Merge branch 'jwt' of https://github.com/GCHQ77703/CyberChef into GCHQ77703-jwt

package.json

@@ -99,6 +99,7 @@
     "jsbn": "^1.1.0",
     "jsesc": "^2.5.1",
     "jsonpath": "^1.0.0",
+    "jsonwebtoken": "^8.3.0",
     "jsrsasign": "8.0.12",
     "kbpgp": "^2.0.77",
     "lodash": "^4.17.10",

src/core/config/Categories.json

@@ -89,7 +89,10 @@
             "Derive EVP key",
             "Bcrypt",
             "Scrypt",
-            "Pseudo-Random Number Generator"
+            "Pseudo-Random Number Generator",
+            "JWT Sign",
+            "JWT Verify",
+            "JWT Decode"
         ]
     },
     {

src/core/operations/JWTDecode.mjs

@@ -0,0 +1,46 @@
+/**
+ * @author gchq77703 []
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import jwt from "jsonwebtoken";
+
+/**
+ * JWT Decode operation
+ */
+class JWTDecode extends Operation {
+
+    /**
+     * JWTDecode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "JWT Decode";
+        this.module = "Crypto";
+        this.description = "Decodes a JSON Web Token without checking whether the provided secret / private key is valid.";
+        this.infoURL = "https://jwt.io";
+        this.inputType = "string";
+        this.outputType = "JSON";
+        this.args = [
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {JSON}
+     */
+    run(input, args) {
+        try {
+            return jwt.decode(input);
+        } catch (err) {
+            return err;
+        }
+    }
+
+}
+
+export default JWTDecode;

src/core/operations/JWTSign.mjs

@@ -0,0 +1,64 @@
+/**
+ * @author gchq77703 []
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import jwt from "jsonwebtoken";
+
+/**
+ * JWT Sign operation
+ */
+class JWTSign extends Operation {
+
+    /**
+     * JWTSign constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "JWT Sign";
+        this.module = "Crypto";
+        this.description = "Signs a JSON object as a JSON Web Token using a provided secret / private key.";
+        this.infoURL = "https://jwt.io/";
+        this.inputType = "JSON";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Private / Secret Key",
+                type: "text",
+                value: "secret_cat"
+            },
+            {
+                name: "Signing Algorithm",
+                type: "option",
+                value: [
+                    "HS256",
+                    "HS384",
+                    "HS512",
+                    "RS256",
+                    "RS384",
+                    "RS512",
+                    "ES256",
+                    "ES384",
+                    "ES512",
+                    "None"
+                ]
+            }
+        ];
+    }
+
+    /**
+     * @param {JSON} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [key, algorithm] = args;
+        return jwt.sign(input, key, { algorithm: algorithm === "None" ? "none" : algorithm });
+    }
+
+}
+
+export default JWTSign;

src/core/operations/JWTVerify.mjs

@@ -0,0 +1,58 @@
+/**
+ * @author gchq77703 []
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import jwt from "jsonwebtoken";
+
+/**
+ * JWT Verify operation
+ */
+class JWTVerify extends Operation {
+
+    /**
+     * JWTVerify constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "JWT Verify";
+        this.module = "Crypto";
+        this.description = "Verifies that a JSON Web Token is valid and has been signed with the provided secret / private key.";
+        this.infoURL = "https://jwt.io/";
+        this.inputType = "string";
+        this.outputType = "JSON";
+        this.args = [
+            {
+                name: "Private / Secret Key",
+                type: "text",
+                value: "secret_cat"
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [key] = args;
+
+        try {
+            return jwt.verify(input, key, { algorithms: [
+                "HS256",
+                "HS384",
+                "HS512",
+                "none"
+            ]});
+        } catch (err) {
+            return err;
+        }
+    }
+
+}
+
+export default JWTVerify;

test/index.mjs

@@ -47,6 +47,9 @@ import "./tests/operations/HaversineDistance";
 import "./tests/operations/Hexdump";
 import "./tests/operations/Image";
 import "./tests/operations/Jump";
+import "./tests/operations/JWTDecode";
+import "./tests/operations/JWTSign";
+import "./tests/operations/JWTVerify";
 import "./tests/operations/MS";
 import "./tests/operations/Magic";
 import "./tests/operations/MorseCode";
@@ -67,6 +70,7 @@ import "./tests/operations/StrUtils";
 import "./tests/operations/SymmetricDifference";
 import "./tests/operations/ToGeohash.mjs";
 import "./tests/operations/TranslateDateTimeFormat";
+import "./tests/operations/Magic";
 
