diff options
author | Jack Lloyd <[email protected]> | 2019-05-09 10:49:38 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-05-09 10:49:38 -0400 |
commit | b26b472e0b90e83d565c9c8d64d6fc2591c286c5 (patch) | |
tree | d831bf9fb4abbd082482e30bace67a37f06e138d /src | |
parent | 87172d3bf58b2b3b6575087c42e05f801789e025 (diff) |
Fix decoding of RSA-OAEP certs
GH #1943
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/x509/x509cert.cpp | 6 | ||||
-rw-r--r-- | src/tests/data/x509/misc/rsa_oaep.pem | 29 | ||||
-rw-r--r-- | src/tests/unit_x509.cpp | 18 |
3 files changed, 48 insertions, 5 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index de4b0ed7a..0212267ec 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -176,17 +176,13 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o throw Decoding_Error("Algorithm identifier mismatch"); } } - if(public_key_info[1] == "OAEP") - { - throw Decoding_Error("Decoding subject public keys of type RSAES-OAEP is currently not supported"); - } } else { // oid = rsaEncryption -> parameters field MUST contain NULL if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM)) { - throw Decoding_Error("Parameters field MUST contain NULL"); + throw Decoding_Error("RSA algorithm parameters field MUST contain NULL"); } } } diff --git a/src/tests/data/x509/misc/rsa_oaep.pem b/src/tests/data/x509/misc/rsa_oaep.pem new file mode 100644 index 000000000..d41247b44 --- /dev/null +++ b/src/tests/data/x509/misc/rsa_oaep.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5zCCA8+gAwIBAgIED7qWsDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJE +RTEPMA0GA1UECBMGU2F4b255MSEwHwYDVQQKExhJbmZpbmVvbiBUZWNobm9sb2dp +ZXMgQUcxDDAKBgNVBAsTA0FJTTEmMCQGA1UEAxMdSUZYIFRQTSBFSyBJbnRlcm1l +ZGlhdGUgQ0EgNTMwHhcNMTcxMjAxMTMzMDE2WhcNMjcxMjAxMTMzMDE2WjAAMIIB +NzAiBgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQQOCAQ8AMIIBCgKC +AQEAvOAaP0aHfViksZjaNBKAj5hgahNl5di3uWyVo3NPeJmsFHalWWsSf/+VX5Hs +HScUD5Ow2zFL0G54VfJ0dw/RfJ/XZOWmcO7C3Bp+Qpph6N4Fgfw6FxKAIAe9ZUIi +borYEOVGLwXd0IQf4MRznOKQE0niAKWFQ9QYi5M4qPdT6BOUM6cWPK/nautnh9l6 +uFrpxJs4E+309G2MZaM1nApYLe5ZdzrViz2X7sTTlFrULT7EFf3ow9QQVpn4nEZn +O+uNDQQzOhqIFf2iniGLf8Q+dhtq6ll1aEbeCtqgFiMPPyPXhk/fE9dCMTa7UxIF +GOmDyW+1hEws9k0qVK35q0vl3QIDAQABo4IB2zCCAdcwUQYDVR0RAQH/BEcwRaRD +MEExFjAUBgVngQUCAQwLaWQ6NDk0NjU4MDAxEzARBgVngQUCAgwIU0xCIDk2NjAx +EjAQBgVngQUCAwwHaWQ6MDQyQjAMBgNVHRMBAf8EAjAAMIG8BgNVHSABAf8EgbEw +ga4wgasGC2CGSAGG+EUBBy8BMIGbMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LnZl +cmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwXgYIKwYBBQUHAgIwUh5Q +AFQAQwBQAEEAIABUAHIAdQBzAHQAZQBkACAAUABsAGEAdABmAG8AcgBtACAATQBv +AGQAdQBsAGUAIABFAG4AZABvAHIAcwBlAG0AZQBuAHQwHwYDVR0jBBgwFoAUKneg +40LLxscu4/r8Owp7zqfJzk4wgZMGA1UdCQSBizCBiDA6BgNVBDQxMzALMAkGBSsO +AwIaBQAwJDAiBgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQTAWBgVn +gQUCEDENMAsMAzEuMgIBAgIBAzAyBgVngQUCEjEpMCcBAf+gAwoBAaEDCgEAogMK +AQCjEDAOFgMzLjEKAQQKAQIBAf8BAf8wDQYJKoZIhvcNAQEFBQADggEBAFs7LBVG +F5GTjNTlug4aXwFfddchI75jPt9oHNfYyxo2CnPUBWeF2XauJtmNp8uMl5vxPMqf +Wbon4cTIajWR370U89N3cxSKMqNPsI8Kc9nY8uLw4VxMntArCzCg6P0dtE7qlzy9 +MV+2eo8cLlhRUVic6xCrbfqq/+8Yq/q8uVK8yaf+v04fZ7btKKn5C45tjHV7DNI6 +anBnclfL5tV02uit7XMKGEmfnMLkx+vZHJRoVu9f9/R2XWNWyZPGY3noICmMCqh/ +mVxVsiqEi6SrGphSUd/TaQDlfHXu0UOaKTH0xZti50dOqW0mBk0Jfqio7fRYFOlk +dFIrr2o7AWuAYg4= +-----END CERTIFICATE----- diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 63310b7a7..29739eb85 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -418,6 +418,23 @@ Test::Result test_crl_dn_name() return result; } +Test::Result test_rsa_oaep() + { + Test::Result result("RSA OAEP decoding"); + +#if defined(BOTAN_HAS_RSA) + Botan::X509_Certificate cert(Test::data_file("x509/misc/rsa_oaep.pem")); + + auto public_key = cert.load_subject_public_key(); + result.test_not_null("Decoding RSA-OAEP worked", public_key.get()); + auto pk_info = cert.subject_public_key_algo(); + + result.test_eq("RSA-OAEP OID", pk_info.get_oid().to_string(), Botan::OIDS::lookup("RSA/OAEP").to_string()); +#endif + + return result; + } + Test::Result test_x509_decode_list() { Test::Result result("X509_Certificate list decode"); @@ -1598,6 +1615,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_x509_bmpstring()); results.push_back(test_crl_dn_name()); results.push_back(test_x509_decode_list()); + results.push_back(test_rsa_oaep()); results.push_back(test_x509_authority_info_access_extension()); #endif |