[PATCH 4/6] commands: add keys command

[Sascha Hauer <s.hauer@pengutronix.de>]

Currently there is no way to show the keys built into the barebox
binary. The new keys command does exactly that. For each key it will
show the key name hint if exists and a sha256 hash over the public key.

The sha256 hash can be retrieved from the certificates or public key PEM
files with openssl commands:

openssl x509 -in crypto/fit-ecdsa-development.crt -pubkey -noout | openssl ec -pubin -inform PEM -outform DER | openssl dgst -sha256
cat ~/git/ptx-code-signing-dev/fit/fit-ecdsa-development.public-key | openssl ec -pubin -inform PEM -outform DER | openssl dgst -sha256

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 commands/Kconfig  |  7 +++++++
 commands/Makefile |  1 +
 commands/keys.c   | 30 ++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/commands/Kconfig b/commands/Kconfig
index 6c61bff1cd1220107f658a89bfade4cef7b5af23..34235865bdf5035f581ea82f4a4f9c174a80adce 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -2354,6 +2354,13 @@ config CMD_KEYSTORE
 	help
 	  keystore provides access to the barebox keystore.
 
+config CMD_KEYS
+	depends on CRYPTO_BUILTIN_KEYS
+	bool
+	prompt "keys"
+	help
+	  The keys command provides information about builtin public keys
+
 # end Security commands
 endmenu
 
diff --git a/commands/Makefile b/commands/Makefile
index 9247287ed53aa3bf06692744bf409e80bc832e7a..3222a02aac85ee7996ea7b52dd58dcb36bb71926 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -116,6 +116,7 @@ obj-$(CONFIG_CMD_LN)		+= ln.o
 obj-$(CONFIG_CMD_CLK)		+= clk.o
 obj-$(CONFIG_CMD_KALLSYMS)	+= kallsyms.o
 obj-$(CONFIG_CMD_KEYSTORE)	+= keystore.o
+obj-$(CONFIG_CMD_KEYS)		+= keys.o
 obj-$(CONFIG_CMD_TFTP)		+= tftp.o
 obj-$(CONFIG_CMD_FILETYPE)	+= filetype.o
 obj-$(CONFIG_CMD_BAREBOX_UPDATE)+= barebox-update.o
diff --git a/commands/keys.c b/commands/keys.c
new file mode 100644
index 0000000000000000000000000000000000000000..2d85e8124ff57ecc8ef7364f083b3439e3b958e4
--- /dev/null
+++ b/commands/keys.c
@@ -0,0 +1,30 @@
+#include <command.h>
+#include <stdio.h>
+#include <crypto/public_key.h>
+
+static int do_keys(int argc, char *argv[])
+{
+	const struct public_key *key;
+
+	for_each_public_key(key) {
+		printf("KEY: %*phN", key->hashlen, key->hash);
+
+		if (key->key_name_hint)
+			printf(" (%s)\n", key->key_name_hint);
+		else
+			printf("\n");
+	}
+
+	return 0;
+}
+
+BAREBOX_CMD_HELP_START(keys)
+BAREBOX_CMD_HELP_TEXT("Print informations about public keys")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(keys)
+        .cmd            = do_keys,
+        BAREBOX_CMD_DESC("Print informations about public keys")
+        BAREBOX_CMD_GROUP(CMD_GRP_CONSOLE)
+        BAREBOX_CMD_HELP(cmd_keys_help)
+BAREBOX_CMD_END

-- 
2.39.5