Skip to content

Commit

Permalink
AA/kbs_protocol: fix JWE decryption logic due to RFC7516
Browse files Browse the repository at this point in the history
Per RFC7516, the AEAD's auth tag should be included inside the JWE body.
We fix this to align with trustee side

confidential-containers/trustee#597

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
  • Loading branch information
Xynnn007 committed Nov 25, 2024
1 parent 9d75270 commit eca6d3d
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 33 deletions.
2 changes: 2 additions & 0 deletions attestation-agent/deps/crypto/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,5 @@ pub use asymmetric::*;

mod algorithms;
pub use algorithms::*;

const AEAD_AAD: &[u8] = b"CoCo";
9 changes: 6 additions & 3 deletions attestation-agent/deps/crypto/src/native/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
use anyhow::*;
use openssl::symm::Cipher;

use crate::AEAD_AAD;

const TAG_LENGTH: usize = 16;

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
Expand All @@ -17,15 +19,16 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
}

let (data, tag) = encrypted_data.split_at(encrypted_data.len() - TAG_LENGTH);
openssl::symm::decrypt_aead(cipher, key, Some(iv), &[], data, tag)
openssl::symm::decrypt_aead(cipher, key, Some(iv), &AEAD_AAD, data, tag)
.map_err(|e| anyhow!(e.to_string()))
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_gcm();
let mut tag = [0u8; TAG_LENGTH];
let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag)
.map_err(|e| anyhow!(e.to_string()))?;
let mut ciphertext =
openssl::symm::encrypt_aead(cipher, key, Some(iv), &AEAD_AAD, data, &mut tag)
.map_err(|e| anyhow!(e.to_string()))?;
ciphertext.extend_from_slice(&tag);
Ok(ciphertext)
}
Expand Down
16 changes: 10 additions & 6 deletions attestation-agent/deps/crypto/src/rust/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,30 @@

//! This mod implements aes-256-gcm encryption & decryption.
use aes_gcm::{aead::Aead, Aes256Gcm, Key, KeyInit, Nonce};
use aes_gcm::{AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce};
use anyhow::*;

use crate::AEAD_AAD;

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let decrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(decrypting_key);
let nonce = Nonce::from_slice(iv);
let plain_text = cipher
.decrypt(nonce, encrypted_data)
let mut plaintext = encrypted_data.to_vec();
cipher
.decrypt_in_place(&nonce, &AEAD_AAD, &mut plaintext)

Check failure on line 19 in attestation-agent/deps/crypto/src/rust/aes256gcm.rs

View workflow job for this annotation

GitHub Actions / Check (rust-crypto)

this expression creates a reference which is immediately dereferenced by the compiler

Check failure on line 19 in attestation-agent/deps/crypto/src/rust/aes256gcm.rs

View workflow job for this annotation

GitHub Actions / Check (rust-crypto)

this expression creates a reference which is immediately dereferenced by the compiler
.map_err(|e| anyhow!("aes-256-gcm decrypt failed: {:?}", e))?;

Ok(plain_text)
Ok(plaintext)
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let encrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(encrypting_key);
let nonce = Nonce::from_slice(iv);
let ciphertext = cipher
.encrypt(nonce, data)
let mut ciphertext = data.to_vec();
cipher
.encrypt_in_place(&nonce, &AEAD_AAD, &mut ciphertext)

Check failure on line 31 in attestation-agent/deps/crypto/src/rust/aes256gcm.rs

View workflow job for this annotation

GitHub Actions / Check (rust-crypto)

this expression creates a reference which is immediately dereferenced by the compiler

Check failure on line 31 in attestation-agent/deps/crypto/src/rust/aes256gcm.rs

View workflow job for this annotation

GitHub Actions / Check (rust-crypto)

this expression creates a reference which is immediately dereferenced by the compiler
.map_err(|e| anyhow!("aes-256-gcm encrypt failed: {:?}", e))?;

Ok(ciphertext)
Expand Down
44 changes: 22 additions & 22 deletions attestation-agent/kbs_protocol/src/client/rcar_client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -406,28 +406,28 @@ mod test {
kbs_config.push("test/kbs-config.toml");
policy.push("test/policy.rego");

let image = GenericImage::new(
"ghcr.io/confidential-containers/staged-images/kbs",
"latest",
)
.with_exposed_port(8085)
.with_volume(
tmp.path().as_os_str().to_string_lossy(),
"/opt/confidential-containers/kbs/repository",
)
.with_volume(
start_kbs_script.into_os_string().to_string_lossy(),
"/usr/local/bin/start_kbs.sh",
)
.with_volume(
kbs_config.into_os_string().to_string_lossy(),
"/etc/kbs-config.toml",
)
.with_volume(
policy.into_os_string().to_string_lossy(),
"/opa/confidential-containers/kbs/policy.rego",
)
.with_entrypoint("/usr/local/bin/start_kbs.sh");
// TODO: remove the changes after
// https://github.com/confidential-containers/trustee/pull/597
// gets merged.
let image = GenericImage::new("xynnn007/kbs", "fix-aead")
.with_exposed_port(8085)
.with_volume(
tmp.path().as_os_str().to_string_lossy(),
"/opt/confidential-containers/kbs/repository",
)
.with_volume(
start_kbs_script.into_os_string().to_string_lossy(),
"/usr/local/bin/start_kbs.sh",
)
.with_volume(
kbs_config.into_os_string().to_string_lossy(),
"/etc/kbs-config.toml",
)
.with_volume(
policy.into_os_string().to_string_lossy(),
"/opa/confidential-containers/kbs/policy.rego",
)
.with_entrypoint("/usr/local/bin/start_kbs.sh");
let kbs = docker.run(image);

tokio::time::sleep(Duration::from_secs(10)).await;
Expand Down
5 changes: 3 additions & 2 deletions attestation-agent/kbs_protocol/src/keypair.rs
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,9 @@ impl TeeKeyPair {
let symkey = self.decrypt(padding_mode, wrapped_symkey)?;

let iv = URL_SAFE_NO_PAD.decode(&response.iv)?;
let ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;

let mut ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;
let mut tag = URL_SAFE_NO_PAD.decode(&response.tag)?;
ciphertext.append(&mut tag);
let plaintext = crypto::decrypt(Zeroizing::new(symkey), ciphertext, iv, protected.enc)?;

Ok(plaintext)
Expand Down

0 comments on commit eca6d3d

Please sign in to comment.