Merge pull request #90 from PeculiarVentures/rsa-pss-x509-fix

Fix RSA-PSS no-params URI support and deterministic key extraction for X509 verification

Author: microshine

package-lock.json

@@ -61,7 +61,7 @@
   "homepage": "https://github.com/PeculiarVentures/xmldsigjs/blob/master/packages/xmldsig/README.md",
   "dependencies": {
     "asn1js": "^3.0.6",
-    "pkijs": "^3.3.2",
+    "pkijs": "^3.4.0",
     "pvtsutils": "^1.3.6",
     "pvutils": "^1.1.3",
     "tslib": "^2.8.1",

packages/xmldsig/package.json

@@ -52,8 +52,19 @@ import {
   SHA384_NAMESPACE,
   Sha512,
   SHA512_NAMESPACE,
+
+  // RSA PSS with params
   RSA_PSS_WITH_PARAMS_NAMESPACE,
   RsaPssWithParams,
+  // RSA PSS without params
+  RSA_PSS_SHA1_NAMESPACE,
+  RSA_PSS_SHA256_NAMESPACE,
+  RSA_PSS_SHA384_NAMESPACE,
+  RSA_PSS_SHA512_NAMESPACE,
+  RsaPssWithoutParamsSha1,
+  RsaPssWithoutParamsSha256,
+  RsaPssWithoutParamsSha384,
+  RsaPssWithoutParamsSha512,
 } from './algorithms/index.js';
 
 // Register RSA PKCS1 algorithms
@@ -94,6 +105,23 @@ algorithmRegistry.set(RSA_PSS_WITH_PARAMS_NAMESPACE, {
   type: 'signature',
   algorithm: RsaPssWithParams,
 });
+// Register RSA PSS algorithms without params
+algorithmRegistry.set(RSA_PSS_SHA1_NAMESPACE, {
+  type: 'signature',
+  algorithm: RsaPssWithoutParamsSha1,
+});
+algorithmRegistry.set(RSA_PSS_SHA256_NAMESPACE, {
+  type: 'signature',
+  algorithm: RsaPssWithoutParamsSha256,
+});
+algorithmRegistry.set(RSA_PSS_SHA384_NAMESPACE, {
+  type: 'signature',
+  algorithm: RsaPssWithoutParamsSha384,
+});
+algorithmRegistry.set(RSA_PSS_SHA512_NAMESPACE, {
+  type: 'signature',
+  algorithm: RsaPssWithoutParamsSha512,
+});
 
 // ECDSA algorithms
 algorithmRegistry.set(ECDSA_SHA1_NAMESPACE, {

packages/xmldsig/src/algorithm.registry.ts

@@ -1,53 +1,69 @@
-import { SignatureAlgorithm } from '../algorithm.js';
+import { ISignatureAlgorithm, SignatureAlgorithm } from '../algorithm.js';
 import { SHA1, SHA256, SHA384, SHA512 } from './rsa_hash.js';
 import { RSA_PSS } from './rsa_pss_sign.js';
 
-// https://tools.ietf.org/html/rfc6931#section-2.3.10
-
 export const RSA_PSS_SHA1_NAMESPACE = 'http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1';
 export const RSA_PSS_SHA256_NAMESPACE = 'http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1';
 export const RSA_PSS_SHA384_NAMESPACE = 'http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1';
 export const RSA_PSS_SHA512_NAMESPACE = 'http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1';
 
+interface RsaPssWithoutParamsAlgorithm extends Algorithm {
+  name: typeof RSA_PSS;
+  hash: Algorithm;
+  saltLength: number;
+}
+
 export class RsaPssWithoutParamsBase extends SignatureAlgorithm {
-  public algorithm: any = {
+  // No-params URI variants are selected from SignatureMethod URI, not from Algorithm input.
+  public static fromAlgorithm(_alg: Algorithm): ISignatureAlgorithm | null {
+    return null;
+  }
+}
+
+export class RsaPssWithoutParamsSha1 extends RsaPssWithoutParamsBase {
+  public algorithm: RsaPssWithoutParamsAlgorithm = {
     name: RSA_PSS,
     hash: {
       name: SHA1,
     },
+    saltLength: 20,
   };
 
