aboutsummaryrefslogtreecommitdiff
path: root/utils/pkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'utils/pkey.c')
-rw-r--r--utils/pkey.c104
1 files changed, 66 insertions, 38 deletions
diff --git a/utils/pkey.c b/utils/pkey.c
index 76c1bf7..efd360d 100644
--- a/utils/pkey.c
+++ b/utils/pkey.c
@@ -62,8 +62,8 @@
* list [-t type]
* sign [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations]
* verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile]
- * export [-k keyname] [-K kekekfile] [-o outfile]
- * import [-K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]
+ * export [-k keyname] [-r (raw) | -K kekekfile] [-o outfile]
+ * import [-r (raw) | -K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]
* delete [-k keyname] ...
*/
@@ -166,7 +166,7 @@ static int file_write(const char * const fn, const void * const buf, const size_
if (fclose(fp) != 0)
lose("Error closing %s: %s\n", fn, strerror(errno));
- if (secret && chmod(fn, S_IRUSR) != 0)
+ if (secret && chmod(fn, S_IRUSR|S_IWUSR) != 0)
lose("Error chmod'ing %s: %s\n", fn, strerror(errno));
return 0;
@@ -799,6 +799,8 @@ done:
m, mlen, sig, &sig_len, sizeof(sig))) != HAL_OK) {
if (i > 0 && err == HAL_ERROR_HASHSIG_KEY_EXHAUSTED)
break;
+ else if (n == 1)
+ lose("Error signing: %s\n", hal_error_string(err));
else
lose("Error signing (%d): %s\n", i, hal_error_string(err));
}
@@ -923,14 +925,15 @@ fail:
static int pkey_export(int argc, char *argv[])
{
- char usage[] = "Usage: export [-k keyname] [-K kekekfile] [-o outfile]";
+ char usage[] = "Usage: export [-k keyname] [-r | -K kekekfile] [-o outfile]";
hal_pkey_handle_t kekek_handle = {HAL_HANDLE_NONE};
char *kekek_fn = NULL;
char *out_fn = NULL;
+ int raw = 0;
int opt;
- while ((opt = getopt(argc, argv, "-k:K:o:")) != -1) {
+ while ((opt = getopt(argc, argv, "-k:K:o:r")) != -1) {
switch (opt) {
case 1:
/* found the next command */
@@ -947,6 +950,9 @@ static int pkey_export(int argc, char *argv[])
case 'o':
out_fn = optarg;
break;
+ case 'r':
+ raw = 1;
+ break;
default:
puts(usage);
return -1;
@@ -960,7 +966,7 @@ done:
return -1;
}
- if (kekek_fn == NULL) {
+ if (!raw && kekek_fn == NULL) {
printf("export: missing kekek\n");
puts(usage);
return -1;
@@ -975,34 +981,43 @@ done:
out_fn = key_name;
}
- if (pkey_load(kekek_fn, &kekek_handle) != 0)
+ if (!raw && pkey_load(kekek_fn, &kekek_handle) != 0)
goto fail;
uint8_t der[HAL_KS_WRAPPED_KEYSIZE]; size_t der_len;
uint8_t kek[HAL_KS_WRAPPED_KEYSIZE]; size_t kek_len;
- if ((err = hal_rpc_pkey_export(key_handle, kekek_handle,
- der, &der_len, sizeof(der),
- kek, &kek_len, sizeof(kek))) != HAL_OK)
- lose("Error exporting private key: %s\n", hal_error_string(err));
+ if (!raw) {
+ if ((err = hal_rpc_pkey_export(key_handle, kekek_handle,
+ der, &der_len, sizeof(der),
+ kek, &kek_len, sizeof(kek))) != HAL_OK)
+ lose("Error exporting private key: %s\n", hal_error_string(err));
+ }
+ else {
+ if ((err = hal_rpc_pkey_export_raw(key_handle,
+ der, &der_len, sizeof(der))) != HAL_OK)
+ lose("Error exporting private key: %s\n", hal_error_string(err));
+ }
char fn[strlen(out_fn) + 5];
strcpy(fn, out_fn); strcat(fn, ".der");
if (file_write(fn, der, der_len, 1) != 0)
goto fail;
- strcpy(fn, out_fn); strcat(fn, ".kek");
- if (file_write(fn, kek, kek_len, 1) != 0)
- goto fail;
+ if (!raw) {
+ strcpy(fn, out_fn); strcat(fn, ".kek");
+ if (file_write(fn, kek, kek_len, 1) != 0)
+ goto fail;
