@gcoredev/as-jwt 1.0.0 → 1.0.2

package/README.md

@@ -1,5 +1,11 @@
 # as-jwt
 
+[![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/G-Core/as-jwt/deploy.yaml)](https://github.com/G-Core/as-jwt)
+[![GitHub commit activity](https://img.shields.io/github/commit-activity/t/G-Core/as-jwt)](https://github.com/G-Core/as-jwt)
+[![GitHub top language](https://img.shields.io/github/languages/top/G-Core/as-jwt)](https://github.com/G-Core/as-jwt)
+[![GitHub License](https://img.shields.io/github/license/G-Core/as-jwt)](https://github.com/G-Core/as-jwt/blob/main/LICENSE)
+[![NPM Version](https://img.shields.io/npm/v/@gcoredev/as-jwt)](https://www.npmjs.com/package/@gcoredev/as-jwt)
+
 AssemblyScript package that provides simple jws handling for jwt tokens.
 
 ## Installation:
@@ -43,43 +49,10 @@ Validates `token` signature has been signed with a valid `secret`.
 
 Does NOT validate any claims in the payload.
 
-## Known Issues
-
-At present there are some issues with JWS tokens signed using SHA256.
-
-A basic token containing:
-
-```json
-{
-  "alg": "HS256",
-  "typ": "JWT"
-}.{
-  "sub": "1234567890",
-  "name": "John Doe",
-  "iat": 1516239022
-}
-```
-
-Will `pass` compactVerify(), however adding an extra field like `exp` value will cause it to fail. Claim payloads with more than 3 entries fails `SHA256` hashing. This is **NOT** a problem with `SHA512` and we would advise to use this at present.
-
-It is possible to still use verifyJwt() with `SHA256` however you will need to keep to max 3 claims. e.g.
-
-```json
-{
-  "alg": "HS256",
-  "typ": "JWT"
-}.{
-  "exp": 2051226061,
-  "name": "John Doe",
-  "iat": 1516239022
-}
-```
-
-Issue: https://github.com/jedisct1/as-hmac-sha2/issues/4
-
 ### Internal Libraries:
 
 Under the hood this package is powered by:
 
 - [as-hmac-sha2](https://github.com/jedisct1/as-hmac-sha2)
 - [as-base64](https://github.com/near/as-base64)
+- [as-sha256](https://github.com/ChainSafe/as-sha256)

package/assembly/index.ts

@@ -1,7 +1,9 @@
 import { JSON } from "assemblyscript-json/assembly";
 
-import { Sha256, Sha512, verify } from "../modules/as-hmac-sha2/assembly";
-import { decodeBase64 } from "./utils";
+import { Sha512, verify } from "../modules/as-hmac-sha2/assembly";
+
+import { sha256Hmac } from "./sha256";
+import { decodeBase64, isValidJsonObj } from "./utils";
 
 enum JwtValidation {
   Ok = 0,
@@ -19,9 +21,12 @@ function compactVerify(token: string, secret: string): JwtValidation {
 
   // Decode the JWT token
   const header = decodeBase64(parts[0]);
-  const jsonHeaderObj: JSON.Obj = <JSON.Obj>(
-    JSON.parse(String.UTF8.decode(header.buffer))
-  );
+  const headerStr = String.UTF8.decode(header.buffer);
+  if (!isValidJsonObj(headerStr)) {
+    return JwtValidation.BadToken;
+  }
+
+  const jsonHeaderObj: JSON.Obj = <JSON.Obj>JSON.parse(headerStr);
 
   const algOrNull: JSON.Str | null = jsonHeaderObj.getString("alg");
   if (algOrNull == null) {
@@ -38,7 +43,7 @@ function compactVerify(token: string, secret: string): JwtValidation {
   const secretUint8Array = Uint8Array.wrap(String.UTF8.encode(secret));
   const expectedSignature =
     alg === "HS256"
-      ? Sha256.hmac(dataUint8Array, secretUint8Array)
+      ? sha256Hmac(dataUint8Array, secretUint8Array)
       : Sha512.hmac(dataUint8Array, secretUint8Array);
   const providedSignature = decodeBase64(parts[2]);
 
