diff --git a/keylime-agent/src/crypto.rs b/keylime-agent/src/crypto.rs index 31447f2e..b38d7d73 100644 --- a/keylime-agent/src/crypto.rs +++ b/keylime-agent/src/crypto.rs @@ -38,6 +38,12 @@ pub(crate) fn load_x509_der(input_cert_path: &Path) -> Result { X509::from_der(&contents).map_err(Error::Crypto) } +pub(crate) fn load_x509_pem(input_cert_path: &Path) -> Result { + let contents = std::fs::read(input_cert_path).map_err(Error::from)?; + + X509::from_pem(&contents).map_err(Error::Crypto) +} + // Read a X509 cert or cert chain and outputs the first certificate pub(crate) fn load_x509(input_cert_path: &Path) -> Result { let mut cert_chain = load_x509_cert_chain(input_cert_path)?; diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs index db41b28a..6ddbc4d0 100644 --- a/keylime-agent/src/main.rs +++ b/keylime-agent/src/main.rs @@ -313,7 +313,10 @@ async fn main() -> Result<()> { "Loading IAK certificate from {}", iak_path.display() ); - let iakcert = crypto::load_x509_der(iak_path)?; + let iakcert = match crypto::load_x509_der(iak_path) { + Ok(cert) => cert, + Err(error) => crypto::load_x509_pem(iak_path)?, + }; if crypto::check_x509_key( &iakcert, iak.clone().unwrap().public, //#[allow_ci] @@ -343,7 +346,10 @@ async fn main() -> Result<()> { "Loading IDevID certificate from {}", idevid_path.display() ); - let idevcert = crypto::load_x509_der(idevid_path)?; + let idevcert = match crypto::load_x509_der(idevid_path) { + Ok(cert) => cert, + Err(error) => crypto::load_x509_pem(idevid_path)?, + }; if crypto::check_x509_key( &idevcert, idevid.clone().unwrap().public, //#[allow_ci]