   public namespaceURI = RSA_PSS_SHA1_NAMESPACE;
 }
 
-export class RsaPssWithoutParamsSha1 extends RsaPssWithoutParamsBase {
-  constructor() {
-    super();
-    this.algorithm.hash.name = SHA1;
-    this.algorithm.saltLength = 20;
-  }
-}
-
 export class RsaPssWithoutParamsSha256 extends RsaPssWithoutParamsBase {
-  constructor() {
-    super();
-    this.algorithm.hash.name = SHA256;
-    this.algorithm.saltLength = 32;
-  }
+  public algorithm: RsaPssWithoutParamsAlgorithm = {
+    name: RSA_PSS,
+    hash: {
+      name: SHA256,
+    },
+    saltLength: 32,
+  };
+
+  public namespaceURI = RSA_PSS_SHA256_NAMESPACE;
 }
 
 export class RsaPssWithoutParamsSha384 extends RsaPssWithoutParamsBase {
-  constructor() {
-    super();
-    this.algorithm.hash.name = SHA384;
-    this.algorithm.saltLength = 48;
-  }
+  public algorithm: RsaPssWithoutParamsAlgorithm = {
+    name: RSA_PSS,
+    hash: {
+      name: SHA384,
+    },
+    saltLength: 48,
+  };
+
+  public namespaceURI = RSA_PSS_SHA384_NAMESPACE;
 }
 
 export class RsaPssWithoutParamsSha512 extends RsaPssWithoutParamsBase {
-  constructor() {
-    super();
-    this.algorithm.hash.name = SHA512;
-    this.algorithm.saltLength = 64;
-  }
+  public algorithm: RsaPssWithoutParamsAlgorithm = {
+    name: RSA_PSS,
+    hash: {
+      name: SHA512,
+    },
+    saltLength: 64,
+  };
+
+  public namespaceURI = RSA_PSS_SHA512_NAMESPACE;
 }

packages/xmldsig/src/algorithms/rsa_pss_without_params_sign.ts

@@ -0,0 +1,90 @@
+import { describe, it, assert } from 'vitest';
+import '../test/config.js';
+import * as xmldsig from './index.js';
+
+class TestSignedXml extends xmldsig.SignedXml {
+  public getPublicKeys(): Promise<CryptoKey[]> {
+    return this.GetPublicKeys();
+  }
+}
+
+function createSignedXmlWithMethod(method: xmldsig.SignatureMethod): TestSignedXml {
+  const doc = xmldsig.Parse('<root xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />');
+  const signedXml = new TestSignedXml(doc);
+  signedXml.XmlSignature.SignedInfo.SignatureMethod = method;
+  return signedXml;
+}
+
+async function createRsaPssPublicKey(): Promise<CryptoKey> {
+  const keyPair = (await xmldsig.Application.crypto.subtle.generateKey(
+    {
+      name: 'RSA-PSS',
+      hash: 'SHA-256',
+      modulusLength: 2048,
+      publicExponent: new Uint8Array([1, 0, 1]),
+    },
+    true,
+    ['sign', 'verify'],
+  )) as CryptoKeyPair;
+
+  return keyPair.publicKey;
+}
+
+function addX509ExportStub(signedXml: xmldsig.SignedXml, publicKey: CryptoKey) {
+  let seenAlgorithm: Algorithm | undefined;
+  const cert = {
+    exportKey: async (alg?: Algorithm) => {
+      seenAlgorithm = alg;
+      return publicKey;
+    },
+  } as xmldsig.X509Certificate;
+
+  const x509Data = new xmldsig.KeyInfoX509Data();
+  x509Data.AddCertificate(cert);
+  signedXml.XmlSignature.KeyInfo.Add(x509Data);
+
+  return (): Algorithm | undefined => seenAlgorithm;
+}
+
+describe('SignedXml', () => {
+  describe('GetPublicKeys', () => {
+    it('passes the resolved signature algorithm to X509 certificate export', async () => {
+      const algorithm = { name: 'RSA-PSS', hash: { name: 'SHA-256' }, saltLength: 32 } as Algorithm;
+      const signatureAlgorithm = xmldsig.CryptoConfig.GetSignatureAlgorithm(algorithm);
+      const method = xmldsig.CryptoConfig.CreateSignatureMethod(signatureAlgorithm);
+      const signedXml = createSignedXmlWithMethod(method);
+      const publicKey = await createRsaPssPublicKey();
+      const getSeenAlgorithm = addX509ExportStub(signedXml, publicKey);
+
+      const keys = await signedXml.getPublicKeys();
+      const seenAlgorithm = getSeenAlgorithm();
+
+      assert.equal(keys.length, 1);
+      assert.equal(seenAlgorithm?.name, 'RSA-PSS');
+      assert.equal((seenAlgorithm as RsaHashedImportParams).hash.name, 'SHA-256');
+      assert.equal((seenAlgorithm as RsaPssParams).saltLength, 32);
+    });
+
+    it('supports RSA-PSS no-params URI (sha256-rsa-MGF1) for X509 certificate export', async () => {
+      const method = xmldsig.CryptoConfig.CreateSignatureMethod(
+        new xmldsig.RsaPssWithoutParamsSha256(),
+      );
+      const signedXml = createSignedXmlWithMethod(method);
+      const publicKey = await createRsaPssPublicKey();
+      const getSeenAlgorithm = addX509ExportStub(signedXml, publicKey);
+
+      const keys = await signedXml.getPublicKeys();
+      const seenAlgorithm = getSeenAlgorithm();
+
+      assert.equal(keys.length, 1);
+      assert.equal(
+        signedXml.XmlSignature.SignedInfo.SignatureMethod.Algorithm,
+        xmldsig.RSA_PSS_SHA256_NAMESPACE,
+      );
+      assert.equal(signedXml.XmlSignature.SignedInfo.SignatureMethod.Any.Count, 0);
+      assert.equal(seenAlgorithm?.name, 'RSA-PSS');
+      assert.equal((seenAlgorithm as RsaHashedImportParams).hash.name, 'SHA-256');
+      assert.equal((seenAlgorithm as RsaPssParams).saltLength, 32);
+    });
+  });
+});

