search

MicahParks / jwkset

A JWK and JWK Set implementation. An auto-caching JWK Set HTTP client is provided. Generate, validate, and inspect JWKs. Self-host this project's website: https://jwkset.com
https://jwkset.com
Apache License 2.0
35 stars 12 forks source link

Required leading zeros in ECDSA keys #19

Closed MicahParks closed 8 months ago

MicahParks commented 8 months ago

The purpose of this pull request is to add leading zeros to ECDSA key parameters where required to meet the below RFC requirements:

For "x" and "y":

The length of this octet string MUST be the full size of a coordinate for the curve specified in the "crv" parameter. For example, if the value of "crv" is "P-521", the octet string must be 66 octets long.

For "d":

The length of this octet string MUST be ceiling(log-base-2(n)/8) octets (where n is the order of the curve).

This is to bring the project into RFC compliance with RFC 7518 Section 6.2.1.2, 6.2.1.3, and 6.2.2.1.

The know effects of this bug are:

  1. Producing RFC incompatible JWK parameters when JSON marshaling ECDSA keys where "x", "y", or "d" values do not use the same number of octets as the curve's.
  2. Failing to process correctly formatted ECDSA keys with this condition due to validation requiring exact matches.
raskad commented 8 months ago

I just checked a key that was previously failing the validation. It's working as expected on this branch. Thank you for working on this :)