2022-04-06 14:11:13 +00:00
|
|
|
# Nimbus
|
2024-01-29 13:20:04 +00:00
|
|
|
# Copyright (c) 2022-2024 Status Research & Development GmbH
|
2022-04-06 14:11:13 +00:00
|
|
|
# Licensed and distributed under either of
|
|
|
|
# * MIT license (license terms in the root directory or at
|
|
|
|
# https://opensource.org/licenses/MIT).
|
|
|
|
# * Apache v2 license (license terms in the root directory or at
|
|
|
|
# https://www.apache.org/licenses/LICENSE-2.0).
|
|
|
|
# at your option. This file may not be copied, modified, or distributed except
|
|
|
|
# according to those terms.
|
|
|
|
#
|
|
|
|
# Ackn:
|
|
|
|
# nimbus-eth2/beacon_chain/spec/engine_authentication.nim
|
|
|
|
# go-ethereum/node/jwt_handler.go
|
|
|
|
|
2024-01-29 13:20:04 +00:00
|
|
|
{.push gcsafe, raises: [].}
|
2023-02-14 20:27:17 +00:00
|
|
|
|
2022-04-06 14:11:13 +00:00
|
|
|
import
|
2024-01-29 13:20:04 +00:00
|
|
|
std/[base64, options, strutils, times],
|
2022-07-04 07:38:02 +00:00
|
|
|
bearssl/rand,
|
2022-04-06 14:11:13 +00:00
|
|
|
chronicles,
|
|
|
|
chronos,
|
2024-01-29 13:20:04 +00:00
|
|
|
chronos/apps/http/httptable,
|
|
|
|
chronos/apps/http/httpserver,
|
2022-04-06 14:11:13 +00:00
|
|
|
httputils,
|
2024-09-29 12:37:09 +00:00
|
|
|
nimcrypto/[hmac, sha2, utils],
|
2024-05-30 12:54:03 +00:00
|
|
|
stew/[byteutils, objects],
|
|
|
|
results,
|
2024-01-29 13:20:04 +00:00
|
|
|
../config,
|
|
|
|
./jwt_auth_helper,
|
|
|
|
./rpc_server
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
logScope:
|
|
|
|
topics = "Jwt/HS256 auth"
|
|
|
|
|
|
|
|
const
|
|
|
|
jwtSecretFile* = ##\
|
|
|
|
## A copy on the secret key in the `dataDir` directory
|
|
|
|
"jwt.hex"
|
|
|
|
|
|
|
|
jwtMinSecretLen* = ##\
|
|
|
|
## Number of bytes needed with the shared key
|
|
|
|
32
|
|
|
|
|
|
|
|
type
|
|
|
|
JwtSharedKey* = ##\
|
|
|
|
## Convenience type, needed quite often
|
|
|
|
distinct array[jwtMinSecretLen,byte]
|
|
|
|
|
|
|
|
JwtSharedKeyRaw =
|
|
|
|
array[jwtMinSecretLen,byte]
|
|
|
|
|
|
|
|
JwtGenSecret* = ##\
|
|
|
|
## Random generator function producing a shared key. Typically, this\
|
|
|
|
## will be a wrapper around a random generator type, such as\
|
2022-07-04 07:38:02 +00:00
|
|
|
## `HmacDrbgContext`.
|
2023-02-14 20:27:17 +00:00
|
|
|
proc(): JwtSharedKey {.gcsafe, raises: [CatchableError].}
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
JwtExcept* = object of CatchableError
|
|
|
|
## Catch and relay exception error
|
|
|
|
|
|
|
|
JwtError* = enum
|
|
|
|
jwtKeyTooSmall = "JWT secret not at least 256 bits"
|
|
|
|
jwtKeyEmptyFile = "no 0x-prefixed hex string found"
|
|
|
|
jwtKeyFileCannotOpen = "couldn't open specified JWT secret file"
|
|
|
|
jwtKeyInvalidHexString = "invalid JWT hex string"
|
|
|
|
|
|
|
|
jwtTokenInvNumSegments = "token contains an invalid number of segments"
|
|
|
|
jwtProtHeaderInvBase64 = "token protected header invalid base64 encoding"
|
|
|
|
jwtProtHeaderInvJson = "token protected header invalid JSON data"
|
|
|
|
jwtIatPayloadInvBase64 = "iat payload time invalid base64 encoding"
|
|
|
|
jwtIatPayloadInvJson = "iat payload time invalid JSON data"
|
|
|
|
jwtMethodUnsupported = "token protected header provides unsupported method"
|
|
|
|
jwtTimeValidationError = "token time validation failed"
|
|
|
|
jwtTokenValidationError = "token signature validation failed"
|
2024-01-29 13:20:04 +00:00
|
|
|
jwtCreationError = "Cannot create jwt secret"
