From 44d8c23f2e12d254e0e0c9504cad0c1f83f54ab1 Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Mon, 24 Oct 2022 17:57:03 +0300 Subject: [PATCH 1/6] Stricter RSA key generation from parameters --- lib/jwt/jwk/rsa.rb | 63 ++++++++++++++++++++++++++----------- spec/jwk/rsa_spec.rb | 74 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 18 deletions(-) diff --git a/lib/jwt/jwk/rsa.rb b/lib/jwt/jwk/rsa.rb index aa8d4835..30e21a38 100644 --- a/lib/jwt/jwk/rsa.rb +++ b/lib/jwt/jwk/rsa.rb @@ -25,7 +25,7 @@ def initialize(key, params = nil, options = {}) end def keypair - @keypair ||= create_rsa_key(jwk_attributes(*(RSA_KEY_ELEMENTS - [:kty]))) + @keypair ||= self.class.create_rsa_key(jwk_attributes(*(RSA_KEY_ELEMENTS - [:kty]))) end def private? @@ -108,31 +108,53 @@ def encode_open_ssl_bn(key_part) ::JWT::Base64.url_encode(key_part.to_s(BINARY)) end - if ::JWT.openssl_3? - ASN1_SEQUENCE = %i[n e d p q dp dq qi].freeze - def create_rsa_key(rsa_parameters) - sequence = ASN1_SEQUENCE.each_with_object([]) do |key, arr| + def decode_open_ssl_bn(jwk_data) + self.class.decode_open_ssl_bn(jwk_data) + end + + class << self + def import(jwk_data) + new(jwk_data) + end + + def decode_open_ssl_bn(jwk_data) + return nil unless jwk_data + + OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY) + end + + RSA_OPT_PARAMS = %i[p q dp dq qi].freeze + RSA_ASN1_SEQUENCE = (%i[n e d] + RSA_OPT_PARAMS).freeze # https://www.rfc-editor.org/rfc/rfc3447#appendix-A.1.2 + + def create_rsa_key_using_der(rsa_parameters) + validate_rsa_parameters!(rsa_parameters) + + sequence = RSA_ASN1_SEQUENCE.each_with_object([]) do |key, arr| next if rsa_parameters[key].nil? arr << OpenSSL::ASN1::Integer.new(rsa_parameters[key]) end - if sequence.size > 2 # For a private key + if sequence.size > 2 # Append "two-prime" version for private key sequence.unshift(OpenSSL::ASN1::Integer.new(0)) end OpenSSL::PKey::RSA.new(OpenSSL::ASN1::Sequence(sequence).to_der) end - elsif OpenSSL::PKey::RSA.new.respond_to?(:set_key) - def create_rsa_key(rsa_parameters) + + def create_rsa_key_using_sets(rsa_parameters) + validate_rsa_parameters!(rsa_parameters) + OpenSSL::PKey::RSA.new.tap do |rsa_key| rsa_key.set_key(rsa_parameters[:n], rsa_parameters[:e], rsa_parameters[:d]) rsa_key.set_factors(rsa_parameters[:p], rsa_parameters[:q]) if rsa_parameters[:p] && rsa_parameters[:q] rsa_key.set_crt_params(rsa_parameters[:dp], rsa_parameters[:dq], rsa_parameters[:qi]) if rsa_parameters[:dp] && rsa_parameters[:dq] && rsa_parameters[:qi] end end - else - def create_rsa_key(rsa_parameters) # rubocop:disable Metrics/AbcSize + + def create_rsa_key_using_accessors(rsa_parameters) # rubocop:disable Metrics/AbcSize + validate_rsa_parameters!(rsa_parameters) + OpenSSL::PKey::RSA.new.tap do |rsa_key| rsa_key.n = rsa_parameters[:n] rsa_key.e = rsa_parameters[:e] @@ -144,17 +166,22 @@ def create_rsa_key(rsa_parameters) # rubocop:disable Metrics/AbcSize rsa_key.iqmp = rsa_parameters[:qi] if rsa_parameters[:qi] end end - end - def decode_open_ssl_bn(jwk_data) - return nil unless jwk_data + def validate_rsa_parameters!(rsa_parameters) + return unless rsa_parameters[:d] - OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY) - end + return if RSA_OPT_PARAMS.all? { |k| rsa_parameters.keys.include?(k) } + return if RSA_OPT_PARAMS.none? { |k| rsa_parameters.keys.include?(k) } - class << self - def import(jwk_data) - new(jwk_data) + raise JWT::JWKError, 'When one of p, q, dp, dq or qi is given all the other optimization parameters also needs to be defined' # https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2 + end + + if ::JWT.openssl_3? + alias create_rsa_key create_rsa_key_using_der + elsif OpenSSL::PKey::RSA.new.respond_to?