[PATCH v1] lib/rsa: allow matching pkcs11 path by object id

[Tobias Olausson]

The object= part matches against the label that the pkcs11 token uses
for that object, but in some cases, specifically with a Yubikey using
ykcs11, where the keys have been imported, the labels differ between the
private and public keys [1], making the object= matching useless. These
keys will have the same id however, so matching against that works for
both the private and public part.

[1]: https://github.com/Yubico/yubico-piv-tool/blob/master/doc/YKCS11/Functions_and_values.adoc#key-alias-per-slot-and-object-type

Signed-off-by: Tobias Olausson <tobias at eub.se>
---

 lib/rsa/rsa-sign.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index fa9e143b4ca..92b9d7876e5 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -122,7 +122,7 @@ static int rsa_engine_get_pub_key(const char *keydir, const char *name,
 				fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
 			}
 
-			if (strstr(keydir, "object="))
+			if (strstr(keydir, "object=") || strstr(keydir, "id="))
 				snprintf(key_id, sizeof(key_id),
 					 "%s%s;type=public",
 					 pkcs11_uri_prepend, keydir);
@@ -253,7 +253,7 @@ static int rsa_engine_get_priv_key(const char *keydir, const char *name,
 				fprintf(stderr, "WARNING: Legacy URI specified. Please add '%s'.\n", pkcs11_schema);
 			}
 
-			if (strstr(keydir, "object="))
+			if (strstr(keydir, "object=") || strstr(keydir, "id="))
 				snprintf(key_id, sizeof(key_id),
 					 "%s%s;type=private",
 					 pkcs11_uri_prepend, keydir);
-- 
2.43.0

base-commit: 903eb123236ccbd8ef05d43507a2a910b785bd56
branch: rsa-pkcs11-id