Mirror
/
CyberChef
mirror of https://github.com/gchq/CyberChef.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tidied up JWT operations

This commit is contained in:
n1474335 2018-08-31 13:58:06 +00:00
parent 100b097ace
commit be14d56eae
9 changed files with 147 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Gruntfile.js
View File

@ -382,13 +382,13 @@ module.exports = function (grunt) {
"mkdir -p src/core/config/modules",
"echo 'export default {};\n' > src/core/config/modules/OpModules.mjs",
"echo '[]\n' > src/core/config/OperationConfig.json",
"node --experimental-modules src/core/config/scripts/generateOpsIndex.mjs",
"node --experimental-modules src/core/config/scripts/generateConfig.mjs",
"node --experimental-modules --no-warnings --no-deprecation src/core/config/scripts/generateOpsIndex.mjs",
"node --experimental-modules --no-warnings --no-deprecation src/core/config/scripts/generateConfig.mjs",
"echo '--- Config scripts finished. ---\n'"
].join(";")
},
tests: {
command: "node --experimental-modules test/index.mjs"
command: "node --experimental-modules --no-warnings --no-deprecation test/index.mjs"
}
},
});

89
package-lock.json generated
View File

@ -1811,6 +1811,11 @@
"isarray": "^1.0.0"
}
},
"buffer-equal-constant-time": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
"integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk="
},
"buffer-from": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
@ -2994,6 +2999,14 @@
}
}
},
"ecdsa-sig-formatter": {
"version": "1.0.10",
"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.10.tgz",
"integrity": "sha1-HFlQAPBKiJffuFAAiSoPTDOvhsM=",
"requires": {
"safe-buffer": "^5.0.1"
}
},
"ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@ -6493,6 +6506,29 @@
}
}
},
"jsonwebtoken": {
"version": "8.3.0",
"resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.3.0.tgz",
"integrity": "sha512-oge/hvlmeJCH+iIz1DwcO7vKPkNGJHhgkspk8OH3VKlw+mbi42WtD4ig1+VXRln765vxptAv+xT26Fd3cteqag==",
"requires": {
"jws": "^3.1.5",
"lodash.includes": "^4.3.0",
"lodash.isboolean": "^3.0.3",
"lodash.isinteger": "^4.0.4",
"lodash.isnumber": "^3.0.3",
"lodash.isplainobject": "^4.0.6",
"lodash.isstring": "^4.0.1",
"lodash.once": "^4.0.0",
"ms": "^2.1.1"
},
"dependencies": {
"ms": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
"integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
}
}
},
"jsprim": {
"version": "1.4.1",
"resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
@ -6510,6 +6546,25 @@
"resolved": "https://registry.npmjs.org/jsrsasign/-/jsrsasign-8.0.12.tgz",
"integrity": "sha1-Iqu5ZW00owuVMENnIINeicLlwxY="
},
"jwa": {
"version": "1.1.6",
"resolved": "https://registry.npmjs.org/jwa/-/jwa-1.1.6.tgz",
"integrity": "sha512-tBO/cf++BUsJkYql/kBbJroKOgHWEigTKBAjjBEmrMGYd1QMBC74Hr4Wo2zCZw6ZrVhlJPvoMrkcOnlWR/DJfw==",
"requires": {
"buffer-equal-constant-time": "1.0.1",
"ecdsa-sig-formatter": "1.0.10",
"safe-buffer": "^5.0.1"
}
},
"jws": {
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/jws/-/jws-3.1.5.tgz",
"integrity": "sha512-GsCSexFADNQUr8T5HPJvayTjvPIfoyJPtLQBwn5a4WZQchcrPMPMAWcC1AzJVRDKyD6ZPROPAxgv6rfHViO4uQ==",
"requires": {
"jwa": "^1.1.5",
"safe-buffer": "^5.0.1"
}
},
"kbpgp": {
"version": "2.0.77",
"resolved": "https://registry.npmjs.org/kbpgp/-/kbpgp-2.0.77.tgz",
@ -6724,17 +6779,35 @@
"integrity": "sha1-ZHYsSGGAglGKw99Mz11YhtriA0c=",
"dev": true
},
"lodash.includes": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
"integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8="
},
"lodash.isboolean": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
"integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY="
},
"lodash.isinteger": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
"integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M="
},
"lodash.isnumber": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
"integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w="
},
"lodash.isplainobject": {
"version": "4.0.6",
"resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
"integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=",
"dev": true
"integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs="
},
"lodash.isstring": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
"integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=",
"dev": true
"integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE="
},
"lodash.mergewith": {
"version": "4.6.1",
@ -6742,6 +6815,11 @@
"integrity": "sha512-eWw5r+PYICtEBgrBE5hhlT6aAa75f411bgDz/ZL2KZqYV03USvucsxcHUIlGTDTECs1eunpI7HOV7U+WLDvNdQ==",
"dev": true
},
"lodash.once": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
"integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
},
"lodash.sortby": {
"version": "4.7.0",
"resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
@ -9118,8 +9196,7 @@
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
"dev": true
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"safe-json-parse": {
"version": "1.0.1",

