Closed
Description
When you verify a 'ieee-p1363' encoded signature it fails, even if the signature is correct.
- Version: v13.8.0
- Platform: 64-bit Windows 10
- Subsystem: crypto
What steps will reproduce the bug?
const crypto = require('crypto');
const key = crypto.generateKeyPairSync('ec', { namedCurve: 'P-256' });
//ieee-p1363 signature, which seems to be the correct.
const signatureP1363 = crypto.createSign('SHA256').update('abc').sign({ key: key.privateKey, dsaEncoding: 'ieee-p1363' });
//ieee-p1363 verification, which fails.
console.log(crypto.createVerify('SHA256').update('abc').verify({ key: key.publicKey, dsaEncoding: 'ieee-p1363' }, signatureP1363));
//Compared to der signature and verification, which work as expected:
const signatureDER = crypto.createSign('SHA256').update('abc').sign({ key: key.privateKey, dsaEncoding: 'der' });
console.log(crypto.createVerify('SHA256').update('abc').verify({ key: key.publicKey, dsaEncoding: 'der' }, signatureDER));
Additional information
The problem seems to be the verification algorithm, not the signing algorithm. You can test that the generated signature is correct in chrome using:
//key.publicKey.export({ format: 'der', type: 'spki' }).toString('base64');
const base64key = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/V0xKgeZJeIFra+gshXB6OpM5IKuhHwcBkpu5ZdMZZM62x+GahHJdrll+Q3aihYNfakkzf7W65dIdDAhLImu0w==';
//signatureP1363.toString('base64');
const base64sig = '+aocUpmRHRSxfpCJpwCCuQoFagatOlsFganmXiqtztFo9iBHqE6z7A7KQcMs1k9VASt3cgtkJqyPKAY4OTyJ8A==';
//Verify the signature
const uint8key = Uint8Array.from(atob(base64key), (c) => c.charCodeAt(0));
const uint8sig = Uint8Array.from(atob(base64sig), (c) => c.charCodeAt(0));
const uint8data = Uint8Array.from('abc', (c) => c.charCodeAt(0));
const params = { name: 'ECDSA', hash: 'SHA-256', namedCurve: 'P-256' };
const cryptokey = await window.crypto.subtle.importKey('spki', uint8key, params, false, ['verify']);
await window.crypto.subtle.verify(params, cryptokey, uint8sig, uint8data);