add ecdsa key support and enable 4,092 RSA

* apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6
2025-07-04 23:36:33 +00:00 · 2024-09-17 18:44:33 -04:00 · 2024-09-17 18:44:33 -04:00 · cbb831e009
commit cbb831e009
parent 51e5847409
12 changed files with 508 additions and 266 deletions
--- a/pkg/app/cmd_create.go
+++ b/pkg/app/cmd_create.go
@ -51,11 +51,14 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 	}
 	app.stdLogger.Printf("create: apc p15 key file %s written to disk", keyFileName)

-	err = os.WriteFile(keyCertFileName, apcKeyCertFile, 0600)
-	if err != nil {
-		return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+	// skip key+cert if it wasn't generated
+	if len(apcKeyCertFile) > 0 {
+		err = os.WriteFile(keyCertFileName, apcKeyCertFile, 0600)
+		if err != nil {
+			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+		}
+		app.stdLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileName)
 	}
-	app.stdLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileName)

 	// if debug, write additional debug files (b64 format to make copy/paste into asn1 decoder
 	// easy to do e.g., https://lapo.it/asn1js)
@ -67,19 +70,22 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 		}
 		app.debugLogger.Printf("create: apc p15 key file %s written to disk", keyFileNameDebug)

-		keyCertFileNameDebug := keyCertFileName + ".noheader.b64"
-		err = os.WriteFile(keyCertFileNameDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0600)
-		if err != nil {
-			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
-		}
-		app.debugLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileNameDebug)
+		// skip key+cert if it wasn't generated
+		if len(apcKeyCertFile) > 0 {
+			keyCertFileNameDebug := keyCertFileName + ".noheader.b64"
+			err = os.WriteFile(keyCertFileNameDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0600)
+			if err != nil {
+				return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+			}
+			app.debugLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileNameDebug)

-		keyCertFileNameHeaderDebug := keyCertFileName + ".header.b64"
-		err = os.WriteFile(keyCertFileNameHeaderDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[:apcHeaderLen])), 0600)
-		if err != nil {
-			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+			keyCertFileNameHeaderDebug := keyCertFileName + ".header.b64"
+			err = os.WriteFile(keyCertFileNameHeaderDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[:apcHeaderLen])), 0600)
+			if err != nil {
+				return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+			}
+			app.debugLogger.Printf("create: apc p15 key+cert file header %s written to disk", keyCertFileNameHeaderDebug)
 		}
-		app.debugLogger.Printf("create: apc p15 key+cert file header %s written to disk", keyCertFileNameHeaderDebug)

 	}