TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 8f289ba5f9610214a70af06615ff756ca5a74025^! / . / scripts / imgtool / keys / ecdsa.py
commit8f289ba5f9610214a70af06615ff756ca5a74025[log] [tgz]
authorFabio Utzig <utzig@apache.org>Mon Jan 09 21:01:55 2023 -0300
committerFabio Utzig <utzig@utzig.org>Tue Jan 10 18:03:21 2023 -0300
tree5d134fef29553dd1ea554c7ee43895ccf5c70502
parent4a748bfefa918f5b5317a0b916eae6fe5ae0c816 [diff] [blame]
imgtool: fix getpriv format type for keys

A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.

This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.

Fixes #1529

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/scripts/imgtool/keys/ecdsa.py b/scripts/imgtool/keys/ecdsa.py
index 79e4bb8..addceb2 100644
--- a/scripts/imgtool/keys/ecdsa.py
+++ b/scripts/imgtool/keys/ecdsa.py

@@ -11,6 +11,7 @@
 from cryptography.hazmat.primitives.hashes import SHA256
 
 from .general import KeyClass
+from .privatebytes import PrivateBytesMixin
 
 
 class ECDSAUsageError(Exception):
@@ -41,7 +42,7 @@
                 encoding=serialization.Encoding.PEM,
                 format=serialization.PublicFormat.SubjectPublicKeyInfo)
 
-    def get_private_bytes(self, minimal):
+    def get_private_bytes(self, minimal, format):
         self._unsupported('get_private_bytes')
 
     def export_private(self, path, passwd=None):
@@ -85,7 +86,7 @@
                         signature_algorithm=ec.ECDSA(SHA256()))
 
 
-class ECDSA256P1(ECDSA256P1Public):
+class ECDSA256P1(ECDSA256P1Public, PrivateBytesMixin):
     """
     Wrapper around an ECDSA private key.
     """
@@ -149,16 +150,17 @@
 
         return b
 
+    _VALID_FORMATS = {
+        'pkcs8': serialization.PrivateFormat.PKCS8,
+        'openssl': serialization.PrivateFormat.TraditionalOpenSSL
+    }
+    _DEFAULT_FORMAT='pkcs8'
+
     def get_private_bytes(self, minimal, format):
-        formats = {'pkcs8': serialization.PrivateFormat.PKCS8,
-                   'openssl': serialization.PrivateFormat.TraditionalOpenSSL
-                   }
-        priv = self.key.private_bytes(
-                encoding=serialization.Encoding.DER,
-                format=formats[format],
-                encryption_algorithm=serialization.NoEncryption())
+        format, priv = self._get_private_bytes(minimal, format, ECDSAUsageError)
         if minimal:
-            priv = self._build_minimal_ecdsa_privkey(priv, formats[format])
+            priv = self._build_minimal_ecdsa_privkey(priv,
+                                                     self._VALID_FORMATS[format])
         return priv
 
     def export_private(self, path, passwd=None):