eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-15 01:08:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

#102 Prevent Algo confusion attack

Browse source
This commit is contained in:
arunmu-nx 2025-04-22 18:49:16 +05:30
parent 4a970bc302
commit b9528b32eb
7 changed files with 82 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
include/jwt/impl/jwt.ipp
View file

@ -195,10 +195,30 @@ inline verify_result_t jwt_signature::verify(const jwt_header& header,
const jwt::string_view hdr_pld_sign,
const jwt::string_view jwt_sign)
{
auto check_res = check_for_algo_confusion_attack(header);
if (check_res.first) {
return {false, VerificationErrc::AlgoConfusionAttack};
}
verify_func_t verify_fn = get_verify_algorithm_impl(header);
return verify_fn(key_, hdr_pld_sign, jwt_sign);
}
inline verify_result_t jwt_signature::check_for_algo_confusion_attack(
const jwt_header& hdr) const
{
switch (hdr.algo()) {
case algorithm::RS256:
case algorithm::RS384:
case algorithm::RS512:
return {false, std::error_code{}};
default:
// For all other cases make sure that the secret provided
// is not the public key.
return is_secret_a_public_key(key_);
}
}
inline sign_func_t
jwt_signature::get_sign_algorithm_impl(const jwt_header& hdr) const noexcept