Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Curve bits do not need to be a multiple of Keysize #63

Closed
BenderScript opened this issue Mar 22, 2019 · 1 comment · Fixed by #65
Closed

Curve bits do not need to be a multiple of Keysize #63

BenderScript opened this issue Mar 22, 2019 · 1 comment · Fixed by #65

Comments

@BenderScript
Copy link
Contributor

BenderScript commented Mar 22, 2019
edited

In sign/ecdsa.go there is a the following check:

	if curveBits != keysiz*8 {
		return nil, errors.New("key size does not match curve bit size")
	}

But this check is not ok. See for example https://tools.ietf.org/html/rfc7515 ECDSA P-521 SHA-512. The README says this algorithm is supported but it returns an error.

The code needs to account for such curves. Example solution: https://github.com/kelseyhightower/app/blob/master/vendor/github.com/dgrijalva/jwt-go/ecdsa.go

gopkg.in/square/go-jose.v2/cryptosigner/cryptosigner.go
@BenderScript BenderScript mentioned this issue Mar 26, 2019
Merged
@lestrrat
Copy link
Collaborator

man, really? I think I took that bit after studying square's JOSE library... (reads the link) Oh, they have a v2 now... I see. :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Curve bits do not need to be a multiple of Keysize
2 participants
@lestrrat @BenderScript