fix(crypto): hash input for RSASSA-PKCS1-v1_5 before signing (#11314)

author: Divy Srivastava <dj.srivastava23@gmail.com> 2021-07-07 20:03:58 +0530
committer: GitHub <noreply@github.com> 2021-07-07 16:33:58 +0200
commit: e3a4e9cf11438948ddd86a7ebdac344190acafa8 (patch)
tree: 7e049c5ef60d4cfd8713376279ab1d59b283ec0f /extensions/crypto/lib.rs
parent: b091b8fefb5946c9ddaae026cbc6ad5159409c51 (diff)
1 files changed, 42 insertions, 14 deletions
diff --git a/extensions/crypto/lib.rs b/extensions/crypto/lib.rs
index ab1a7134f..348983dea 100644
--- a/extensions/crypto/lib.rs
+++ b/extensions/crypto/lib.rs
@@ -246,25 +246,53 @@ pub async fn op_crypto_sign_key(
   let signature = match algorithm {
     Algorithm::RsassaPkcs1v15 => {
       let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?;
-      let padding = match args
+      let (padding, hashed) = match args
         .hash
         .ok_or_else(|| type_error("Missing argument hash".to_string()))?
       {
-        CryptoHash::Sha1 => PaddingScheme::PKCS1v15Sign {
-          hash: Some(rsa::hash::Hash::SHA1),
-        },
-        CryptoHash::Sha256 => PaddingScheme::PKCS1v15Sign {
-          hash: Some(rsa::hash::Hash::SHA2_256),
-        },
-        CryptoHash::Sha384 => PaddingScheme::PKCS1v15Sign {
-          hash: Some(rsa::hash::Hash::SHA2_384),
-        },
-        CryptoHash::Sha512 => PaddingScheme::PKCS1v15Sign {
-          hash: Some(rsa::hash::Hash::SHA2_512),
-        },
+        CryptoHash::Sha1 => {
+          let mut hasher = Sha1::new();
+          hasher.update(&data);
+          (
+            PaddingScheme::PKCS1v15Sign {
+              hash: Some(rsa::hash::Hash::SHA1),
+            },
+            hasher.finalize()[..].to_vec(),
+          )
+        }
+        CryptoHash::Sha256 => {
+          let mut hasher = Sha256::new();
+          hasher.update(&data);
+          (
+            PaddingScheme::PKCS1v15Sign {
+              hash: Some(rsa::hash::Hash::SHA2_256),
+            },
+            hasher.finalize()[..].to_vec(),
+          )
+        }
+        CryptoHash::Sha384 => {
+          let mut hasher = Sha384::new();
+          hasher.update(&data);
+          (
+            PaddingScheme::PKCS1v15Sign {
+              hash: Some(rsa::hash::Hash::SHA2_384),
+            },
+            hasher.finalize()[..].to_vec(),
+          )
+        }
+        CryptoHash::Sha512 => {
+          let mut hasher = Sha512::new();
+          hasher.update(&data);
+          (
+            PaddingScheme::PKCS1v15Sign {
+              hash: Some(rsa::hash::Hash::SHA2_512),
+            },
+            hasher.finalize()[..].to_vec(),
+          )
+        }
       };
 
-      private_key.sign(padding, &data)?
+      private_key.sign(padding, &hashed)?
     }
     Algorithm::RsaPss => {
       let private_key = RSAPrivateKey::from_pkcs8(&*args.key.data)?;
author	Divy Srivastava <dj.srivastava23@gmail.com>	2021-07-07 20:03:58 +0530
committer	GitHub <noreply@github.com>	2021-07-07 16:33:58 +0200
commit	e3a4e9cf11438948ddd86a7ebdac344190acafa8 (patch)
tree	7e049c5ef60d4cfd8713376279ab1d59b283ec0f /extensions/crypto/lib.rs
parent	b091b8fefb5946c9ddaae026cbc6ad5159409c51 (diff)