Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP5:Update
python-python-jose
CVE-2024-33663.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-33663.patch of Package python-python-jose
From 34bd82c43ea31da5b9deaa25ff591905a180bdf7 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <daniel.garcia@suse.com> Date: Thu, 2 May 2024 09:29:54 +0200 Subject: [PATCH 1/4] Improve asymmetric key check in CryptographyHMACKey This change should fix https://github.com/mpdavis/python-jose/issues/346 security issue. The code is based on pyjwt change: https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc --- jose/backends/cryptography_backend.py | 72 ++++++++++++++++++++++++--- tests/test_jwt.py | 35 ++++++++++++- 2 files changed, 98 insertions(+), 9 deletions(-) Index: python-jose-3.0.1/tests/test_jwt.py =================================================================== --- python-jose-3.0.1.orig/tests/test_jwt.py +++ python-jose-3.0.1/tests/test_jwt.py @@ -4,7 +4,8 @@ import json from jose import jws from jose import jwt -from jose.exceptions import JWTError +from jose.constants import ALGORITHMS +from jose.exceptions import JWTError, JWKError from datetime import datetime from datetime import timedelta @@ -101,7 +102,7 @@ class TestJWT: def test_non_default_headers(self, claims, key, headers): encoded = jwt.encode(claims, key, headers=headers) - decoded = jwt.decode(encoded, key) + decoded = jwt.decode(encoded, key, algorithms=ALGORITHMS.HS256) assert claims == decoded all_headers = jwt.get_unverified_headers(encoded) for k, v in headers.items(): @@ -134,7 +135,7 @@ class TestJWT: '.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' ) - decoded = jwt.decode(token, key) + decoded = jwt.decode(token, key, algorithms=ALGORITHMS.SUPPORTED) assert decoded == claims @@ -155,7 +156,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, options=options) + jwt.decode(token, key, options=options, algorithms=ALGORITHMS.HS256) def test_iat_not_int(self, key): @@ -166,7 +167,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_nbf_not_int(self, key): @@ -177,7 +178,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_nbf_datetime(self, key): @@ -188,7 +189,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_nbf_with_leeway(self, key): @@ -203,7 +204,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, options=options) + jwt.decode(token, key, options=options, algorithms=ALGORITHMS.HS256) def test_nbf_in_future(self, key): @@ -216,7 +217,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_nbf_skip(self, key): @@ -229,13 +230,13 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) options = { 'verify_nbf': False } - jwt.decode(token, key, options=options) + jwt.decode(token, key, options=options, algorithms=ALGORITHMS.HS256) def test_exp_not_int(self, key): @@ -246,7 +247,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_exp_datetime(self, key): @@ -257,7 +258,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_exp_with_leeway(self, key): @@ -272,7 +273,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, options=options) + jwt.decode(token, key, options=options, algorithms=ALGORITHMS.HS256) def test_exp_in_past(self, key): @@ -285,7 +286,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_exp_skip(self, key): @@ -298,13 +299,13 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) options = { 'verify_exp': False } - jwt.decode(token, key, options=options) + jwt.decode(token, key, options=options, algorithms=ALGORITHMS.HS256) def test_aud_string(self, key): @@ -315,7 +316,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, audience=aud) + jwt.decode(token, key, audience=aud, algorithms=ALGORITHMS.HS256) def test_aud_list(self, key): @@ -326,7 +327,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, audience=aud) + jwt.decode(token, key, audience=aud, algorithms=ALGORITHMS.HS256) def test_aud_list_multiple(self, key): @@ -337,7 +338,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, audience=aud) + jwt.decode(token, key, audience=aud, algorithms=ALGORITHMS.HS256) def test_aud_list_is_strings(self, key): @@ -349,7 +350,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, audience=aud) + jwt.decode(token, key, audience=aud, algorithms=ALGORITHMS.HS256) def test_aud_case_sensitive(self, key): @@ -361,14 +362,14 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, audience='AUDIENCE') + jwt.decode(token, key, audience='AUDIENCE', algorithms=ALGORITHMS.HS256) def test_aud_empty_claim(self, claims, key): aud = 'audience' token = jwt.encode(claims, key) - jwt.decode(token, key, audience=aud) + jwt.decode(token, key, audience=aud, algorithms=ALGORITHMS.HS256) def test_aud_not_string_or_list(self, key): @@ -380,7 +381,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_aud_given_number(self, key): @@ -392,7 +393,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, audience=1) + jwt.decode(token, key, audience=1, algorithms=ALGORITHMS.HS256) def test_iss_string(self, key): @@ -403,7 +404,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, issuer=iss) + jwt.decode(token, key, issuer=iss, algorithms=ALGORITHMS.HS256) def test_iss_list(self, key): @@ -414,7 +415,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, issuer=['https://issuer', 'issuer']) + jwt.decode(token, key, issuer=['https://issuer', 'issuer'], algorithms=ALGORITHMS.HS256) def test_iss_tuple(self, key): @@ -425,7 +426,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, issuer=('https://issuer', 'issuer')) + jwt.decode(token, key, issuer=('https://issuer', 'issuer'), algorithms=ALGORITHMS.HS256) def test_iss_invalid(self, key): @@ -437,7 +438,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, issuer='another') + jwt.decode(token, key, issuer='another', algorithms=ALGORITHMS.HS256) def test_sub_string(self, key): @@ -448,7 +449,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_sub_invalid(self, key): @@ -460,7 +461,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_sub_correct(self, key): @@ -471,7 +472,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key, subject=sub) + jwt.decode(token, key, subject=sub, algorithms=ALGORITHMS.HS256) def test_sub_incorrect(self, key): @@ -483,7 +484,7 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, subject='another') + jwt.decode(token, key, subject='another', algorithms=ALGORITHMS.HS256) def test_jti_string(self, key): @@ -494,7 +495,7 @@ class TestJWT: } token = jwt.encode(claims, key) - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_jti_invalid(self, key): @@ -506,33 +507,33 @@ class TestJWT: token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_at_hash(self, claims, key): access_token = '<ACCESS_TOKEN>' token = jwt.encode(claims, key, access_token=access_token) - payload = jwt.decode(token, key, access_token=access_token) + payload = jwt.decode(token, key, access_token=access_token, algorithms=ALGORITHMS.HS256) assert 'at_hash' in payload def test_at_hash_invalid(self, claims, key): token = jwt.encode(claims, key, access_token='<ACCESS_TOKEN>') with pytest.raises(JWTError): - jwt.decode(token, key, access_token='<OTHER_TOKEN>') + jwt.decode(token, key, access_token='<OTHER_TOKEN>', algorithms=ALGORITHMS.HS256) def test_at_hash_missing_access_token(self, claims, key): token = jwt.encode(claims, key, access_token='<ACCESS_TOKEN>') with pytest.raises(JWTError): - jwt.decode(token, key) + jwt.decode(token, key, algorithms=ALGORITHMS.HS256) def test_at_hash_missing_claim(self, claims, key): token = jwt.encode(claims, key) with pytest.raises(JWTError): - jwt.decode(token, key, access_token='<ACCESS_TOKEN>') + jwt.decode(token, key, access_token='<ACCESS_TOKEN>', algorithms=ALGORITHMS.HS256) def test_at_hash_unable_to_calculate(self, claims, key): token = jwt.encode(claims, key, access_token='<ACCESS_TOKEN>') with pytest.raises(JWTError): - jwt.decode(token, key, access_token='\xe2') + jwt.decode(token, key, access_token='\xe2', algorithms=ALGORITHMS.HS256) def test_bad_claims(self): bad_token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck' @@ -552,3 +553,42 @@ class TestJWT: def test_unverified_claims_object(self, claims, key): token = jwt.encode(claims, key) assert jwt.get_unverified_claims(token) == claims + + def test_CVE_2024_33663(self): + """Test based on https://github.com/mpdavis/python-jose/issues/346""" + try: + from Crypto.PublicKey import ECC + from Crypto.Hash import HMAC, SHA256 + except ModuleNotFoundError: + pytest.skip("pycryptodome module not installed") + + # ----- SETUP ----- + # generate an asymmetric ECC keypair + # !! signing should only be possible with the private key !! + KEY = ECC.generate(curve='P-256') + + # PUBLIC KEY, AVAILABLE TO USER + # CAN BE RECOVERED THROUGH E.G. PUBKEY RECOVERY WITH TWO SIGNATURES: + # https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Public_key_recovery + # https://github.com/FlorianPicca/JWT-Key-Recovery + PUBKEY = KEY.public_key().export_key(format='OpenSSH').encode() + + # ---- CLIENT SIDE ----- + # without knowing the private key, a valid token can be constructed + # YIKES!! + + b64 = lambda x:base64.urlsafe_b64encode(x).replace(b'=',b'') + payload = b64(b'{"alg":"HS256"}') + b'.' + b64(b'{"pwned":true}') + hasher = HMAC.new(PUBKEY, digestmod=SHA256) + hasher.update(payload) + evil_token = payload + b'.' + b64(hasher.digest()) + + # ---- SERVER SIDE ----- + # verify and decode the token using the public key, as is custom + # algorithm field is left unspecified + # but the library will happily still verify without warning, trusting the user-controlled alg field of the token header + with pytest.raises(JWKError): + data = jwt.decode(evil_token, PUBKEY.decode(), algorithms=ALGORITHMS.HS256) + + with pytest.raises(JWTError, match='.