1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
import { WebCrypto } from "../../../deps.ts";
import { COSEALG, COSEKEYS, COSEPublicKeyRSA, isCOSEAlg } from "../../cose.ts";
import { mapCoseAlgToWebCryptoAlg } from "./mapCoseAlgToWebCryptoAlg.ts";
import { importKey } from "./importKey.ts";
import { isoBase64URL } from "../index.ts";
import { mapCoseAlgToWebCryptoKeyAlgName } from "./mapCoseAlgToWebCryptoKeyAlgName.ts";
import { getWebCrypto } from "./getWebCrypto.ts";
/**
* Verify a signature using an RSA public key
*/
export async function verifyRSA(opts: {
cosePublicKey: COSEPublicKeyRSA;
signature: Uint8Array;
data: Uint8Array;
shaHashOverride?: COSEALG;
}): Promise<boolean> {
const { cosePublicKey, signature, data, shaHashOverride } = opts;
const WebCrypto = await getWebCrypto();
const alg = cosePublicKey.get(COSEKEYS.alg);
const n = cosePublicKey.get(COSEKEYS.n);
const e = cosePublicKey.get(COSEKEYS.e);
if (!alg) {
throw new Error("Public key was missing alg (RSA)");
}
if (!isCOSEAlg(alg)) {
throw new Error(`Public key had invalid alg ${alg} (RSA)`);
}
if (!n) {
throw new Error("Public key was missing n (RSA)");
}
if (!e) {
throw new Error("Public key was missing e (RSA)");
}
const keyData: JsonWebKey = {
kty: "RSA",
alg: "",
n: isoBase64URL.fromBuffer(n),
e: isoBase64URL.fromBuffer(e),
ext: false,
};
const keyAlgorithm = {
name: mapCoseAlgToWebCryptoKeyAlgName(alg),
hash: { name: mapCoseAlgToWebCryptoAlg(alg) },
};
const verifyAlgorithm: AlgorithmIdentifier | RsaPssParams = {
name: mapCoseAlgToWebCryptoKeyAlgName(alg),
};
if (shaHashOverride) {
keyAlgorithm.hash.name = mapCoseAlgToWebCryptoAlg(shaHashOverride);
}
if (keyAlgorithm.name === "RSASSA-PKCS1-v1_5") {
if (keyAlgorithm.hash.name === "SHA-256") {
keyData.alg = "RS256";
} else if (keyAlgorithm.hash.name === "SHA-384") {
keyData.alg = "RS384";
} else if (keyAlgorithm.hash.name === "SHA-512") {
keyData.alg = "RS512";
} else if (keyAlgorithm.hash.name === "SHA-1") {
keyData.alg = "RS1";
}
} else if (keyAlgorithm.name === "RSA-PSS") {
/**
* salt length. The default value is 20 but the convention is to use hLen, the length of the
* output of the hash function in bytes. A salt length of zero is permitted and will result in
* a deterministic signature value. The actual salt length used can be determined from the
* signature value.
*
* From https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html
*/
let saltLength = 0;
if (keyAlgorithm.hash.name === "SHA-256") {
keyData.alg = "PS256";
saltLength = 32; // 256 bits => 32 bytes
} else if (keyAlgorithm.hash.name === "SHA-384") {
keyData.alg = "PS384";
saltLength = 48; // 384 bits => 48 bytes
} else if (keyAlgorithm.hash.name === "SHA-512") {
keyData.alg = "PS512";
saltLength = 64; // 512 bits => 64 bytes
}
(verifyAlgorithm as RsaPssParams).saltLength = saltLength;
} else {
throw new Error(
`Unexpected RSA key algorithm ${alg} (${keyAlgorithm.name})`,
);
}
const key = await importKey({
keyData,
algorithm: keyAlgorithm,
});
return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
}
|