@@ -59,9 +64,11 @@ function jwtVerify(token: string, secret: string): JwtValidation {
 
   // Decode the JWT token
   const payload = decodeBase64(parts[1]);
-  const jsonClaimsObj: JSON.Obj = <JSON.Obj>(
-    JSON.parse(String.UTF8.decode(payload.buffer))
-  );
+  const payloadStr = String.UTF8.decode(payload.buffer);
+  if (!isValidJsonObj(payloadStr)) {
+    return JwtValidation.BadToken;
+  }
+  const jsonClaimsObj: JSON.Obj = <JSON.Obj>JSON.parse(payloadStr);
 
   // RFC 7519 states that the exp , nbf and iat claim values must be NumericDate values.
   const expOrNull: JSON.Integer | null = jsonClaimsObj.getInteger("exp");

package/assembly/sha256/as-sha256.ts

@@ -0,0 +1,257 @@
+/*
+* The code in this file is from https://github.com/ChainSafe/as-sha256/blob/master/assembly/index.ts
+* Copyright 2019 ChainSafe Systems
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+*
+* All modifcations have been noted within the code.
+*
+*/
+
+// constants used in the SHA256 compression function
+const K: u32[] = [
+  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b,
+  0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01,
+  0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
+  0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+  0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152,
+  0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+  0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
+  0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819,
+  0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08,
+  0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f,
+  0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+];
+const kPtr = K.dataStart;
+
+// intermediate hash values stored in H0-H7
+var H0: u32, H1: u32, H2: u32, H3: u32, H4: u32, H5: u32, H6: u32, H7: u32;
+
+// hash registers
+var a: u32, b: u32, c: u32, d: u32, e: u32, f: u32, g: u32, h: u32, i: u32, t1: u32, t2: u32;
+
+// 16 32bit message blocks
+const M = new ArrayBuffer(64);
+const mPtr = changetype<usize>(M);
+
+// 64 32bit extended message blocks
+const W = new ArrayBuffer(256);
+const wPtr = changetype<usize>(W);
+
+// number of bytes in M buffer
+var mLength = 0;
+
+// number of total bytes hashed
+var bytesHashed = 0;
+
+@inline
+function load32(ptr: usize, offset: usize): u32 {
+  return load<u32>(ptr + (offset << alignof<u32>()));
+}
+
+@inline
+function load32be(ptr: usize, offset: usize): u32 {
+  const firstOffset = offset << alignof<u32>();
+  return (
+    (<u32>load8(ptr, firstOffset + 0) << 24) |
+    (<u32>load8(ptr, firstOffset + 1) << 16) |
+    (<u32>load8(ptr, firstOffset + 2) <<  8) |
+    (<u32>load8(ptr, firstOffset + 3) <<  0)
+  );
+}
+
+@inline
+function store32(ptr: usize, offset: usize, u: u32): void {
+  store<u32>(ptr + (offset << alignof<u32>()), u);
+}
+
+@inline
+function store8(ptr: usize, offset: usize, u: u8): void {
+  store<u8>(ptr + offset, u);
+}
+
+@inline
+function load8(ptr: usize, offset: usize): u8 {
+  return load<u8>(ptr + offset);
+}
+
+@inline
+function fill(ptr: usize, value: u8, length: u32): void {
+  const finalPtr = ptr + length;
+  while(ptr < finalPtr) {
+    store<u8>(ptr, value);
+    ptr++;
+  }
+}
+
+@inline
+function CH(x: u32, y: u32, z: u32): u32 {
+  return((x & y) ^ (~x & z));
+}
+
+@inline
+function MAJ(x: u32, y: u32, z:u32): u32 {
+  return ((x & y) ^ (x & z) ^ (y & z));
+}
+
+@inline
+function EP0(x: u32): u32 {
+  return rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22);
+}
+
+@inline
+function EP1(x: u32): u32 {
+  return rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25);
+}
+
+@inline
+function SIG0(x: u32): u32 {
+  return rotr(x, 7) ^ rotr(x, 18) ^ (x >>> 3);
+}
+
+@inline
+function SIG1(x: u32): u32 {
+  return rotr(x, 17) ^ rotr(x, 19) ^ (x >>> 10);
+}
+
+/**
