Support for 384 and 512-bit hash lengths (thx Josh)

silentsignal · Oct 1, 2022 · aa0b107 · aa0b107
1 parent 4d53c01
commit aa0b107
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 3 deletions.
diff --git a/.github/workflows/test-docker.yml b/.github/workflows/test-docker.yml
@@ -27,7 +27,19 @@ jobs:
         python -m pip install --upgrade pip
         pip install PyJWT==1.5.0
 
-    - name: Run test with CVE-2017-11424
+    - name: Run RS256 test with CVE-2017-11424
       run: |
-        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS256/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS256/jwt1` | egrep '^eyJ' | tee CVE-2017-11424.tokens
-        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424.tokens
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS256/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS256/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS256.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS256.tokens
+
+    - name: Run RS384 test with CVE-2017-11424
+      run: |
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS384/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS384/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS384.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS384.tokens
+    
+    - name: Run RS512 test with CVE-2017-11424
+      run: |
+        docker run rsa_sig2n python3 jwt_forgery.py `cat  ./CVE-2017-11424/test_jwt/RS512/jwt0` `cat  ./CVE-2017-11424/test_jwt/RS512/jwt1` | egrep '^eyJ' | tee CVE-2017-11424_RS512.tokens
+        ./test_scripts/test_CVE-2017-11424.sh CVE-2017-11424_RS512.tokens
+
+
diff --git a/CVE-2017-11424/test_jwt/RS384/jwt0 b/CVE-2017-11424/test_jwt/RS384/jwt0
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjIxMDMsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.ZK5mfv-goo8c_9KHtMzoX2k2lVNrapSbynE-hzkWa1cJyFTxNmjpnVa1UzZW1RFiKzZu6ImLg1RCBYlbE-fCgqU7MaGrx5ZVC3HHYb3jXEvJ6a_R6LQakSywjUwN2HRtjyt0KOrUdo30K4UiDPpiOsHhlF_RF_z1Y3EeWHoZknem_5RlXYoiuhWq0VEU4-RtqCAG92Nybn3UoN4TpAvbgBHJrJq4ht9fC4zM6ODQ4QfFBfWAspW5n1knKsz729Hx4_gT-za_WEUXnPvU3LJeOagRY07zDse4pJcFBqjxWQjICRtPxyWljA893ZPFReG-QtPpWkPPAonWtIPWfcb0bg
diff --git a/CVE-2017-11424/test_jwt/RS384/jwt1 b/CVE-2017-11424/test_jwt/RS384/jwt1
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjIxNjQsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.aYhlaTnVLhskDVKw9KkBFn0I5Ooa7gNgZE0g_io3tDCwvcvhNQit9VmBkyI8G73wmWwSZkK5b4qPiVatm6q8lb2BBo26fCzERYxgJBURcoNq45e_GcT2vPeN3TOghzx3HpLTVnhcCXL4IFN4V8ue5fkwftt1KnBm5VFkGWqvJasQpsiPY4Q7czvAxHQTLD2I7E8HgIA-H_vchmKV2bME0kSnsLGhDNyNG6voTqmiPdZU7VEKYFBgoMR-gae5VL5AFqQgoaxRM7-EF-vdTHfA5YvHlWp5nwUx1SXMr45yM4U3RzDVx8p0hyTjSLnzRfyPrA9BzvIUN3PsK2dZyg8sPw
diff --git a/CVE-2017-11424/test_jwt/RS512/jwt0 b/CVE-2017-11424/test_jwt/RS512/jwt0
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjE0NTAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.XTeo0Rf0iTgujQSHOzzTnI_3dNce1ioT0LyWILRvLLVYZvBy2Aj8tQyKElsJb8MAcKz2pxjK7tZYm2rAzugWa6ByPZItrOTarlzNgmHrC1RkmTHl-5dXBGpC4z0sM1deZFosGPKttUwk44CHzZpaHolsqpUHuYHFCJ-xB2lvnC08uSQ4M0pz8G0yNtD9WZx5ODt_m6dkjRGm3YMcNCaWDV1W9KW_fKd3uxmJvXK-otIWcmDfbBnKcfY8gWeLjdjdA-B1zSkCkWfc9ieIFEa9B3Hlui9m-b3t9pU7liogM6Ue7v6lYcDeM_UwpSeWJhdGw6FTnm2U-oRx75wobHnF0w
diff --git a/CVE-2017-11424/test_jwt/RS512/jwt1 b/CVE-2017-11424/test_jwt/RS512/jwt1
@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjE1ODQsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.NWTVLpo7irGBJU27TkPmQiZiR_ybXUMxvk12a309kmhVrs3xf2dgcdIBYHHZWuLqsrXLPT2-NhFjSaVi3Xb_Ru5MTA2Tj3L5poW8bTgg_IJu5VKvH_byNcgQ4ZEUF7oaVFehnuOtNljaQZTnAEEqzaq5bEpVG-RoDs5UD1bUgFbUyWQucmEdF87KzOIWagWT-FAolNJAm0Kv0qHTr-t6-j6VueH6vYqmrRq5b_otnT8re33-k8FKCIDbr0h3gAQ3ktlxWxA9oJFjWXO7wIJezD2y0ypb8fmpENXm0j-9y6GY6Uqk57NRTBoplcYX_71Hl6vyPIiEfHhuzyI7NWBvWw
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjIxMDMsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.ZK5mfv-goo8c_9KHtMzoX2k2lVNrapSbynE-hzkWa1cJyFTxNmjpnVa1UzZW1RFiKzZu6ImLg1RCBYlbE-fCgqU7MaGrx5ZVC3HHYb3jXEvJ6a_R6LQakSywjUwN2HRtjyt0KOrUdo30K4UiDPpiOsHhlF_RF_z1Y3EeWHoZknem_5RlXYoiuhWq0VEU4-RtqCAG92Nybn3UoN4TpAvbgBHJrJq4ht9fC4zM6ODQ4QfFBfWAspW5n1knKsz729Hx4_gT-za_WEUXnPvU3LJeOagRY07zDse4pJcFBqjxWQjICRtPxyWljA893ZPFReG-QtPpWkPPAonWtIPWfcb0bg
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjE2NjQ3MjE0NTAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.XTeo0Rf0iTgujQSHOzzTnI_3dNce1ioT0LyWILRvLLVYZvBy2Aj8tQyKElsJb8MAcKz2pxjK7tZYm2rAzugWa6ByPZItrOTarlzNgmHrC1RkmTHl-5dXBGpC4z0sM1deZFosGPKttUwk44CHzZpaHolsqpUHuYHFCJ-xB2lvnC08uSQ4M0pz8G0yNtD9WZx5ODt_m6dkjRGm3YMcNCaWDV1W9KW_fKd3uxmJvXK-otIWcmDfbBnKcfY8gWeLjdjdA-B1zSkCkWfc9ieIFEa9B3Hlui9m-b3t9pU7liogM6Ue7v6lYcDeM_UwpSeWJhdGw6FTnm2U-oRx75wobHnF0w