Support for certs using RSAES-OAEP

[pnwamk]

The certificates contained in TPMs (at least v1.2) are (I believe) a little non-standard and use the RSAES-OAEP encryption scheme.

Here's an example of one: https://github.com/pnwamk/mbedtls/blob/rsaes-oaep/example_tpm_cert.der

Currently mbedtls cannot parse these certificates at all (it simply results in an error), which is unfortunate. After a bit of exploring and hacking, I tweaked mbedtls so it could parse the certificate well enough for my needs: https://github.com/pnwamk/mbedtls/commit/f6ebdf943264f7cf11d0052ff1fcfee12cfcb357 (I'm not confident this is entirely correct, but it was enough to help my little project along)

Openssl, interestingly, is able to mostly parse these certificates (upon inspection it is clear the nonstandard portions were an issue for openssl as well, but you at least get usable results back, instead of just an error---see the included output below).

It would be nice if mbedtls could handle these kinds of certs to some degree as well (at least be able to parse them and let users inspect/utilise their well-formed components, etc).

$ openssl x509 -text -inform DER -in example_tpm_cert.der
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:7e:b6:15:2c:7e:4a:37:7b:24:6f:1e:16:ba:a8:3a:5a:e8:92:91
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CH, O=STMicroelectronics NV, CN=STM TPM EK Intermediate CA 02
        Validity
            Not Before: Nov  4 00:00:00 2012 GMT
            Not After : Nov  4 00:00:00 2022 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: rsaesOaep
            Unable to load Public Key
140578396045016:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:231:
140578396045016:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:148:
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:57:1F:80:6B:47:CC:E7:9B:FA:35:94:7C:ED:88:B8:D1:00:5A:E0:9E

            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
                  CPS: http://www.st.com/TPM/repository/

