diff --git a/.travis.yml b/.travis.yml index 20482ef..ef90c34 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,8 +3,6 @@ node_js: - '0.10' - '0.12' - 'stable' - - 'iojs-v1.3' - - 'iojs' sudo: false diff --git a/README.md b/README.md index fd2e7ee..91e80d0 100644 --- a/README.md +++ b/README.md @@ -237,6 +237,9 @@ Questions, comments, bug reports, and pull requests are all welcome. ## Changelog +### 0.3.3 + * Fixed PSS encode/verify methods with max salt length. + ### 0.3.2 * Fixed environment detection in web worker. diff --git a/package.json b/package.json index c1dcc7f..2f32152 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "node-rsa", - "version": "0.3.2", + "version": "0.3.3", "description": "Node.js RSA library", "main": "src/NodeRSA.js", "scripts": { diff --git a/src/schemes/pss.js b/src/schemes/pss.js index 89b447a..c394f3c 100644 --- a/src/schemes/pss.js +++ b/src/schemes/pss.js @@ -101,9 +101,9 @@ module.exports.makeScheme = function (key, options) { maskedDB[i] = DB[i] ^ dbMask[i]; } - var bits = emBits - 8 * (emLen - 1); - var mask = 255 << 8 - bits >> 8 - bits; - maskedDB[0] &= ((maskedDB[0] ^ mask) & maskedDB[0]); + var bits = 8 * emLen - emBits; + var mask = 255 ^ (255 >> 8 - bits << 8 - bits); + maskedDB[0] = maskedDB[0] & mask; var EM = new Buffer(maskedDB.length + H.length + 1); maskedDB.copy(EM, 0); @@ -153,15 +153,20 @@ module.exports.makeScheme = function (key, options) { DB[i] ^= dbMask[i]; } - mask = 0; - for (i = 0, bits = emBits - 8 * (emLen - 1); i < bits; i++) { + /* mask = 0; + var bits = emBits - 8 * (emLen - 1); + for (i = 0; i < bits; i++) { mask |= 1 << i; } - DB[0] &= mask; + DB[0] &= mask;*/ + + var bits = 8 * emLen - emBits; + var mask = 255 ^ (255 >> 8 - bits << 8 - bits); + DB[0] = DB[0] & mask; // Filter out padding - while (DB[i++] === 0 && i < DB.length); - if (DB[i - 1] != 1) { + for (i = 0; DB[i] === 0 && i < DB.length; i++); + if (DB[i] != 1) { return false; } diff --git a/test/tests.js b/test/tests.js index 1bf0034..2059b87 100644 --- a/test/tests.js +++ b/test/tests.js @@ -2,6 +2,7 @@ var fs = require('fs'); var assert = require('chai').assert; var _ = require('lodash'); var NodeRSA = require('../src/NodeRSA'); +var OAEP = require('../src/schemes/oaep'); describe('NodeRSA', function () { var keySizes = [ @@ -10,7 +11,8 @@ describe('NodeRSA', function () { {b: 512, e: 257}, {b: 512, e: 65537}, {b: 768}, // 'e' should be 65537 - {b: 1024} // 'e' should be 65537 + {b: 1024}, // 'e' should be 65537 + {b: 2048} // 'e' should be 65537 ]; var environments = ['browser', 'node']; @@ -151,6 +153,7 @@ describe('NodeRSA', function () { for (var size in keySizes) { (function (size) { it('should make key pair ' + size.b + '-bit length and public exponent is ' + (size.e ? size.e : size.e + ' and should be 65537'), function () { + this.timeout(15000); generatedKeys.push(new NodeRSA({b: size.b, e: size.e}, {encryptionScheme: 'pkcs1'})); assert.instanceOf(generatedKeys[generatedKeys.length - 1].keyPair, Object); assert.equal(generatedKeys[generatedKeys.length - 1].isEmpty(), false); @@ -669,9 +672,6 @@ describe('NodeRSA', function () { }); it('should verify ' + i, function () { - if (!key.verify(suit.data, signed[i])) { - key.verify(suit.data, signed[i]); - } assert(key.verify(suit.data, signed[i])); }); })(i); @@ -685,11 +685,20 @@ describe('NodeRSA', function () { environment: env }); var signed = key.sign('data'); - if (!key.verify('data', signed)) { - key.verify('data', signed); - } assert(key.verify('data', signed)); }); + + if (scheme === 'pss') { + it('signing with custom algorithm (' + alg + ') with max salt length', function () { + var a = alg.toLowerCase(); + var key = new NodeRSA(generatedKeys[generatedKeys.length - 1].exportKey(), { + signingScheme: { scheme: scheme, hash: a, saltLength: OAEP.digestLength[a] }, + environment: env + }); + var signed = key.sign('data'); + assert(key.verify('data', signed)); + }); + } })(signHashAlgorithms[env][alg]); } });