[sd_jwt] possibly unsafe manipulation of secret bits

[Zicchio]

These lines of code

eudi-wallet-it-python/pyeudiw/sd_jwt/__init__.py

Lines 172 to 183 in 8299616

	pn = key.private_numbers()
	params.update(
	kty='RSA',
	n=pk_encode_int(pn.public_numbers.n),
	e=pk_encode_int(pn.public_numbers.e),
	d=pk_encode_int(pn.d),
	p=pk_encode_int(pn.p),
	q=pk_encode_int(pn.q),
	dp=pk_encode_int(pn.dmp1),
	dq=pk_encode_int(pn.dmq1),
	qi=pk_encode_int(pn.iqmp)
	)

which use this function as primitive

eudi-wallet-it-python/pyeudiw/sd_jwt/__init__.py

Lines 131 to 153 in 8299616

	def pk_encode_int(i: str, bit_size: int = None) -> str:
	"""
	Encode an integer as a base64url string with padding.
	:param i: the integer to encode.
	:type i: str
	:param bit_size: the bit size of the integer.
	:type bit_size: int
	:returns: the encoded integer.
	:rtype: str
	"""
	extend = 0
	if bit_size is not None:
	extend = ((bit_size + 7) // 8) * 2
	hexi = hex(i).rstrip("L").lstrip("0x")
	hexl = len(hexi)
	if extend > hexl:
	extend -= hexl
	else:
	extend = hexl % 2
	return base64url_encode(unhexlify(extend * '0' + hexi))

possibly manipulate secret bits without using a constant time function.
This probably isn't a big problem, but there is a (very remote) possibility that this might lead to a time based side channel attack.