4
src/core/config/Categories.json
View File

@ -89,10 +89,10 @@
"Derive EVP key",
"Bcrypt",
"Scrypt",
"Pseudo-Random Number Generator",
"JWT Sign",
"JWT Verify",
"JWT Decode"
"JWT Decode",
"Pseudo-Random Number Generator"
]
},
{

17
src/core/operations/JWTDecode.mjs
View File

@ -6,6 +6,7 @@
import Operation from "../Operation";
import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError";
/**
* JWT Decode operation
@ -20,12 +21,11 @@ class JWTDecode extends Operation {
this.name = "JWT Decode";
this.module = "Crypto";
this.description = "Decodes a JSON Web Token without checking whether the provided secret / private key is valid.";
this.infoURL = "https://jwt.io";
this.description = "Decodes a JSON Web Token <b>without</b> checking whether the provided secret / private key is valid. Use 'JWT Verify' to check if the signature is valid as well.";
this.infoURL = "https://wikipedia.org/wiki/JSON_Web_Token";
this.inputType = "string";
this.outputType = "JSON";
this.args = [
];
this.args = [];
}
/**
@ -35,9 +35,14 @@ class JWTDecode extends Operation {
*/
run(input, args) {
try {
return jwt.decode(input);
const decoded = jwt.decode(input, {
json: true,
complete: true
});
return decoded.payload;
} catch (err) {
return err;
throw new OperationError(err);
}
}

22
src/core/operations/JWTSign.mjs
View File

@ -6,6 +6,7 @@
import Operation from "../Operation";
import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError";
/**
* JWT Sign operation
@ -20,18 +21,18 @@ class JWTSign extends Operation {
this.name = "JWT Sign";
this.module = "Crypto";
this.description = "Signs a JSON object as a JSON Web Token using a provided secret / private key.";
this.infoURL = "https://jwt.io/";
this.description = "Signs a JSON object as a JSON Web Token using a provided secret / private key.<br><br>The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.";
this.infoURL = "https://wikipedia.org/wiki/JSON_Web_Token";
this.inputType = "JSON";
this.outputType = "string";
this.args = [
{
name: "Private / Secret Key",
name: "Private/Secret Key",
type: "text",
value: "secret_cat"
value: "secret"
},
{
name: "Signing Algorithm",
name: "Signing algorithm",
type: "option",
value: [
"HS256",
@ -56,7 +57,16 @@ class JWTSign extends Operation {
*/
run(input, args) {
const [key, algorithm] = args;
return jwt.sign(input, key, { algorithm: algorithm === "None" ? "none" : algorithm });
try {
return jwt.sign(input, key, {
algorithm: algorithm === "None" ? "none" : algorithm
});
} catch (err) {
throw new OperationError(`Error: Have you entered the key correctly? The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.
${err}`);
}
}
}

19
src/core/operations/JWTVerify.mjs
View File

@ -6,6 +6,7 @@
import Operation from "../Operation";
import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError";
/**
* JWT Verify operation
@ -20,15 +21,15 @@ class JWTVerify extends Operation {
this.name = "JWT Verify";
this.module = "Crypto";
this.description = "Verifies that a JSON Web Token is valid and has been signed with the provided secret / private key.";
this.infoURL = "https://jwt.io/";
this.description = "Verifies that a JSON Web Token is valid and has been signed with the provided secret / private key.<br><br>The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.";
this.infoURL = "https://wikipedia.org/wiki/JSON_Web_Token";
this.inputType = "string";
this.outputType = "JSON";
this.args = [
{
name: "Private / Secret Key",
name: "Private/Secret Key",
type: "text",
value: "secret_cat"
value: "secret"
},
];
}
@ -42,14 +43,20 @@ class JWTVerify extends Operation {
const [key] = args;
try {
return jwt.verify(input, key, { algorithms: [
const verified = jwt.verify(input, key, { algorithms: [
"HS256",
"HS384",
"HS512",
"none"
]});
if (verified.hasOwnProperty("name") && verified.name === "JsonWebTokenError") {
throw new OperationError(verified.message);
}
return verified;
} catch (err) {
return err;
throw new OperationError(err);
}
}

