Tighten JWS algorithm lists (#19797)

* Add new PKI ACME subpackage to test_packages list Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Restrict JWS keys to specified algorithms Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-28 16:49:07 -04:00 · 2023-03-28 16:49:07 -04:00 · 27f670abd5
parent 6d19f47732
commit 27f670abd5
2 changed files with 33 additions and 1 deletions
--- a/.github/scripts/generate-test-package-lists.sh
+++ b/.github/scripts/generate-test-package-lists.sh
@ -77,6 +77,7 @@ test_packages[5]+=" $base/vault/external_tests/sealmigration"
 if [ "${ENTERPRISE:+x}" == "x" ] ; then
    test_packages[5]+=" $base/vault/external_tests/transform"
 fi
+test_packages[5]+=" $base/builtin/logical/pki/acme"

 # Total time: 588
 test_packages[6]+=" $base"
--- a/builtin/logical/pki/acme/jws.go
+++ b/builtin/logical/pki/acme/jws.go
@ -7,6 +7,19 @@ import (
 	jose "gopkg.in/square/go-jose.v2"
 )

+var AllowedOuterJWSTypes = map[string]interface{}{
+	"RS256":  true,
+	"RS384":  true,
+	"RS512":  true,
+	"PS256":  true,
+	"PS384":  true,
+	"PS512":  true,
+	"ES256":  true,
+	"ES384":  true,
+	"ES512":  true,
+	"EdDSA2": true,
+}
+
 // This wraps a JWS message structure.
 type JWSCtx struct {
 	Algo  string          `json:"alg"`
@ -32,13 +45,26 @@ func (c *JWSCtx) UnmarshalJSON(a *ACMEState, jws []byte) error {
 	}

 	if c.Kid == "" && len(c.jwk) == 0 {
-		// See RFC 8555 Section 6.2 Request Authorization:
+		// See RFC 8555 Section 6.2. Request Authentication:
 		//
 		// > Either "jwk" (JSON Web Key) or "kid" (Key ID) as specified
 		// > below
 		return fmt.Errorf("invalid header: got neither required fields of 'kid' nor 'jwk'")
 	}

+	if _, present := AllowedOuterJWSTypes[c.Algo]; !present {
+		// See RFC 8555 Section 6.2. Request Authentication:
+		//
+		// > The JWS Protected Header MUST include the following fields:
+		// >
+		// > - "alg" (Algorithm)
+		// >
+		// >   * This field MUST NOT contain "none" or a Message
+		// >     Authentication Code (MAC) algorithm (e.g. one in which the
+		// >     algorithm registry description mentions MAC/HMAC).
+		return fmt.Errorf("invalid header: unexpected value for 'algo'")
+	}
+
 	if c.Kid != "" {
 		// Load KID from storage first.
 		c.jwk, err = a.LoadJWK(c.Kid)
@ -63,6 +89,11 @@ func hasValues(h jose.Header) bool {
 }

 func (c *JWSCtx) VerifyJWS(signature string) (map[string]interface{}, error) {
+	// See RFC 8555 Section 6.2. Request Authentication:
+	//
+	// > The JWS Unencoded Payload Option [RFC7797] MUST NOT be used
+	//
+	// This is validated by go-jose.
 	sig, err := jose.ParseSigned(signature)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing signature: %w", err)