refactor: use async node:crypto methods when available

Author: panva

decode.js

@@ -1,8 +1,52 @@
-var jws = require('jws');
+function payloadFromJWS(encodedPayload, encoding = "utf8") {
+  try {
+    return Buffer.from(encodedPayload, "base64").toString(encoding);
+  } catch (_) {
+    return;
+  }
+}
+
+function headerFromJWS(encodedHeader) {
+  try {
+    return JSON.parse(Buffer.from(encodedHeader, "base64").toString());
+  } catch (_) {
+    return;
+  }
+}
+
+const JWS_REGEX = /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/;
+
+function isValidJws(string) {
+  return JWS_REGEX.test(string);
+}
+
+function jwsDecode(token, opts) {
+  opts = opts || {};
+
+  if (!isValidJws(token)) return null;
+
+  let [header, payload, signature] = token.split('.');
+
+  header = headerFromJWS(header);
+  if (header === undefined) return null;
+
+  payload = payloadFromJWS(payload);
+  if (payload === undefined) return null;
+
+  if (header.typ === "JWT" || opts.json){
+    payload = JSON.parse(payload);
+  }
+
+  return {
+    header,
+    payload,
+    signature,
+  };
+}
 
 module.exports = function (jwt, options) {
   options = options || {};
-  var decoded = jws.decode(jwt, options);
+  const decoded = jwsDecode(jwt, options);
   if (!decoded) { return null; }
   var payload = decoded.payload;
 

lib/asymmetricKeyDetailsSupported.js

@@ -0,0 +1,9 @@
+/* istanbul ignore file */
+if (Buffer.isEncoding("base64url")) {
+  module.exports = (buf) => buf.toString("base64url");
+} else {
+  const fromBase64 = (base64) =>
+    // eslint-disable-next-line no-div-regex
+    base64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+  module.exports = (buf) => fromBase64(buf.toString("base64"));
+}

lib/base64url.js

@@ -0,0 +1,5 @@
+/* istanbul ignore file */
+const [major, minor] = process.versions.node.split('.').map((v) => parseInt(v, 10));
+
+module.exports.RSA_PSS_KEY_DETAILS_SUPPORTED = major > 16 || (major === 16 && minor >= 9);
+module.exports.ASYMMETRIC_KEY_DETAILS_SUPPORTED = major > 15 || (major === 15 && minor >= 7);

lib/flags.js

@@ -0,0 +1,53 @@
+const { constants } = require("crypto");
+
+module.exports = function(alg, key) {
+  switch (alg) {
+  case 'RS256':
+    return {
+      digest: 'sha256',
+      key: { key, padding: constants.RSA_PKCS1_PADDING },
+    };
+  case 'RS384':
+    return {
+      digest: 'sha384',
+      key: { key, padding: constants.RSA_PKCS1_PADDING },
+    };
+  case 'RS512':
+    return {
+      digest: 'sha512',
+      key: { key, padding: constants.RSA_PKCS1_PADDING },
+    };
+  case 'PS256':
+    return {
+      digest: 'sha256',
+      key: { key, padding: constants.RSA_PKCS1_PSS_PADDING, saltLength: constants.RSA_PSS_SALTLEN_DIGEST },
+    };
+  case 'PS384':
+    return {
+      digest: 'sha384',
+      key: { key, padding: constants.RSA_PKCS1_PSS_PADDING, saltLength: constants.RSA_PSS_SALTLEN_DIGEST },
+    };
+  case 'PS512':
+    return {
+      digest: 'sha512',
+      key: { key, padding: constants.RSA_PKCS1_PSS_PADDING, saltLength: constants.RSA_PSS_SALTLEN_DIGEST },
+    };
+  case 'ES256':
+    return {
+      digest: 'sha256',
+      key: { key, dsaEncoding: 'ieee-p1363' },
+    };
+  case 'ES384':
+    return {
+      digest: 'sha384',
+      key: { key, dsaEncoding: 'ieee-p1363' },
+    };
+  case 'ES512':
+    return {
+      digest: 'sha512',
+      key: { key, dsaEncoding: 'ieee-p1363' },
+    };
+  default:
+    throw new Error('unreachable');
+  }
+};

lib/oneShotAlgs.js

@@ -1,5 +1,4 @@
-const ASYMMETRIC_KEY_DETAILS_SUPPORTED = require('./asymmetricKeyDetailsSupported');
-const RSA_PSS_KEY_DETAILS_SUPPORTED = require('./rsaPssKeyDetailsSupported');
+const { ASYMMETRIC_KEY_DETAILS_SUPPORTED, RSA_PSS_KEY_DETAILS_SUPPORTED } = require('./flags');
 
 const allowedAlgorithmsForKeys = {
   'ec': ['ES256', 'ES384', 'ES512'],
@@ -52,7 +51,7 @@ module.exports = function(algorithm, key) {
         const length = parseInt(algorithm.slice(-3), 10);
         const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;
 
