Perform Algorithm Verification
sermojohn opened this issue · 4 comments
Based on RFC-8725 algorithm verification can be performed by comparing the token algorithm with the key algorithm. This can be implementing by comparing JWK "kty" or "alg" with JWT "alg" header attribute.
Can the KeyFunc provided by this library also perform algorithm verification, to implement this best practice but avoid exposing this information out of the JWK scope?
I think you are referring to RFC-8725 section 3.1 or 3.2:
https://www.rfc-editor.org/rfc/rfc8725.html#section-3.1
Section 3.1:
Libraries MUST enable the caller to specify a supported set of algorithms and MUST NOT use any other algorithms when performing cryptographic operations. The library MUST ensure that the "alg" or "enc" header specifies the same algorithm that is used for the cryptographic operation. Moreover, each key MUST be used with exactly one algorithm, and this MUST be checked when the cryptographic operation is performed.
First part of section 3.2:
As Section 5.2 of [RFC7515] says, "it is an application decision which algorithms may be used in a given context. Even if a JWS can be successfully validated, unless the algorithm(s) used in the JWS are acceptable to the application, it SHOULD consider the JWS to be invalid."
In this case I think we can interpret "the caller" as the JWK Set which is given by the user of keyfunc.
the caller to specify a supported set of algorithms
Getting to the point, I think the action item requested by this issue is for keyfunc to check the JWK "alg" parameter and compare that to what's in the JWT "alg" header in the exported jwt.Keyfunc before returning the key for signature verification. If the algorithm's don't match, return an error. I think this is a good issue, but please be aware the JWK parameter "alg" is optional.
Did I get that right? If so, how does this commit look to you? It's on a feature branch and currently has no tests: a55209a
Did I get that right? If so, how does this commit look to you? It's on a feature branch and currently has no tests: a55209a
This is exactly what I meant, thanks for the prompt reaction and the thorough analysis.
The validation of the algorithm belonging to the supported set of algorithms is provided by golang-jwt here. What is not provided is the verification of match between JWT and JWK, as you describe.
I left some comments on a55209a.
@sermojohn, would you like to review #63?
Thank you for opening this issue @sermojohn!