            X509v3 Subject Alternative Name: critical
                DirName:/2.23.133.2.1=id:53544D20/2.23.133.2.2=ST33ZP24PVSP/2.23.133.2.3=id:0D0C
            X509v3 Subject Directory Attributes: 
0...1.2.....t0 ..g....1.0.........
....
....
.....TCPA0.0...+......
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: critical
                2.23.133.8.1
    Signature Algorithm: sha1WithRSAEncryption
         83:4f:5f:c7:65:45:c2:f3:14:91:79:1b:8e:b4:34:85:a8:19:
         0a:9c:d3:80:69:ce:f6:65:7c:84:05:a7:58:7b:34:15:4e:1e:
         e7:e9:ee:bf:cf:a9:94:12:ea:f7:2f:3b:19:71:b2:ee:08:9d:
         c9:7f:26:7b:e8:10:0c:f5:66:a0:eb:02:6a:a6:1d:c0:9c:27:
         af:03:a9:b1:d0:9f:3a:4f:d5:32:75:72:a3:5d:a9:e5:70:d2:
         46:31:eb:1c:49:fc:f6:a5:71:56:24:86:4a:45:19:87:0d:e4:
         92:94:73:fb:99:4a:e0:13:3a:b4:f8:0d:a1:a2:fc:1b:5f:f0:
         84:76:7c:22:25:bb:71:79:55:c7:6e:98:ca:b2:53:a4:b3:d0:
         bf:7e:56:37:ad:98:74:9a:eb:8a:b0:5f:f3:e4:62:91:72:a6:
         07:0f:ae:20:f8:ec:c7:59:e2:5e:fd:00:0c:e4:b1:0d:7e:ba:
         91:b8:cf:ef:ab:62:92:10:df:b8:c8:6b:c3:38:be:5e:24:ef:
         69:d0:3d:a6:bc:e6:af:05:b2:0c:bd:34:2c:2c:67:5f:85:04:
         be:98:8b:3a:b8:40:84:05:a7:b3:b2:c7:67:2c:28:d9:29:9e:
         81:15:66:6e:e8:12:ec:23:42:5c:73:40:9f:48:07:51:28:46:
         ae:7d:e5:9c
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgIUe362FSx+Sjd7JG8eFrqoOlrokpEwDQYJKoZIhvcNAQEF
BQAwVTELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBO
VjEmMCQGA1UEAxMdU1RNIFRQTSBFSyBJbnRlcm1lZGlhdGUgQ0EgMDIwHhcNMTIx
MTA0MDAwMDAwWhcNMjIxMTA0MDAwMDAwWjAAMIIBNzAiBgkqhkiG9w0BAQcwFaIT
MBEGCSqGSIb3DQEBCQQEVENQQQOCAQ8AMIIBCgKCAQEAzBQgzNWO01oyUu/ZsjAY
60QsCVEmnxVYNujHLUTYR5EKYaUHmnfmHvaUKPLAw8hy18M8NFDNJE0PSwlLsX6N
qQlGBSL5kSJlWSx1gVGCyFtF758cYmUkv09M8PGFIH9LejnNRTWF7Ugv4fyd8Nvw
miUaS/r6osNSLZT6jojLS8ovaM8P5kr1Th/h5J4/5vJ8/Q/63m+25GNTocqhSamL
SmitcVMBlwWq04wyGjQkv4tomuUzz7jKWsllzjKdRjSSD5ea/R5ruMigyoYWX8bO
8wLWV9x+9kvMMXSPz+SIib1O0I3zHBpST9z9rcvRuhU+1r8XOM+Wh8JX+iTyeVhH
OwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAUVx+Aa0fM55v6NZR87Yi40QBa4J4w
QgYDVR0gBDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cuc3Qu
Y29tL1RQTS9yZXBvc2l0b3J5LzBVBgNVHREBAf8ESzBJpEcwRTEWMBQGBWeBBQIB
DAtpZDo1MzU0NEQyMDEXMBUGBWeBBQICDAxTVDMzWlAyNFBWU1AxEjAQBgVngQUC
AwwHaWQ6MEQwQzB/BgNVHQkEeDB2MBYGBWeBBQIQMQ0wCwwDMS4yAgECAgF0MCAG
BWeBBQISMRcwFQIBAAEB/6ADCgEBoQMKAQCiAwoBADA6BgNVBTQxMzAkMCIGCSqG
SIb3DQEBBzAVohMwEQYJKoZIhvcNAQEJBARUQ1BBMAswCQYFKw4DAhoFADAMBgNV
HRMBAf8EAjAAMBMGA1UdJQEB/wQJMAcGBWeBBQgBMA0GCSqGSIb3DQEBBQUAA4IB
AQCDT1/HZUXC8xSReRuOtDSFqBkKnNOAac72ZXyEBadYezQVTh7n6e6/z6mUEur3
LzsZcbLuCJ3JfyZ76BAM9Wag6wJqph3AnCevA6mx0J86T9UydXKjXanlcNJGMesc
Sfz2pXFWJIZKRRmHDeSSlHP7mUrgEzq0+A2hovwbX/CEdnwiJbtxeVXHbpjKslOk
s9C/flY3rZh0muuKsF/z5GKRcqYHD64g+OzHWeJe/QAM5LENfrqRuM/vq2KSEN+4
yGvDOL5eJO9p0D2mvOavBbIMvTQsLGdfhQS+mIs6uECEBaezssdnLCjZKZ6BFWZu
6BLsI0Jcc0CfSAdRKEaufeWc
-----END CERTIFICATE-----

[RonEld]

Hi @pnwamk Thank you for raising this issue! We will look into this feature request As an open source project, you are welcome to contribute your code, as long as you have signed the CLA and follow our coding standards. You could find more information in the readme file

[ciarmcom]

ARM Internal Ref: IOTSSL-1540

[pnwamk]

I'm happy to sign the CLA. I'm not sure how close my code is to a desirable solution.

Side note: My work with mbedtls came about during an internship at MSR Cambridge. If I was there full time and continuing to work on projects that used it I'd be more than happy to further flesh out a solution -- but I'm headed back to PhD student life and my work there doesn't relate at all (I won't even have access to the code that used it), so I likely won't spend any more time on this (sorry!).

Anyway, just wanted to make public my findings and (probably extremely hacky) solution.

Cheers!

[aditya4k]

Any updated on this issue?