From 25e77d5ba88512172cdba202a79b90d5a9bffde5 Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Tue, 4 Dec 2018 18:50:33 -0800
Subject: [PATCH] Fix generation of D.

---
 jwk.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/jwk.go b/jwk.go
index 6aeeabb9..4813a808 100644
--- a/jwk.go
+++ b/jwk.go
@@ -566,7 +566,17 @@ func fromEcPrivateKey(ec *ecdsa.PrivateKey) (*rawJSONWebKey, error) {
 		return nil, fmt.Errorf("square/go-jose: invalid EC private key")
 	}
 
-	raw.D = newBuffer(ec.D.Bytes())
+	// Calculating the size of D:
+	// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+	// octets (where n is the order of the curve).
+	// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+	order := ec.PublicKey.Curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size = size + 1
+	}
+	raw.D = newFixedSizeBuffer(ec.D.Bytes(), size)
 
 	return raw, nil
 }