Skip to content

Commit ebc634c

Browse files
peacekeeperpeacekeeper
committed
Improve length checking
1 parent a304bb0 commit ebc634c

File tree

2 files changed

+23
-13
lines changed

2 files changed

+23
-13
lines changed

src/main/java/com/danubetech/keyformats/PrivateKey_to_JWK.java

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,8 @@ public static JWK X25519PrivateKey_to_JWK(byte[] privateKey, String kid, String
166166
public static JWK P_256PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, String use) {
167167

168168
byte[] d = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
169-
if (d.length != 32) throw new IllegalArgumentException("Invalid 'd' value (not 32 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
169+
if (d.length < 30 || d.length > 32) throw new IllegalArgumentException("Invalid 'd' value (<30 or >32 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
170+
d = ByteArrayUtil.padArrayZeros(d, 32);
170171

171172
ECPoint publicKeyPoint;
172173
try {
@@ -179,9 +180,11 @@ public static JWK P_256PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, St
179180
}
180181

181182
byte[] x = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineX());
182-
if (x.length != 32) throw new IllegalArgumentException("Invalid 'x' value (not 32 bytes): " + Hex.encodeHexString(x) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
183+
if (x.length < 30 || x.length > 32) throw new IllegalArgumentException("Invalid 'x' value (<30 or >32 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
184+
x = ByteArrayUtil.padArrayZeros(x, 32);
183185
byte[] y = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineY());
184-
if (y.length != 32) throw new IllegalArgumentException("Invalid 'y' value (not 32 bytes): " + Hex.encodeHexString(y) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
186+
if (y.length < 30 || y.length > 32) throw new IllegalArgumentException("Invalid 'y' value (<30 or >32 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
187+
y = ByteArrayUtil.padArrayZeros(y, 32);
185188

186189
JWK jsonWebKey = new JWK();
187190
jsonWebKey.setKty(KeyType.EC);
@@ -198,7 +201,8 @@ public static JWK P_256PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, St
198201
public static JWK P_384PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, String use) {
199202

200203
byte[] d = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
201-
if (d.length != 48) throw new IllegalArgumentException("Invalid 'd' value (not 48 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
204+
if (d.length < 46 || d.length > 48) throw new IllegalArgumentException("Invalid 'd' value (<46 or >48 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
205+
d = ByteArrayUtil.padArrayZeros(d, 48);
202206

203207
ECPoint publicKeyPoint;
204208
try {
@@ -211,9 +215,11 @@ public static JWK P_384PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, St
211215
}
212216

213217
byte[] x = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineX());
214-
if (x.length != 48) throw new IllegalArgumentException("Invalid 'x' value (not 48 bytes): " + Hex.encodeHexString(x) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
218+
if (x.length < 46 || x.length > 48) throw new IllegalArgumentException("Invalid 'x' value (<46 or >48 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
219+
x = ByteArrayUtil.padArrayZeros(x, 48);
215220
byte[] y = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineY());
216-
if (y.length != 48) throw new IllegalArgumentException("Invalid 'y' value (not 48 bytes): " + Hex.encodeHexString(y) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
221+
if (y.length < 46 || y.length > 48) throw new IllegalArgumentException("Invalid 'y' value (<46 or >48 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
222+
y = ByteArrayUtil.padArrayZeros(y, 48);
217223

218224
JWK jsonWebKey = new JWK();
219225
jsonWebKey.setKty(KeyType.EC);
@@ -230,7 +236,7 @@ public static JWK P_384PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, St
230236
public static JWK P_521PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, String use) {
231237

232238
byte[] d = ByteArrayUtil.bigIntegertoByteArray(privateKey.getS());
233-
if (d.length != 64 && d.length != 65 && d.length != 66) throw new IllegalArgumentException("Invalid 'd' value (not 64 or 65 or 66 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
239+
if (d.length < 64 || d.length > 66) throw new IllegalArgumentException("Invalid 'd' value (<64 or >66 bytes): private key, length=" + d.length + " (" + privateKey.getS().bitLength() + " bits)");
234240
d = ByteArrayUtil.padArrayZeros(d, 66);
235241

