2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-05-16 16:50:38 +00:00
|
|
|
package transit
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/sha1"
|
|
|
|
"crypto/sha256"
|
|
|
|
"crypto/sha512"
|
|
|
|
"encoding/base64"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"hash"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/google/tink/go/kwp/subtle"
|
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
|
|
"github.com/hashicorp/vault/sdk/helper/keysutil"
|
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
|
|
)
|
|
|
|
|
|
|
|
const EncryptedKeyBytes = 512
|
|
|
|
|
|
|
|
func (b *backend) pathImport() *framework.Path {
|
|
|
|
return &framework.Path{
|
|
|
|
Pattern: "keys/" + framework.GenericNameRegex("name") + "/import",
|
2023-04-10 18:20:53 +00:00
|
|
|
|
|
|
|
DisplayAttrs: &framework.DisplayAttributes{
|
|
|
|
OperationPrefix: operationPrefixTransit,
|
|
|
|
OperationVerb: "import",
|
|
|
|
OperationSuffix: "key",
|
|
|
|
},
|
|
|
|
|
2022-05-16 16:50:38 +00:00
|
|
|
Fields: map[string]*framework.FieldSchema{
|
|
|
|
"name": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Description: "The name of the key",
|
|
|
|
},
|
|
|
|
"type": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Default: "aes256-gcm96",
|
|
|
|
Description: `The type of key being imported. Currently, "aes128-gcm96" (symmetric), "aes256-gcm96" (symmetric), "ecdsa-p256"
|
|
|
|
(asymmetric), "ecdsa-p384" (asymmetric), "ecdsa-p521" (asymmetric), "ed25519" (asymmetric), "rsa-2048" (asymmetric), "rsa-3072"
|
|
|
|
(asymmetric), "rsa-4096" (asymmetric) are supported. Defaults to "aes256-gcm96".
|
|
|
|
`,
|
|
|
|
},
|
|
|
|
"hash_function": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Default: "SHA256",
|
|
|
|
Description: `The hash function used as a random oracle in the OAEP wrapping of the user-generated,
|
|
|
|
ephemeral AES key. Can be one of "SHA1", "SHA224", "SHA256" (default), "SHA384", or "SHA512"`,
|
|
|
|
},
|
|
|
|
"ciphertext": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Description: `The base64-encoded ciphertext of the keys. The AES key should be encrypted using OAEP
|
|
|
|
with the wrapping key and then concatenated with the import key, wrapped by the AES key.`,
|
|
|
|
},
|
|
|
|
"allow_rotation": {
|
|
|
|
Type: framework.TypeBool,
|
|
|
|
Description: "True if the imported key may be rotated within Vault; false otherwise.",
|
|
|
|
},
|
|
|
|
"derived": {
|
|
|
|
Type: framework.TypeBool,
|
|
|
|
Description: `Enables key derivation mode. This
|
|
|
|
allows for per-transaction unique
|
|
|
|
keys for encryption operations.`,
|
|
|
|
},
|
|
|
|
|
|
|
|
"exportable": {
|
|
|
|
Type: framework.TypeBool,
|
|
|
|
Description: `Enables keys to be exportable.
|
|
|
|
This allows for all the valid keys
|
|
|
|
in the key ring to be exported.`,
|
|
|
|
},
|
|
|
|
|
|
|
|
"allow_plaintext_backup": {
|
|
|
|
Type: framework.TypeBool,
|
|
|
|
Description: `Enables taking a backup of the named
|
|
|
|
key in plaintext format. Once set,
|
|
|
|
this cannot be disabled.`,
|
|
|
|
},
|
|
|
|
|
|
|
|
"context": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Description: `Base64 encoded context for key derivation.
