From 5675af440b76f298642b62cf066244bd9664fa83 Mon Sep 17 00:00:00 2001 From: Divy Srivastava Date: Thu, 14 Mar 2024 16:53:44 +0530 Subject: [PATCH] fix: Wrap base64-encoded PEM with 64-char line boundary According to [RFC7468](https://datatracker.ietf.org/doc/html/rfc7468) > Generators MUST wrap the base64-encoded lines so that each line consists of exactly 64 characters except for the final line, which will encode the remainder of the data (within the 64-character line boundary), and they MUST NOT emit extraneous whitespace. Parsers can avoid branching and prevent timing sidechannel attacks. Ref https://arxiv.org/pdf/2108.04600.pdf Fixes compatibility with Deno as it enforces stricter handling of PEM. --- src/client/encrypt.js | 2 +- src/server/login.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/client/encrypt.js b/src/client/encrypt.js index b9d21bab9..63cc2bd96 100644 --- a/src/client/encrypt.js +++ b/src/client/encrypt.js @@ -79,7 +79,7 @@ module.exports = function (client, options) { function mcPubKeyToPem (mcPubKeyBuffer) { let pem = '-----BEGIN PUBLIC KEY-----\n' let base64PubKey = mcPubKeyBuffer.toString('base64') - const maxLineLength = 65 + const maxLineLength = 64 while (base64PubKey.length > 0) { pem += base64PubKey.substring(0, maxLineLength) + '\n' base64PubKey = base64PubKey.substring(maxLineLength) diff --git a/src/server/login.js b/src/server/login.js index 68dc27a86..599dd7f9e 100644 --- a/src/server/login.js +++ b/src/server/login.js @@ -223,7 +223,7 @@ module.exports = function (client, server, options) { function mcPubKeyToPem (mcPubKeyBuffer) { let pem = '-----BEGIN RSA PUBLIC KEY-----\n' let base64PubKey = mcPubKeyBuffer.toString('base64') - const maxLineLength = 76 + const maxLineLength = 64 while (base64PubKey.length > 0) { pem += base64PubKey.substring(0, maxLineLength) + '\n' base64PubKey = base64PubKey.substring(maxLineLength)