From f7d69b4c023fcd4e7158b27e46b8018f41891bee Mon Sep 17 00:00:00 2001
From: Chris Toshok <toshok@hound.sh>
Date: Thu, 30 May 2019 12:35:16 -0700
Subject: [PATCH] add http://www.w3.org/2001/04/xmlenc#rsa-1_5 support

---
 types/encrypted_key.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/types/encrypted_key.go b/types/encrypted_key.go
index dde68a8..617a1f7 100644
--- a/types/encrypted_key.go
+++ b/types/encrypted_key.go
@@ -41,6 +41,7 @@ type DigestMethod struct {
 const (
 	MethodRSAOAEP  = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
 	MethodRSAOAEP2 = "http://www.w3.org/2009/xmlenc11#rsa-oaep"
+	MethodRSA1_5   = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
 )
 
 //Well-known private key encryption methods
@@ -131,6 +132,18 @@ func (ek *EncryptedKey) DecryptSymmetricKey(cert *tls.Certificate) (cipher.Block
 				return nil, err
 			}
 
+			return b, nil
+		case MethodRSA1_5:
+			pt, err := rsa.DecryptPKCS1v15(rand.Reader, pk, cipherText)
+			if err != nil {
+				return nil, fmt.Errorf("rsa internal error: %v", err)
+			}
+
+			b, err := aes.NewCipher(pt)
+			if err != nil {
+				return nil, err
+			}
+
 			return b, nil
 		default:
 			return nil, fmt.Errorf("unsupported encryption algorithm: %s", ek.EncryptionMethod.Algorithm)