anvilresearch / webcrypto

W3C Web Cryptography API for Node.js
MIT License
82 stars 14 forks source link

RSASSA-PKCS1-v1_5 sign error #76

Open kloepper opened 6 years ago

kloepper commented 6 years ago

I am not able to use RSASSA-PKCS1-v1_5 keys to sign data. I wrote up a simple test to demonstrate the issue:

https://github.com/kloepper/sign_test/blob/master/sign_test.js

The signTest() function works correctly in a browser.

The output from running ./sign_test.js:


    at RSASSA_PKCS1_v1_5.sign (/sign_test/node_modules/@trust/webcrypto/src/algorithms/RSASSA-PKCS1-v1_5.js:81:19)
    at Promise (/sign_test/node_modules/@trust/webcrypto/src/SubtleCrypto.js:115:40)
    at new Promise (<anonymous>)
    at SubtleCrypto.sign (/sign_test/node_modules/@trust/webcrypto/src/SubtleCrypto.js:106:12)
    at signTest (/sign_test/sign_test.js:12:41)
    at process._tickCallback (internal/process/next_tick.js:68:7)
    at Function.Module.runMain (internal/modules/cjs/loader.js:745:11)
    at startup (internal/bootstrap/node.js:236:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:560:3)```
kloepper commented 6 years ago

I have been following the examples here:

https://github.com/diafygi/webcrypto-examples#rsassa-pkcs1-v1_5---sign

After inspecting the code, I found a work around by calling sign() with the first argument of { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } } instead of simply "RSASSA-PKCS1-v1_5".

Is it possible that the change of behavior was introduced by this commit? https://github.com/anvilresearch/webcrypto/commit/ca5763352e2b73b8a14681f1637698cdeaafe6cc#diff-e6a8c985dc7a75d1c38ce1c93a2ffddc

thelunararmy commented 6 years ago

The #67 commit was a fix to an improper access of parameter from the initiated RSASSA_PKCS1_v1_5 class object, so this fix is working as intended. In terms of api call, both webcrypto and crypto requires the algorithm name be encapsulated as an object attribute, so {name: "RSASSA-PKCS1-v1_5"} should be the bare minimum required to instantiate a RSASSA_PKCS1_v1_5 object for signing purposes. Ideally this should have a hash attribute as well, but that is an acceptable omit.

certifirm commented 6 years ago

@kloepper Thanks a lot. I lost a lot of hours with this error.

Please, correct the example.