From 294e08fa1e2481a3b01b815c34f458999d2e782c Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Sat, 16 Apr 2016 04:16:10 +0200 Subject: [PATCH] libsec: recognize and decode PKCS#8 wrapped RSA private keys for auth/asn12rsa example usage: auth/pemdecode 'PRIVATE KEY' test.pem | auth/asn12rsa --- sys/src/libsec/port/x509.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c index 6844f23d4..cd9e828f6 100644 --- a/sys/src/libsec/port/x509.c +++ b/sys/src/libsec/port/x509.c @@ -1960,16 +1960,19 @@ decode_rsapubkey(Bytes* a) Elist *el; RSApub* key; - key = rsapuballoc(); + key = nil; if(decode(a->data, a->len, &e) != ASN_OK) goto errret; if(!is_seq(&e, &el) || elistlen(el) != 2) goto errret; + + key = rsapuballoc(); if((key->n = asn1mpint(&el->hd)) == nil) goto errret; el = el->tl; if((key->ek = asn1mpint(&el->hd)) == nil) goto errret; + freevalfields(&e.val); return key; errret: @@ -1998,14 +2001,27 @@ decode_rsaprivkey(Bytes* a) Elist *el; RSApriv* key; - key = rsaprivalloc(); + key = nil; if(decode(a->data, a->len, &e) != ASN_OK) goto errret; - if(!is_seq(&e, &el) || elistlen(el) != 9) + if(!is_seq(&e, &el)) goto errret; + if(!is_int(&el->hd, &version) || version != 0) goto errret; + if(elistlen(el) != 9){ + if(elistlen(el) == 3 + && parse_alg(&el->tl->hd) == ALG_rsaEncryption + && is_octetstring(&el->tl->tl->hd, &a)){ + key = decode_rsaprivkey(a); + if(key != nil) + goto done; + } + goto errret; + } + + key = rsaprivalloc(); el = el->tl; if((key->pub.n = asn1mpint(&el->hd)) == nil) goto errret; @@ -2038,6 +2054,7 @@ decode_rsaprivkey(Bytes* a) if((key->c2 = asn1mpint(&el->hd)) == nil) goto errret; +done: freevalfields(&e.val); return key; errret: @@ -2362,6 +2379,9 @@ X509toRSApub(uchar *cert, int ncert, char *name, int nname) CertX509 *c; RSApub *pub; + if(name != nil) + memset(name, 0, nname); + b = makebytes(cert, ncert); c = decode_cert(b); freebytes(b);