Fix at_hash calculation for RS384, RS512

DuendeArchive · Feb 21, 2024 · 263978c · 263978c
1 parent a5e1176
commit 263978c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/src/OidcClient/CryptoHelper.cs b/src/OidcClient/CryptoHelper.cs
@@ -56,10 +56,10 @@ public bool ValidateHash(string data, string hashedData, string signatureAlgorit
             using (hashAlgorithm)
             {
                 var hash = hashAlgorithm.ComputeHash(Encoding.ASCII.GetBytes(data));
-                var size = (hashAlgorithm.HashSize / 8) / 2;
+                var size = hashAlgorithm.HashSize / 8 / 2; // Only take the left half of the data, as per spec for at_hash 
 
-                byte[] leftPart = new byte[hashAlgorithm.HashSize / size];
-                Array.Copy(hash, leftPart, hashAlgorithm.HashSize / size);
+                byte[] leftPart = new byte[size];
+                Array.Copy(hash, leftPart, size);
 
                 var leftPartB64 = Base64Url.Encode(leftPart);
                 var match = leftPartB64.Equals(hashedData);

diff --git a/test/OidcClient.Tests/CryptoHelperTests.cs b/test/OidcClient.Tests/CryptoHelperTests.cs
@@ -18,7 +18,7 @@ public void ComputeHash_should_compute_correct_hashes_for_all_signature_algorith
 
         var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(data));
 
-        var bytesInLeftHalf = algorithm.HashSize / 16; // Divide by 8 for bytes and then 2 to get just half.
+        var bytesInLeftHalf = algorithm.HashSize / 16; // Divide by 8 for bytes and then 2 to get just half, as per spec for at_hash.
 
         var leftHalf = new byte[bytesInLeftHalf];
         Array.Copy(hash, leftHalf, bytesInLeftHalf);