fix: Wrap base64-encoded PEM with 64-char line boundary

According to [RFC7468](https://datatracker.ietf.org/doc/html/rfc7468)

> Generators MUST wrap the base64-encoded lines so that each line
  consists of exactly 64 characters except for the final line, which
  will encode the remainder of the data (within the 64-character line
  boundary), and they MUST NOT emit extraneous whitespace.

Parsers can avoid branching and prevent timing sidechannel attacks. Ref https://arxiv.org/pdf/2108.04600.pdf

Fixes compatibility with Deno as it enforces stricter handling of PEM.
This commit is contained in:
Divy Srivastava 2024-03-14 16:53:44 +05:30
parent e50b604a60
commit 5675af440b
2 changed files with 2 additions and 2 deletions

View file

@ -79,7 +79,7 @@ module.exports = function (client, options) {
function mcPubKeyToPem (mcPubKeyBuffer) {
let pem = '-----BEGIN PUBLIC KEY-----\n'
let base64PubKey = mcPubKeyBuffer.toString('base64')
const maxLineLength = 65
const maxLineLength = 64
while (base64PubKey.length > 0) {
pem += base64PubKey.substring(0, maxLineLength) + '\n'
base64PubKey = base64PubKey.substring(maxLineLength)

View file

@ -223,7 +223,7 @@ module.exports = function (client, server, options) {
function mcPubKeyToPem (mcPubKeyBuffer) {
let pem = '-----BEGIN RSA PUBLIC KEY-----\n'
let base64PubKey = mcPubKeyBuffer.toString('base64')
const maxLineLength = 76
const maxLineLength = 64
while (base64PubKey.length > 0) {
pem += base64PubKey.substring(0, maxLineLength) + '\n'
base64PubKey = base64PubKey.substring(maxLineLength)