added password parameter for using encrypted keys

Added password parameter for using encrypted keys.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

README

@@ -1,8 +1,17 @@
 
 1. Generate private key
 
+# plain key
 openssl genrsa -out privkey_evm.pem 1024
 
+# encrypted key
+openssl genrsa -des3 -out privkey_evm.pem 1024
+
+# set password for the key
+openssl rsa -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem -des3
+or
+openssl pkcs8 -topk8 -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem
+
 2. Generate public key
 
 openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem

src/evmctl.c

@@ -150,6 +150,7 @@ static int		digest = 0;
 static int		digsig = 0;
 static char		*hash_algo = "sha1";
 static int		binkey = 0;
+static char		*keypass;
 
 extern struct command	cmds[];
 static void print_usage(struct command *cmd);
@@ -330,7 +331,7 @@ static int sign_hash(const unsigned char *hash, int size, const char *keyfile, u
 		log_errno("Unable to open keyfile %s", keyfile);
 		return -1;
 	}
-	key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, NULL);
+	key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, keypass);
 	fclose(fp);
 	if (!key1) {
 		log_errno("RSAPrivateKey() failed");
@@ -1167,6 +1168,7 @@ static struct option  opts[] = {
 	{"imahash", 0, 0, 'd'},
 	{"hashalgo", 1, 0, 'a'},
 	{"bin", 0, 0, 'b'},
+	{"pass", 1, 0, 'p'},
 	{}
 
 };
@@ -1179,7 +1181,7 @@ int main(int argc, char *argv[])
 	g_argc = argc;
 
 	while (1) {
-		c = getopt_long(argc, argv, "hk:vnsda:b", opts, &lind);
+		c = getopt_long(argc, argv, "hk:vnsda:bp:", opts, &lind);
 		if (c == -1)
 			break;
 			
@@ -1209,6 +1211,9 @@ int main(int argc, char *argv[])
 		case 'b':
 			binkey = 1;
 			break;
+		case 'p':
+			keypass = optarg;
+			break;
 		case '?':
 			exit(1);
 			break;