Fix padding and unpadding when signing/verifying

seksu · May 24, 2018 · 974e92c · 974e92c
1 parent f4f28e4
commit 974e92c
Showing 1 changed file with 9 additions and 52 deletions.
diff --git a/lib/jsbn/rsa.ts b/lib/jsbn/rsa.ts
@@ -25,34 +25,18 @@ import {SecureRandom} from "./rng";
 //     return b.toString(16);
 // }
 
-// PKCS#1 (type 1) pad input string s to n bytes, and return a bigint
 function pkcs1pad1(s:string, n:number) {
-    if (n < s.length + 11) { // TODO: fix for utf-8
+    if (n < s.length + 22) {
         console.error("Message too long for RSA");
         return null;
     }
-    const ba = [];
-    let i = s.length - 1;
-    while (i >= 0 && n > 0) {
-        const c = s.charCodeAt(i--);
-        if (c < 128) { // encode using utf-8
-            ba[--n] = c;
-        } else if ((c > 127) && (c < 2048)) {
-            ba[--n] = (c & 63) | 128;
-            ba[--n] = (c >> 6) | 192;
-        } else {
-            ba[--n] = (c & 63) | 128;
-            ba[--n] = ((c >> 6) & 63) | 128;
-            ba[--n] = (c >> 12) | 224;
-        }
-    }
-    ba[--n] = 0;
-    while (n > 2) {
-        ba[--n] = 0xFF;
+    const len = n - s.length - 6;
+    let filler = "";
+    for (let f = 0; f < len; f += 2) {
+        filler += "ff";
     }
-    ba[--n] = 1;
-    ba[--n] = 0;
-    return new BigInteger(ba);
+    const m = "0001" + filler + "00" + s;
+    return parseBigInt(m, 16);
 }
 
 // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
@@ -306,7 +290,7 @@ export class RSAKey {
     public sign(text:string, digestMethod:(str:string) => string, digestName:string):string {
         const header = getDigestHeader(digestName);
         const digest = header + digestMethod(text).toString();
-        const m = pkcs1pad1(digest, (this.n.bitLength() + 7) >> 3);
+        const m = pkcs1pad1(digest, this.n.bitLength() / 4);
         if (m == null) {
             return null;
         }
@@ -328,7 +312,7 @@ export class RSAKey {
         if (m == null) {
             return null;
         }
-        const unpadded = pkcs1unpad1(m, (this.n.bitLength() + 7) >> 3);
+        const unpadded = m.toString(16).replace(/^1f+00/, "");
         const digest = removeDigestHeader(unpadded);
         return digest == digestMethod(text).toString();
     }
@@ -346,33 +330,6 @@ export class RSAKey {
 
 }
 
-// Undo PKCS#1 (type 1) padding and, if valid, return the plaintext
-function pkcs1unpad1(d:BigInteger, n:number):string {
-    const b = d.toByteArray();
-    let i = 0;
-    while (i < b.length && b[i] == 0) { ++i; }
-    if (b.length - i != n - 1 || b[i] != 1) {
-        return null;
-    }
-    ++i;
-    while (b[i] != 0) {
-        if (++i >= b.length) { return null; }
-    }
-    let ret = "";
-    while (++i < b.length) {
-        const c = b[i] & 255;
-        if (c < 128) { // utf-8 decode
-            ret += String.fromCharCode(c);
-        } else if ((c > 191) && (c < 224)) {
-            ret += String.fromCharCode(((c & 31) << 6) | (b[i + 1] & 63));
-            ++i;
-        } else {
-            ret += String.fromCharCode(((c & 15) << 12) | ((b[i + 1] & 63) << 6) | (b[i + 2] & 63));
-            i += 2;
-        }
-    }
-    return ret;
-}
 
 // Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext
 function pkcs1unpad2(d:BigInteger, n:number):string {