Browse Source

v1.2.12: fix EC sig padding issues

tags/v1.2.12
AJ ONeal 8 months ago
parent
commit
3c84a7e1bd
2 changed files with 22 additions and 16 deletions
  1. 21
    15
      keypairs.js
  2. 1
    1
      package.json

+ 21
- 15
keypairs.js View File

@@ -237,7 +237,7 @@ Keypairs.signJws = function (opts) {
237 237
         .update(protect ? (protected64 + "." + payload64) : payload64)
238 238
         .sign(pem)
239 239
       ;
240
-      if (!opts.jwk || 'RSA' !== opts.jwk.kty) {
240
+      if ('EC' === opts.jwk.kty) {
241 241
         // ECDSA JWT signatures differ from "normal" ECDSA signatures
242 242
         // https://tools.ietf.org/html/rfc7518#section-3.4
243 243
         binsig = convertIfEcdsa(binsig);
@@ -259,31 +259,37 @@ Keypairs.signJws = function (opts) {
259 259
 
260 260
     function convertIfEcdsa(binsig) {
261 261
       // should have asn1 sequence header of 0x30
262
-      if (0x30 !== binsig[0]) { return binsig; }
262
+      if (0x30 !== binsig[0]) { throw new Error("Impossible EC SHA head marker"); }
263 263
       var index = 2; // first ecdsa "R" header byte
264 264
       var len = binsig[1];
265 265
       var lenlen = 0;
266 266
       // Seek length of length if length is greater than 127 (i.e. two 512-bit / 64-byte R and S values)
267 267
       if (0x80 & len) {
268
-        lenlen = len - 0x80;
269
-        // the length of the signature won't be over 256 bytes (2048 bits) for many years yet
270
-        if (1 !== lenlen) { return binsig; }
271
-        // the length is this number
272
-        len = binsig[2];
268
+        lenlen = len - 0x80; // should be exactly 1
269
+        len = binsig[2]; // should be <= 130 (two 64-bit SHA-512s, plus padding)
273 270
         index += lenlen;
274 271
       }
275
-      // should have bigint header of 0x02 followd by a single byte of length
276
-      if (0x02 !== binsig[index]) { return binsig; }
272
+      // should be of BigInt type
273
+      if (0x02 !== binsig[index]) { throw new Error("Impossible EC SHA R marker"); }
277 274
       index += 1;
275
+
278 276
       var rlen = binsig[index];
279
-      var r = binsig.slice(index + 1, index + 1 + rlen);
277
+      var bits = 32;
278
+      if (rlen > 49) {
279
+        bits = 64;
280
+      } else if (rlen > 33) {
281
+        bits = 48;
282
+      }
283
+      var r = binsig.slice(index + 1, index + 1 + rlen).toString('hex');
280 284
       var slen = binsig[index + 1 + rlen + 1]; // skip header and read length
281
-      var s = binsig.slice(index + 1 + rlen + 1 + 1);
282
-      if (slen !== s.byteLength) { return binsig; }
285
+      var s = binsig.slice(index + 1 + rlen + 1 + 1).toString('hex');
286
+      if (2 *slen !== s.length) { throw new Error("Impossible EC SHA S length"); }
283 287
       // There may be one byte of padding on either
284
-      if (33 === r.byteLength) { r = r.slice(1); }
285
-      if (33 === s.byteLength) { s = s.slice(1); }
286
-      return Buffer.concat([r, s]);
288
+      while (r.length < 2*bits) { r = '00' + r; }
289
+      while (s.length < 2*bits) { s = '00' + s; }
290
+      if (2*(bits+1) === r.length) { r = r.slice(2); }
291
+      if (2*(bits+1) === s.length) { s = s.slice(2); }
292
+      return Buffer.concat([Buffer.from(r, 'hex'), Buffer.from(s, 'hex')]);
287 293
     }
288 294
 
289 295
     if (opts.pem && opts.jwk) {

+ 1
- 1
package.json View File

@@ -1,6 +1,6 @@
1 1
 {
2 2
   "name": "keypairs",
3
-  "version": "1.2.11",
3
+  "version": "1.2.12",
4 4
   "description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM",
5 5
   "main": "keypairs.js",
6 6
   "files": [

Loading…
Cancel
Save