Add --sumary and help for compatibility with old pin
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
83468f3028
commit
8c1524f1b9
|
@ -12,3 +12,4 @@ serde = "1.0"
|
||||||
biscuit = "0.5.0-beta2"
|
biscuit = "0.5.0-beta2"
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
base64 = "0.12.1"
|
base64 = "0.12.1"
|
||||||
|
atty = "0.2.14"
|
||||||
|
|
49
src/main.rs
49
src/main.rs
|
@ -17,6 +17,7 @@ use std::error::Error;
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
use std::fs;
|
use std::fs;
|
||||||
|
|
||||||
|
extern crate atty;
|
||||||
extern crate base64;
|
extern crate base64;
|
||||||
extern crate biscuit;
|
extern crate biscuit;
|
||||||
extern crate serde;
|
extern crate serde;
|
||||||
|
@ -720,15 +721,21 @@ impl TPM2Config {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// if ! tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context; then
|
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
enum ActionMode {
|
enum ActionMode {
|
||||||
Encrypt,
|
Encrypt,
|
||||||
Decrypt,
|
Decrypt,
|
||||||
|
Summary,
|
||||||
|
Help,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_mode_and_cfg(args: &[String]) -> Result<(ActionMode, Option<TPM2Config>), PinError> {
|
fn get_mode_and_cfg(args: &[String]) -> Result<(ActionMode, Option<TPM2Config>), PinError> {
|
||||||
|
if args.len() > 1 && args[1] == "--summary" {
|
||||||
|
return Ok((ActionMode::Summary, None))
|
||||||
|
}
|
||||||
|
if atty::is(atty::Stream::Stdin) {
|
||||||
|
return Ok((ActionMode::Help, None))
|
||||||
|
}
|
||||||
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() == 2 {
|
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() == 2 {
|
||||||
(ActionMode::Encrypt, Some(&args[1]))
|
(ActionMode::Encrypt, Some(&args[1]))
|
||||||
} else if args[0].contains("decrypt") {
|
} else if args[0].contains("decrypt") {
|
||||||
|
@ -1304,6 +1311,36 @@ fn read_input_token() -> Result<String, PinError> {
|
||||||
Ok(buffer)
|
Ok(buffer)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn print_summary() {
|
||||||
|
println!("Encrypts using a TPM2.0 chip binding policy");
|
||||||
|
}
|
||||||
|
|
||||||
|
fn print_help() {
|
||||||
|
eprintln!("
|
||||||
|
Usage: clevis encrypt tpm2 CONFIG < PLAINTEXT > JWE
|
||||||
|
|
||||||
|
Encrypts using a TPM2.0 chip binding policy
|
||||||
|
|
||||||
|
This command uses the following configuration properties:
|
||||||
|
|
||||||
|
hash: <string> Hash algorithm used in the computation of the object name (default: sha256)
|
||||||
|
|
||||||
|
key: <string> Algorithm type for the generated key (options: eecc, rsa; default: ecc)
|
||||||
|
|
||||||
|
pcr_bank: <string> PCR algorithm bank to use for policy (default: sha256)
|
||||||
|
|
||||||
|
pcr_ids: <string> PCR list used for policy. If not present, no PCR policy is used
|
||||||
|
|
||||||
|
policy_pubkey_path: <string> Path to the policy public key for authorized policy decryption
|
||||||
|
|
||||||
|
policy_ref: <string> Reference to search for in signed policy file
|
||||||
|
|
||||||
|
policy_path: <string> Path to the policy path to search for decryption policy
|
||||||
|
");
|
||||||
|
|
||||||
|
std::process::exit(2);
|
||||||
|
}
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
let args: Vec<String> = env::args().collect();
|
let args: Vec<String> = env::args().collect();
|
||||||
let (mode, cfg) = match get_mode_and_cfg(&args) {
|
let (mode, cfg) = match get_mode_and_cfg(&args) {
|
||||||
|
@ -1314,6 +1351,12 @@ fn main() {
|
||||||
Ok((mode, cfg)) => (mode, cfg),
|
Ok((mode, cfg)) => (mode, cfg),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
match mode {
|
||||||
|
ActionMode::Summary => return print_summary(),
|
||||||
|
ActionMode::Help => return print_help(),
|
||||||
|
_ => {},
|
||||||
|
};
|
||||||
|
|
||||||
let input = match read_input_token() {
|
let input = match read_input_token() {
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
eprintln!("Error getting input token: {}", e);
|
eprintln!("Error getting input token: {}", e);
|
||||||
|
@ -1325,6 +1368,8 @@ fn main() {
|
||||||
if let Err(e) = match mode {
|
if let Err(e) = match mode {
|
||||||
ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), &input),
|
ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), &input),
|
||||||
ActionMode::Decrypt => perform_decrypt(&input),
|
ActionMode::Decrypt => perform_decrypt(&input),
|
||||||
|
ActionMode::Summary => panic!("Summary was already handled supposedly"),
|
||||||
|
ActionMode::Help => panic!("Help was already handled supposedly"),
|
||||||
} {
|
} {
|
||||||
eprintln!("Error executing command: {}", e);
|
eprintln!("Error executing command: {}", e);
|
||||||
std::process::exit(2);
|
std::process::exit(2);
|
||||||
|
|
Loading…
Reference in a new issue