Mirrors/u-boot
1
0
Fork 0
mirror of https://source.denx.de/u-boot/u-boot.git synced 2026-06-02 09:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

lib/rsa: allow matching pkcs11 path by object id

Browse Source 
The object= part matches against the label that the pkcs11 token uses
for that object, but in some cases, specifically with a Yubikey using
ykcs11, where the keys have been imported, the labels differ between the
private and public keys [1], making the object= matching useless. These
keys will have the same id however, so matching against that works for
both the private and public part.

[1]: https://github.com/Yubico/yubico-piv-tool/blob/master/doc/YKCS11/Functions_and_values.adoc#key-alias-per-slot-and-object-type

Signed-off-by: Tobias Olausson <tobias@eub.se>
This commit is contained in:
Tobias Olausson
2025-06-26 08:54:20 +02:00
committed by Tom Rini
parent ebb2c9e550
commit 0707f73a8b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/rsa/rsa-sign.c
View File

@@ -122,7 +122,7 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
}
if (strstr(keydir, "object="))
if (strstr(keydir, "object=") || strstr(keydir, "id="))
snprintf(key_id, sizeof(key_id),
"%s%s;type=public",
pkcs11_uri_prepend, keydir);
@@ -253,7 +253,7 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
}
if (strstr(keydir, "object="))
if (strstr(keydir, "object=") || strstr(keydir, "id="))
snprintf(key_id, sizeof(key_id),
"%s%s;type=private",
pkcs11_uri_prepend, keydir);