Merge pull request #76 from PeculiarVentures/fix-export-rsa-pss

Fix exporting SPKI with RSA-PSS algorithm

src/public_key.ts

@@ -1,7 +1,7 @@
 import { id_ecPublicKey } from "@peculiar/asn1-ecc";
-import { id_rsaEncryption, RSAPublicKey } from "@peculiar/asn1-rsa";
+import { id_rsaEncryption, id_RSASSA_PSS, RSAPublicKey } from "@peculiar/asn1-rsa";
 import { AsnConvert } from "@peculiar/asn1-schema";
-import { SubjectPublicKeyInfo } from "@peculiar/asn1-x509";
+import { AlgorithmIdentifier, SubjectPublicKeyInfo } from "@peculiar/asn1-x509";
 import { BufferSource, BufferSourceConverter } from "pvtsutils";
 import { container } from "tsyringe";
 import { AlgorithmProvider, diAlgorithmProvider } from "./algorithm";
@@ -19,7 +19,7 @@ export type PublicKeyType = PublicKey | CryptoKey | IPublicKeyContainer | Buffer
 /**
  * Representation of Subject Public Key Info
  */
-export class PublicKey extends PemData<SubjectPublicKeyInfo>{
+export class PublicKey extends PemData<SubjectPublicKeyInfo> {
 
   protected readonly tag: string;
 
@@ -75,8 +75,16 @@ export class PublicKey extends PemData<SubjectPublicKeyInfo>{
       crypto = args[0] || cryptoProvider.get();
     }
 
+    let raw = this.rawData;
+    const asnSpki = AsnConvert.parse(this.rawData, SubjectPublicKeyInfo);
+    if (asnSpki.algorithm.algorithm === id_RSASSA_PSS) {
+      // WebCrypto in browsers does not support RSA-PSS algorithm for public keys
+      // So, we need to convert it to RSA-PKCS1
+      raw = convertSpkiToRsaPkcs1(asnSpki, raw);
+    }
+
     // create a public key
-    return crypto.subtle.importKey("spki", this.rawData, algorithm, true, keyUsages);
+    return crypto.subtle.importKey("spki", raw, algorithm, true, keyUsages);
   }
 
   protected onInit(asn: SubjectPublicKeyInfo) {
@@ -157,4 +165,14 @@ export class PublicKey extends PemData<SubjectPublicKeyInfo>{
     return obj;
   }
 
-}
+}
+
+function convertSpkiToRsaPkcs1(asnSpki: SubjectPublicKeyInfo, raw: ArrayBuffer) {
+  asnSpki.algorithm = new AlgorithmIdentifier({
+    algorithm: id_rsaEncryption,
+    parameters: null,
+  });
+  raw = AsnConvert.serialize(asnSpki);
+
+  return raw;
+}

test/crypto.ts

@@ -290,6 +290,16 @@ D314IEOg4mnS8Q==
 
     const spki = Convert.FromHex("30820122300d06092a864886f70d01010105000382010f003082010a0282010100a4737ac5ec77f06df3486264a3a17c783143e9023073af169cc245023b4711526b4a721832943bbb59be53d241f3203c1a5eac9e1d5bb57bc0644d943dd63525090a70e1484db4b5ac03185ee897ae8ebabf255ebfc77cfebec928ac0b1fceb33b60238ac2ba3f016c035a53a3011828c2e9bafdd7e2a797d94dcbd79ec54a5ae3c92abef565b2ea6bb4af89e2f7e4dd1b52978bb828cb44843ace8c9ad7f80bef7ffedc8b73a04b6ec44cd65fc6ba8fc216c6ca4bbc99677695439391a4d17893b8f54d6755b681210660f7865748fc1126e21e4d9cdcee436c3ce5ebd91912d08713cb91613ecde2e8af694daa27110b8d588f34e82e88aa56315d15428db90203010001");
 
+    context("export", () => {
+      it("with RSA-PSS algorithm", async () => {
+        // RSA-PSS algorithm is not supported for SPKI in browsers
+        // x509 module reconverts it to RSA-PKCS1
+        const b64 = "MIIBUzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEPADCCAQoCggEBANbStMMWVHrgQgc1DZ4nr2XegPv069OhV0uiMwgM7QzvPot1TmCH4biJ/YMrBN9IY+hwGT30wSUkp0/EruMducqUQ/jy3zf/7KHqZnHOi7LDPdan3JvoJQrdY0BeMcdVFfvLP7S9Jfpd7ZM90h7oof+JcaMhoJWPNEH92a1viwFcw9t+wruK15/mftnmdgbWpFmDvK14YDz6hVWQ4lQyvS0HYHO4KCX+H7vb2gl0u1gDslrS1At5ky9OLs3l6QZ5AHP9Qxzh7HWnBaqupuD/n12umE4nlNE5GZegFWjhcwHgZ4pl7Q7QQnMRK86D6T5I88/10iFR66nMGZ+Y/lwyGM8CAwEAAQ==";
+        const key = new x509.PublicKey(b64);
+        const cryptoKey = await key.export();
+        assert.strictEqual(cryptoKey.type, "public");
+      });
+    });
     context("getThumbprint", () => {
 
       it("default", async () => {