|
|
|
|
When reading a key with key derivation enabled,
|
|
|
|
if the key type supports public keys, this will
|
|
|
|
return the public key for the given context.`,
|
|
|
|
},
|
|
|
|
"auto_rotate_period": {
|
|
|
|
Type: framework.TypeDurationSecond,
|
|
|
|
Default: 0,
|
|
|
|
Description: `Amount of time the key should live before
|
|
|
|
being automatically rotated. A value of 0
|
|
|
|
(default) disables automatic rotation for the
|
|
|
|
key.`,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
|
|
logical.UpdateOperation: b.pathImportWrite,
|
|
|
|
},
|
|
|
|
HelpSynopsis: pathImportWriteSyn,
|
|
|
|
HelpDescription: pathImportWriteDesc,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *backend) pathImportVersion() *framework.Path {
|
|
|
|
return &framework.Path{
|
|
|
|
Pattern: "keys/" + framework.GenericNameRegex("name") + "/import_version",
|
2023-04-10 18:20:53 +00:00
|
|
|
|
|
|
|
DisplayAttrs: &framework.DisplayAttributes{
|
|
|
|
OperationPrefix: operationPrefixTransit,
|
|
|
|
OperationVerb: "import",
|
|
|
|
OperationSuffix: "key-version",
|
|
|
|
},
|
|
|
|
|
2022-05-16 16:50:38 +00:00
|
|
|
Fields: map[string]*framework.FieldSchema{
|
|
|
|
"name": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Description: "The name of the key",
|
|
|
|
},
|
|
|
|
"ciphertext": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Description: `The base64-encoded ciphertext of the keys. The AES key should be encrypted using OAEP
|
|
|
|
with the wrapping key and then concatenated with the import key, wrapped by the AES key.`,
|
|
|
|
},
|
|
|
|
"hash_function": {
|
|
|
|
Type: framework.TypeString,
|
|
|
|
Default: "SHA256",
|
|
|
|
Description: `The hash function used as a random oracle in the OAEP wrapping of the user-generated,
|
|
|
|
ephemeral AES key. Can be one of "SHA1", "SHA224", "SHA256" (default), "SHA384", or "SHA512"`,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
|
|
logical.UpdateOperation: b.pathImportVersionWrite,
|
|
|
|
},
|
|
|
|
HelpSynopsis: pathImportVersionWriteSyn,
|
|
|
|
HelpDescription: pathImportVersionWriteDesc,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *backend) pathImportWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
|
|
name := d.Get("name").(string)
|
|
|
|
derived := d.Get("derived").(bool)
|
|
|
|
keyType := d.Get("type").(string)
|
|
|
|
hashFnStr := d.Get("hash_function").(string)
|
|
|
|
exportable := d.Get("exportable").(bool)
|
|
|
|
allowPlaintextBackup := d.Get("allow_plaintext_backup").(bool)
|
|
|
|
autoRotatePeriod := time.Second * time.Duration(d.Get("auto_rotate_period").(int))
|
|
|
|
ciphertextString := d.Get("ciphertext").(string)
|
|
|
|
allowRotation := d.Get("allow_rotation").(bool)
|
|
|
|
|
|
|
|
// Ensure the caller didn't supply "convergent_encryption" as a field, since it's not supported on import.
