feat: Map rsaesOaep SPKI to RSA in parse_key_type

TPM 1.2 Endorsement Key certificates use rsaesOaep
(OID 1.2.840.113549.1.1.7) as their SubjectPublicKeyInfo algorithm
identifier. The underlying key is a standard RSA key. Without this
mapping, X509_get_pubkey() fails with PUBLIC_KEY_DECODE_ERROR and
X509_verify_cert() cannot validate these certificates.

Add NID_rsaesOaep alongside the existing NID_rsa special case in
parse_key_type() to return rsa_asn1_meth for both. Add a test for
public key extraction using a real TPM 1.2 EK certificate with
rsaesOaep SPKI.

Author: crlorentzen

crypto/evp_extra/evp_asn1.c

@@ -78,7 +78,7 @@
 // specific key type implementations like PQDSA.
 // The OID is then searched against ASN.1 methods for a method with that OID.
 // As the |OID| is read from |cbs| the buffer is advanced.
-// For the case of |NID_rsa| the method |rsa_asn1_meth| is returned.
+// For the case of |NID_rsa| or |NID_rsaesOaep| the method |rsa_asn1_meth| is returned.
 // For the case of |EVP_PKEY_PQDSA| the method |pqdsa_asn1.meth| is returned.
 // For the case of |EVP_PKEY_KEM| the method |kem_asn1.meth| is returned.
 static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs, CBS *out_oid) {
@@ -99,20 +99,25 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs, CBS *out_oid) {
     }
   }
 
-  // Special logic to handle the rarer |NID_rsa|.
+  // Special logic to handle the rarer |NID_rsa| and |NID_rsaesOaep|.
+  // NID_rsa:
   // https://www.itu.int/ITU-T/formal-language/itu-t/x/x509/2008/AlgorithmObjectIdentifiers.html
-  if (OBJ_cbs2nid(&oid) == NID_rsa) {
+  // NID_rsaesOaep: underlying key is the same as |NID_rsa|. Used by
+  // TPM 1.2 Endorsement Key certificates per TCG Credential Profiles
+  // V1.2, section 3.2.7.
+  int nid = OBJ_cbs2nid(&oid);
+  if (nid == NID_rsa || nid == NID_rsaesOaep) {
     return &rsa_asn1_meth;
   }
 
   // The pkey_id for the pqdsa_asn1_meth is EVP_PKEY_PQDSA, as this holds all
   // asn1 functions for pqdsa types. However, the incoming CBS has the OID for
   // the specific algorithm. So we must search explicitly for the algorithm.
-  const EVP_PKEY_ASN1_METHOD *pqdsa_method = PQDSA_find_asn1_by_nid(OBJ_cbs2nid(&oid));
+  const EVP_PKEY_ASN1_METHOD *pqdsa_method = PQDSA_find_asn1_by_nid(nid);
   if (pqdsa_method != NULL) {
     return pqdsa_method;
   }
-  return KEM_find_asn1_by_nid(OBJ_cbs2nid(&oid));
+  return KEM_find_asn1_by_nid(nid);
 }
 
 EVP_PKEY *EVP_parse_public_key(CBS *cbs) {

crypto/x509/x509_test.cc

@@ -6284,6 +6284,47 @@ TEST(X509Test, ITUT_X509_nid_rsa) {
   EXPECT_TRUE(rsa);
 }
 
+// kRsaesOaepCertPEM is a TPM 1.2 EK certificate with |NID_rsaesOaep| SPKI.
+static const char kRsaesOaepCertPEM[] = R"(
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIUBchBXcXPAWxNMJEsLXEXHv/eVZswDQYJKoZIhvcNAQEF
+BQAwVTELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBO
+VjEmMCQGA1UEAxMdU1RNIFRQTSBFSyBJbnRlcm1lZGlhdGUgQ0EgMDIwHhcNMjEw
+OTA0MDAwMDAwWhcNMzEwOTA0MDAwMDAwWjAAMIIBNzAiBgkqhkiG9w0BAQcwFaIT
+MBEGCSqGSIb3DQEBCQQEVENQQQOCAQ8AMIIBCgKCAQEAlZyGH0K5061jb9glk9FJ
+eghjeAqca0hRKExVLOLkNeZZ3EX9IhA1afjlPtbeR/gIxt7tvUuNxqSeJLtsGgEL
+u26bnxC2L92fO4hXHHyMbgIDqdcHvFGSIy+stdKL06sU1OXR7eUJ0qfWpYuYTGfm
+Hl/kpTSa3qcVlVGhIVBHeebwBCQ2ttLGAsGUsn0YU5Snhe1LR15KzlIfYjj+/ZU3
+/IYnqpJZLD9wv4Q0er0N8KBle0nhvH2JMYlAJ3HgiEpauTWe4CsBZO8DlpvONtq5
+pvzPhAnSPRQZxPhH/VgzSEBGbYV6X5oHNSXDLqBq7y4Qe0dc05ffRS17RWC44WIq
+dQIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAUVx+Aa0fM55v6NZR87Yi40QBa4J4w
+QgYDVR0gBDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cuc3Qu
+Y29tL1RQTS9yZXBvc2l0b3J5LzBVBgNVHREBAf8ESzBJpEcwRTEWMBQGBWeBBQIB
+DAtpZDo1MzU0NEQyMDEXMBUGBWeBBQICDAxTVDMzWlAyNFBWU0sxEjAQBgVngQUC
+AwwHaWQ6MEQwQTB/BgNVHQkEeDB2MBYGBWeBBQIQMQ0wCwwDMS4yAgECAgF0MCAG
+BWeBBQISMRcwFQIBAAEB/6ADCgEBoQMKAQCiAwoBADA6BgNVBTQxMzAkMCIGCSqG
+SIb3DQEBBzAVohMwEQYJKoZIhvcNAQEJBARUQ1BBMAswCQYFKw4DAhoFADAMBgNV
+HRMBAf8EAjAAMBMGA1UdJQEB/wQJMAcGBWeBBQgBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAQTkprC+kLKxILRgpYw9opbl9zZZJgrfR37Asho2CxVccmHE+EBCEbrZOcDVGD
+BgLn8D8qi4tsNCfuHPISKDlcIshW7z24ixY56mScTwToRX+AomkJU/zAncdmtcij
+UTsqkvi+rSYquIkfPLNNDMCV4oy0/VDgrzDxP18yCr9nct09jAC7N3wbqUn/4lQk
+2Tq79zfsu5Px2BUWnWiEA9F9ThA0XVSll1CWii199BZECIY6VXkjYBHUT1ptb2Bt
+53HR/+FcCwtEWG37GrrOHwJqqDYbW3ACPSZxFuMbUg1V/56pk/ZBY43ue7CGSVuC
+HPAeERH+07hX5/7YXaH6MCnl
+-----END CERTIFICATE-----
+)";
+
+TEST(X509Test, RsaesOaepSPKI) {
+  bssl::UniquePtr<X509> cert(CertFromPEM(kRsaesOaepCertPEM));
+  ASSERT_TRUE(cert);
+
+  bssl::UniquePtr<EVP_PKEY> evp_pkey(X509_get_pubkey(cert.get()));
+  EXPECT_TRUE(evp_pkey);
+
+  bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(evp_pkey.get()));
+  EXPECT_TRUE(rsa);
+}
+
 // kLargeSerialPEM is a certificate with a large serial number.
 static const char kLargeSerialPEM[] = R"(
 -----BEGIN CERTIFICATE-----