diff options
| author | Nicholas Rodrigues Lordello <n@lordello.net> | 2024-07-20 00:59:49 +0200 |
|---|---|---|
| committer | Nicholas Rodrigues Lordello <n@lordello.net> | 2024-07-20 00:59:49 +0200 |
| commit | 6e56a1c15159da6f8baef5ac949d439702d162f8 (patch) | |
| tree | 67f19f5c75b1ac7a94642cf1949e6a85a6b53ac2 | |
| parent | 2e96308459ce29c23fd2c5ce3e203e00e9e0e061 (diff) | |
Stricter Leading 0 Checks
| -rw-r--r-- | packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts | 2 | ||||
| -rw-r--r-- | packages/server/src/helpers/iso/isoCrypto/verify.ts | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts b/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts index 94bb202..6021853 100644 --- a/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts +++ b/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts @@ -56,7 +56,7 @@ function toNormalizedBytes(i: ArrayBuffer, n: number): Uint8Array { const normalizedBytes = new Uint8Array(n); if (iBytes.length <= n) { normalizedBytes.set(iBytes, n - iBytes.length); - } else if (iBytes.length === n + 1 && iBytes[0] === 0) { + } else if (iBytes.length === n + 1 && iBytes[0] === 0 && (iBytes[1] & 0x80) === 0x80) { normalizedBytes.set(iBytes.slice(1)); } else { throw new Error("invalid signature component length"); diff --git a/packages/server/src/helpers/iso/isoCrypto/verify.ts b/packages/server/src/helpers/iso/isoCrypto/verify.ts index 79a07f9..4a3e81f 100644 --- a/packages/server/src/helpers/iso/isoCrypto/verify.ts +++ b/packages/server/src/helpers/iso/isoCrypto/verify.ts @@ -26,7 +26,7 @@ export function verify(opts: { if (isCOSEPublicKeyEC2(cosePublicKey)) { const crv = cosePublicKey.get(COSEKEYS.crv); if (!isCOSECrv(crv)) { - throw new Error("unknown COSE curve"); + throw new Error(`unknown COSE curve ${crv}`); } const unwrappedSignature = unwrapEC2Signature(signature, crv); return verifyEC2({ |