Skip to content

Commit

Permalink
Add missing RFC 8017 algorithm identifiers.
Browse files Browse the repository at this point in the history
  • Loading branch information
davidlehn committed Mar 17, 2022
1 parent 3f0b49a commit aa9372d
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 4 deletions.
12 changes: 9 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,17 @@ Forge ChangeLog
DER parsing may need to adapt to this new behavior and optional flag.
- [rsa] Add and use a validator to check for proper structure of parsed ASN.1
`RSASSA-PKCS-v1_5` `DigestInfo` data. Additionally check that the hash
algorithm identifier is a known value. An invalid `DigestInfo` or algorithm
identifier will now cause an error to be thrown.
algorithm identifier is a known value from RFC 8017
`PKCS1-v1-5DigestAlgorithms`. An invalid `DigestInfo` or algorithm identifier
will now cause an error to be thrown.

### Added
- [oid] Added `1.2.840.113549.2.2` / `md2` for hash algorithm checking.
- [oid] Added missing RFC 8017 PKCS1-v1-5DigestAlgorithms algorithm
identifiers:
- `1.2.840.113549.2.2` / `md2`
- `2.16.840.1.101.3.4.2.4` / `sha224`
- `2.16.840.1.101.3.4.2.5` / `sha512-224`
- `2.16.840.1.101.3.4.2.6` / `sha512-256`

## 1.2.1 - 2022-01-11

Expand Down
3 changes: 3 additions & 0 deletions lib/oids.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ _IN('1.3.14.3.2.29', 'sha1WithRSASignature');
_IN('2.16.840.1.101.3.4.2.1', 'sha256');
_IN('2.16.840.1.101.3.4.2.2', 'sha384');
_IN('2.16.840.1.101.3.4.2.3', 'sha512');
_IN('2.16.840.1.101.3.4.2.4', 'sha224');
_IN('2.16.840.1.101.3.4.2.5', 'sha512-224');
_IN('2.16.840.1.101.3.4.2.6', 'sha512-256');
_IN('1.2.840.113549.2.2', 'md2');
_IN('1.2.840.113549.2.5', 'md5');

Expand Down
6 changes: 5 additions & 1 deletion lib/rsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -1169,14 +1169,18 @@ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
throw error;
}
// check hash algorithm identifier
// see PKCS1-v1-5DigestAlgorithms in RFC 8017
// FIXME: add support to vaidator for strict value choices
var oid = asn1.derToOid(capture.algorithmIdentifier);
if(!(oid === forge.oids.md2 ||
oid === forge.oids.md5 ||
oid === forge.oids.sha1 ||
oid === forge.oids.sha224 ||
oid === forge.oids.sha256 ||
oid === forge.oids.sha384 ||
oid === forge.oids.sha512)) {
oid === forge.oids.sha512 ||
oid === forge.oids['sha512-224'] ||
oid === forge.oids['sha512-256'])) {
var error = new Error(
'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.');
error.oid = oid;
Expand Down

0 comments on commit aa9372d

Please sign in to comment.