Wrong ES256 signature length

[ivailokolev]

Hi,

Seems like the ES256 signature length produced by Java-JWT doesn't match the definition in RFC7518 https://tools.ietf.org/html/rfc7518#page-10. It is expected that the signature is 64 bytes, but its 71 or 72, probably related to DER encoding.

When validating a signature ECDSAAlgorithm makes JOSEToDER. Shouldn't it make DERToJOSE when creating signatures?

Cheers, Ivo Kolev

[ivailokolev]

Seems like the JOSEToDER is incorrect. Below is a JWT signature produced by other library. The method adds redundant zero byte to make the signature S component positive, while its already positive.

30 46 02 21 00b08c3280fc20fd95351aa081526e6a846781ef68b2cee8a71866d500c0286f72 02 21 0017457be7263fa2f3e34294d2f323f3168b6788d3d403f784d1a83b722ad25add

0x30; TotalLen=70(0x46); 0x02; ECRLen=33(0x21) - properly padded; 0x02; ECSLen=33(0x21); The padding is wrong as 0x17 is positive;

[coelho]

Just got bit by this too. Completely broken. Needs DERToJOSE.
Any updates on this? This library's ECDSA is pretty broken until this is fixed.

[lbalmaceda]

I'll look into it this week. Thanks for reporting this.

[lbalmaceda]

@coelho @ivailokolev I've submitted #212 with the fix. Please, give it a try and leave any feedback here or in the PR discussion.

[coelho]

@lbalmaceda looks good thanks!

[ivailokolev]

@lbalmaceda Thank you. Crossed checked with another JWT library, both sign and verify were OK. If I may suggest a little change in the dependencies - bump up the Jakson's Databind to 2.9.2.

[ivailokolev]

Hi @lbalmaceda
Is there any rough plan about the releasing of the EC fix?
Cheers, Ivo Kolev

[lbalmaceda]

I'll try to make a release today. 👍
Cheers

[lbalmaceda]

version 3.3.0 is on already up on bintray. Should be available in maven central in a few hours. Cheers