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Private functions
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
proc base64urlEncode(x: auto): string =
|
|
|
|
# The only strings this gets are internally generated, and don't have
|
|
|
|
# encoding quirks.
|
|
|
|
base64.encode(x, safe = true).replace("=", "")
|
|
|
|
|
|
|
|
proc base64urlDecode(data: string): string
|
2023-01-31 01:32:17 +00:00
|
|
|
{.gcsafe, raises: [CatchableError].} =
|
2022-04-06 14:11:13 +00:00
|
|
|
## Decodes a JWT specific base64url, optionally encoding with stripped
|
|
|
|
## padding.
|
|
|
|
let l = data.len mod 4
|
|
|
|
if 0 < l:
|
|
|
|
return base64.decode(data & "=".repeat(4-l))
|
|
|
|
base64.decode(data)
|
|
|
|
|
|
|
|
proc verifyTokenHS256(token: string; key: JwtSharedKey): Result[void,JwtError] =
|
|
|
|
let p = token.split('.')
|
|
|
|
if p.len != 3:
|
|
|
|
return err(jwtTokenInvNumSegments)
|
|
|
|
|
|
|
|
var
|
|
|
|
time: int64
|
|
|
|
error: JwtError
|
|
|
|
try:
|
|
|
|
# Parse/verify protected header, try first the most common encoding
|
|
|
|
# of """{"typ": "JWT", "alg": "HS256"}"""
|
|
|
|
if p[0] != "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9":
|
|
|
|
error = jwtProtHeaderInvBase64
|
|
|
|
let jsonHeader = p[0].base64urlDecode
|
|
|
|
|
|
|
|
error = jwtProtHeaderInvJson
|
2024-01-29 13:20:04 +00:00
|
|
|
let jwtHeader = jsonHeader.decodeJwtHeader()
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
# The following JSON decoded object is required
|
|
|
|
if jwtHeader.typ != "JWT" and jwtHeader.alg != "HS256":
|
|
|
|
return err(jwtMethodUnsupported)
|
|
|
|
|
|
|
|
# Get the time payload
|
|
|
|
error = jwtIatPayloadInvBase64
|
|
|
|
let jsonPayload = p[1].base64urlDecode
|
|
|
|
|
|
|
|
error = jwtIatPayloadInvJson
|
2024-01-29 13:20:04 +00:00
|
|
|
let jwtPayload = jsonPayload.decodeJwtIatPayload()
|
2022-04-06 14:11:13 +00:00
|
|
|
time = jwtPayload.iat.int64
|
2023-02-14 20:27:17 +00:00
|
|
|
except CatchableError as e:
|
2024-01-29 13:20:04 +00:00
|
|
|
discard e
|
2022-04-06 14:11:13 +00:00
|
|
|
debug "JWT token decoding error",
|
|
|
|
protectedHeader = p[0],
|
|
|
|
payload = p[1],
|
2023-02-14 20:27:17 +00:00
|
|
|
msg = e.msg,
|
2022-04-06 14:11:13 +00:00
|
|
|
error
|
|
|
|
return err(error)
