diff options
author | Paul Selkirk <paul@psgd.org> | 2019-12-02 15:38:58 -0500 |
---|---|---|
committer | Paul Selkirk <paul@psgd.org> | 2019-12-02 15:38:58 -0500 |
commit | 4fd9d1186efed0de8e3ae1d1e2fa5a0e5c46c2fb (patch) | |
tree | 6ca093d7ca03ab8f179d23dc7fa9b001e377de65 /utils | |
parent | 323bc8ade3eae73174961bbf604257a1b099fe55 (diff) |
After some thought, I'd rather make raw export/import a sub-function of
key export/import (kekek = none, kek_len = 0), rather than separate RPCs.
Diffstat (limited to 'utils')
-rw-r--r-- | utils/pkey.c | 58 |
1 files changed, 18 insertions, 40 deletions
diff --git a/utils/pkey.c b/utils/pkey.c index efd360d..d1a8b07 100644 --- a/utils/pkey.c +++ b/utils/pkey.c @@ -62,7 +62,7 @@ * list [-t type] * sign [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations] * verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] - * export [-k keyname] [-r (raw) | -K kekekfile] [-o outfile] + * export [-k keyname] <-r (raw) | -K kekekfile> [-o outfile] * import [-r (raw) | -K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)] * delete [-k keyname] ... */ @@ -233,10 +233,7 @@ fail: static int pkey_load(const char * const fn, hal_pkey_handle_t *key_handle) { - size_t der_len = file_size(fn); - if (der_len == SIZE_MAX) - return -1; - uint8_t der[der_len]; + uint8_t der[HAL_KS_WRAPPED_KEYSIZE]; size_t der_len; if (file_read(fn, der, &der_len, sizeof(der)) == -1) return -1; @@ -925,7 +922,7 @@ fail: static int pkey_export(int argc, char *argv[]) { - char usage[] = "Usage: export [-k keyname] [-r | -K kekekfile] [-o outfile]"; + char usage[] = "Usage: export [-k keyname] <-r | -K kekekfile> [-o outfile]"; hal_pkey_handle_t kekek_handle = {HAL_HANDLE_NONE}; char *kekek_fn = NULL; @@ -987,17 +984,10 @@ done: uint8_t der[HAL_KS_WRAPPED_KEYSIZE]; size_t der_len; uint8_t kek[HAL_KS_WRAPPED_KEYSIZE]; size_t kek_len; - if (!raw) { - if ((err = hal_rpc_pkey_export(key_handle, kekek_handle, - der, &der_len, sizeof(der), - kek, &kek_len, sizeof(kek))) != HAL_OK) - lose("Error exporting private key: %s\n", hal_error_string(err)); - } - else { - if ((err = hal_rpc_pkey_export_raw(key_handle, - der, &der_len, sizeof(der))) != HAL_OK) - lose("Error exporting private key: %s\n", hal_error_string(err)); - } + if ((err = hal_rpc_pkey_export(key_handle, kekek_handle, + der, &der_len, sizeof(der), + kek, &kek_len, sizeof(kek))) != HAL_OK) + lose("Error exporting private key: %s\n", hal_error_string(err)); char fn[strlen(out_fn) + 5]; strcpy(fn, out_fn); strcat(fn, ".der"); @@ -1078,40 +1068,28 @@ done: goto fail; { + uint8_t der[HAL_KS_WRAPPED_KEYSIZE]; size_t der_len; + uint8_t kek[HAL_KS_WRAPPED_KEYSIZE]; size_t kek_len = 0; + hal_error_t err; char fn[strlen(in_fn) + 5]; strcpy(fn, in_fn); strcat(fn, ".der"); - size_t der_len = file_size(fn); - if (der_len == SIZE_MAX) - goto fail; - uint8_t der[der_len]; if (file_read(fn, der, &der_len, sizeof(der)) != 0) goto fail; if (!raw) { strcpy(fn, in_fn); strcat(fn, ".kek"); - size_t kek_len = file_size(fn); - if (kek_len == SIZE_MAX) - goto fail; - uint8_t kek[kek_len]; if (file_read(fn, kek, &kek_len, sizeof(kek)) != 0) goto fail; - - if ((err = hal_rpc_pkey_import(client, session, - &key_handle, &key_uuid, - kekek_handle, - der, der_len, - kek, kek_len, - flags)) != HAL_OK) - lose("Error importing private key: %s\n", hal_error_string(err)); } - else { - if ((err = hal_rpc_pkey_import_raw(client, session, - &key_handle, &key_uuid, - der, der_len, - flags)) != HAL_OK) - lose("Error importing private key: %s\n", hal_error_string(err)); - } + + if ((err = hal_rpc_pkey_import(client, session, + &key_handle, &key_uuid, + kekek_handle, + der, der_len, + kek, kek_len, + flags)) != HAL_OK) + lose("Error importing private key: %s\n", hal_error_string(err)); char name_str[HAL_UUID_TEXT_SIZE]; if ((err = hal_uuid_format(&key_uuid, name_str, sizeof(name_str))) != HAL_OK) |