diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py index de7a79f..78361a1 100644 --- a/jwcrypto/jwa.py +++ b/jwcrypto/jwa.py @@ -28,6 +28,7 @@ # Implements RFC 7518 - JSON Web Algorithms (JWA) +default_max_pbkdf2_iterations = 16384 class JWAAlgorithm(metaclass=ABCMeta): @@ -588,6 +589,9 @@ def __init__(self): self.aeskwmap = {128: _A128KW, 192: _A192KW, 256: _A256KW} def _get_key(self, alg, key, p2s, p2c): + if p2c > default_max_pbkdf2_iterations: + raise ValueError('Invalid p2c value, too large') + if not isinstance(key, JWK): # backwards compatibility for old interface if isinstance(key, bytes): diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py index 6069fab..bb2ff10 100644 --- a/jwcrypto/tests.py +++ b/jwcrypto/tests.py @@ -2099,6 +2099,18 @@ def test_pbes2_hs256_aeskw_custom_params(self): key = jwk.JWK.from_password('password') self.assertRaises(ValueError, enc.add_recipient, key) + # Test p2c iteration checks + maxiter = jwa.default_max_pbkdf2_iterations + p2cenc = jwe.JWE(plaintext='plain', + protected={"alg": "PBES2-HS256+A128KW", + "enc": "A256CBC-HS512", + "p2c": maxiter + 1, + "p2s": base64url_encode("A" * 16)}) + with self.assertRaisesRegex(ValueError, 'too large'): + p2cenc.add_recipient(key) + jwa.default_max_pbkdf2_iterations += 2 + p2cenc.add_recipient(key) + class JWATests(unittest.TestCase): def test_jwa_create(self):