From f63f7f808c222677bcd9ddf203378a0ec4eaceea Mon Sep 17 00:00:00 2001 From: Maurice Ma Date: Mon, 9 Dec 2019 12:35:53 -0800 Subject: [PATCH] Add support for both private and public PEM key format Current gen_pub_key only supports private key in PEM support. In many cases, private key might not be available and only public key is available. This patch enhanced this function to handle both private and public key in PEM format. Signed-off-by: Maurice Ma --- BootloaderCorePkg/Tools/CommonUtility.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/BootloaderCorePkg/Tools/CommonUtility.py b/BootloaderCorePkg/Tools/CommonUtility.py index 624d4116..205ea9cf 100644 --- a/BootloaderCorePkg/Tools/CommonUtility.py +++ b/BootloaderCorePkg/Tools/CommonUtility.py @@ -186,8 +186,19 @@ def rsa_sign_file (priv_key, pub_key, hash_type, in_file, out_file, inc_dat = Fa if len(bins) != len(out_data): gen_file_from_object (out_file, bins) -def gen_pub_key (priv_key, pub_key = None): - cmdline = [get_openssl_path(), 'rsa', '-pubout', '-text', '-noout', '-in', '%s' % priv_key] +def gen_pub_key (in_key, pub_key = None): + # Expect key to be in PEM format + is_prv_key = False + cmdline = [get_openssl_path(), 'rsa', '-pubout', '-text', '-noout', '-in', '%s' % in_key] + # Check if it is public key or private key + text = get_file_data(in_key, 'r') + if '-BEGIN RSA PRIVATE KEY-' in text: + is_prv_key = True + elif '-BEGIN PUBLIC KEY-' in text: + cmdline.extend (['-pubin']) + else: + raise Exception('Unknown key format "%s" !' % in_key) + if pub_key: cmdline.extend (['-out', '%s' % pub_key]) capture = False @@ -202,7 +213,10 @@ def gen_pub_key (priv_key, pub_key = None): data = data.replace(' ', '') # Extract the modulus - match = re.search('modulus(.*)publicExponent:\s+(\d+)\s+', data) + if is_prv_key: + match = re.search('modulus(.*)publicExponent:\s+(\d+)\s+', data) + else: + match = re.search('Modulus(?:.*?):(.*)Exponent:\s+(\d+)\s+', data) if not match: raise Exception('Public key not found!') modulus = match.group(1).replace(':', '')