Support .NET XML format RSA keys

Closes: #5
badkeys · Jan 31, 2025 · 6a6bc81 · 6a6bc81
1 parent 766309e
commit 6a6bc81
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/keyfinder.py b/keyfinder.py
@@ -36,7 +36,7 @@
 jrex_t = b'{[^{}]*"kty"[^}]*}'
 jrex = re.compile(jrex_t, flags=re.MULTILINE | re.DOTALL)
 
-xrex_t = b"(?=(<RSAKeyPair.*?</RSAKeyPair>))"
+xrex_t = b"(?=(<(?:RSAKeyPair|RSAKeyValue).*?</(?:RSAKeyPair|RSAKeyValue)>))"
 xrex = re.compile(xrex_t, flags=re.MULTILINE | re.DOTALL)
 
 DEFAULTUA = ("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
@@ -281,7 +281,8 @@ def getjwk(kstr):
     return False
 
 
-def getxkms(kstr):
+# Supports XKMS 2.0, XKMS draft version, .NET XML keys
+def getxmlkey(kstr):
     # remove draft-style namespaces
     xkstr = kstr.replace("ds:", "")
     try:
@@ -356,7 +357,7 @@ def findkeys(data, perr=None, usebk=False, verbose=False):
             if not ckey:
                 writeperr(perr, jkey, phash, verbose=verbose)
 
-    if b"<RSAKeyPair" in data:
+    if b"<RSAKeyPair" in data or b"<RSAKeyValue" in data:
         xkeys = xrex.findall(data)
         for xkey_b in xkeys:
             xkey = xkey_b.decode()
@@ -366,7 +367,7 @@ def findkeys(data, perr=None, usebk=False, verbose=False):
 
             for kfilter in kfilters:
                 xfkey = kfilter(xkey)
-                ckey = getxkms(xfkey)
+                ckey = getxmlkey(xfkey)
                 if ckey:
                     ckeys.append(ckey)
                     break

diff --git a/tests/data/valid/dotnet.xml b/tests/data/valid/dotnet.xml
@@ -0,0 +1,14 @@
+<!--
+  RFC 9500 example key converted to .NET XML key with ToXmlString()
+  spkisha256:9a9e5b0f404f4e2d4386e38b04ac91e535946dc2a7f8d84a31404b476e5c35e1
+-->
+<RSAKeyValue>
+  <Modulus>sNGDUqiPU9VRb0bCDno2fX3ois9UoBn23vV6ubRM7dsiQrG8oPsbXLgrMDYXamOQNWTexutB2y+Px4f05S4RSeMzR1cpc/Zgw8d8qeCCHCtpW+eunX0w9AeREPSKrm+LcC1HSykAgX8oZiSb7BKisZuCeEFoCPga4fz5t3eKYj8=</Modulus>
+  <Exponent>AQAB</Exponent>
+  <P>6dhuTcNKmFp+x1pvVKdc5FE55FJAs4arcR23kbzZhxihO68hjCRJNkZoB1bLUKbL7hWOJSFEmRIwHA1BSREYRQ==</P>
+  <Q>wZH6O1ULORp8sHKDdidyleYcZU8L7y9Y3OXJYqELfddfBgFUZeVQduRmJj7ryu0g0uurOTE+i8VnMg/ostxisw==</Q>
+  <DP>5zrgN3y4slYprq66D5c+v3WiLSc4W0z7Ees0raNz5aZxKDdQkOcAje6oxzkH6kREurQNzqFK16GoeNSSjdGdkQ==</DP>
+  <DQ>QZl5FhZyIT4Kt7l3N9mSiZ5cTTEGuF5xXRs6roQpYtJUT7KvqYCXTlOFEr0MJ89I6nIXquA3dCLIID0n/UWW5Q==</DQ>
+  <InverseQ>uZ1/j01NRV8fukYtmQouhIxCjB6+4B3AAYTIp2WDrTefaa2vVHVUMPY8QlPRu3jMm9IyZDQAgLhMGpF94Itu2w==</InverseQ>
+  <D>SC6fj6TkLfMNdYHLQqG9kOlPfys4fstarpZD7X+fUBJ/H/7y5DzeZLGCYAIU+QeAHWv6TfZIQjReW7Qy00RFJdgwFlTFRCsKXhG5x+IB+jL0Grr08KbgPPDgy4JmxirRHZVtU8lGbkiZX+omDIU28EHLNWL6rFEcTWao/tERspE=</D>
+</RSAKeyValue>