mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 3/5] rsatoc: support extracting RSA public key from X.509 SPKI format
Date: Thu, 21 Sep 2023 12:23:08 +0200	[thread overview]
Message-ID: <20230921102310.1108543-4-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20230921102310.1108543-1-a.fatoum@pengutronix.de>

In addition to PKCS#11 URIs, rsatoc supports extracting RSA public keys
out of x.509 PEM certificats, which is a base64-encoded format that begins
with the header `-----BEGIN CERTIFICATE-----'.

Another popular format for RSA public keys is the X.509 SPKI format,
which starts with the header `-----BEGIN PUBLIC KEY-----'. As public
keys are the only thing rsatoc is interested in, add support for the latter
as well.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 scripts/rsatoc.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
index d7f6dad7f01e..f5b0ba27f9bc 100644
--- a/scripts/rsatoc.c
+++ b/scripts/rsatoc.c
@@ -58,17 +58,21 @@ static int rsa_pem_get_pub_key(const char *path, RSA **rsap)
 	/* Read the certificate */
 	cert = NULL;
 	if (!PEM_read_X509(f, &cert, NULL, NULL)) {
-		rsa_err("Couldn't read certificate");
-		ret = -EINVAL;
-		goto err_cert;
-	}
-
-	/* Get the public key from the certificate. */
-	key = X509_get_pubkey(cert);
-	if (!key) {
-		rsa_err("Couldn't read public key\n");
-		ret = -EINVAL;
-		goto err_pubkey;
+		rewind(f);
+		key = PEM_read_PUBKEY(f, NULL, NULL, NULL);
+		if (!key) {
+			rsa_err("Couldn't read certificate");
+			ret = -EINVAL;
+			goto err_cert;
+		}
+	} else {
+		/* Get the public key from the certificate. */
+		key = X509_get_pubkey(cert);
+		if (!key) {
+			rsa_err("Couldn't read public key\n");
+			ret = -EINVAL;
+			goto err_pubkey;
+		}
 	}
 
 	/* Convert to a RSA_style key. */
-- 
2.39.2




  parent reply	other threads:[~2023-09-21 10:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-21 10:23 [PATCH 0/5] rsatoc: make useful for standalone RSA keys Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 1/5] rsa: escape pkcs11 string passed to RSA command Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 2/5] scripts: allow user to build rsatoc if COMPILE_HOST_TOOLS Ahmad Fatoum
2023-09-21 10:23 ` Ahmad Fatoum [this message]
2023-09-21 10:23 ` [PATCH 4/5] rsa: fix typos and missing type definitions Ahmad Fatoum
2023-09-21 10:23 ` [PATCH 5/5] rsatoc: support generating standalone keys unreferenced by FIT keyring Ahmad Fatoum
2023-09-21 12:32 ` [PATCH 0/5] rsatoc: make useful for standalone RSA keys Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230921102310.1108543-4-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox