Rework validation to be less strict (#24)

Author: MicahParks

jwk.go

@@ -7,17 +7,23 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
+	"math/big"
 	"net/http"
 	"net/url"
-	"reflect"
 	"slices"
 	"time"
 )
 
+var (
+	// ErrPadding indicates that there is invalid padding.
+	ErrPadding = errors.New("padding error")
+)
+
 // JWK represents a JSON Web Key.
 type JWK struct {
 	key     any
@@ -67,6 +73,8 @@ type JWKValidateOptions struct {
 	SkipUse bool
 	// SkipX5UScheme is used to skip checking if the X5U URI scheme is https.
 	SkipX5UScheme bool
+	// StrictPadding is used to indicate that the JWK should be validated with strict padding.
+	StrictPadding bool
 }
 
 // JWKMetadataOptions are direct passthroughs into the JWKMarshal.
@@ -221,6 +229,10 @@ func (j JWK) Validate() error {
 		return fmt.Errorf("%w: invalid or unsupported key type %q", ErrJWKValidation, j.marshal.KTY)
 	}
 
+	if !j.options.Validate.SkipUse && !j.marshal.USE.IANARegistered() {
+		return fmt.Errorf("%w: invalid or unsupported key use %q", ErrJWKValidation, j.marshal.USE)
+	}
+
 	if !j.options.Validate.SkipKeyOps {
 		for _, o := range j.marshal.KEYOPS {
 			if !o.IANARegistered() {
@@ -229,10 +241,6 @@ func (j JWK) Validate() error {
 		}
 	}
 
-	if !j.options.Validate.SkipUse && !j.marshal.USE.IANARegistered() {
-		return fmt.Errorf("%w: invalid or unsupported key use %q", ErrJWKValidation, j.marshal.USE)
-	}
-
 	if !j.options.Validate.SkipMetadata {
 		if j.marshal.ALG != j.options.Metadata.ALG {
 			return fmt.Errorf("%w: ALG in marshal does not match ALG in options", errors.Join(ErrJWKValidation, ErrOptions))
@@ -301,18 +309,100 @@ func (j JWK) Validate() error {
 		return fmt.Errorf("failed to marshal JSON Web Key: %w", errors.Join(ErrJWKValidation, err))
 	}
 
+	// Remove automatically computed thumbprints if not set in given JWK.
 	if j.marshal.X5T == "" {
 		marshalled.X5T = ""
 	}
 	if j.marshal.X5TS256 == "" {
 		marshalled.X5TS256 = ""
 	}
 
-	ok := reflect.DeepEqual(j.marshal, marshalled)
-	if !ok {
-		return fmt.Errorf("%w: marshaled JWK does not match original JWK", ErrJWKValidation)
+	if j.marshal.X5T != marshalled.X5T {
+		return fmt.Errorf("%w: X5T in marshal does not match X5T in marshalled", ErrJWKValidation)
+	}
+	if j.marshal.X5TS256 != marshalled.X5TS256 {
+		return fmt.Errorf("%w: X5TS256 in marshal does not match X5TS256 in marshalled", ErrJWKValidation)
+	}
+	if j.marshal.CRV != marshalled.CRV {
+		return fmt.Errorf("%w: CRV in marshal does not match CRV in marshalled", ErrJWKValidation)
+	}
+	switch j.marshal.KTY {
+	case KtyEC:
+		err = cmpBase64Int(j.marshal.X, marshalled.X, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: X in marshal does not match X in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.Y, marshalled.Y, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: Y in marshal does not match Y in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.D, marshalled.D, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: D in marshal does not match D in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+	case KtyOKP:
+		if j.marshal.X != marshalled.X {
+			return fmt.Errorf("%w: X in marshal does not match X in marshalled", ErrJWKValidation)
+		}
+		if j.marshal.D != marshalled.D {
+			return fmt.Errorf("%w: D in marshal does not match D in marshalled", ErrJWKValidation)
+		}
+	case KtyRSA:
+		err = cmpBase64Int(j.marshal.D, marshalled.D, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: D in marshal does not match D in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.N, marshalled.N, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: N in marshal does not match N in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.E, marshalled.E, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: E in marshal does not match E in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.P, marshalled.P, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: P in marshal does not match P in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.Q, marshalled.Q, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: Q in marshal does not match Q in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.DP, marshalled.DP, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: DP in marshal does not match DP in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		err = cmpBase64Int(j.marshal.DQ, marshalled.DQ, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: DQ in marshal does not match DQ in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+		if len(j.marshal.OTH) != len(marshalled.OTH) {
+			return fmt.Errorf("%w: OTH in marshal does not match OTH in marshalled", ErrJWKValidation)
+		}
+		for i, o := range j.marshal.OTH {
+			err = cmpBase64Int(o.R, marshalled.OTH[i].R, j.options.Validate.StrictPadding)
+			if err != nil {
+				return fmt.Errorf("%w: OTH index %d in marshal does not match OTH in marshalled", errors.Join(ErrJWKValidation, err), i)
+			}
+			err = cmpBase64Int(o.D, marshalled.OTH[i].D, j.options.Validate.StrictPadding)
+			if err != nil {
+				return fmt.Errorf("%w: OTH index %d in marshal does not match OTH in marshalled", errors.Join(ErrJWKValidation, err), i)
+			}
+			err = cmpBase64Int(o.T, marshalled.OTH[i].T, j.options.Validate.StrictPadding)
+			if err != nil {
+				return fmt.Errorf("%w: OTH index %d in marshal does not match OTH in marshalled", errors.Join(ErrJWKValidation, err), i)
+			}
+		}
+	case KtyOct:
+		err = cmpBase64Int(j.marshal.K, marshalled.K, j.options.Validate.StrictPadding)
+		if err != nil {
+			return fmt.Errorf("%w: K in marshal does not match K in marshalled", errors.Join(ErrJWKValidation, err))
+		}
+	default:
+		return fmt.Errorf("%w: invalid or unsupported key type %q", ErrJWKValidation, j.marshal.KTY)
 	}
 
+	// Saved for last because it may involve a network request.
 	if j.marshal.X5U != "" || j.options.X509.X5U != "" {
 		if j.marshal.X5U != j.options.X509.X5U {
 			return fmt.Errorf("%w: X5U in marshal does not match X5U in options", errors.Join(ErrJWKValidation, ErrOptions))
@@ -376,3 +466,28 @@ func DefaultGetX5U(u *url.URL) ([]*x509.Certificate, error) {
 	}
 	return certs, nil
 }
+
+func cmpBase64Int(first, second string, strictPadding bool) error {
+	if first == second {
+		return nil
+	}
+	b, err := base64.RawURLEncoding.DecodeString(first)
+	if err != nil {
+		return fmt.Errorf("failed to decode Base64 raw URL decode first string: %w", err)
+	}
+	fLen := len(b)
+	f := new(big.Int).SetBytes(b)
+	b, err = base64.RawURLEncoding.DecodeString(second)
+	if err != nil {
+		return fmt.Errorf("failed to decode Base64 raw URL decode second string: %w", err)
+	}
+	sLen := len(b)
+	s := new(big.Int).SetBytes(b)
+	if f.Cmp(s) != 0 {
+		return fmt.Errorf("%w: the parsed integers do not match", ErrJWKValidation)
+	}
+	if strictPadding && fLen != sLen {
+		return fmt.Errorf("%w: the Base64 raw URL inputs do not have matching padding", errors.Join(ErrJWKValidation, ErrPadding))
+	}
+	return nil
+}

jwk_test.go

@@ -8,10 +8,16 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
+	"errors"
 	"testing"
 	"time"
 )
 
+const (
+	anyStr     = "any"
+	invalidStr = "invalid"
+)
+
 func TestNewJWKFromRawJSON(t *testing.T) {
 	marshalOptions := JWKMarshalOptions{
 		Private: true,
@@ -97,6 +103,109 @@ func TestMissingThumbprint(t *testing.T) {
 	}
 }
 
