Skip to content

Commit

Permalink
AA/kbs_protocol: Update protocol version to 0.2.0 to fix JWE
Browse files Browse the repository at this point in the history
Per RFC7516, the AEAD's auth tag should be included inside the JWE body.
We fix this to align with trustee side

confidential-containers/trustee#597

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
  • Loading branch information
Xynnn007 committed Nov 26, 2024
1 parent 9d75270 commit 6656961
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 12 deletions.
2 changes: 2 additions & 0 deletions attestation-agent/deps/crypto/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,5 @@ pub use asymmetric::*;

mod algorithms;
pub use algorithms::*;

const AEAD_AAD: &[u8] = b"CoCo";
9 changes: 6 additions & 3 deletions attestation-agent/deps/crypto/src/native/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
use anyhow::*;
use openssl::symm::Cipher;

use crate::AEAD_AAD;

const TAG_LENGTH: usize = 16;

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
Expand All @@ -17,15 +19,16 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
}

let (data, tag) = encrypted_data.split_at(encrypted_data.len() - TAG_LENGTH);
openssl::symm::decrypt_aead(cipher, key, Some(iv), &[], data, tag)
openssl::symm::decrypt_aead(cipher, key, Some(iv), AEAD_AAD, data, tag)
.map_err(|e| anyhow!(e.to_string()))
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_gcm();
let mut tag = [0u8; TAG_LENGTH];
let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag)
.map_err(|e| anyhow!(e.to_string()))?;
let mut ciphertext =
openssl::symm::encrypt_aead(cipher, key, Some(iv), AEAD_AAD, data, &mut tag)
.map_err(|e| anyhow!(e.to_string()))?;
ciphertext.extend_from_slice(&tag);
Ok(ciphertext)
}
Expand Down
16 changes: 10 additions & 6 deletions attestation-agent/deps/crypto/src/rust/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,30 @@

//! This mod implements aes-256-gcm encryption & decryption.
use aes_gcm::{aead::Aead, Aes256Gcm, Key, KeyInit, Nonce};
use aes_gcm::{AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce};
use anyhow::*;

use crate::AEAD_AAD;

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let decrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(decrypting_key);
let nonce = Nonce::from_slice(iv);
let plain_text = cipher
.decrypt(nonce, encrypted_data)
let mut plaintext = encrypted_data.to_vec();
cipher
.decrypt_in_place(nonce, AEAD_AAD, &mut plaintext)
.map_err(|e| anyhow!("aes-256-gcm decrypt failed: {:?}", e))?;

Ok(plain_text)
Ok(plaintext)
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let encrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(encrypting_key);
let nonce = Nonce::from_slice(iv);
let ciphertext = cipher
.encrypt(nonce, data)
let mut ciphertext = data.to_vec();
cipher
.encrypt_in_place(nonce, AEAD_AAD, &mut ciphertext)
.map_err(|e| anyhow!("aes-256-gcm encrypt failed: {:?}", e))?;

Ok(ciphertext)
Expand Down
2 changes: 1 addition & 1 deletion attestation-agent/kbs_protocol/src/client/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ pub struct KbsClient<T> {
pub(crate) token: Option<Token>,
}

pub const KBS_PROTOCOL_VERSION: &str = "0.1.1";
pub const KBS_PROTOCOL_VERSION: &str = "0.2.0";

pub const KBS_GET_RESOURCE_MAX_ATTEMPT: u64 = 3;

Expand Down
5 changes: 3 additions & 2 deletions attestation-agent/kbs_protocol/src/keypair.rs
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,9 @@ impl TeeKeyPair {
let symkey = self.decrypt(padding_mode, wrapped_symkey)?;

let iv = URL_SAFE_NO_PAD.decode(&response.iv)?;
let ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;

let mut ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;
let mut tag = URL_SAFE_NO_PAD.decode(&response.tag)?;
ciphertext.append(&mut tag);
let plaintext = crypto::decrypt(Zeroizing::new(symkey), ciphertext, iv, protected.enc)?;

Ok(plaintext)
Expand Down

0 comments on commit 6656961

Please sign in to comment.