1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
import { COSEALG, COSEKEYS, COSEPublicKeyRSA, isCOSEAlg } from '../../cose.ts';
import { mapCoseAlgToWebCryptoAlg } from './mapCoseAlgToWebCryptoAlg.ts';
import { importKey } from './importKey.ts';
import { isoBase64URL } from '../index.ts';
import { mapCoseAlgToWebCryptoKeyAlgName } from './mapCoseAlgToWebCryptoKeyAlgName.ts';
import { getWebCrypto } from './getWebCrypto.ts';
/**
* Verify a signature using an RSA public key
*/
export async function verifyRSA(opts: {
cosePublicKey: COSEPublicKeyRSA;
signature: Uint8Array;
data: Uint8Array;
shaHashOverride?: COSEALG;
}): Promise<boolean> {
const { cosePublicKey, signature, data, shaHashOverride } = opts;
const WebCrypto = await getWebCrypto();
const alg = cosePublicKey.get(COSEKEYS.alg);
const n = cosePublicKey.get(COSEKEYS.n);
const e = cosePublicKey.get(COSEKEYS.e);
if (!alg) {
throw new Error('Public key was missing alg (RSA)');
}
if (!isCOSEAlg(alg)) {
throw new Error(`Public key had invalid alg ${alg} (RSA)`);
}
if (!n) {
throw new Error('Public key was missing n (RSA)');
}
if (!e) {
throw new Error('Public key was missing e (RSA)');
}
const keyData: JsonWebKey = {
kty: 'RSA',
alg: '',
n: isoBase64URL.fromBuffer(n),
e: isoBase64URL.fromBuffer(e),
ext: false,
};
const keyAlgorithm = {
name: mapCoseAlgToWebCryptoKeyAlgName(alg),
hash: { name: mapCoseAlgToWebCryptoAlg(alg) },
};
const verifyAlgorithm: AlgorithmIdentifier | RsaPssParams = {
name: mapCoseAlgToWebCryptoKeyAlgName(alg),
};
if (shaHashOverride) {
keyAlgorithm.hash.name = mapCoseAlgToWebCryptoAlg(shaHashOverride);
}
if (keyAlgorithm.name === 'RSASSA-PKCS1-v1_5') {
if (keyAlgorithm.hash.name === 'SHA-256') {
keyData.alg = 'RS256';
} else if (keyAlgorithm.hash.name === 'SHA-384') {
keyData.alg = 'RS384';
} else if (keyAlgorithm.hash.name === 'SHA-512') {
keyData.alg = 'RS512';
} else if (keyAlgorithm.hash.name === 'SHA-1') {
keyData.alg = 'RS1';
}
} else if (keyAlgorithm.name === 'RSA-PSS') {
/**
* salt length. The default value is 20 but the convention is to use hLen, the length of the
* output of the hash function in bytes. A salt length of zero is permitted and will result in
* a deterministic signature value. The actual salt length used can be determined from the
* signature value.
*
* From https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html
*/
let saltLength = 0;
if (keyAlgorithm.hash.name === 'SHA-256') {
keyData.alg = 'PS256';
saltLength = 32; // 256 bits => 32 bytes
} else if (keyAlgorithm.hash.name === 'SHA-384') {
keyData.alg = 'PS384';
saltLength = 48; // 384 bits => 48 bytes
} else if (keyAlgorithm.hash.name === 'SHA-512') {
keyData.alg = 'PS512';
saltLength = 64; // 512 bits => 64 bytes
}
(verifyAlgorithm as RsaPssParams).saltLength = saltLength;
} else {
throw new Error(
`Unexpected RSA key algorithm ${alg} (${keyAlgorithm.name})`,
);
}
const key = await importKey({
keyData,
algorithm: keyAlgorithm,
});
return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
}
|