|
|
|
|
|
|
|
|
# github.com/ethereum/
|
2023-08-07 11:10:55 +00:00
|
|
|
# /execution-apis/blob/v1.0.0-beta.3/src/engine/authentication.md#jwt-claims
|
2022-04-06 14:11:13 +00:00
|
|
|
#
|
|
|
|
# "Required: iat (issued-at) claim. The EL SHOULD only accept iat timestamps
|
2023-08-07 11:10:55 +00:00
|
|
|
# which are within +-60 seconds from the current time."
|
2022-04-06 14:11:13 +00:00
|
|
|
#
|
|
|
|
# https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6 describes iat
|
|
|
|
# claims.
|
|
|
|
let delta = getTime().toUnix - time
|
2023-08-07 11:10:55 +00:00
|
|
|
if delta < -60 or 60 < delta:
|
2022-04-06 14:11:13 +00:00
|
|
|
debug "Iat timestamp problem, accepted |delta| <= 5",
|
|
|
|
delta
|
|
|
|
return err(jwtTimeValidationError)
|
|
|
|
|
|
|
|
let
|
|
|
|
keyArray = cast[array[jwtMinSecretLen,byte]](key)
|
|
|
|
b64sig = base64urlEncode(sha256.hmac(keyArray, p[0] & "." & p[1]).data)
|
|
|
|
if b64sig != p[2]:
|
|
|
|
return err(jwtTokenValidationError)
|
|
|
|
|
|
|
|
ok()
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Public functions
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
2022-04-08 04:54:11 +00:00
|
|
|
proc fromHex*(key: var JwtSharedKey, src: string): Result[void,JwtError] =
|
2022-04-06 14:11:13 +00:00
|
|
|
## Parse argument `src` from hex-string and fill it into the argument `key`.
|
|
|
|
## This function is supposed to read and convert data in constant-time
|
|
|
|
## fashion, guarding against side channel attacks.
|
|
|
|
# utils.fromHex() does the constant-time job
|
2022-04-13 09:09:26 +00:00
|
|
|
try:
|
|
|
|
let secret = utils.fromHex(src)
|
|
|
|
if secret.len < jwtMinSecretLen:
|
|
|
|
return err(jwtKeyTooSmall)
|
|
|
|
key = toArray(JwtSharedKeyRaw.len, secret).JwtSharedKey
|
|
|
|
ok()
|
|
|
|
except ValueError:
|
|
|
|
err(jwtKeyInvalidHexString)
|
2022-04-06 14:11:13 +00:00
|
|
|
|
2022-07-18 04:35:50 +00:00
|
|
|
proc jwtGenSecret*(rng: ref rand.HmacDrbgContext): JwtGenSecret =
|
2022-04-06 14:11:13 +00:00
|
|
|
## Standard shared key random generator. If a fixed key is needed, a
|
|
|
|
## function like
|
|
|
|
## ::
|
|
|
|
## proc preCompiledGenSecret(key: JwtSharedKey): JwtGenSecret =
|
|
|
|
## result = proc: JwtSharedKey =
|
|
|
|
## key
|
|
|
|
##
|
|
|
|
## might do. Not that in most cases, this function is internally used,
|
|
|
|
## only.
|
|
|
|
result = proc: JwtSharedKey =
|
|
|
|
var data: array[jwtMinSecretLen,byte]
|
2022-07-04 07:38:02 +00:00
|
|
|
rng[].generate(data)
|
2022-04-06 14:11:13 +00:00
|
|
|
data.JwtSharedKey
|
|
|
|
|
2023-02-14 20:27:17 +00:00
|
|
|
proc jwtSharedSecret*(
|
|
|
|
rndSecret: JwtGenSecret;
|
|
|
|
config: NimbusConf;
|
2024-01-29 13:20:04 +00:00
|
|
|
): Result[JwtSharedKey, JwtError] =
|
2022-04-06 14:11:13 +00:00
|
|
|
## Return a key for jwt authentication preferable from the argument file
|
|
|
|
## `config.jwtSecret` (which contains at least 32 bytes hex encoded random
|
|
|
|
## data.) Otherwise it creates a key and stores it in the `config.dataDir`.
|
|
|
|
##
|
|
|
|
## The resulting `JwtSharedKey` is supposed to be usewd as argument for
|
|
|
|
## the function `jwtHandlerHS256()`, below.
|
|
|
|
##
|
|
|
|
## Note that this function variant is mainly used for debugging and testing.
|
|
|
|
## For a more common interface prototype with explicit random generator
|
|
|
|
## object see the variant below this one.
|
|
|
|
##
|
|
|
|
## Ackn nimbus-eth2:
|
|
|
|
## beacon_chain/spec/engine_authentication.nim.`checkJwtSecret()`
|
|
|
|
#
|
|
|
|
# If such a parameter is given, but the file cannot be read, or does not
|
|
|
|
# contain a hex-encoded key of at least 256 bits (aka ``jwtMinSecretLen`
|
|
|
|
# bytes.), the client should treat this as an error: either abort the
|
|
|
|
# startup, or show error and continue without exposing the authenticated
|
|
|
|
# port.
|
|
|
|
#
|
|
|
|
if config.jwtSecret.isNone:
|
|
|
|
# If such a parameter is not given, the client SHOULD generate such a
|
|
|
|
# token, valid for the duration of the execution, and store it the
|
|
|
|
# hex-encoded secret as a jwt.hex file on the filesystem. This file can
|
|
|
|
# then be used to provision the counterpart client.
|
|
|
|
#
|
|
|
|
# github.com/ethereum/
|
|
|
|
# /execution-apis/blob/v1.0.0-alpha.8/src/engine/
|
|
|
|
# /authentication.md#key-distribution
|
2024-01-29 13:20:04 +00:00
|
|
|
let jwtSecretPath = config.dataDir.string & "/" & jwtSecretFile
|
2022-04-06 14:11:13 +00:00
|
|
|
try:
|
2024-01-29 13:20:04 +00:00
|
|
|
let newSecret = rndSecret()
|
2022-04-06 14:11:13 +00:00
|
|
|
jwtSecretPath.writeFile(newSecret.JwtSharedKeyRaw.to0xHex)
|
2024-08-08 10:03:30 +00:00
|
|
|
notice "JWT secret generated", jwtSecretPath
|
2024-01-29 13:20:04 +00:00
|
|
|
return ok(newSecret)
|
2022-04-06 14:11:13 +00:00
|
|
|
except IOError as e:
|
|
|
|
# Allow continuing to run, though this is effectively fatal for a merge
|
|
|
|
# client using authentication. This keeps it lower-risk initially.
|
|
|
|
warn "Could not write JWT secret to data directory",
|
|
|
|
jwtSecretPath
|
2022-10-10 02:31:28 +00:00
|
|
|
discard e
|
2024-01-29 13:20:04 +00:00
|
|
|
except CatchableError:
|
|
|
|
return err(jwtCreationError)
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
try:
|
|
|
|
let lines = config.jwtSecret.get.string.readLines(1)
|
|
|
|
if lines.len == 0:
|
|
|
|
return err(jwtKeyEmptyFile)
|
2022-04-08 04:54:11 +00:00
|
|
|
var key: JwtSharedKey
|
2022-04-06 14:11:13 +00:00
|
|
|
let rc = key.fromHex(lines[0])
|
|
|
|
if rc.isErr:
|
|
|
|
return err(rc.error)
|
2024-08-08 10:03:30 +00:00
|
|
|
info "JWT secret loaded", jwtSecretPath = config.jwtSecret.get.string
|
2022-10-10 02:31:28 +00:00
|
|
|
return ok(key)
|
2022-04-06 14:11:13 +00:00
|
|
|
except IOError:
|
|
|
|
return err(jwtKeyFileCannotOpen)
|
|
|
|
except ValueError:
|
|
|
|
return err(jwtKeyInvalidHexString)
|
|
|
|
|
2022-07-18 04:35:50 +00:00
|
|
|
proc jwtSharedSecret*(rng: ref rand.HmacDrbgContext; config: NimbusConf):
|
2024-01-29 13:20:04 +00:00
|
|
|
Result[JwtSharedKey, JwtError] =
|
2022-04-06 14:11:13 +00:00
|
|
|
## Variant of `jwtSharedSecret()` with explicit random generator argument.
|
2024-01-29 13:20:04 +00:00
|
|
|
try:
|
|
|
|
rng.jwtGenSecret.jwtSharedSecret(config)
|
|
|
|
except CatchableError:
|
|
|
|
return err(jwtCreationError)
|
2022-04-06 14:11:13 +00:00
|
|
|
|
2024-01-29 13:20:04 +00:00
|
|
|
proc httpJwtAuth*(key: JwtSharedKey): RpcAuthHook =
|
2024-10-23 08:26:56 +00:00
|
|
|
proc handler(req: HttpRequestRef): Future[HttpResponseRef] {.async: (raises: [CatchableError]).} =
|
2022-07-18 04:35:50 +00:00
|
|
|
let auth = req.headers.getString("Authorization", "?")
|
|
|
|
if auth.len < 9 or auth[0..6].cmpIgnoreCase("Bearer ") != 0:
|
|
|
|
return await req.respond(Http403, "Missing authorization token")
|
2022-04-06 14:11:13 +00:00
|
|
|
|
2022-07-18 04:35:50 +00:00
|
|
|
let rc = auth[7..^1].strip.verifyTokenHS256(key)
|
|
|
|
if rc.isOk:
|
|
|
|
return HttpResponseRef(nil)
|
|
|
|
|
|
|
|
debug "Could not authenticate",
|
|
|
|
error = rc.error
|
|
|
|
|
|
|
|
case rc.error:
|
|
|
|
of jwtTokenValidationError, jwtMethodUnsupported:
|
|
|
|
return await req.respond(Http401, "Unauthorized access")
|
|
|
|
else:
|
|
|
|
return await req.respond(Http403, "Malformed token")
|
|
|
|
|
2024-01-29 13:20:04 +00:00
|
|
|
result = handler
|
2022-04-06 14:11:13 +00:00
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# End
|
|
|
|
# ------------------------------------------------------------------------------
|