-        if (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm) {
+        if (hashAlgorithm !== undefined && (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {
           throw new Error(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${algorithm}.`);
         }
 

lib/psSupported.js

@@ -36,23 +36,23 @@
     "url": "https://github.com/auth0/node-jsonwebtoken/issues"
   },
   "dependencies": {
-    "jws": "^3.2.2",
     "lodash.includes": "^4.3.0",
     "lodash.isboolean": "^3.0.3",
     "lodash.isinteger": "^4.0.4",
     "lodash.isnumber": "^3.0.3",
     "lodash.isplainobject": "^4.0.6",
     "lodash.isstring": "^4.0.1",
     "lodash.once": "^4.0.0",
-    "ms": "^2.1.1",
-    "semver": "^7.5.4"
+    "ms": "^2.1.1"
   },
   "devDependencies": {
     "atob": "^2.1.2",
     "chai": "^4.1.2",
     "conventional-changelog": "~1.1.0",
     "cost-of-modules": "^1.0.1",
     "eslint": "^4.19.1",
+    "jose": "^5.8.0",
+    "jws": "^3.2.2",
     "mocha": "^5.2.0",
     "nsp": "^2.6.2",
     "nyc": "^11.9.0",

lib/rsaPssKeyDetailsSupported.js

@@ -1,20 +1,22 @@
 const timespan = require('./lib/timespan');
-const PS_SUPPORTED = require('./lib/psSupported');
 const validateAsymmetricKey = require('./lib/validateAsymmetricKey');
-const jws = require('jws');
 const includes = require('lodash.includes');
 const isBoolean = require('lodash.isboolean');
 const isInteger = require('lodash.isinteger');
 const isNumber = require('lodash.isnumber');
 const isPlainObject = require('lodash.isplainobject');
 const isString = require('lodash.isstring');
-const once = require('lodash.once');
-const { KeyObject, createSecretKey, createPrivateKey } = require('crypto')
+const crypto = require('crypto')
+const oneShotAlgs = require('./lib/oneShotAlgs');
+const encodeBase64url = require('./lib/base64url');
 
-const SUPPORTED_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none'];
-if (PS_SUPPORTED) {
-  SUPPORTED_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
-}
+const SUPPORTED_ALGS = [
+  'RS256', 'RS384', 'RS512',
+  'PS256', 'PS384', 'PS512',
+  'ES256', 'ES384', 'ES512',
+  'HS256', 'HS384', 'HS512',
+  'none',
+];
 
 const sign_options_schema = {
   expiresIn: { isValid: function(value) { return isInteger(value) || (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
@@ -39,6 +41,7 @@ const registered_claims_schema = {
   nbf: { isValid: isNumber, message: '"nbf" should be a number of seconds' }
 };
 
+
 function validate(schema, allowUnknown, object, parameterName) {
   if (!isPlainObject(object)) {
     throw new Error('Expected "' + parameterName + '" to be a plain object.');
@@ -83,14 +86,41 @@ const options_for_objects = [
   'jwtid',
 ];
 
-module.exports = function (payload, secretOrPrivateKey, options, callback) {
+function encodePayload(payload, encoding = 'utf8') {
+  let buf;
+  if (payload instanceof Uint8Array) {
+    buf = Buffer.from(payload)
+  } else if (typeof payload === 'string') {
+    buf = Buffer.from(payload, encoding);
+  } else {
+    buf = Buffer.from(JSON.stringify(payload), encoding);
+  }
+
+  return encodeBase64url(buf);
+}
+
+function encodeHeader(header) {
+  return encodeBase64url(Buffer.from(JSON.stringify(header)));
+}
+
+module.exports = function(payload, secretOrPrivateKey, options, callback) {
   if (typeof options === 'function') {
     callback = options;
     options = {};
   } else {
     options = options || {};
   }
 
+  let done;
+  if (callback) {
+    done = callback;
+  } else {
+    done = function(err, data) {
+      if (err) throw err;
+      return data;
+    };
+  }
+
   const isObjectPayload = typeof payload === 'object' &&
                         !Buffer.isBuffer(payload);
 
