coolaj86
/
keyfetch.js-ARCHIVED
1
0
Fork 0
Código Incidencias Pull Requests Lanzamientos Wiki Actividad

v1.1.7: bugfix ecdsa signature padding

Este commit está contenido en:
AJ ONeal 2019-03-08 19:15:24 -07:00
padre 2c36227afd
commit 448b977963
Se han modificado 2 ficheros con 11 adiciones y 7 borrados
Mostrar estadísticas Descargar archivo de parche Descargar archivo de diferencias Expandir todos los archivos Contraer todos los archivos

16
keyfetch.js
Ver fichero

@ -260,7 +260,8 @@ keyfetch.verify = function (opts) {
return require('crypto') return require('crypto')
.createVerify(alg) .createVerify(alg)
.update(jwt.split('.')[0] + '.' + payload) .update(jwt.split('.')[0] + '.' + payload)
.verify(jwk.pem, sig, 'base64'); .verify(jwk.pem, sig, 'base64')
;
} }
function convertIfEcdsa(header, b64sig) { function convertIfEcdsa(header, b64sig) {
@ -272,7 +273,10 @@ keyfetch.verify = function (opts) {
var hlen = bufsig.byteLength / 2; // should be even var hlen = bufsig.byteLength / 2; // should be even
var r = bufsig.slice(0, hlen); var r = bufsig.slice(0, hlen);
var s = bufsig.slice(hlen); var s = bufsig.slice(hlen);
// pad ambiguously non-negative BigInts // unpad positive ints less than 32 bytes wide
while (!r[0]) { r = r.slice(1); }
while (!s[0]) { s = s.slice(1); }
// pad (or re-pad) ambiguously non-negative BigInts to 33 bytes wide
if (0x80 & r[0]) { r = Buffer.concat([Buffer.from([0]), r]); } if (0x80 & r[0]) { r = Buffer.concat([Buffer.from([0]), r]); }
if (0x80 & s[0]) { s = Buffer.concat([Buffer.from([0]), s]); } if (0x80 & s[0]) { s = Buffer.concat([Buffer.from([0]), s]); }
@ -286,7 +290,7 @@ keyfetch.verify = function (opts) {
var buf = Buffer.concat([ var buf = Buffer.concat([
Buffer.from(head) Buffer.from(head)
, Buffer.from([0x02, r.byteLength]), r , Buffer.from([0x02, r.byteLength]), r
, Buffer.from([0x02, r.byteLength]), s , Buffer.from([0x02, s.byteLength]), s
]); ]);
return buf.toString('base64') return buf.toString('base64')
@ -304,7 +308,7 @@ keyfetch.verify = function (opts) {
} }
function verifyOne(jwk) { function verifyOne(jwk) {
if (verify(jwk, payload)) { if (true === verify(jwk, payload)) {
return decoded; return decoded;
} }
throw new Error('token signature verification was unsuccessful'); throw new Error('token signature verification was unsuccessful');
@ -315,10 +319,10 @@ keyfetch.verify = function (opts) {
if (jwks.some(function (jwk) { if (jwks.some(function (jwk) {
if (kid) { if (kid) {
if (kid !== jwk.kid && kid !== jwk.thumbprint) { return; } if (kid !== jwk.kid && kid !== jwk.thumbprint) { return; }
if (verify(jwk, payload)) { return true; } if (true === verify(jwk, payload)) { return true; }
throw new Error('token signature verification was unsuccessful'); throw new Error('token signature verification was unsuccessful');
} else { } else {
if (verify(jwk, payload)) { return true; } if (true === verify(jwk, payload)) { return true; }
} }
})) { })) {
return decoded; return decoded;

2
package.json
Ver fichero

@ -29,5 +29,5 @@
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"version": "1.1.6" "version": "1.1.7"
} }