Skip to content

Commit 6cd9bdc

Browse files
panvatargos
panva
authored and
targos
committed
crypto: ensure documented RSA-PSS saltLength default is used
PR-URL: #60662 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
1 parent 5763c96 commit 6cd9bdc

File tree

2 files changed

+44
-1
lines changed

2 files changed

+44
-1
lines changed

lib/internal/crypto/sig.js

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ const {
5050
isArrayBufferView,
5151
} = require('internal/util/types');
5252

53+
const constants = internalBinding('constants').crypto;
54+
5355
function Sign(algorithm, options) {
5456
if (!(this instanceof Sign))
5557
return new Sign(algorithm, options);
@@ -85,7 +87,11 @@ function getPadding(options) {
8587
}
8688

8789
function getSaltLength(options) {
88-
return getIntOption('saltLength', options);
90+
let saltLength = getIntOption('saltLength', options);
91+
if (options.padding === constants.RSA_PKCS1_PSS_PADDING && saltLength === undefined) {
92+
saltLength = constants.RSA_PSS_SALTLEN_MAX_SIGN;
93+
}
94+
return saltLength;
8995
}
9096

9197
function getDSASignatureEncoding(options) {

test/parallel/test-crypto-rsa-pss-default-salt-length.js

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
'use strict';
2+
const common = require('../common');
3+
if (!common.hasCrypto)
4+
common.skip('missing crypto');
5+
6+
const assert = require('assert');
7+
const crypto = require('crypto');
8+
9+
const fixtures = require('../common/fixtures');
10+
11+
const privateKey = crypto.createPrivateKey(fixtures.readKey('rsa_private.pem', 'ascii'));
12+
const publicKey = crypto.createPublicKey(fixtures.readKey('rsa_public.pem', 'ascii'));
13+
14+
const data = crypto.randomBytes(32);
15+
16+
for (const digest of ['sha256', 'sha384', 'sha512']) {
17+
const hLen = crypto.hash(digest, data, 'buffer').byteLength;
18+
const maxSaltLength =
19+
privateKey.asymmetricKeyDetails.modulusLength / 8 - hLen - 2;
20+
21+
const sig = crypto.sign(digest, data, {
22+
key: privateKey,
23+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
24+
// No "saltLength" provided, documented default RSA_PSS_SALTLEN_MAX_SIGN expected
25+
});
26+
27+
assert.strictEqual(crypto.verify(
28+
digest,
29+
data,
30+
{
31+
key: publicKey,
32+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
33+
saltLength: maxSaltLength,
34+
},
35+
sig
36+
), true);
37+
}

0 commit comments

Comments
 (0)