Merge pull request #58 from rzcoder/pss-fix

rzcoder · web-flow · commit c9e867c8159f · 2016-06-14T18:05:13.000+05:00
pss fixes
diff --git a/.travis.yml b/.travis.yml
@@ -3,8 +3,6 @@ node_js:
   - '0.10'
   - '0.12'
   - 'stable' 
-  - 'iojs-v1.3'
-  - 'iojs'
 
 sudo: false
 
diff --git a/README.md b/README.md
@@ -237,6 +237,9 @@ Questions, comments, bug reports, and pull requests are all welcome.
 
 ## Changelog
 
+### 0.3.3
+ * Fixed PSS encode/verify methods with max salt length.     
+
 ### 0.3.2
  * Fixed environment detection in web worker.
 
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "node-rsa",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "Node.js RSA library",
   "main": "src/NodeRSA.js",
   "scripts": {
diff --git a/src/schemes/pss.js b/src/schemes/pss.js
@@ -101,9 +101,9 @@ module.exports.makeScheme = function (key, options) {
             maskedDB[i] = DB[i] ^ dbMask[i];
         }
 
-        var bits = emBits - 8 * (emLen - 1);
-        var mask = 255 << 8 - bits >> 8 - bits;
-        maskedDB[0] &= ((maskedDB[0] ^ mask) & maskedDB[0]);
+        var bits = 8 * emLen - emBits;
+        var mask = 255 ^ (255 >> 8 - bits << 8 - bits);
+        maskedDB[0] = maskedDB[0] & mask;
 
         var EM = new Buffer(maskedDB.length + H.length + 1);
         maskedDB.copy(EM, 0);
@@ -153,15 +153,20 @@ module.exports.makeScheme = function (key, options) {
             DB[i] ^= dbMask[i];
         }
 
-        mask = 0;
-        for (i = 0, bits = emBits - 8 * (emLen - 1); i < bits; i++) {
+      /*  mask = 0;
+        var bits = emBits - 8 * (emLen - 1);
+        for (i = 0; i < bits; i++) {
             mask |= 1 << i;
         }
-        DB[0] &= mask;
+        DB[0] &= mask;*/
+
+        var bits = 8 * emLen - emBits;
+        var mask = 255 ^ (255 >> 8 - bits << 8 - bits);
+        DB[0] = DB[0] & mask;
 
         // Filter out padding
-        while (DB[i++] === 0 && i < DB.length);
-        if (DB[i - 1] != 1) {
+        for (i = 0; DB[i] === 0 && i < DB.length; i++);
+        if (DB[i] != 1) {
             return false;
         }
 
diff --git a/test/tests.js b/test/tests.js
@@ -2,6 +2,7 @@ var fs = require('fs');
 var assert = require('chai').assert;
 var _ = require('lodash');
 var NodeRSA = require('../src/NodeRSA');
+var OAEP = require('../src/schemes/oaep');
 
 describe('NodeRSA', function () {
     var keySizes = [
@@ -10,7 +11,8 @@ describe('NodeRSA', function () {
         {b: 512, e: 257},
         {b: 512, e: 65537},
         {b: 768}, // 'e' should be 65537
-        {b: 1024} // 'e' should be 65537
+        {b: 1024}, // 'e' should be 65537
+        {b: 2048} // 'e' should be 65537
     ];
 
     var environments = ['browser', 'node'];
@@ -151,6 +153,7 @@ describe('NodeRSA', function () {
             for (var size in keySizes) {
                 (function (size) {
                     it('should make key pair ' + size.b + '-bit length and public exponent is ' + (size.e ? size.e : size.e + ' and should be 65537'), function () {
+                        this.timeout(15000);
                         generatedKeys.push(new NodeRSA({b: size.b, e: size.e}, {encryptionScheme: 'pkcs1'}));
                         assert.instanceOf(generatedKeys[generatedKeys.length - 1].keyPair, Object);
                         assert.equal(generatedKeys[generatedKeys.length - 1].isEmpty(), false);
@@ -669,9 +672,6 @@ describe('NodeRSA', function () {
                                         });
 
                                         it('should verify ' + i, function () {
-                                            if (!key.verify(suit.data, signed[i])) {
-                                                key.verify(suit.data, signed[i]);
-                                            }
                                             assert(key.verify(suit.data, signed[i]));
                                         });
                                     })(i);
@@ -685,11 +685,20 @@ describe('NodeRSA', function () {
                                                 environment: env
                                             });
                                             var signed = key.sign('data');
-                                            if (!key.verify('data', signed)) {
-                                                key.verify('data', signed);
-                                            }
                                             assert(key.verify('data', signed));
                                         });
+
+                                        if (scheme === 'pss') {
+                                            it('signing with custom algorithm (' + alg + ') with max salt length', function () {
+                                                var a = alg.toLowerCase();
+                                                var key = new NodeRSA(generatedKeys[generatedKeys.length - 1].exportKey(), {
+                                                    signingScheme: { scheme: scheme, hash: a, saltLength: OAEP.digestLength[a] },
+                                                    environment: env
+                                                });
+                                                var signed = key.sign('data');
+                                                assert(key.verify('data', signed));
+                                            });
+                                        }
                                     })(signHashAlgorithms[env][alg]);
                                 }
                             });

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "node-rsa",`
`3`		`- "version": "0.3.2",`
	`3`	`+ "version": "0.3.3",`
`4`	`4`	`"description": "Node.js RSA library",`
`5`	`5`	`"main": "src/NodeRSA.js",`
`6`	`6`	`"scripts": {`