@@ -101,8 +131,8 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
   }, options.header);
 
   function failure(err) {
-    if (callback) {
-      return callback(err);
+    if (done) {
+      return done(err);
     }
     throw err;
   }
@@ -111,12 +141,12 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
     return failure(new Error('secretOrPrivateKey must have a value'));
   }
 
-  if (secretOrPrivateKey != null && !(secretOrPrivateKey instanceof KeyObject)) {
+  if (secretOrPrivateKey != null && !(secretOrPrivateKey instanceof crypto.KeyObject)) {
     try {
-      secretOrPrivateKey = createPrivateKey(secretOrPrivateKey)
+      secretOrPrivateKey = crypto.createPrivateKey(secretOrPrivateKey)
     } catch (_) {
       try {
-        secretOrPrivateKey = createSecretKey(typeof secretOrPrivateKey === 'string' ? Buffer.from(secretOrPrivateKey) : secretOrPrivateKey)
+        secretOrPrivateKey = crypto.createSecretKey(typeof secretOrPrivateKey === 'string' ? Buffer.from(secretOrPrivateKey) : secretOrPrivateKey)
       } catch (_) {
         return failure(new Error('secretOrPrivateKey is not valid key material'));
       }
@@ -129,12 +159,6 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
     if (secretOrPrivateKey.type !== 'private') {
       return failure(new Error((`secretOrPrivateKey must be an asymmetric key when using ${header.alg}`)))
     }
-    if (!options.allowInsecureKeySizes &&
-      !header.alg.startsWith('ES') &&
-      secretOrPrivateKey.asymmetricKeyDetails !== undefined && //KeyObject.asymmetricKeyDetails is supported in Node 15+
-      secretOrPrivateKey.asymmetricKeyDetails.modulusLength < 2048) {
-      return failure(new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`));
-    }
   }
 
   if (typeof payload === 'undefined') {
@@ -224,30 +248,50 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
     }
   });
 
-  const encoding = options.encoding || 'utf8';
-
-  if (typeof callback === 'function') {
-    callback = callback && once(callback);
-
-    jws.createSign({
-      header: header,
-      privateKey: secretOrPrivateKey,
-      payload: payload,
-      encoding: encoding
-    }).once('error', callback)
-      .once('done', function (signature) {
-        // TODO: Remove in favor of the modulus length check before signing once node 15+ is the minimum supported version
-        if(!options.allowInsecureKeySizes && /^(?:RS|PS)/.test(header.alg) && signature.length < 256) {
-          return callback(new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`))
-        }
-        callback(null, signature);
-      });
-  } else {
-    let signature = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding});
-    // TODO: Remove in favor of the modulus length check before signing once node 15+ is the minimum supported version
-    if(!options.allowInsecureKeySizes && /^(?:RS|PS)/.test(header.alg) && signature.length < 256) {
-      throw new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`)
+  const sync = done !== callback || header.alg === 'none' || header.alg.startsWith('HS') || parseInt(process.versions.node, 10) < 16;
+  const data = Buffer.from(`${encodeHeader(header)}.${encodePayload(payload, options.encoding)}`);
+
+  if (header.alg === 'none') {
+    return done(null, `${data}.`)
+  }
+
+  if (header.alg.startsWith('HS')) {
+    const signature = encodeBase64url(crypto.createHmac(`sha${header.alg.substring(2, 5)}`, secretOrPrivateKey).update(data).digest());
+    return done(null, `${data}.${signature}`);
+  }
+
+  if (sync) {
+    const { digest, key } = oneShotAlgs(header.alg, secretOrPrivateKey);
+
+    let signature;
+    try {
+      signature = crypto.sign(digest, data, key);
+    } catch (err) {
+      return done(err);
     }
-    return signature
+
+    if(!options.allowInsecureKeySizes && (header.alg.startsWith('RS') || header.alg.startsWith('PS')) && signature.byteLength < 256) {
+      return done(new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`));
+    }
+
+    const token = `${data}.${encodeBase64url(signature)}`;
+
+    return done(null, token);
   }
+
+  const { digest, key } = oneShotAlgs(header.alg, secretOrPrivateKey);
+
+  crypto.sign(digest, data, key, (err, signature) => {
+    if (err) {
+      return done(err);
+    }
+
+    if(!options.allowInsecureKeySizes && (header.alg.startsWith('RS') || header.alg.startsWith('PS')) && signature.byteLength < 256) {
+      return done(new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`));
+    }
+
+    const token = `${data}.${encodeBase64url(signature)}`;
+
+    return done(null, token);
+  });
 };