You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Apply algs restrictions if any, before performing any operation
ifself._algs:
self.token.allowed_algs=self._algs
However, if a kid header is being used by an application, jwcrypto will pass a key to the cryptographic verification routine without first asserting that the key's intended algorithm matches the token header's.
Secondly, if you look at the code you are pointing at you will see that in absence of a kid we try all keys.
This is because we defer validation of key type to the algorithm handling which uses typed keys to handle cryptographic operations, via the get_op_key function:
This function returns a python cryptography object for all cases except the 'oct' type. In the 'oct' case a base64 encoded string is returned, and all calling functions try to either decode it, or use a key object. If pyca object is passed to base64_decode then the code will retuen an exception. if a byte64 encoded string is used in a EC or RSA operation then when the object is dereferenced to use a sign() or verify() method it will also throw an exception. And if a RSA key is used with an EC operation (or vice versa) then pyca will assert.
We could probably pass the expected key type to the get_op_key() function, but that would just return a nicer error message, it is not required for security.
Please do better or I will automatically close reports from you in the future, I am not here to waste time on poor research.
If you think I missed something, please provide a reproducer, this is python and json objects, it is very simply to provide me with a token, keys and 3 lines of code to test out anything (See the examples in the documentation).
First, let us note that the
alg
header is correctly being validated.jwcrypto/jwcrypto/jwt.py
Lines 483 to 485 in ea36353
However, if a
kid
header is being used by an application, jwcrypto will pass a key to the cryptographic verification routine without first asserting that the key's intended algorithm matches the token header's.jwcrypto/jwcrypto/jwt.py
Lines 495 to 519 in ea36353
jwcrypto/jwcrypto/jwk.py
Lines 1192 to 1199 in ea36353
This is congruent to the problem in firebase/php-jwt#351 https://seclists.org/fulldisclosure/2021/Aug/14
Note: This particular sharp edge isn't covered by the JWT Best Practices RFC.
The text was updated successfully, but these errors were encountered: