Unpack(filename, datapubkey, signpubkey); |
229 default: | 215 default: |
230 printf("Must specify a mode.\n"); | 216 printf("Must specify a mode.\n"); |
231 return PrintHelp(); | 217 return PrintHelp(progname); |
232 } | 218 } |
233 } | 219 } |
OLD | NEW |