|
|
|
|
if _, ok := d.Raw["convergent_encryption"]; ok {
|
|
|
|
return nil, errors.New("import cannot be used on keys with convergent encryption enabled")
|
|
|
|
}
|
|
|
|
|
|
|
|
if autoRotatePeriod > 0 && !allowRotation {
|
|
|
|
return nil, errors.New("allow_rotation must be set to true if auto-rotation is enabled")
|
|
|
|
}
|
|
|
|
|
|
|
|
polReq := keysutil.PolicyRequest{
|
|
|
|
Storage: req.Storage,
|
|
|
|
Name: name,
|
|
|
|
Derived: derived,
|
|
|
|
Exportable: exportable,
|
|
|
|
AllowPlaintextBackup: allowPlaintextBackup,
|
|
|
|
AutoRotatePeriod: autoRotatePeriod,
|
|
|
|
AllowImportedKeyRotation: allowRotation,
|
|
|
|
}
|
|
|
|
|
2022-05-16 18:00:16 +00:00
|
|
|
switch strings.ToLower(keyType) {
|
2022-05-16 16:50:38 +00:00
|
|
|
case "aes128-gcm96":
|
|
|
|
polReq.KeyType = keysutil.KeyType_AES128_GCM96
|
|
|
|
case "aes256-gcm96":
|
|
|
|
polReq.KeyType = keysutil.KeyType_AES256_GCM96
|
|
|
|
case "chacha20-poly1305":
|
|
|
|
polReq.KeyType = keysutil.KeyType_ChaCha20_Poly1305
|
|
|
|
case "ecdsa-p256":
|
|
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P256
|
|
|
|
case "ecdsa-p384":
|
|
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P384
|
|
|
|
case "ecdsa-p521":
|
|
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P521
|
|
|
|
case "ed25519":
|
|
|
|
polReq.KeyType = keysutil.KeyType_ED25519
|
|
|
|
case "rsa-2048":
|
|
|
|
polReq.KeyType = keysutil.KeyType_RSA2048
|
|
|
|
case "rsa-3072":
|
|
|
|
polReq.KeyType = keysutil.KeyType_RSA3072
|
|
|
|
case "rsa-4096":
|
|
|
|
polReq.KeyType = keysutil.KeyType_RSA4096
|
2022-09-06 15:17:58 +00:00
|
|
|
case "hmac":
|
|
|
|
polReq.KeyType = keysutil.KeyType_HMAC
|
2022-05-16 16:50:38 +00:00
|
|
|
default:
|
|
|
|
return logical.ErrorResponse(fmt.Sprintf("unknown key type: %v", keyType)), logical.ErrInvalidRequest
|
|
|
|
}
|
|
|
|
|
|
|
|
hashFn, err := parseHashFn(hashFnStr)
|
|
|
|
if err != nil {
|
|
|
|
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
|
|
|
|
}
|
|
|
|
|
|
|
|
p, _, err := b.GetPolicy(ctx, polReq, b.GetRandomReader())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if p != nil {
|
|
|
|
if b.System().CachingDisabled() {
|
|
|
|
p.Unlock()
|
|
|
|
}
|
|
|
|
return nil, errors.New("the import path cannot be used with an existing key; use import-version to rotate an existing imported key")
|
|
|
|
}
|
|
|
|
|
2022-05-27 16:52:43 +00:00
|
|
|
ciphertext, err := base64.StdEncoding.DecodeString(ciphertextString)
|
2022-05-16 16:50:38 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
key, err := b.decryptImportedKey(ctx, req.Storage, ciphertext, hashFn)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = b.lm.ImportPolicy(ctx, polReq, key, b.GetRandomReader())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *backend) pathImportVersionWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
|
|
name := d.Get("name").(string)
|
|
|
|
hashFnStr := d.Get("hash_function").(string)
|
|
|
|
ciphertextString := d.Get("ciphertext").(string)
|
|
|
|
|
|
|
|
polReq := keysutil.PolicyRequest{
|
|
|
|
Storage: req.Storage,
|
|
|
|
Name: name,
|
|
|
|
Upsert: false,
|
|
|
|
}
|
|
|
|
|
|
|
|
hashFn, err := parseHashFn(hashFnStr)
|
|
|
|
if err != nil {
|
|
|
|
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
|
|
|
|
}
|
|
|
|
|
|
|
|
p, _, err := b.GetPolicy(ctx, polReq, b.GetRandomReader())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if p == nil {
|
|
|
|
return nil, fmt.Errorf("no key found with name %s; to import a new key, use the import/ endpoint", name)
|
|
|
|
}
|
|
|
|
if !p.Imported {
|
|
|
|
return nil, errors.New("the import_version endpoint can only be used with an imported key")
|
|
|
|
}
|
