search

PKISolutions / ADCS-SID-Extension-Policy-Module

MIT License
16 stars 3 forks source link

AnsUtils.EncodeSidExtension is buggy #4

Closed kirillkovalenko closed 1 year ago

kirillkovalenko commented 1 year ago

Apparently the EncodeSidExtension function does not encode OID properly. It misses tag-length prefix (06 0A)

It should be something like this

30 40
  A0 3E
    06 0A 2B060104018237190201 (this part has the issue)
    A0 30
      04 2E 532D312D352D32312D313438393639353337362D323931343034373632372D33...

But instead it does not encode OID envelope properly and generates something like this which cannot be decoded

30 3E
  A0 3C
    2B 06
      01 04 01823719
    02 01 A0
    30 04
Value misencoded, length, 83 (0x53), longer than remaining data length, 2 (0x2); continuing as if length were 2:
      2E ?53 2D31
Value misencoded, length, 53 (0x35), longer than remaining data length, 41 (0x29); continuing as if length were 41:
    2D ?35 2D32312D313438393639353337362D323931343034373632372D33373636313038...

the fix is probably single line, e.g.

nestedOidBytes = encode(nestedOidBytes, 6);
Crypt32 commented 1 year ago

Indeed, it was there and fixed some time ago, just wasn't pushed. Here is the commit: 04374ea

Crypt32 commented 1 year ago

https://github.com/PKISolutions/ADCS-SID-Extension-Policy-Module/releases/tag/v1.2.0 please, give it a try.

Crypt32 commented 1 year ago

@kirillkovalenko did you try updated version if it resolves the issue?

kirillkovalenko commented 1 year ago

Yes, I have.

Crypt32 commented 1 year ago

Thanks for confirming!