dan/jose
1
0
Fork 0
mirror of https://github.com/danbulant/jose synced 2026-05-24 20:41:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
jose/lib/jws/verify.js
Filip Skokan 5b53cb0155 fix: limit calculation of missing RSA private components 
- this deprecates the use of `JWK.importKey` in favor of
`JWK.asKey`
- this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of
`JWKS.asKeyStore`

Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted
in the process getting blocked when large bitsize RSA private keys
were missing their components and could also result in an endless
calculation loop when the private key's private exponent was outright
invalid or tampered with.

The new methods still allow to import private RSA keys with these
optimization key parameters missing but its disabled by default and one
should choose to enable it when working with keys from trusted sources

It is recommended not to use @panva/jose versions with this feature in
its original on-by-default form - v1.1.0 and v1.2.0 These will
2019-06-20 23:32:13 +02:00

160 lines
5.2 KiB
JavaScript
Raw Blame History

const base64url = require('../help/base64url')
const isDisjoint = require('../help/is_disjoint')
let validateCrit = require('../help/validate_crit')
const { KeyStore } = require('../jwks')
const Key = require('../jwk/key/base')
const errors = require('../errors')
const { check, verify } = require('../jwa')
const { detect: resolveSerialization } = require('./serializers')
validateCrit = validateCrit.bind(undefined, errors.JWSInvalid)
const SINGLE_RECIPIENT = new Set(['compact', 'flattened'])
/*
* @public
*/
const jwsVerify = (skipDisjointCheck, serialization, jws, key, { crit = [], complete = false, algorithms } = {}) => {
if (!(key instanceof Key) && !(key instanceof KeyStore)) {
throw new TypeError('key must be an instance of a key instantiated by JWK.asKey or a JWKS.KeyStore')
}
if (algorithms !== undefined && (!Array.isArray(algorithms) || algorithms.some(s => typeof s !== 'string' || !s))) {
throw new TypeError('"algorithms" option must be an array of non-empty strings')
} else if (algorithms) {
algorithms = new Set(algorithms)
}
if (!Array.isArray(crit) || crit.some(s => typeof s !== 'string' || !s)) {
throw new TypeError('"crit" option must be an array of non-empty strings')
}
if (!serialization) {
serialization = resolveSerialization(jws)
} else if (serialization !== resolveSerialization(jws)) {
throw new errors.JWSInvalid()
}
let prot // protected header
let header // unprotected header
let payload
let signature
let alg
// treat general format with one recipient as flattened
// skips iteration and avoids multi errors in this case
if (serialization === 'general' && jws.signatures.length === 1) {
serialization = 'flattened'
const { signatures, ...root } = jws
jws = { ...root, ...signatures[0] }
}
if (SINGLE_RECIPIENT.has(serialization)) {
if (serialization === 'compact') { // compact serialization format
([prot, payload, signature] = jws.split('.'))
} else { // flattened serialization format
({ protected: prot, payload, signature, header } = jws)
}
if (!header) {
skipDisjointCheck = true
}
let parsedProt = {}
if (prot) {
try {
parsedProt = base64url.JSON.decode(prot)
} catch (err) {
throw new errors.JWSInvalid('could not parse JWS protected header')
}
} else {
skipDisjointCheck = skipDisjointCheck || true
}
if (!skipDisjointCheck && !isDisjoint(parsedProt, header)) {
throw new errors.JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint')
}
const combinedHeader = { ...parsedProt, ...header }
validateCrit(parsedProt, header, crit)
alg = parsedProt.alg || (header && header.alg)
if (!alg) {
throw new errors.JWSInvalid('missing JWS signature algorithm')
} else if (algorithms && !algorithms.has(alg)) {
throw new errors.JOSEAlgNotWhitelisted('alg not whitelisted')
}
if (key instanceof KeyStore) {
const keystore = key
const keys = keystore.all({ kid: combinedHeader.kid, alg: combinedHeader.alg, key_ops: ['verify'] })
switch (keys.length) {
case 0:
throw new errors.JWKSNoMatchingKey()
case 1:
// treat the call as if a Key instance was passed in
// skips iteration and avoids multi errors in this case
key = keys[0]
break
default: {
const errs = []
for (const key of keys) {
try {
return jwsVerify(true, serialization, jws, key, { crit, complete, algorithms: algorithms ? [...algorithms] : undefined })
} catch (err) {
errs.push(err)
continue
}
}
const multi = new errors.JOSEMultiError(errs)
if ([...multi].some(e => e instanceof errors.JWSVerificationFailed)) {
throw new errors.JWSVerificationFailed()
}
throw multi
}
}
}
check(key, 'verify', alg)
if (!verify(alg, key, Buffer.from([prot, payload].join('.')), base64url.decodeToBuffer(signature))) {
throw new errors.JWSVerificationFailed()
}
if (!combinedHeader.crit || !combinedHeader.crit.includes('b64') || combinedHeader.b64) {
payload = base64url.JSON.decode.try(payload)
}
if (complete) {
const result = { payload, key }
if (prot) result.protected = parsedProt
if (header) result.header = header
return result
}
return payload
}
// general serialization format
const { signatures, ...root } = jws
const errs = []
for (const recipient of signatures) {
try {
return jwsVerify(false, 'flattened', { ...root, ...recipient }, key, { crit, complete, algorithms: algorithms ? [...algorithms] : undefined })
} catch (err) {
errs.push(err)
continue
}
}
const multi = new errors.JOSEMultiError(errs)
if ([...multi].some(e => e instanceof errors.JWSVerificationFailed)) {
throw new errors.JWSVerificationFailed()
} else if ([...multi].every(e => e instanceof errors.JWKSNoMatchingKey)) {
throw new errors.JWKSNoMatchingKey()
}
throw multi
}
module.exports = jwsVerify.bind(undefined, false, undefined)
Reference in a new issue View git blame Copy permalink