(:set_key) + alias create_rsa_key create_rsa_key_using_sets + else + alias create_rsa_key create_rsa_key_using_accessors end end end diff --git a/spec/jwk/rsa_spec.rb b/spec/jwk/rsa_spec.rb index d677f54a..abb81be6 100644 --- a/spec/jwk/rsa_spec.rb +++ b/spec/jwk/rsa_spec.rb @@ -135,4 +135,78 @@ end end end + + shared_examples 'creating an RSA object from complete JWK parameters' do + let(:rsa_parameters) { jwk_parameters.transform_values { |value| described_class.decode_open_ssl_bn(value) } } + let(:all_jwk_parameters) { described_class.new(rsa_key).export(include_private: true) } + + context 'when public parameters (e, n) are given' do + let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n) } + + it 'creates a valid RSA object representing a public key' do + expect(subject).to be_a(::OpenSSL::PKey::RSA) + expect(subject.private?).to eq(false) + end + end + + context 'when only e, n, d, p and q are given' do + let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n, :d, :p, :q) } + + it 'raises an error telling all the exponents are required' do + expect { subject }.to raise_error(JWT::JWKError, 'When one of p, q, dp, dq or qi is given all the other optimization parameters also needs to be defined') + end + end + + context 'when all key components n, e, d, p, q, dp, dq, qi are given' do + let(:jwk_parameters) { all_jwk_parameters.slice(:n, :e, :d, :p, :q, :dp, :dq, :qi) } + + it 'creates a valid RSA object representing a public key' do + expect(subject).to be_a(::OpenSSL::PKey::RSA) + expect(subject.private?).to eq(true) + end + end + end + + shared_examples 'creating RSA object from partial JWK parameters' do + context 'when e, n, d is given' do + let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n, :d) } + + it 'creates a valid RSA object representing a private key' do + expect(subject).to be_a(::OpenSSL::PKey::RSA) + expect(subject.private?).to eq(true) + end + + it 'can be used for encryption and decryption' do + expect(subject.private_decrypt(subject.public_encrypt('secret'))).to eq('secret') + end + + it 'can be used for signing and verification' do + data = 'data_to_sign' + signature = subject.sign(OpenSSL::Digest.new('SHA512'), data) + expect(subject.verify(OpenSSL::Digest.new('SHA512'), signature, data)).to eq(true) + end + end + end + + describe '.create_rsa_key_using_der' do + subject(:rsa) { described_class.create_rsa_key_using_der(rsa_parameters) } + + include_examples 'creating an RSA object from complete JWK parameters' + end + + if OpenSSL::PKey::RSA.new.respond_to?(:set_key) # Very old OpenSSL versions (pre 1.1.0) + describe '.create_rsa_key_using_sets' do + subject(:rsa) { described_class.create_rsa_key_using_sets(rsa_parameters) } + + include_examples 'creating an RSA object from complete JWK parameters' + include_examples 'creating RSA object from partial JWK parameters' + end + elsif !::JWK.openssl_3? + describe '.create_rsa_key_using_accessors' do + subject(:rsa) { described_class.create_rsa_key_using_accessors(rsa_parameters) } + + include_examples 'creating an RSA object from complete JWK parameters' + include_examples 'creating RSA object from partial JWK parameters' + end + end end From d9d96d1d5a2b0d4be1f67b515367aae7b5d7a42e Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sat, 29 Oct 2022 17:41:04 +0300 Subject: [PATCH 2/6] Skip tests that will not work on certain OpenSSL versions --- spec/jwk/rsa_spec.rb | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/spec/jwk/rsa_spec.rb b/spec/jwk/rsa_spec.rb index abb81be6..3de9995c 100644 --- a/spec/jwk/rsa_spec.rb +++ b/spec/jwk/rsa_spec.rb @@ -167,7 +167,7 @@ end end - shared_examples 'creating RSA object from partial JWK parameters' do + shared_examples 'creating an RSA object from partial JWK parameters' do context 'when e, n, d is given' do let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n, :d) } @@ -194,19 +194,26 @@ include_examples 'creating an RSA object from complete JWK parameters' end - if OpenSSL::PKey::RSA.new.respond_to?