Validate size of signature against algorithm considering JWE #2008
Conversation
|
Seems like this also addresses #1743, is that correct? |
|
@TimHannMSFT had not considered #1743 |
|
My mistake, I think I got the key size check and the signature size check confused. In reply to: 1407145465 |
| public class TamperedTokenTests | ||
| { | ||
| [Theory, MemberData(nameof(JwtSignatureTruncationTheoryData))] | ||
| public async Task JwtSignatureTruncation(ValidateTokenTheoryData theoryData) |
There was a problem hiding this comment.
Looks like we're doing some similar testing in SignatureProviderTests::SignatureTrunctation. What's the difference? Looks like that also did symmetric hmac.
Can you help me understand why that didn't catch the issue? Should that test case be updated in any way for protection on the RSA/ECDSA cases?
There was a problem hiding this comment.
@TimHannMSFT internally RSA/ECDSA require the signature bytes to be the correct size, so any truncation will be caught by the .net runtimes.
Signature provider tests missed this because they were being told an incorrect expected size from the JsonWebTokenHandler.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
SymmetricSignatures are now ensuring the size of the signature matches the algorithm.
Authenticated Encryption needed special processing as only the first half of the signature is considered for Aes128CbcHmacSha256, Aes128CbcHmacSha384 and Aes128CbcHmacSha512.