Skip to content

Commit

Permalink
Allow optional DigestAlgorithm parameters.
Browse files Browse the repository at this point in the history
RFC 3447 and RFC 8017 allow for optional `DigestAlgorithm` `NULL`
parameters for `sha*` algorithms and require `NULL` paramters for `md2`
and `md5` algorithms.
  • Loading branch information
davidlehn committed Mar 30, 2022
1 parent 56f4316 commit 740954d
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 1 deletion.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
Forge ChangeLog
===============

## 1.3.1 - 2022-03-xx

### Fixes
- RFC 3447 and RFC 8017 allow for optional `DigestAlgorithm` `NULL` parameters
for `sha*` algorithms and require `NULL` paramters for `md2` and `md5`
algorithms.

## 1.3.0 - 2022-03-17

### Security
Expand Down
12 changes: 12 additions & 0 deletions lib/rsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,8 @@ var digestInfoValidator = {
name: 'DigestInfo.DigestAlgorithm.parameters',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.NULL,
// captured only to check existence for md2 and md5
capture: 'parameters',
optional: true,
constructed: false
}]
Expand Down Expand Up @@ -1188,6 +1190,16 @@ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
throw error;
}

// special check for md2 and md5 that NULL parameters exist
if(oid === forge.oids.md2 || oid === forge.oids.md5) {
if(!('parameters' in capture)) {
throw new Error(
'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +
'DigestInfo value. ' +
'Missing algorithm identifer NULL parameters.');
}
}

// compare the given digest to the decrypted one
return digest === capture.digest;
}
Expand Down
11 changes: 10 additions & 1 deletion tests/unit/rsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -845,6 +845,15 @@ var UTIL = require('../../lib/util');
/^Error: ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value.$/);
}

function _checkGoodDigestInfo(publicKey, S, skipTailingGarbage) {
var md = MD.sha256.create();
md.update(m);

ASSERT.ok(publicKey.verify(md.digest().getBytes(), S, undefined, {
_parseAllDigestBytes: !skipTailingGarbage
}));
}

it('should check DigestInfo structure', function() {
var publicKey = RSA.setPublicKey(N, e);
// 0xff bytes stolen from padding
Expand Down Expand Up @@ -904,7 +913,7 @@ var UTIL = require('../../lib/util');
'0bc1dd3f020cb1091af6b476416da3024ea046b09fbbbc4d2355da9a2bc6ddb9');

_checkBadTailingGarbage(publicKey, S);
_checkBadDigestInfo(publicKey, S, true);
_checkGoodDigestInfo(publicKey, S, true);
});

it('should check tailing garbage and DigestInfo [2]', function() {
Expand Down

0 comments on commit 740954d

Please # to comment.