- if ((err = hal_rpc_pkey_delete(kekek_handle)) != HAL_OK)
- lose("Could not delete key: %s\n", hal_error_string(err));
+ if ((err = hal_rpc_pkey_delete(kekek_handle)) != HAL_OK)
+ lose("Could not delete key: %s\n", hal_error_string(err));
+ }
}
return 0;
fail:
- if (kekek_handle.handle != HAL_HANDLE_NONE)
+ if (!raw && kekek_handle.handle != HAL_HANDLE_NONE)
(void)hal_rpc_pkey_delete(kekek_handle);
return -1;
@@ -1010,14 +1025,15 @@ fail:
static int pkey_import(int argc, char *argv[])
{
- char usage[] = "Usage: import [-K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]";
+ char usage[] = "Usage: import [-r | -K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]";
hal_pkey_handle_t kekek_handle = {HAL_HANDLE_NONE};
char *kekek_fn = NULL;
char *in_fn = NULL;
+ int raw = 0;
int opt;
- while ((opt = getopt(argc, argv, "-K:i:xv")) != -1) {
+ while ((opt = getopt(argc, argv, "-K:i:xvr")) != -1) {
switch (opt) {
case 1:
/* found the next command */
@@ -1036,6 +1052,9 @@ static int pkey_import(int argc, char *argv[])
case 'v':
flags &= ~HAL_KEY_FLAG_TOKEN;
break;
+ case 'r':
+ raw = 1;
+ break;
default:
puts(usage);
return -1;
@@ -1043,7 +1062,7 @@ static int pkey_import(int argc, char *argv[])
}
done:
- if (kekek_fn == NULL) {
+ if (!raw && kekek_fn == NULL) {
printf("export: missing kekek\n");
puts(usage);
return -1;
@@ -1055,10 +1074,11 @@ done:
return -1;
}
- if (pkey_load(kekek_fn, &kekek_handle) != 0)
+ if (!raw && pkey_load(kekek_fn, &kekek_handle) != 0)
goto fail;
{
+ hal_error_t err;
char fn[strlen(in_fn) + 5];
strcpy(fn, in_fn); strcat(fn, ".der");
size_t der_len = file_size(fn);
@@ -1068,36 +1088,44 @@ done:
if (file_read(fn, der, &der_len, sizeof(der)) != 0)
goto fail;
- strcpy(fn, in_fn); strcat(fn, ".kek");
- size_t kek_len = file_size(fn);
- if (kek_len == SIZE_MAX)
- goto fail;
- uint8_t kek[kek_len];
- if (file_read(fn, kek, &kek_len, sizeof(kek)) != 0)
- goto fail;
+ if (!raw) {
+ strcpy(fn, in_fn); strcat(fn, ".kek");
+ size_t kek_len = file_size(fn);
+ if (kek_len == SIZE_MAX)
+ goto fail;
+ uint8_t kek[kek_len];
+ if (file_read(fn, kek, &kek_len, sizeof(kek)) != 0)
+ goto fail;
- hal_error_t err;
- if ((err = hal_rpc_pkey_import(client, session,
- &key_handle, &key_uuid,
- kekek_handle,
- der, der_len,
- kek, kek_len,
- flags)) != HAL_OK)
- lose("Error importing private key: %s\n", hal_error_string(err));
+ if ((err = hal_rpc_pkey_import(client, session,
+ &key_handle, &key_uuid,
+ kekek_handle,
+ der, der_len,
+ kek, kek_len,
+ flags)) != HAL_OK)
+ lose("Error importing private key: %s\n", hal_error_string(err));
+ }
+ else {
+ if ((err = hal_rpc_pkey_import_raw(client, session,
+ &key_handle, &key_uuid,
+ der, der_len,
+ flags)) != HAL_OK)
+ lose("Error importing private key: %s\n", hal_error_string(err));
+ }
char name_str[HAL_UUID_TEXT_SIZE];
if ((err = hal_uuid_format(&key_uuid, name_str, sizeof(name_str))) != HAL_OK)
lose("Error formatting private key name: %s\n", hal_error_string(err));
printf("New private key name: %s\n", name_str);
- if ((err = hal_rpc_pkey_delete(kekek_handle)) != HAL_OK)
+ if (!raw && (err = hal_rpc_pkey_delete(kekek_handle)) != HAL_OK)
lose("Could not delete key: %s\n", hal_error_string(err));
}
return 0;
fail:
- if (kekek_handle.handle != HAL_HANDLE_NONE)
+ if (!raw && kekek_handle.handle != HAL_HANDLE_NONE)
(void)hal_rpc_pkey_delete(kekek_handle);
return -1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 03:02:18 +0000