(:set_key) # Very old OpenSSL versions (pre 1.1.0) - describe '.create_rsa_key_using_sets' do - subject(:rsa) { described_class.create_rsa_key_using_sets(rsa_parameters) } - - include_examples 'creating an RSA object from complete JWK parameters' - include_examples 'creating RSA object from partial JWK parameters' + describe '.create_rsa_key_using_sets' do + before do + skip unless OpenSSL::PKey::RSA.new.respond_to?(:set_key) + skip if ::JWT.openssl_3? end - elsif !::JWK.openssl_3? - describe '.create_rsa_key_using_accessors' do - subject(:rsa) { described_class.create_rsa_key_using_accessors(rsa_parameters) } - include_examples 'creating an RSA object from complete JWK parameters' - include_examples 'creating RSA object from partial JWK parameters' + subject(:rsa) { described_class.create_rsa_key_using_sets(rsa_parameters) } + + include_examples 'creating an RSA object from complete JWK parameters' + include_examples 'creating an RSA object from partial JWK parameters' + end + + describe '.create_rsa_key_using_accessors' do + before do + skip if OpenSSL::PKey::RSA.new.respond_to?(:set_key) end + + subject(:rsa) { described_class.create_rsa_key_using_accessors(rsa_parameters) } + + include_examples 'creating an RSA object from complete JWK parameters' + include_examples 'creating an RSA object from partial JWK parameters' end end From e39b4116d8eee7f614ef341eff1f1ba9d4a52010 Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sat, 29 Oct 2022 20:36:15 +0300 Subject: [PATCH 3/6] Better reasons to skip tests --- lib/jwt/version.rb | 6 +++++- spec/jwk/rsa_spec.rb | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/jwt/version.rb b/lib/jwt/version.rb index 7ad81897..12e1773a 100644 --- a/lib/jwt/version.rb +++ b/lib/jwt/version.rb @@ -27,6 +27,10 @@ def self.openssl_3? end def self.openssl_3_hmac_empty_key_regression? - openssl_3? && ::Gem::Version.new(OpenSSL::VERSION) <= ::Gem::Version.new('3.0.0') + openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0') + end + + def self.openssl_version + @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION) end end diff --git a/spec/jwk/rsa_spec.rb b/spec/jwk/rsa_spec.rb index 3de9995c..27572bd0 100644 --- a/spec/jwk/rsa_spec.rb +++ b/spec/jwk/rsa_spec.rb @@ -171,6 +171,10 @@ context 'when e, n, d is given' do let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n, :d) } + before do + skip 'OpenSSL prior to 2.2 does not seem to support partial parameters' if ::JWT.openssl_version < ::Gem::Version.new('2.2') + end + it 'creates a valid RSA object representing a private key' do expect(subject).to be_a(::OpenSSL::PKey::RSA) expect(subject.private?).to eq(true) @@ -196,8 +200,8 @@ describe '.create_rsa_key_using_sets' do before do - skip unless OpenSSL::PKey::RSA.new.respond_to?(:set_key) - skip if ::JWT.openssl_3? + skip 'OpenSSL without the RSA#set_key method not supported' unless OpenSSL::PKey::RSA.new.respond_to?(:set_key) + skip 'OpenSSL 3.0 does not allow mutating objects anymore' if ::JWT.openssl_3? end subject(:rsa) { described_class.create_rsa_key_using_sets(rsa_parameters) } @@ -208,7 +212,7 @@ describe '.create_rsa_key_using_accessors' do before do - skip if OpenSSL::PKey::RSA.new.respond_to?(:set_key) + skip 'OpenSSL if RSA#set_key is available there is no accessors anymore' if OpenSSL::PKey::RSA.new.respond_to?