coolaj86
/
keyfetch.js-ARCHIVED
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

v1.1.7: bugfix ecdsa signature padding

pull/1/head
AJ ONeal 5 years ago
parent
2c36227afd
commit
448b977963
2 changed files with 11 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      keyfetch.js
  2. 2
      package.json

16
keyfetch.js
View File

@ -260,7 +260,8 @@ keyfetch.verify = function (opts) {
return require('crypto')
.createVerify(alg)
.update(jwt.split('.')[0] + '.' + payload)
.verify(jwk.pem, sig, 'base64');
.verify(jwk.pem, sig, 'base64')
;
}
function convertIfEcdsa(header, b64sig) {
@ -272,7 +273,10 @@ keyfetch.verify = function (opts) {
var hlen = bufsig.byteLength / 2; // should be even
var r = bufsig.slice(0, hlen);
var s = bufsig.slice(hlen);
// pad ambiguously non-negative BigInts
// unpad positive ints less than 32 bytes wide
while (!r[0]) { r = r.slice(1); }
while (!s[0]) { s = s.slice(1); }
// pad (or re-pad) ambiguously non-negative BigInts to 33 bytes wide
if (0x80 & r[0]) { r = Buffer.concat([Buffer.from([0]), r]); }
if (0x80 & s[0]) { s = Buffer.concat([Buffer.from([0]), s]); }
@ -286,7 +290,7 @@ keyfetch.verify = function (opts) {
var buf = Buffer.concat([
Buffer.from(head)
, Buffer.from([0x02, r.byteLength]), r
, Buffer.from([0x02, r.byteLength]), s
, Buffer.from([0x02, s.byteLength]), s
]);
return buf.toString('base64')
@ -304,7 +308,7 @@ keyfetch.verify = function (opts) {
}
function verifyOne(jwk) {
if (verify(jwk, payload)) {
if (true === verify(jwk, payload)) {
return decoded;
}
throw new Error('token signature verification was unsuccessful');
@ -315,10 +319,10 @@ keyfetch.verify = function (opts) {
if (jwks.some(function (jwk) {
if (kid) {
if (kid !== jwk.kid && kid !== jwk.thumbprint) { return; }
if (verify(jwk, payload)) { return true; }
if (true === verify(jwk, payload)) { return true; }
throw new Error('token signature verification was unsuccessful');
} else {
if (verify(jwk, payload)) { return true; }
if (true === verify(jwk, payload)) { return true; }
}
})) {
return decoded;

2
package.json
View File

@ -29,5 +29,5 @@
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"version": "1.1.6"
"version": "1.1.7"
}

Write Preview
Loading…
Cancel
Save