Commits on Jun 5, 2024

1. fix the encoding of ECDSA public keys with leading 00's …

   The public portion of an ECDSA public key has an 'x' and 'y' component.
   For a new account request that uses EAB token, this public key is added
   to the protected section of the JWS. When encoding the key, it's
   important to preserve all of the bytes in the different parts, even if
   they are zero bytes.
   
   The previous encoding would dump the key to hex and split the x and y
   component from those, then encode them into an OpenSSL bignum, then dump
   that bignum to bytes and urlsafe-base64 encode that. But OpenSSL's
   bignum does not track the number of input bytes, only the most compact
   representation of the number. This means that leading zero bytes are
   dropped when re-encoded into a byte array from the bignum.
   
   Pushing the 'x' and 'y' component through OpenSSL::BN is unecessary and
   avoids issues for ECDSA keys that are randomly generated with leading
   zeros. This can be demonstrated with the following code:
   
   irb> OpenSSL::BN.new("00FF", 16).to_s(2)
   => "\xFF"
   
   The test generates a key with a leading zero for the encoded 'x'
   component, then checks to make sure the JWS contains the corresponding
   0x00 bytes in the encoding for 'x'.

   

   benburkert committed Jun 5, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 35a9413
   • Browse repository at this point

   Copy the full SHA

   35a9413 View commit details

   Browse the repository at this point in the history