 let allTestsPassing = true;
 const testStatusCounts = {

test/tests/operations/JWTDecode.mjs

@@ -0,0 +1,51 @@
+/**
+ * JWT Decode tests
+ *
+ * @author gchq77703 []
+ *
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister";
+
+const outputObject = JSON.stringify({
+    String: "SomeString",
+    Number: 42,
+    iat: 1
+});
+
+TestRegister.addTests([
+    {
+        name: "JSON Decode: HS",
+        input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
+        expectedOutput: outputObject,
+        recipeConfig: [
+            {
+                op: "JWT Decode",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JSON Decode: RS",
+        input: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.MjEJhtZk2nXzigi24piMzANmrj3mILHJcDl0xOjl5a8EgdKVL1oaMEjTkMQp5RA8YrqeRBFaX-BGGCKOXn5zPY1DJwWsBUyN9C-wGR2Qye0eogH_3b4M9EW00TPCUPXm2rx8URFj7Wg9VlsmrGzLV2oKkPgkVxuFSxnpO3yjn1Y",
+        expectedOutput: outputObject,
+        recipeConfig: [
+            {
+                op: "JWT Decode",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JSON Decode: ES",
+        input: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.WkECT51jSfpRkcpQ4x0h5Dwe7CFBI6u6Et2gWp91HC7mpN_qCFadRpsvJLtKubm6cJTLa68xtei0YrDD8fxIUA",
+        expectedOutput: outputObject,
+        recipeConfig: [
+            {
+                op: "JWT Decode",
+                args: [],
+            }
+        ],
+    }
+]);

test/tests/operations/JWTSign.mjs

@@ -0,0 +1,163 @@
+/**
+ * JWT Sign tests
+ *
+ * @author gchq77703 []
+ *
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister";
+
+const inputObject = JSON.stringify({
+    String: "SomeString",
+    Number: 42,
+    iat: 1
+});
+
+const hsKey = "secret_cat";
+const rsKey = `-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw
+33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW
++jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB
+AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS
+3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp
+uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE
+2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0
+GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K
+Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY
+6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5
+fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523
+Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP
+FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==
+-----END RSA PRIVATE KEY-----`;
+const esKey = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
+OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
+1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
+-----END PRIVATE KEY-----`;
+
+TestRegister.addTests([
+    {
+        name: "JSON Sign: HS256",
+        input: inputObject,
+        expectedOutput: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [hsKey, "HS256"],
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: HS384",
+        input: inputObject,
+        expectedOutput: "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ._bPK-Y3mIACConbJqkGFMQ_L3vbxgKXy9gSxtL9hA5XTganozTSXxD0vX0N1yT5s",
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [hsKey, "HS384"],
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: HS512",
+        input: inputObject,
+        expectedOutput: "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.vZIJU4XYMFt3FLE1V_RZOxEetmV4RvxtPZQGzJthK_d47pjwlEb6pQE23YxHFmOj8H5RLEdqqLPw4jNsOyHRzA",
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [hsKey, "HS512"],
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: ES256",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [esKey, "ES256"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: ES384",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [esKey, "ES384"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: ES512",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [esKey, "ES512"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: RS256",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [rsKey, "RS256"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: RS384",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [rsKey, "RS384"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    },
+    {
+        name: "JSON Sign: RS512",
+        input: inputObject,
+        expectedOutput: inputObject,
+        recipeConfig: [
+            {
+                op: "JWT Sign",
+                args: [esKey, "RS512"],
+            },
+            {
+                op: "JWT Decode",
+                args: []
+            }
+        ],
+    }
+]);

test/tests/operations/JWTVerify.mjs

@@ -0,0 +1,78 @@
+/**
+ * JWT Verify tests
+ *
+ * @author gchq77703 []
+ *
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister";
+
+const outputObject = JSON.stringify({
+    String: "SomeString",
+    Number: 42,
+    iat: 1
+});
+
+const invalidAlgorithm = JSON.stringify({
+    name: "JsonWebTokenError",
+    message: "invalid algorithm"
+});
+
+const hsKey = "secret_cat";
+const rsKey = `-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw
+33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW
++jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB
+AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS
+3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp
+uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE
+2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0
+GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K
+Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY
+6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5
+fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523
+Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP
+FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==
+-----END RSA PRIVATE KEY-----`;
+const esKey = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
+OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
+1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
+-----END PRIVATE KEY-----`;
+
+TestRegister.addTests([
+    {
+        name: "JSON Verify: HS",
+        input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.0ha6-j4FwvEIKPVZ-hf3S_R9Hy_UtXzq4dnedXcUrXk",
+        expectedOutput: outputObject,
+        recipeConfig: [
+            {
+                op: "JWT Verify",
+                args: [hsKey],
+            }
+        ],
+    },
+    {
+        name: "JSON Verify: RS",
+        input: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.MjEJhtZk2nXzigi24piMzANmrj3mILHJcDl0xOjl5a8EgdKVL1oaMEjTkMQp5RA8YrqeRBFaX-BGGCKOXn5zPY1DJwWsBUyN9C-wGR2Qye0eogH_3b4M9EW00TPCUPXm2rx8URFj7Wg9VlsmrGzLV2oKkPgkVxuFSxnpO3yjn1Y",
+        expectedOutput: invalidAlgorithm,
+        recipeConfig: [
+            {
+                op: "JWT Verify",
+                args: [rsKey],
+            }
+        ],
+    },
+    {
+        name: "JSON Verify: ES",
+        input: "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdHJpbmciOiJTb21lU3RyaW5nIiwiTnVtYmVyIjo0MiwiaWF0IjoxfQ.WkECT51jSfpRkcpQ4x0h5Dwe7CFBI6u6Et2gWp91HC7mpN_qCFadRpsvJLtKubm6cJTLa68xtei0YrDD8fxIUA",
+        expectedOutput: invalidAlgorithm,
+        recipeConfig: [
+            {
+                op: "JWT Verify",
+                args: [esKey],
+            }
+        ],
+    }
+]);