236242
ECPoint publicKeyPoint;
@@ -244,10 +250,10 @@ public static JWK P_521PrivateKey_to_JWK(ECPrivateKey privateKey, String kid, St
244250
}
245251

246252
byte[] x = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineX());
247-
if (x.length != 64 && x.length != 65 && x.length != 66) throw new IllegalArgumentException("Invalid 'x' value (not 64 or 65 or bytes): " + Hex.encodeHexString(x) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
253+
if (x.length < 64 || x.length > 66) throw new IllegalArgumentException("Invalid 'x' value (<64 or >66 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
248254
x = ByteArrayUtil.padArrayZeros(x, 66);
249255
byte[] y = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineY());
250-
if (y.length != 64 && y.length != 65 && y.length != 66) throw new IllegalArgumentException("Invalid 'y' value (not 64 or 65 or 66 bytes): " + Hex.encodeHexString(y) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
256+
if (y.length < 64 || y.length > 66) throw new IllegalArgumentException("Invalid 'y' value (<64 or >66 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
251257
y = ByteArrayUtil.padArrayZeros(y, 66);
252258

253259
JWK jsonWebKey = new JWK();

src/main/java/com/danubetech/keyformats/PublicKey_to_JWK.java

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,11 @@ public static JWK P_256PublicKey_to_JWK(ECPublicKey publicKey, String kid, Strin
144144
ECPoint publicKeyPoint = publicKey.getW();
145145

146146
byte[] x = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineX());
147-
if (x.length != 32) throw new IllegalArgumentException("Invalid 'x' value (not 32 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
147+
if (x.length < 30 || x.length > 32) throw new IllegalArgumentException("Invalid 'x' value (<30 or >32 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
148+
x = ByteArrayUtil.padArrayZeros(x, 32);
148149
byte[] y = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineY());
149-
if (y.length != 32) throw new IllegalArgumentException("Invalid 'y' value (not 32 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
150+
if (y.length < 30 || y.length > 32) throw new IllegalArgumentException("Invalid 'y' value (<30 or >32 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
151+
y = ByteArrayUtil.padArrayZeros(y, 32);
150152

151153
JWK jsonWebKey = new JWK();
152154
jsonWebKey.setKty(KeyType.EC);
@@ -164,9 +166,11 @@ public static JWK P_384PublicKey_to_JWK(ECPublicKey publicKey, String kid, Strin
164166
ECPoint publicKeyPoint = publicKey.getW();
165167

166168
byte[] x = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineX());
167-
if (x.length != 48) throw new IllegalArgumentException("Invalid 'x' value (not 48 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
169+
if (x.length < 46 || x.length > 48) throw new IllegalArgumentException("Invalid 'x' value (<46 or >48 bytes): " + new String(Hex.encodeHex(x)) + ", length=" + x.length + " (" + publicKeyPoint.getAffineX().bitLength() + " bits)");
170+
x = ByteArrayUtil.padArrayZeros(x, 48);
168171
byte[] y = ByteArrayUtil.bigIntegertoByteArray(publicKeyPoint.getAffineY());
169-
if (y.length != 48) throw new IllegalArgumentException("Invalid 'y' value (not 48 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
172+
if (y.length < 46 || y.length > 48) throw new IllegalArgumentException("Invalid 'y' value (<46 or >48 bytes): " + new String(Hex.encodeHex(y)) + ", length=" + y.length + " (" + publicKeyPoint.getAffineY().bitLength() + " bits)");
173+
y = ByteArrayUtil.padArrayZeros(y, 48);
170174

171175
JWK jsonWebKey = new JWK();
172176
jsonWebKey.setKty(KeyType.EC);

0 commit comments

Comments
 (0)