[crypto] Add support for PKCS#8 private key format

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/asn1.c

@@ -589,6 +589,32 @@ int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
 	return 0;
 }
 
+/**
+ * Check ASN.1 OID-identified algorithm
+ *
+ * @v cursor		ASN.1 object cursor
+ * @v expected		Expected algorithm
+ * @ret rc		Return status code
+ */
+int asn1_check_algorithm ( const struct asn1_cursor *cursor,
+			   struct asn1_algorithm *expected ) {
+	struct asn1_algorithm *actual;
+	int rc;
+
+	/* Parse algorithm */
+	if ( ( rc = asn1_algorithm ( cursor, &actual ) ) != 0 )
+		return rc;
+
+	/* Check algorithm matches */
+	if ( actual != expected ) {
+		DBGC ( cursor, "ASN1 %p algorithm %s does not match %s\n",
+		       cursor, actual->name, expected->name );
+		return -ENOTTY_ALGORITHM;
+	}
+
+	return 0;
+}
+
 /**
  * Parse ASN.1 GeneralizedTime
  *

src/crypto/rsa.c

@@ -164,7 +164,7 @@ static int rsa_parse_mod_exp ( struct asn1_cursor *modulus,
 	int is_private;
 	int rc;
 
-	/* Enter subjectPublicKeyInfo/RSAPrivateKey */
+	/* Enter subjectPublicKeyInfo/privateKeyInfo/RSAPrivateKey */
 	memcpy ( &cursor, raw, sizeof ( cursor ) );
 	asn1_enter ( &cursor, ASN1_SEQUENCE );
 
@@ -177,6 +177,23 @@ static int rsa_parse_mod_exp ( struct asn1_cursor *modulus,
 		/* Skip version */
 		asn1_skip_any ( &cursor );
 
+		/* Enter privateKey, if present */
+		if ( asn1_check_algorithm ( &cursor,
+					    &rsa_encryption_algorithm ) == 0 ) {
+
+			/* Skip privateKeyAlgorithm */
+			asn1_skip_any ( &cursor );
+
+			/* Enter privateKey */
+			asn1_enter ( &cursor, ASN1_OCTET_STRING );
+
+			/* Enter RSAPrivateKey */
+			asn1_enter ( &cursor, ASN1_SEQUENCE );
+
+			/* Skip version */
+			asn1_skip ( &cursor, ASN1_INTEGER );
+		}
+
 	} else {
 
 		/* Public key */