|
|
|
if p.ConvergentEncryption {
|
|
|
|
return nil, errors.New("import_version cannot be used on keys with convergent encryption enabled")
|
|
|
|
}
|
|
|
|
|
|
|
|
if !b.System().CachingDisabled() {
|
|
|
|
p.Lock(true)
|
|
|
|
}
|
|
|
|
defer p.Unlock()
|
|
|
|
|
2022-05-27 16:52:43 +00:00
|
|
|
ciphertext, err := base64.StdEncoding.DecodeString(ciphertextString)
|
2022-05-16 16:50:38 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
importKey, err := b.decryptImportedKey(ctx, req.Storage, ciphertext, hashFn)
|
2022-09-06 18:03:24 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-05-16 16:50:38 +00:00
|
|
|
err = p.Import(ctx, req.Storage, importKey, b.GetRandomReader())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *backend) decryptImportedKey(ctx context.Context, storage logical.Storage, ciphertext []byte, hashFn hash.Hash) ([]byte, error) {
|
|
|
|
// Bounds check the ciphertext to avoid panics
|
|
|
|
if len(ciphertext) <= EncryptedKeyBytes {
|
|
|
|
return nil, errors.New("provided ciphertext is too short")
|
|
|
|
}
|
|
|
|
|
|
|
|
wrappedEphKey := ciphertext[:EncryptedKeyBytes]
|
|
|
|
wrappedImportKey := ciphertext[EncryptedKeyBytes:]
|
|
|
|
|
|
|
|
wrappingKey, err := b.getWrappingKey(ctx, storage)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if wrappingKey == nil {
|
|
|
|
return nil, fmt.Errorf("error importing key: wrapping key was nil")
|
|
|
|
}
|
|
|
|
|
|
|
|
privWrappingKey := wrappingKey.Keys[strconv.Itoa(wrappingKey.LatestVersion)].RSAKey
|
|
|
|
ephKey, err := rsa.DecryptOAEP(hashFn, b.GetRandomReader(), privWrappingKey, wrappedEphKey, []byte{})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Zero out the ephemeral AES key just to be extra cautious. Note that this
|
|
|
|
// isn't a guarantee against memory analysis! See the documentation for the
|
|
|
|
// `vault.memzero` utility function for more information.
|
|
|
|
defer func() {
|
|
|
|
for i := range ephKey {
|
|
|
|
ephKey[i] = 0
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Ensure the ephemeral AES key is 256-bit
|
|
|
|
if len(ephKey) != 32 {
|
|
|
|
return nil, errors.New("expected ephemeral AES key to be 256-bit")
|
|
|
|
}
|
|
|
|
|
|
|
|
kwp, err := subtle.NewKWP(ephKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
importKey, err := kwp.Unwrap(wrappedImportKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return importKey, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseHashFn(hashFn string) (hash.Hash, error) {
|
|
|
|
switch strings.ToUpper(hashFn) {
|
|
|
|
case "SHA1":
|
|
|
|
return sha1.New(), nil
|
|
|
|
case "SHA224":
|
|
|
|
return sha256.New224(), nil
|
|
|
|
case "SHA256":
|
|
|
|
return sha256.New(), nil
|
|
|
|
case "SHA384":
|
|
|
|
return sha512.New384(), nil
|
|
|
|
case "SHA512":
|
|
|
|
return sha512.New(), nil
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("unknown hash function: %s", hashFn)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
const (
|
|
|
|
pathImportWriteSyn = "Imports an externally-generated key into a new transit key"
|
|
|
|
pathImportWriteDesc = "This path is used to import an externally-generated " +
|
|
|
|
"key into Vault. The import operation creates a new key and cannot be used to " +
|
|
|
|
"replace an existing key."
|
|
|
|
)
|
|
|
|
|
|
|
|
const pathImportVersionWriteSyn = "Imports an externally-generated key into an " +
|
|
|
|
"existing imported key"
|
|
|
|
|
|
|
|
const pathImportVersionWriteDesc = "This path is used to import a new version of an " +
|
|
|
|
"externally-generated key into an existing import key. The import_version endpoint " +
|
|
|
|
"only supports importing key material into existing imported keys."
|