Commit 83ed7da0 authored by jan.koester's avatar jan.koester
Browse files

test

parent 38f443ec

src/crypto/pkcs12.cpp

+24 −6
Original line number Diff line number Diff line
@@ -100,6 +100,8 @@ static const uint8_t OID_DATA[] = {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01} 
static const uint8_t OID_ENCRYPTED_DATA[] = {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x06};

// pkcs8ShroudedKeyBag (1.2.840.113549.1.12.10.1.2)

static const uint8_t OID_SHROUDED_KEY_BAG[] = {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02};

// keyBag (1.2.840.113549.1.12.10.1.1)

static const uint8_t OID_KEY_BAG[] = {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x01};

// certBag (1.2.840.113549.1.12.10.1.3)

static const uint8_t OID_CERT_BAG[] = {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x03};

// x509Certificate (1.2.840.113549.1.9.22.1)
@@ -417,12 +419,12 @@ static bool parseSafeContents(const uint8_t* data, size_t len, 
        if (!bIt.next(bagOid)) continue;

        if (!bIt.next(bagValue)) continue;



        // bagValue is [0] EXPLICIT

        // bagValue is [0] EXPLICIT — unwrap to get inner content

        const uint8_t* valData = bagValue.data;

        size_t valLen = bagValue.len;



        if (oidEq(bagOid, OID_CERT_BAG, sizeof(OID_CERT_BAG))) {

            // CertBag = SEQUENCE { certId OID, certValue [0] EXPLICIT }

            // CertBag = SEQUENCE { certId OID, certValue [0] EXPLICIT OCTET STRING }

            DerTag certBagSeq;

            if (!derRead(valData, valLen, certBagSeq)) continue;

            DerIter cbIt = derChildren(certBagSeq);
@@ -431,16 +433,20 @@ static bool parseSafeContents(const uint8_t* data, size_t len, 
            if (!cbIt.next(certVal)) continue;



            if (oidEq(certType, OID_X509_CERT, sizeof(OID_X509_CERT))) {

                // certVal is [0] EXPLICIT OCTET STRING containing DER cert

                // certVal is [0] EXPLICIT wrapping OCTET STRING

                DerTag octetStr;

                if (derRead(certVal.data, certVal.len, octetStr) && octetStr.tag == 0x04) {

                if (derRead(certVal.data, certVal.len, octetStr)) {

                    if (octetStr.tag == 0x04) {

                        certs.emplace_back(octetStr.data, octetStr.data + octetStr.len);

                    } else if (octetStr.tag == 0x30) {

                        // Some exporters put the DER cert directly

                        certs.emplace_back(certVal.data, certVal.data + certVal.len);

                    }

                }

            }

        }

        else if (oidEq(bagOid, OID_SHROUDED_KEY_BAG, sizeof(OID_SHROUDED_KEY_BAG))) {

            // PKCS8ShroudedKeyBag = EncryptedPrivateKeyInfo

            // EncryptedPrivateKeyInfo = SEQUENCE { algorithm, encryptedData OCTET STRING }

            DerTag encPki;

            if (!derRead(valData, valLen, encPki)) continue;
@@ -454,6 +460,13 @@ static bool parseSafeContents(const uint8_t* data, size_t len, 
            if (!decrypted.empty())

                keyDer = std::move(decrypted);

        }

        else if (oidEq(bagOid, OID_KEY_BAG, sizeof(OID_KEY_BAG))) {

            // keyBag = unencrypted PKCS#8 PrivateKeyInfo

            DerTag pkiSeq;

            if (!derRead(valData, valLen, pkiSeq)) continue;

            keyDer.assign(pkiSeq.data - pkiSeq.headerLen,

                          pkiSeq.data + pkiSeq.len);

        }

    }

    return true;

}
@@ -556,6 +569,11 @@ bool netplus::pkcs12Parse(const std::vector<uint8_t>& pfxData, 
    }

    out.keyDer = std::move(keyDer);



    if (out.certDer.empty())

        std::cerr << "pkcs12Parse: no certificate found in P12" << std::endl;

    if (out.keyDer.empty())

        std::cerr << "pkcs12Parse: no private key found in P12" << std::endl;



    return !out.certDer.empty() || !out.keyDer.empty();

}