packages/xmldsig/src/signed_xml.spec.ts

@@ -286,11 +286,11 @@ export class SignedXml implements IXmlSerializable {
     for (const kic of this.XmlSignature.KeyInfo.GetIterator()) {
       if (kic instanceof KeyInfos.KeyInfoX509Data) {
         for (const cert of kic.Certificates) {
-          const key = await cert.exportKey();
+          const key = await cert.exportKey(alg.algorithm);
           keys.push(key);
         }
       } else {
-        const key = await kic.exportKey();
+        const key = await kic.exportKey(alg.algorithm);
         keys.push(key);
       }
     }

packages/xmldsig/src/signed_xml.ts

@@ -111,4 +111,63 @@ describe('RSA-PSS', () => {
       });
     });
   });
+
+  describe('No params URI', () => {
+    const vectors = [
+      {
+        hash: 'SHA-1',
+        saltLength: 20,
+        namespace: xmldsig.RSA_PSS_SHA1_NAMESPACE,
+        algorithm: xmldsig.RsaPssWithoutParamsSha1,
+      },
+      {
+        hash: 'SHA-256',
+        saltLength: 32,
+        namespace: xmldsig.RSA_PSS_SHA256_NAMESPACE,
+        algorithm: xmldsig.RsaPssWithoutParamsSha256,
+      },
+      {
+        hash: 'SHA-384',
+        saltLength: 48,
+        namespace: xmldsig.RSA_PSS_SHA384_NAMESPACE,
+        algorithm: xmldsig.RsaPssWithoutParamsSha384,
+      },
+      {
+        hash: 'SHA-512',
+        saltLength: 64,
+        namespace: xmldsig.RSA_PSS_SHA512_NAMESPACE,
+        algorithm: xmldsig.RsaPssWithoutParamsSha512,
+      },
+    ] as const;
+
+    vectors.forEach((vector) => {
+      it(`resolves ${vector.hash} namespace and signs/verifies`, async () => {
+        const method = xmldsig.CryptoConfig.CreateSignatureMethod(new vector.algorithm());
+        assert.equal(method.Algorithm, vector.namespace);
+        assert.equal(method.Any.Count, 0);
+
+        const resolved = xmldsig.CryptoConfig.CreateSignatureAlgorithm(method);
+        assert.equal(resolved.algorithm.name, 'RSA-PSS');
+        assert.equal((resolved.algorithm as RsaHashedImportParams).hash.name, vector.hash);
+        assert.equal((resolved.algorithm as RsaPssParams).saltLength, vector.saltLength);
+
+        const algorithm = new vector.algorithm();
+        const data = '<SignedInfo />';
+        const keys = (await xmldsig.Application.crypto.subtle.generateKey(
+          {
+            name: 'RSA-PSS',
+            hash: vector.hash,
+            modulusLength: 2048,
+            publicExponent: new Uint8Array([1, 0, 1]),
+          },
+          true,
+          ['sign', 'verify'],
+        )) as Required<CryptoKeyPair>;
+
+        const signature = await algorithm.Sign(data, keys.privateKey, algorithm.algorithm);
+        const ok = await algorithm.Verify(data, keys.publicKey, new Uint8Array(signature));
+        assert.equal(ok, true);
+      });
+    });
+  });
 });