+ * Expand message blocks (16 32bit blocks), into extended message blocks (64 32bit blocks),
+ * Apply SHA256 compression function on extended message blocks
+ * Update intermediate hash values
+ * @param wPtr pointer to expanded message block memory
+ * @param mPtr pointer to message block memory, pass 0 if wPtr is precomputed for e.g. in digest64
+ */
+function hashBlocks(wPtr: usize, mPtr: usize): void {
+  a = H0;
+  b = H1;
+  c = H2;
+  d = H3;
+  e = H4;
+  f = H5;
+  g = H6;
+  h = H7;
+
+  // Load message blocks into first 16 expanded message blocks
+  for (i = 0; i < 16; i++) {
+    store32(wPtr, i, load32be(mPtr, i));
+  }
+  // Expand message blocks 17-64
+  for (i = 16; i < 64; i++) {
+    store32(
+      wPtr,
+      i,
+      SIG1(load32(wPtr, i - 2)) +
+        load32(wPtr, i - 7) +
+        SIG0(load32(wPtr, i - 15)) +
+        load32(wPtr, i - 16)
+    );
+  }
+
+  // Apply SHA256 compression function on expanded message blocks
+  for (i = 0; i < 64; i++) {
+    t1 = h + EP1(e) + CH(e, f, g) + load32(kPtr, i) + load32(wPtr, i);
+    t2 = EP0(a) + MAJ(a, b, c);
+    h = g;
+    g = f;
+    f = e;
+    e = d + t1;
+    d = c;
+    c = b;
+    b = a;
+    a = t1 + t2;
+  }
+
+  H0 += a;
+  H1 += b;
+  H2 += c;
+  H3 += d;
+  H4 += e;
+  H5 += f;
+  H6 += g;
+  H7 += h;
+}
+
+export function init(): void {
+  H0 = 0x6a09e667;
+  H1 = 0xbb67ae85;
+  H2 = 0x3c6ef372;
+  H3 = 0xa54ff53a;
+  H4 = 0x510e527f;
+  H5 = 0x9b05688c;
+  H6 = 0x1f83d9ab;
+  H7 = 0x5be0cd19;
+
+  mLength = 0;
+  bytesHashed = 0;
+}
+
+export function update(dataPtr: usize, dataLength: i32): void {
+  let dataPos = 0;
+  bytesHashed += dataLength;
+  // If message blocks buffer has data, fill to 64
+  if (mLength) {
+    if (64 - mLength <= dataLength) {
+      // we can fully fill the buffer with data left over
+      memory.copy(mPtr + mLength, dataPtr, 64 - mLength);
+      mLength += 64 - mLength;
+      dataPos += 64 - mLength;
+      dataLength -= 64 - mLength;
+      hashBlocks(wPtr, mPtr);
+      mLength = 0;
+    } else {
+      // we can't fully fill the buffer but we exhaust the whole data buffer
+      memory.copy(mPtr + mLength, dataPtr, dataLength);
+      mLength += dataLength;
+      dataPos += dataLength;
+      dataLength -= dataLength;
+      return;
+    }
+  }
+  // If input has remaining 64-byte chunks, hash those
+  for (let i = 0; i < dataLength / 64; i++, dataPos += 64) {
+    hashBlocks(wPtr, dataPtr + dataPos);
+  }
+  // If any additional bytes remain, copy into message blocks buffer
+  if (dataLength & 63) {
+    const frac = dataLength & 63;
+    memory.copy(mPtr + mLength, dataPtr + dataPos, dataLength & 63);
+    mLength += dataLength & 63;
+  }
+}
+
+export function final(outPtr: usize): void {
+  // one additional round of hashes required
+  // because padding will not fit
+  if ((bytesHashed & 63) <= 63) {  //! @gcoredev: This line has been modified from the original (message bodies of length 127 failed)
+    store8(mPtr, mLength, 0x80);
+    mLength++;
+  }
+  if ((bytesHashed & 63) >= 56) {
+    fill(mPtr + mLength, 0, 64 - mLength);
+    hashBlocks(wPtr, mPtr);
+    mLength = 0;
+  }
+  if ((bytesHashed & 63) > 63) { //! @gcoredev: This line has been modified from the original (message bodies of length 127 failed)
+    store8(mPtr, mLength, 0x80);
+    mLength++;
+  }
+  fill(mPtr + mLength, 0, 64 - mLength - 8);
+
+  store<u32>(mPtr + 64 - 8, bswap(bytesHashed / 0x20000000)); // length -- high bits
+  store<u32>(mPtr + 64 - 4, bswap(bytesHashed << 3)); // length -- low bits
+
+  // hash round for padding
+  hashBlocks(wPtr, mPtr);
+
+  store32(outPtr, 0, bswap(H0));
+  store32(outPtr, 1, bswap(H1));
+  store32(outPtr, 2, bswap(H2));
+  store32(outPtr, 3, bswap(H3));
+  store32(outPtr, 4, bswap(H4));
+  store32(outPtr, 5, bswap(H5));
+  store32(outPtr, 6, bswap(H6));
+  store32(outPtr, 7, bswap(H7));
+}