(:set_key) end subject(:rsa) { described_class.create_rsa_key_using_accessors(rsa_parameters) } From 191d7ef74bacbbb0d7b42eab184ecb59880055c5 Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sun, 30 Oct 2022 13:47:47 +0200 Subject: [PATCH 4/6] Avoid iterating the RSA_OPT_PARAMS twice --- lib/jwt/jwk/rsa.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/jwt/jwk/rsa.rb b/lib/jwt/jwk/rsa.rb index 30e21a38..c909b635 100644 --- a/lib/jwt/jwk/rsa.rb +++ b/lib/jwt/jwk/rsa.rb @@ -168,10 +168,10 @@ def create_rsa_key_using_accessors(rsa_parameters) # rubocop:disable Metrics/Abc end def validate_rsa_parameters!(rsa_parameters) - return unless rsa_parameters[:d] + return unless rsa_parameters.key?(:d) - return if RSA_OPT_PARAMS.all? { |k| rsa_parameters.keys.include?(k) } - return if RSA_OPT_PARAMS.none? { |k| rsa_parameters.keys.include?(k) } + parameters = RSA_OPT_PARAMS - rsa_parameters.keys + return if parameters.empty? || parameters.size == RSA_OPT_PARAMS.size raise JWT::JWKError, 'When one of p, q, dp, dq or qi is given all the other optimization parameters also needs to be defined' # https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2 end From cc7f34e720980b09608be6274c8994c5e015bd5c Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sun, 30 Oct 2022 13:57:05 +0200 Subject: [PATCH 5/6] Moved constants close to each other --- lib/jwt/jwk/rsa.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/jwt/jwk/rsa.rb b/lib/jwt/jwk/rsa.rb index c909b635..4221da74 100644 --- a/lib/jwt/jwk/rsa.rb +++ b/lib/jwt/jwk/rsa.rb @@ -10,6 +10,9 @@ class RSA < KeyBase # rubocop:disable Metrics/ClassLength RSA_PRIVATE_KEY_ELEMENTS = %i[d p q dp dq qi].freeze RSA_KEY_ELEMENTS = (RSA_PRIVATE_KEY_ELEMENTS + RSA_PUBLIC_KEY_ELEMENTS).freeze + RSA_OPT_PARAMS = %i[p q dp dq qi].freeze + RSA_ASN1_SEQUENCE = (%i[n e d] + RSA_OPT_PARAMS).freeze # https://www.rfc-editor.org/rfc/rfc3447#appendix-A.1.2 + def initialize(key, params = nil, options = {}) params ||= {} @@ -123,9 +126,6 @@ def decode_open_ssl_bn(jwk_data) OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY) end - RSA_OPT_PARAMS = %i[p q dp dq qi].freeze - RSA_ASN1_SEQUENCE = (%i[n e d] + RSA_OPT_PARAMS).freeze # https://www.rfc-editor.org/rfc/rfc3447#appendix-A.1.2 - def create_rsa_key_using_der(rsa_parameters) validate_rsa_parameters!(rsa_parameters) From 07223afeb4acb7fa2dd1ed280075d82db9d18673 Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sun, 30 Oct 2022 14:13:21 +0200 Subject: [PATCH 6/6] Raise error on incomplete RSA ANS.1 sequence --- lib/jwt/jwk/rsa.rb | 2 ++ spec/jwk/rsa_spec.rb | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/lib/jwt/jwk/rsa.rb b/lib/jwt/jwk/rsa.rb index 4221da74..9c8cfc86 100644 --- a/lib/jwt/jwk/rsa.rb +++ b/lib/jwt/jwk/rsa.rb @@ -137,6 +137,8 @@ def create_rsa_key_using_der(rsa_parameters) if sequence.size > 2 # Append "two-prime" version for private key sequence.unshift(OpenSSL::ASN1::Integer.new(0)) + + raise JWT::JWKError, 'Creating a RSA key with a private key requires the CRT parameters to be defined' if sequence.size < RSA_ASN1_SEQUENCE.size end OpenSSL::PKey::RSA.new(OpenSSL::ASN1::Sequence(sequence).to_der) diff --git a/spec/jwk/rsa_spec.rb b/spec/jwk/rsa_spec.rb index 27572bd0..b888e6b0 100644 --- a/spec/jwk/rsa_spec.rb +++ b/spec/jwk/rsa_spec.rb @@ -196,6 +196,14 @@ subject(:rsa) { described_class.create_rsa_key_using_der(rsa_parameters) } include_examples 'creating an RSA object from complete JWK parameters' + + context 'when e, n, d is given' do + let(:jwk_parameters) { all_jwk_parameters.slice(:e, :n, :d) } + + it 'expects all CRT parameters given and raises error' do + expect { subject }.to raise_error(JWT::JWKError, 'Creating a RSA key with a private key requires the CRT parameters to be defined') + end + end end describe '.create_rsa_key_using_sets' do