Skip to content

Commit

Permalink
fix: Wrap base64-encoded PEM with 64-char line boundary
Browse files Browse the repository at this point in the history 
According to [RFC7468](https://datatracker.ietf.org/doc/html/rfc7468)

> Generators MUST wrap the base64-encoded lines so that each line
  consists of exactly 64 characters except for the final line, which
  will encode the remainder of the data (within the 64-character line
  boundary), and they MUST NOT emit extraneous whitespace.

Parsers can avoid branching and prevent timing sidechannel attacks. Ref https://arxiv.org/pdf/2108.04600.pdf

Fixes compatibility with Deno as it enforces stricter handling of PEM.
  • Loading branch information
@littledivy
littledivy committed Mar 14, 2024
1 parent e50b604 commit 5675af4
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/client/encrypt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ module.exports = function (client, options) {
function mcPubKeyToPem (mcPubKeyBuffer) {
let pem = '-----BEGIN PUBLIC KEY-----\n'
let base64PubKey = mcPubKeyBuffer.toString('base64')
const maxLineLength = 65
const maxLineLength = 64
while (base64PubKey.length > 0) {
pem += base64PubKey.substring(0, maxLineLength) + '\n'
base64PubKey = base64PubKey.substring(maxLineLength)
Expand Down
2 changes: 1 addition & 1 deletion src/server/login.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ module.exports = function (client, server, options) {
function mcPubKeyToPem (mcPubKeyBuffer) {
let pem = '-----BEGIN RSA PUBLIC KEY-----\n'
let base64PubKey = mcPubKeyBuffer.toString('base64')
const maxLineLength = 76
const maxLineLength = 64
while (base64PubKey.length > 0) {
pem += base64PubKey.substring(0, maxLineLength) + '\n'
base64PubKey = base64PubKey.substring(maxLineLength)
Expand Down

0 comments on commit 5675af4

Please sign in to comment.