package/assembly/sha256/index.ts

@@ -0,0 +1,50 @@
+import { final, init, update } from "./as-sha256";
+
+/*
+ * The code in this file is largely based on https://github.com/jedisct1/as-hmac-sha2
+ * which is licensed under the ISC license.
+ *
+ */
+
+/** This function is a direct copy of the one in as-hmac-sha2 */
+function setU8(t: Uint8Array, s: Uint8Array, o: isize = 0): void {
+  memory.copy(t.dataStart + o, s.dataStart, s.length);
+}
+
+/**
+ * This function is based on the one in as-hmac-sha2, but has been modified to use the crypto functions in as-sha256.
+ * HMAC-SHA-256
+ * @param m Message
+ * @param k Key
+ * @returns `HMAC-SHA-256(m, k)`
+ */
+function sha256Hmac(m: Uint8Array, k: Uint8Array): Uint8Array {
+  if (k.length > 64) {
+    // k = Sha256.hash(k);  todo: should become??
+    // init()
+    // update()
+    // final()
+  }
+  let b = new Uint8Array(64);
+  setU8(b, k);
+  for (let i = 0; i < b.length; ++i) {
+    b[i] ^= 0x36;
+  }
+  let out = new Uint8Array(32);
+  init();
+  update(b.dataStart, b.length);
+  update(m.dataStart, m.length);
+  final(out.dataStart);
+
+  for (let i = 0; i < b.length; ++i) {
+    b[i] ^= 0x6a;
+  }
+
+  init();
+  update(b.dataStart, b.length);
+  update(out.dataStart, out.length);
+  final(out.dataStart);
+  return out;
+}
+
+export { sha256Hmac };

package/assembly/utils.ts

@@ -28,4 +28,25 @@ function decodeBase64(input: string): Uint8Array {
   return decode(base64);
 }
 
-export { decodeBase64, encodeBase64 };
+function isValidJsonObj(str: string): boolean {
+  if (str.charAt(0) !== "{" || str.charAt(str.length - 1) !== "}") {
+    return false;
+  }
+  let brackets = 0;
+  let braces = 0;
+  for (let i = 0; i < str.length; i++) {
+    const char = str.charAt(i);
+    if (char === "[") {
+      brackets += 1;
+    } else if (char === "]") {
+      brackets -= 1;
+    } else if (char === "{") {
+      braces += 1;
+    } else if (char === "}") {
+      braces -= 1;
+    }
+  }
+  return brackets === 0 && braces === 0;
+}
+
+export { decodeBase64, encodeBase64, isValidJsonObj };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gcoredev/as-jwt",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "AssemblyScript package that provides simple jws handling for jwt tokens/",
   "main": "assembly/index.ts",
   "type": "module",
@@ -30,7 +30,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "files": [
-    "assembly/*.*",
+    "assembly/**/*.*",
     "modules/as-base64/assembly",
     "modules/as-base64/README.md",
     "modules/as-base64/package.json",