+func TestJWK_Validate(t *testing.T) {
+	jwk := JWK{}
+	err := jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for empty JWK.")
+	}
+
+	jwk.options.Validate.SkipAll = true
+	err = jwk.Validate()
+	if err != nil {
+		t.Fatalf("Failed to skip validation. %s", err)
+	}
+	jwk.options.Validate.SkipAll = false
+
+	jwk.marshal.KTY = KtyOKP
+	jwk.marshal.USE = invalidStr
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for invalid use.")
+	}
+	jwk.marshal.USE = ""
+
+	jwk.marshal.KEYOPS = []KEYOPS{invalidStr}
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for invalid key operations.")
+	}
+	jwk.marshal.KEYOPS = nil
+
+	jwk.options.Metadata.ALG = AlgEdDSA
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for options not matching algorithm.")
+	}
+	jwk.options.Metadata.ALG = ""
+
+	jwk.options.Metadata.KID = anyStr
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for options not matching key ID.")
+	}
+	jwk.options.Metadata.KID = ""
+
+	jwk.options.Metadata.KEYOPS = []KEYOPS{KeyOpsSign}
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for options not matching key operations.")
+	}
+	jwk.options.Metadata.KEYOPS = nil
+
+	jwk.options.Metadata.USE = UseSig
+	err = jwk.Validate()
+	if err == nil {
+		t.Fatalf("Expected to fail validation for options not matching use.")
+	}
+	jwk.options.Metadata.USE = ""
+}
+
+func TestJWK_Validate_Padding(t *testing.T) {
+	const invalidRSAModulusPadding = `
+{
+  "kty": "RSA",
+  "n": "AOpF5dwoCpmW2Th5kBaKDZmygOlyQSJm3JqwGvPTTViHCs4ZitlLF9za9-DPxP3zoNaryEYlFfLhYOFVS7mUjMGtLNTkLafBSIIoF28sy_z1GruxJ2aFchazBimxI1B0MXTKdIw4V268klrOECO5FIcHar7EV9W0XqToFon3oVvHWw3qkPV4o-A7Gdrh3Yh7vRUE_T5XCLYD9jO41nAqYhWYRGN-Kxu51x6VMa595TXTrpzgYGDba1MLQzB9qcHRIvRskt7Gh8M0zgcyo6c6jvktaEzh0j2kdL2JCAFHhMXUZedRUOpeqkEehpxDDR0Deiz7UPlMe6l8Ots97Wm357bgajDcxnqaGGEF5GIkr7xHw15DrTfOWPY35f0sHjNTOn9AU2bPWTy6oHZPhoFjHdSNp3UOIunnf1eXRlTa7YZ5PLmbFFyjNNSnQdcOHgKx1lJExJqXCAJ2pBkp0dX65uiqCLz4WZBcmCHGToi4mvQ5wpFqgUJ_6N8HXpP5ZLZ-hQ",
+  "e": "AQAB"
+}`
+	jwk, err := NewJWKFromRawJSON([]byte(invalidRSAModulusPadding), JWKMarshalOptions{}, JWKValidateOptions{})
+	if err != nil {
+		t.Fatalf("Failed to create JWK from raw JSON. %s", err)
+	}
+	err = jwk.Validate()
+	if err != nil {
+		t.Fatalf("Failed to validate RSA JWK with acceptably invalid padding. %s", err)
+	}
+	jwk.options.Validate.StrictPadding = true
+	err = jwk.Validate()
+	if !errors.Is(err, ErrPadding) {
+		t.Fatalf("Expected to fail validation for invalid RSA modulus padding.")
+	}
+
+	const invalidECDSAPadding = `
+{
+  "kty": "EC",
+  "crv": "P-521",
+  "x": "aQnZOuwyXH1APmjESTgHLVUH49Ry19Ay7hgHiOB4Nsv5m_JN18wW-ByFtGtHatVJ_OHL5TuLOTSsp8ctniKTn3E",
+  "y": "TZAwFszO_oiyvncIviOJdi8MU8VDfZo8Y3q0Z-AxaPDUFQS8aRDCHUzukj6RCNZsRCWd0HGOayIhV_uQZrB_Xbc",
+  "d": "AZHsd9nLaXHFWH4wjiW5XcCrIO9AWl4Y0aV64kagRFPnWjljC6VxCsFF5IM0vTzCWKdlwFLEIgJO0pfwWlQMXKef"
+}
+`
+	jwk, err = NewJWKFromRawJSON([]byte(invalidECDSAPadding), JWKMarshalOptions{}, JWKValidateOptions{})
+	if err != nil {
+		t.Fatalf("Failed to create JWK from raw JSON. %s", err)
+	}
+	err = jwk.Validate()
+	if err != nil {
+		t.Fatalf("Failed to validate ECDSA JWK with acceptably invalid padding. %s", err)
+	}
+	jwk.options.Validate.StrictPadding = true
+	err = jwk.Validate()
+	if !errors.Is(err, ErrPadding) {
+		t.Fatalf("Expected to fail validation for invalid ECDSA padding.")
+	}
+}
+
 func testJSON(ctx context.Context, t *testing.T, jwks Storage) {
 	b, err := base64.RawURLEncoding.DecodeString(x25519PrivateKey)
 	if err != nil {

marshal.go

@@ -37,8 +37,8 @@ var (
 // OtherPrimes is for RSA private keys that have more than 2 primes.
 // https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7
 type OtherPrimes struct {
-	D string `json:"d,omitempty"` // https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.2
 	R string `json:"r,omitempty"` // https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.1
+	D string `json:"d,omitempty"` // https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.2
 	T string `json:"t,omitempty"` // https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.3
 }