8
test/tests/operations/JWTDecode.mjs
View File

@ -12,11 +12,11 @@ const outputObject = JSON.stringify({
String: "SomeString",
Number: 42,
iat: 1
});
}, null, 4);
TestRegister.addTests([
{
name: "JSON Decode: HS",
name: "JWT Decode: HS",
input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
expectedOutput: outputObject,
recipeConfig: [
@ -27,7 +27,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Decode: RS",
name: "JWT Decode: RS",
input: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.MjEJhtZk2nXzigi24piMzANmrj3mILHJcDl0xOjl5a8EgdKVL1oaMEjTkMQp5RA8YrqeRBFaX-BGGCKOXn5zPY1DJwWsBUyN9C-wGR2Qye0eogH_3b4M9EW00TPCUPXm2rx8URFj7Wg9VlsmrGzLV2oKkPgkVxuFSxnpO3yjn1Y",
expectedOutput: outputObject,
recipeConfig: [
@ -38,7 +38,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Decode: ES",
name: "JWT Decode: ES",
input: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.WkECT51jSfpRkcpQ4x0h5Dwe7CFBI6u6Et2gWp91HC7mpN_qCFadRpsvJLtKubm6cJTLa68xtei0YrDD8fxIUA",
expectedOutput: outputObject,
recipeConfig: [

20
test/tests/operations/JWTSign.mjs
View File

@ -12,7 +12,7 @@ const inputObject = JSON.stringify({
String: "SomeString",
Number: 42,
iat: 1
});
}, null, 4);
const hsKey = "secret_cat";
const rsKey = `-----BEGIN RSA PRIVATE KEY-----
@ -38,7 +38,7 @@ OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
TestRegister.addTests([
{
name: "JSON Sign: HS256",
name: "JWT Sign: HS256",
input: inputObject,
expectedOutput: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
recipeConfig: [
@ -49,7 +49,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: HS384",
name: "JWT Sign: HS384",
input: inputObject,
expectedOutput: "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ._bPK-Y3mIACConbJqkGFMQ_L3vbxgKXy9gSxtL9hA5XTganozTSXxD0vX0N1yT5s",
recipeConfig: [
@ -60,7 +60,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: HS512",
name: "JWT Sign: HS512",
input: inputObject,
expectedOutput: "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.vZIJU4XYMFt3FLE1V_RZOxEetmV4RvxtPZQGzJthK_d47pjwlEb6pQE23YxHFmOj8H5RLEdqqLPw4jNsOyHRzA",
recipeConfig: [
@ -71,7 +71,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: ES256",
name: "JWT Sign: ES256",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [
@ -86,7 +86,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: ES384",
name: "JWT Sign: ES384",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [
@ -101,7 +101,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: ES512",
name: "JWT Sign: ES512",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [
@ -116,7 +116,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: RS256",
name: "JWT Sign: RS256",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [
@ -131,7 +131,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: RS384",
name: "JWT Sign: RS384",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [
@ -146,7 +146,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Sign: RS512",
name: "JWT Sign: RS512",
input: inputObject,
expectedOutput: inputObject,
recipeConfig: [

13
test/tests/operations/JWTVerify.mjs
View File

@ -12,12 +12,9 @@ const outputObject = JSON.stringify({
String: "SomeString",
Number: 42,
iat: 1
});
}, null, 4);
const invalidAlgorithm = JSON.stringify({
name: "JsonWebTokenError",
message: "invalid algorithm"
});
const invalidAlgorithm = "JsonWebTokenError: invalid algorithm";
const hsKey = "secret_cat";
const rsKey = `-----BEGIN RSA PRIVATE KEY-----
@ -43,7 +40,7 @@ OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
TestRegister.addTests([
{
name: "JSON Verify: HS",
name: "JWT Verify: HS",
input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
expectedOutput: outputObject,
recipeConfig: [
@ -54,7 +51,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Verify: RS",
name: "JWT Verify: RS",
input: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.MjEJhtZk2nXzigi24piMzANmrj3mILHJcDl0xOjl5a8EgdKVL1oaMEjTkMQp5RA8YrqeRBFaX-BGGCKOXn5zPY1DJwWsBUyN9C-wGR2Qye0eogH_3b4M9EW00TPCUPXm2rx8URFj7Wg9VlsmrGzLV2oKkPgkVxuFSxnpO3yjn1Y",
expectedOutput: invalidAlgorithm,
recipeConfig: [
@ -65,7 +62,7 @@ TestRegister.addTests([
],
},
{
name: "JSON Verify: ES",
name: "JWT Verify: ES",
input: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.WkECT51jSfpRkcpQ4x0h5Dwe7CFBI6u6Et2gWp91HC7mpN_qCFadRpsvJLtKubm6cJTLa68xtei0YrDD8fxIUA",
expectedOutput: invalidAlgorithm,
recipeConfig: [