Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AA/kbs_protocol: Update to 0.2.0 to fix JWE decryption logic due to RFC7516 #820

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Xynnn007
Copy link
Member

@Xynnn007 Xynnn007 commented Nov 25, 2024

Per RFC7516, the AEAD's auth tag should be included inside the JWE body. We fix this to align with trustee side

confidential-containers/trustee#597

Let's wait after confidential-containers/trustee#597 gets merged.

This patch does a bunch of fixes per RFC7516.

  1. AEAD Auth Tag is now expcilitly included inside the tag part.
  2. Add TEE key pair support for RSA OAEP and ECDH-ES+A256KW(by default)
  3. Mark RSA PKCS#1 v1.5 padding scheme as deprecated as it is not recommended.

@Xynnn007 Xynnn007 requested a review from a team as a code owner November 25, 2024 03:17
Copy link
Contributor

@mkulke mkulke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we should also bump KBS_PROTOCOL_VERSION. Is there a rationale how we increase the versions. would it be 0.2.0 or 0.1.1. if it's a breaking change, not merely additive, I would assume we have to bump it to 0.2.0.

@Xynnn007
Copy link
Member Author

Xynnn007 commented Nov 26, 2024

@mkulke Updated the protocol version. Also update the test image of kbs using code of confidential-containers/trustee#597.

If ok, we can merge this first and I will update the kbs side code.

@Xynnn007 Xynnn007 changed the title AA/kbs_protocol: fix JWE decryption logic due to RFC7516 AA/kbs_protocol: Update to 0.2.0 to fix JWE decryption logic due to RFC7516 Nov 26, 2024
@Xynnn007 Xynnn007 requested review from mkulke and mythi November 26, 2024 06:59
@Xynnn007
Copy link
Member Author

cc @deeglaze

@mythi
Copy link
Contributor

mythi commented Nov 26, 2024

@mkulke Updated the protocol version. Also update the test image of kbs using code of confidential-containers/trustee#597.

We don't need to change the test image if the protocol version changes so the rcar_client.rs changes can be dropped (the test is skipped until the server image comes with the matching protocol version)

@Xynnn007
Copy link
Member Author

Xynnn007 commented Nov 26, 2024

We don't need to change the test image if the protocol version changes so the rcar_client.rs changes can be dropped (the test is skipped until the server image comes with the matching protocol version)

This will make the CI red. The client side code now will use the latest kbs image of CoCo Community, which is 0.1.1 rather than 0.2.0.

If you do not want to change the test image. It would make sense once I get approvals of this PR w/ the commit that changes test image built from the KBS side code. Then I revert the test image part of the commit. The CI will be red, but we all know what happened and get the PR merged.

@mythi
Copy link
Contributor

mythi commented Nov 26, 2024

This will make the CI red.

c89b96b3 has regression. There is no ProtocolVersion error anymore.

@Xynnn007
Copy link
Member Author

Once confidential-containers/trustee#600 gets merged, we can restart the failed CI here and it will be green.

@Xynnn007
Copy link
Member Author

Ok. All tests passed. I think it can be merged now

@deeglaze
Copy link

This still doesn't protect the protected headers.
See
https://datatracker.ietf.org/doc/html/rfc7516#appendix-A.4.5

And example https://datatracker.ietf.org/doc/html/rfc7516#section-3.3 particularly this item:

Let the Additional Authenticated Data encryption parameter be ASCII(BASE64URL(UTF8(JWE Protected Header))).

@Xynnn007
Copy link
Member Author

@deeglaze Thanks for this! Let me do a deeper fix tomorrow.

@Xynnn007
Copy link
Member Author

Seems that the current Response (JWE Json) does not have aad field. Let's go back to virtee/kbs-types#44 upstream first.

@Xynnn007 Xynnn007 marked this pull request as draft November 27, 2024 03:41
@Xynnn007 Xynnn007 force-pushed the fix-aead branch 2 times, most recently from c496ed0 to 1729cf0 Compare December 2, 2024 03:50
@Xynnn007
Copy link
Member Author

Xynnn007 commented Dec 2, 2024

Let's wait for virtee/kbs-types#45 to be merged, too

@Xynnn007 Xynnn007 marked this pull request as ready for review December 2, 2024 04:03
@Xynnn007
Copy link
Member Author

Xynnn007 commented Dec 2, 2024

The lint error is not related to this PR. Fixed in #828

@Xynnn007 Xynnn007 force-pushed the fix-aead branch 2 times, most recently from 80308ec to a739c05 Compare December 10, 2024 08:33
@Xynnn007
Copy link
Member Author

Hi, this PR is ready for review @deeglaze @mkulke @mythi

Copy link

@huoqifeng huoqifeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks! Ding

@Xynnn007 Xynnn007 force-pushed the fix-aead branch 2 times, most recently from e2b642d to 6fecbd0 Compare December 12, 2024 09:48
@Xynnn007 Xynnn007 marked this pull request as draft December 12, 2024 09:49
@Xynnn007
Copy link
Member Author

Let me convert this to draft before upstream is ready.

This patch adds more crypto suites to the crypto crate

1. Add AES-256-GCM AEAD API.
2. Mark RSA PKCS#1 v1.5 Padding encryption scheme as "deprecated".
3. Add EC suites for key wrapping. Now supports P256 curve and
ECDH-ES-A256KW algorithm.

Signed-off-by: Xynnn007 <[email protected]>
This patch updates KBS protocol to v0.2.0. The change mainly includes
1. Replace RSA-PKCS1v15 to ECDH-ES-A256KW. The former algorithm is not
declared as deprecated in

https://www.ietf.org/archive/id/draft-madden-jose-deprecate-none-rsa15-00.html#section-1.2

Also, some fixups to make the KBS protocol's Response fully compatible
with JWE standard are made, including explicitly parse `tag` in the
flattened JSON serialization.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007 Xynnn007 marked this pull request as ready for review December 18, 2024 01:32
@Xynnn007
Copy link
Member Author

Let's wait for the upstream fix to be merged and then I will take a rebase. Other parts are ready for review.

@Xynnn007 Xynnn007 requested review from huoqifeng and mkulke December 18, 2024 02:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: We have code
Development

Successfully merging this pull request may close these issues.

5 participants