imgtool: fix getpriv format type for keys
A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.
This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.
Fixes #1529
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/scripts/imgtool/keys/rsa.py b/scripts/imgtool/keys/rsa.py
index d51d36d..d4793c5 100644
--- a/scripts/imgtool/keys/rsa.py
+++ b/scripts/imgtool/keys/rsa.py
@@ -11,6 +11,7 @@
from cryptography.hazmat.primitives.hashes import SHA256
from .general import KeyClass
+from .privatebytes import PrivateBytesMixin
# Sizes that bootutil will recognize
@@ -49,7 +50,7 @@
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
- def get_private_bytes(self, minimal):
+ def get_private_bytes(self, minimal, format):
self._unsupported('get_private_bytes')
def export_private(self, path, passwd=None):
@@ -81,7 +82,7 @@
algorithm=SHA256())
-class RSA(RSAPublic):
+class RSA(RSAPublic, PrivateBytesMixin):
"""
Wrapper around an RSA key, with imgtool support.
"""
@@ -138,11 +139,13 @@
b[3] = (off - 4) & 0xff
return b[:off]
- def get_private_bytes(self, minimal):
- priv = self.key.private_bytes(
- encoding=serialization.Encoding.DER,
- format=serialization.PrivateFormat.TraditionalOpenSSL,
- encryption_algorithm=serialization.NoEncryption())
+ _VALID_FORMATS = {
+ 'openssl': serialization.PrivateFormat.TraditionalOpenSSL
+ }
+ _DEFAULT_FORMAT = 'openssl'
+
+ def get_private_bytes(self, minimal, format):
+ _, priv = self._get_private_bytes(minimal, format, RSAUsageError)
if minimal:
priv = self._build_minimal_rsa_privkey(priv)
return priv