You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ut...@apache.org on 2019/06/27 17:10:56 UTC

[mynewt-newt] branch master updated (9cbd050 -> a9a90bc)

This is an automated email from the ASF dual-hosted git repository.

utzig pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git.


    from 9cbd050  Update travis for go 1.12
     new 4a429cd  Allow parsing of encrypted ed25519 keys
     new a9a90bc  Remove debug message

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 artifact/sec/key.go  |  6 ++++--
 artifact/sec/pkcs.go | 13 +++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

[mynewt-newt] 01/02: Allow parsing of encrypted ed25519 keys

Posted by ut...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git

commit 4a429cd1b483f3a8989c64bf0a5efb3f683cdba7
Author: Fabio Utzig <ut...@apache.org>
AuthorDate: Thu Jun 27 08:35:21 2019 -0300

    Allow parsing of encrypted ed25519 keys
    
    This allows parsing encrypted ed25519 keys.
    
    Encryted keys can be generated with:
    
    `openssl genpkey -algorithm ed25519 -out ed25519_priv.pem -aes-128-cbc`
    
    and the public key can be extracted with:
    
    `openssl pkey -in ed25519_priv.pem -pubout -outform DER -out ed25519_pub.der`
    
    Or `imgtool` from MCUBoot can be used.
---
 artifact/sec/key.go  |  6 ++++--
 artifact/sec/pkcs.go | 12 +++++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/artifact/sec/key.go b/artifact/sec/key.go
index 5914b20..6fa83ed 100644
--- a/artifact/sec/key.go
+++ b/artifact/sec/key.go
@@ -55,7 +55,7 @@ type ed25519Pkcs struct {
 var oidPrivateKeyEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
 
 // Parse an ed25519 PKCS#8 certificate
-func parseEd25519Pkcs8(der []byte) (key *ed25519.PrivateKey, err error) {
+func ParseEd25519Pkcs8(der []byte) (key *ed25519.PrivateKey, err error) {
 	var privKey ed25519Pkcs
 	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
 		return nil, util.FmtNewtError("Error parsing ASN1 key")
@@ -133,8 +133,10 @@ func ParsePrivateKey(keyBytes []byte) (interface{}, error) {
 		// the key itself.
 		privKey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
 		if err != nil {
+			// Try also parsing as ed25519, whose OID is not
+			// yet supported by upstream x509 parser
 			var _privKey interface{}
-			_privKey, err = parseEd25519Pkcs8(block.Bytes)
+			_privKey, err = ParseEd25519Pkcs8(block.Bytes)
 			if err != nil {
 				return nil, util.FmtNewtError(
 					"Private key parsing failed: %s", err)
diff --git a/artifact/sec/pkcs.go b/artifact/sec/pkcs.go
index 3cf709f..d509bc9 100644
--- a/artifact/sec/pkcs.go
+++ b/artifact/sec/pkcs.go
@@ -153,7 +153,17 @@ func unwrapPbes2Pbkdf2(param *pbkdf2Param, size int, iv []byte, hashNew hashFunc
 		return nil, err
 	}
 
-	return x509.ParsePKCS8PrivateKey(plain)
+	privKey, err := x509.ParsePKCS8PrivateKey(plain)
+	if err != nil {
+		var _privKey interface{}
+		_privKey, _err := ParseEd25519Pkcs8(plain)
+		// If this is not an ed25519 key, return
+		// error from x509 parser
+		if _err == nil {
+			return _privKey, _err
+		}
+	}
+	return privKey, err
 }
 
 // Verify that PKCS#7 padding is correct on this plaintext message.

[mynewt-newt] 02/02: Remove debug message

Posted by ut...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git

commit a9a90bc27404b350a0b9bc0503f1dbaee15b77bb
Author: Fabio Utzig <ut...@apache.org>
AuthorDate: Thu Jun 27 08:40:01 2019 -0300

    Remove debug message
---
 artifact/sec/pkcs.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/artifact/sec/pkcs.go b/artifact/sec/pkcs.go
index d509bc9..bbd5ac8 100644
--- a/artifact/sec/pkcs.go
+++ b/artifact/sec/pkcs.go
@@ -78,7 +78,6 @@ type hashFunc func() hash.Hash
 
 func parseEncryptedPrivateKey(der []byte) (key interface{}, err error) {
 	var wrapper pkcs5
-	fmt.Printf("unmarshalling %v\n", der)
 	if _, err = asn1.Unmarshal(der, &wrapper); err != nil {
 		return nil, err
 	}