foster/deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-03-03 17:34:47 -05:00
Code Issues Packages 1 Wiki Activity

fix(crypto): hash input for RSASSA-PKCS1-v1_5 before signing (#11314)

Browse source
This commit is contained in:
Divy Srivastava 2021-07-07 20:03:58 +05:30 committed by GitHub
parent b091b8fefb
commit e3a4e9cf11
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 75 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
cli/tests/unit/webcrypto_test.ts
View file

@ -56,3 +56,36 @@ unitTest(async function testSignECDSA() {
assert(signature); assert(signature);
}); });
// https://github.com/denoland/deno/issues/11313
unitTest(async function testSignRSASSAKey() {
const subtle = window.crypto.subtle;
assert(subtle);
const keyPair = await subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["sign", "verify"],
);
assert(keyPair.privateKey);
assert(keyPair.publicKey);
assertEquals(keyPair.privateKey.extractable, true);
assert(keyPair.privateKey.usages.includes("sign"));
const encoder = new TextEncoder();
const encoded = encoder.encode("Hello, World!");
const signature = await window.crypto.subtle.sign(
{ name: "RSASSA-PKCS1-v1_5" },
keyPair.privateKey,
encoded,
);
assert(signature);
});

40
extensions/crypto/lib.rs
View file

@ -246,25 +246,53 @@ pub async fn op_crypto_sign_key(
let signature = match algorithm { let signature = match algorithm {
Algorithm::RsassaPkcs1v15 => { Algorithm::RsassaPkcs1v15 => {
let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?; let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?;
let padding = match args let (padding, hashed) = match args
.hash .hash
.ok_or_else(|| type_error("Missing argument hash".to_string()))? .ok_or_else(|| type_error("Missing argument hash".to_string()))?
{ {
CryptoHash::Sha1 => PaddingScheme::PKCS1v15Sign { CryptoHash::Sha1 => {
let mut hasher = Sha1::new();
hasher.update(&data);
(
PaddingScheme::PKCS1v15Sign {
hash: Some(rsa::hash::Hash::SHA1), hash: Some(rsa::hash::Hash::SHA1),
}, },
CryptoHash::Sha256 => PaddingScheme::PKCS1v15Sign { hasher.finalize()[..].to_vec(),
)
}
CryptoHash::Sha256 => {
let mut hasher = Sha256::new();
hasher.update(&data);
(
PaddingScheme::PKCS1v15Sign {
hash: Some(rsa::hash::Hash::SHA2_256), hash: Some(rsa::hash::Hash::SHA2_256),
}, },
CryptoHash::Sha384 => PaddingScheme::PKCS1v15Sign { hasher.finalize()[..].to_vec(),
)
}
CryptoHash::Sha384 => {
let mut hasher = Sha384::new();
hasher.update(&data);
(
PaddingScheme::PKCS1v15Sign {
hash: Some(rsa::hash::Hash::SHA2_384), hash: Some(rsa::hash::Hash::SHA2_384),
}, },
CryptoHash::Sha512 => PaddingScheme::PKCS1v15Sign { hasher.finalize()[..].to_vec(),
)
}
CryptoHash::Sha512 => {
let mut hasher = Sha512::new();
hasher.update(&data);
(
PaddingScheme::PKCS1v15Sign {
hash: Some(rsa::hash::Hash::SHA2_512), hash: Some(rsa::hash::Hash::SHA2_512),
}, },
hasher.finalize()[..].to_vec(),
)
}
}; };
private_key.sign(padding, &data)? private_key.sign(padding, &hashed)?
} }
Algorithm::RsaPss => { Algorithm::RsaPss => {
let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?; let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?;