*required.*"algorithms".*'): + data = jwt.decode(evil_token, PUBKEY.decode()) Index: python-jose-3.0.1/jose/jwt.py =================================================================== --- python-jose-3.0.1.orig/jose/jwt.py +++ python-jose-3.0.1/jose/jwt.py @@ -130,6 +130,13 @@ def decode(token, key, algorithms=None, defaults.update(options) verify_signature = defaults.get('verify_signature', True) + # Forbid the usage of the jwt.decode without alogrightms parameter + # See https://github.com/mpdavis/python-jose/issues/346 for more + # information CVE-2024-33663 + if verify_signature and algorithms is None: + raise JWTError("It is required that you pass in a value for " + 'the "algorithms" argument when calling ' + "decode().") try: payload = jws.verify(token, key, algorithms, verify=verify_signature) Index: python-jose-3.0.1/jose/utils.py =================================================================== --- python-jose-3.0.1.orig/jose/utils.py +++ python-jose-3.0.1/jose/utils.py @@ -1,4 +1,4 @@ - +import re import base64 import hmac import six @@ -132,3 +132,75 @@ def constant_time_string_compare(a, b): result |= ord(x) ^ ord(y) return result == 0 + + +# Based on https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc +# Based on https://github.com/hynek/pem/blob/7ad94db26b0bc21d10953f5dbad3acfdfacf57aa/src/pem/_core.py#L224-L252 +_PEMS = { + b"CERTIFICATE", + b"TRUSTED CERTIFICATE", + b"PRIVATE KEY", + b"PUBLIC KEY", + b"ENCRYPTED PRIVATE KEY", + b"OPENSSH PRIVATE KEY", + b"DSA PRIVATE KEY", + b"RSA PRIVATE KEY", + b"RSA PUBLIC KEY", + b"EC PRIVATE KEY", + b"DH PARAMETERS", + b"NEW CERTIFICATE REQUEST", + b"CERTIFICATE REQUEST", + b"SSH2 PUBLIC KEY", + b"SSH2 ENCRYPTED PRIVATE KEY", + b"X509 CRL", +} + + +_PEM_RE = re.compile( + b"----[- ]BEGIN (" + + b"|".join(_PEMS) + + b""")[- ]----\r? +.+?\r? +----[- ]END \\1[- ]----\r?\n?""", + re.DOTALL, +) + + +def is_pem_format(key): + """ + Return True if the key is PEM format + This function uses the list of valid PEM headers defined in + _PEMS dict. + """ + return bool(_PEM_RE.search(key)) + + +# Based on https://github.com/pyca/cryptography/blob/bcb70852d577b3f490f015378c75cba74986297b/src/cryptography/hazmat/primitives/serialization/ssh.py#L40-L46 +_CERT_SUFFIX = b"-cert-v01@openssh.com" +_SSH_PUBKEY_RC = re.compile(br"\A(\S+)[ \t]+(\S+)") +_SSH_KEY_FORMATS = [ + b"ssh-ed25519", + b"ssh-rsa", + b"ssh-dss", + b"ecdsa-sha2-nistp256", + b"ecdsa-sha2-nistp384", + b"ecdsa-sha2-nistp521", +] + + +def is_ssh_key(key): + """ + Return True if the key is a SSH key + This function uses the list of valid SSH key format defined in + _SSH_KEY_FORMATS dict. + """ + if any(string_value in key for string_value in _SSH_KEY_FORMATS): + return True + + ssh_pubkey_match = _SSH_PUBKEY_RC.match(key) + if ssh_pubkey_match: + key_type = ssh_pubkey_match.group(1) + if _CERT_SUFFIX == key_type[-len(_CERT_SUFFIX) :]: + return True + + return False Index: python-jose-3.0.1/tests/algorithms/test_HMAC.py =================================================================== --- python-jose-3.0.1.orig/tests/algorithms/test_HMAC.py +++ python-jose-3.0.1/tests/algorithms/test_HMAC.py @@ -14,14 +14,17 @@ class TestHMACAlgorithm: def test_RSA_key(self): key = "-----BEGIN PUBLIC KEY-----" + key += "\n\n\n-----END PUBLIC KEY-----" with pytest.raises(JOSEError): HMACKey(key, ALGORITHMS.HS256) key = "-----BEGIN RSA PUBLIC KEY-----" + key += "\n\n\n-----END RSA PUBLIC KEY-----" with pytest.raises(JOSEError): HMACKey(key, ALGORITHMS.HS256) key = "-----BEGIN CERTIFICATE-----" + key += "\n\n\n-----END CERTIFICATE-----" with pytest.raises(JOSEError): HMACKey(key, ALGORITHMS.HS256) Index: python-jose-3.0.1/jose/jwk.py =================================================================== --- python-jose-3.0.1.orig/jose/jwk.py +++ python-jose-3.0.1/jose/jwk.py @@ -7,6 +7,7 @@ from jose.constants import ALGORITHMS from jose.exceptions import JWKError from jose.utils import base64url_decode, base64url_encode from jose.utils import constant_time_string_compare +from jose.utils import is_pem_format, is_ssh_key from jose.backends.base import Key try: @@ -103,17 +104,11 @@ class HMACKey(Key): if isinstance(key, six.text_type): key = key.encode('utf-8') - invalid_strings = [ - b'-----BEGIN PUBLIC KEY-----', - b'-----BEGIN RSA PUBLIC KEY-----', - b'-----BEGIN CERTIFICATE-----', - b'ssh-rsa' - ] - - if any(string_value in key for string_value in invalid_strings): + if is_pem_format(key) or is_ssh_key(key): raise JWKError( - 'The specified key is an asymmetric key or x509 certificate and' - ' should not be used as an HMAC secret.') + "The specified key is an asymmetric key or x509 certificate and" + " should not be used as an HMAC secret." + ) self.prepared_key = key
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor