From dae3748e7486f85b2640a9b9f898d039fe7a3777 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 7 Dec 2023 12:49:07 -0500 Subject: [PATCH] Fix potential DoS issue with p2c header Unbounded p2c headers may be used to cause an application that accept PBES algorithms to spend alot of resources running PBKDF2 with a very high number of iterations. Clamp the default maximum to 16384 (double the default of 8192). An application that wants to use more iterations will have to chenge the jwa default max. Fixes CVE-2023-6681 Signed-off-by: Simo Sorce --- jwcrypto/jwa.py | 5 +++++ jwcrypto/tests.py | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py index de7a79f..ca4568e 100644 --- a/jwcrypto/jwa.py +++ b/jwcrypto/jwa.py @@ -28,6 +28,8 @@ # Implements RFC 7518 - JSON Web Algorithms (JWA) +default_max_pbkdf2_iterations = 16384 + class JWAAlgorithm(metaclass=ABCMeta): @@ -588,6 +590,9 @@ def __init__(self): self.aeskwmap = {128: _A128KW, 192: _A192KW, 256: _A256KW} def _get_key(self, alg, key, p2s, p2c): + if p2c > default_max_pbkdf2_iterations: + raise ValueError('Invalid p2c value, too large') + if not isinstance(key, JWK): # backwards compatibility for old interface if isinstance(key, bytes): diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py index 6069fab..bb2ff10 100644 --- a/jwcrypto/tests.py +++ b/jwcrypto/tests.py @@ -2099,6 +2099,18 @@ def test_pbes2_hs256_aeskw_custom_params(self): key = jwk.JWK.from_password('password') self.assertRaises(ValueError, enc.add_recipient, key) + # Test p2c iteration checks + maxiter = jwa.default_max_pbkdf2_iterations + p2cenc = jwe.JWE(plaintext='plain', + protected={"alg": "PBES2-HS256+A128KW", + "enc": "A256CBC-HS512", + "p2c": maxiter + 1, + "p2s": base64url_encode("A" * 16)}) + with self.assertRaisesRegex(ValueError, 'too large'): + p2cenc.add_recipient(key) + jwa.default_max_pbkdf2_iterations += 2 + p2cenc.add_recipient(key) + class JWATests(unittest.TestCase): def test_jwa_create(self):