Allow non-standard wrap width when parsing public keys in PEM format

2022-02-13 13:10:09 +00:00 · 2022-02-13 13:10:09 +00:00 · 226fc49b86
parent e48a8999f5
commit 226fc49b86
4 changed files with 28 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1706,6 +1706,7 @@ dependencies = [
 "mime-sniffer",
 "mime_guess",
 "num_cpus",
+ "pem",
 "postgres-protocol",
 "postgres-types",
 "postgres_query",
@ -1934,6 +1935,15 @@ dependencies = [
 "winapi 0.3.9",
 ]

+[[package]]
+name = "pem"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9a3b09a20e374558580a4914d3b7d89bd61b954a5a5e1dcbea98753addb1947"
+dependencies = [
+ "base64 0.13.0",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.2.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -51,6 +51,7 @@ refinery = { version = "0.4.0", features = ["tokio-postgres"] }
 reqwest = { version = "0.10.10", features = ["json"] }
 # Used for working with RSA keys
 rsa = "0.5.0"
+pem = "1.0.2"
 # Used for hashing passwords
 rust-argon2 = "0.8.3"
 # Used for working with ethereum keys
--- a/src/http_signatures/verify.rs
+++ b/src/http_signatures/verify.rs
@ -32,8 +32,8 @@ pub enum VerificationError {
    #[error("{0}")]
    ActorError(String),

-    #[error("invalid key")]
-    InvalidKey(#[from] rsa::pkcs8::Error),
+    #[error("invalid public key")]
+    InvalidPublicKey(#[from] rsa::pkcs8::Error),

    #[error("invalid encoding")]
    InvalidEncoding(#[from] base64::DecodeError),
--- a/src/utils/crypto.rs
+++ b/src/utils/crypto.rs
@ -1,3 +1,4 @@
+use pem;
 use rand;
 use rand::prelude::*;
 use rsa::{Hash, PaddingScheme, PublicKey, RsaPrivateKey, RsaPublicKey};
@ -47,7 +48,12 @@ pub fn get_public_key_pem(
 pub fn deserialize_public_key(
    public_key_pem: &str,
 ) -> Result<RsaPublicKey, rsa::pkcs8::Error> {
-    RsaPublicKey::from_public_key_pem(public_key_pem.trim())
+    // rsa package can't decode PEM string with non-standard wrap width,
+    // so the input should be normalized first
+    let parsed_pem = pem::parse(public_key_pem.trim().as_bytes())
+        .map_err(|_| rsa::pkcs8::Error::Pem)?;
+    let normalized_pem = pem::encode(&parsed_pem);
+    RsaPublicKey::from_public_key_pem(&normalized_pem)
 }

 pub fn sign_message(
@ -88,6 +94,14 @@ mod tests {
    use rand::rngs::OsRng;
    use super::*;

+    #[test]
+    fn test_deserialize_public_key_nowrap() {
+        let public_key_pem = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ehqQ7n6+pw19U8q2UtxE/9017STW3yRnnqV5nVk8LJ00ba+berqwekxDW+nw77GAu3TJ+hYeeSerUNPup7y3yO3V
+YsFtrgWDQ/s8k86sNBU+Ce2GOL7seh46kyAWgJeohh4Rcrr23rftHbvxOcRM8VzYuCeb1DgVhPGtA0xULwIDAQAB\n-----END PUBLIC KEY-----";
+        let result = deserialize_public_key(&public_key_pem);
+        assert_eq!(result.is_ok(), true);
+    }
+
    #[test]
    fn test_public_key_serialization_deserialization() {
        let private_key = RsaPrivateKey::new(&mut OsRng, 512).unwrap();