-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWE encryption is missing base64url-encoded protected header as AEAD #583
Comments
I think that's true. tag should not be set to an empty string for a protected_header, I think? Lines 51 to 64 in 423e208
looking at the python jwcrypt impl: there is a deprecation notice about using >>> from jwcrypto import jwk, jwe
>>> key = jwk.JWK.generate(kty='RSA', size=4096)
>>> jwe_token = jwe.JWE(plaintext="hi", protected={ "alg": "RSA1_5", "enc": "A256GCM" }, algs=["RSA1_5", "A256GCM"])
>>> jwe_token.add_recipient(key)
>>> jwe_token
JWE.from_json_token("{"ciphertext":"XBE","encrypted_key":"TeC60wunpwFy1EdOXjOUCNsKHE2lHaZy09eVU7kBE0vPoHxPISUgEqwNK3iqiwes4uDK8EJEGC1ozOehfhxQ5eA2TZpy_cJLVQUkkkk5vbhV6IVxtTFL7ZWTfpipDnxlAIrOrtF7vWnvu0XACEtRW0eIU16ZE_Jkh9ebyL4VWgmDp-FVRCmQnHzoAPOWAUXlQf7vQyJdHzGN2MuoYxprSGlwwSkonBfmKlKLaxtiJN9T_pqZ4d6JlA8wJrGOvyVkdsXs6g0wkLoDhJE2eba5CtG-hJkoal46vzVOgIKZTHEoQ7LGIeDKKSXE6ZQhHvxADMq_uJaWP9TNKXfVRPlpByX_tAlbYP_JzyT8AO-FABVtdLtpfFegr4g5kRUkS1UlR1WeIuGsPDhvJM0G4V_ZgN5Um44W0at4cRuArnx_YWaRSW8p_Ze9rxSxTdY5GIBTWrjsAi8vctJXflfVYuguDWJ7IV2_mG-yQph4QufTo59RlnAOYNqaVVhQ9w8cxseH0-ML2x_TmNQVxFzQAnJiEJkTET7uyCCqDjXOvxBRC1l-tI1z2C-i5VbnFbxUxCtC1Xn3CwsUk3NaYS7NKe4wSx9V9s7saOX8IMYv-XSS2vip2N4KXO5qdUASa_uF32rObz6zYfbkks_6R6sZSwjhAMtxaeZw7JCv-4sdgt1IzYI","iv":"LAsxB7-32DAZ3vlM","protected":"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMjU2R0NNIn0","tag":"RF44xv0cvzOjZZv3ojouXA"}") |
Yes. Currently we are using the function encrypt which will automatically append the auth |
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertest`. Although this is also secure, it's not standard. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we use an AAD `CoCo` to do AEAD. This should be align with the guest-components side. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertest`. Although this is also secure, it's not standard. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we use an AAD `CoCo` to do AEAD. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Ok. To follow rfc7516, we have the following roadmap |
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Fixes confidential-containers#583. This commit does two things: 1. Fix JWE format to align with RFC 7516. 2. Use more strong algorithm for JWE. Due to RFC 7516, the JWE AEAD Auth Tag should be expcilitly be included inside the `tag` part. Before this commit, the tag is actually included as the suffix of the `ciphertext`. We fix this by expcilitly extract the tag and include it into the jwe body. Also, we fix the AAD calculation logic, s.t. derived from ProtectedHeader which is also specifiled by RFC7516. This should be align with the guest-components side. This commit supports the following JWE algorithms for KBS response: 1. RSA PKCS v1.5 Padding. This algorithm is not recommended but for compability it is still reserved. 2. RSA OAEP. 3. ECDH-ES-A256KW with curve P256. This is recommended as EC algorithms are more fast and safe. which algorithm is used is decided by the TEE public key sent by the client. Some more unit tests to test the compability is added to make sure the algorithm is implemented as standard. Both change will make the kbs_client not able to connect to the KBS. Thus we update the KBS protocol version from 0.1.1 to 0.2.0. Signed-off-by: Xynnn007 <[email protected]>
Describe the bug
The JWE protected_header is not protected AEAD as expected by the RFC for JWE.
How to reproduce
n/a
CoCo version information
all
What TEE are you seeing the problem on
Snp
Failing command and relevant log output
No response
The text was updated successfully, but these errors were encountered: