rsa: use pkcs11 uri as defined in rfc7512
authorAyoub Zaki <ayoub.zaki@embetrix.com>
Sat, 26 Aug 2023 11:53:29 +0000 (13:53 +0200)
committerTom Rini <trini@konsulko.com>
Wed, 20 Dec 2023 14:48:17 +0000 (09:48 -0500)
pkcs11 : change engine uri to use full pk11-URI as defined in:

https://www.rfc-editor.org/rfc/rfc7512.html
Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
doc/usage/fit/signature.rst
lib/rsa/rsa-sign.c

index 39edba14630b4d5693398334f09f4dcba4fcc794..03a71b5192d70530b61c0903ab6abb39ad5dcfe9 100644 (file)
@@ -671,7 +671,7 @@ Create the fitImage::
 Sign the fitImage with the hardware key::
 
     $ ./tools/mkimage -F -k \
-    "model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \
+    "pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \
     -K u-boot.dtb -N pkcs11 -r fitImage
 
 
index d20bdb58a57fb447ff786be4463eb86b0dfa1a38..7ae163f264b5aef394f3e76f65433dfd07df7e05 100644 (file)
@@ -116,15 +116,15 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
                if (keydir)
                        if (strstr(keydir, "object="))
                                snprintf(key_id, sizeof(key_id),
-                                        "pkcs11:%s;type=public",
+                                        "%s;type=public",
                                         keydir);
                        else
                                snprintf(key_id, sizeof(key_id),
-                                        "pkcs11:%s;object=%s;type=public",
+                                        "%s;object=%s;type=public",
                                         keydir, name);
                else
                        snprintf(key_id, sizeof(key_id),
-                                "pkcs11:object=%s;type=public",
+                                "object=%s;type=public",
                                 name);
        } else if (engine_id) {
                if (keydir)
@@ -238,15 +238,15 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
                if (keydir)
                        if (strstr(keydir, "object="))
                                snprintf(key_id, sizeof(key_id),
-                                        "pkcs11:%s;type=private",
+                                        "%s;type=private",
                                         keydir);
                        else
                                snprintf(key_id, sizeof(key_id),
-                                        "pkcs11:%s;object=%s;type=private",
+                                        "%s;object=%s;type=private",
                                         keydir, name);
                else
                        snprintf(key_id, sizeof(key_id),
-                                "pkcs11:object=%s;type=private",
+                                "object=%s;type=private",
                                 name);
        } else if (engine_id) {
                if (keydir && name)