611ab91e5a
* add import endpoint * fix unlock * add import_version * refactor import endpoints and add tests * add descriptions * Update dependencies to include tink for Transit import operations. Convert Transit wrapping key endpoint to use shared wrapping key retrieval method. Disallow import of convergent keys to Transit via BYOK process. * Include new 'hash_function' parameter on Transit import endpoints to specify OAEP random oracle hash function used to wrap ephemeral AES key. * Add default values for Transit import endpoint fields. Prevent an OOB panic in Transit import. Proactively zero out ephemeral AES key used in Transit imports. * Rename some Transit BYOK import variables. Ensure Transit BYOK ephemeral key is of the size specified byt the RFC. * Add unit tests for Transit BYOK import endpoint. * Simplify Transit BYOK import tests. Add a conditional on auto rotation to avoid errors on BYOK keys with allow_rotation=false. * Added hash_function field to Transit import_version endpoint. Reworked Transit import unit tests. Added unit tests for Transit import_version endpoint. * Add changelog entry for Transit BYOK. * Transit BYOK formatting fixes. * Omit 'convergent_encryption' field from Transit BYOK import endpoint, but reject with an error when the field is provided. * Minor formatting fix in Transit import. Co-authored-by: rculpepper <rculpepper@hashicorp.com>
384 lines
11 KiB
Go
384 lines
11 KiB
Go
package transit
|
|
|
|
import (
|
|
"context"
|
|
"crypto/elliptic"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"strconv"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/ed25519"
|
|
|
|
"github.com/fatih/structs"
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/helper/keysutil"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func (b *backend) pathListKeys() *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: "keys/?$",
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.ListOperation: b.pathKeysList,
|
|
},
|
|
|
|
HelpSynopsis: pathPolicyHelpSyn,
|
|
HelpDescription: pathPolicyHelpDesc,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathKeys() *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: "keys/" + framework.GenericNameRegex("name"),
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"name": {
|
|
Type: framework.TypeString,
|
|
Description: "Name of the key",
|
|
},
|
|
|
|
"type": {
|
|
Type: framework.TypeString,
|
|
Default: "aes256-gcm96",
|
|
Description: `
|
|
The type of key to create. Currently, "aes128-gcm96" (symmetric), "aes256-gcm96" (symmetric), "ecdsa-p256"
|
|
(asymmetric), "ecdsa-p384" (asymmetric), "ecdsa-p521" (asymmetric), "ed25519" (asymmetric), "rsa-2048" (asymmetric), "rsa-3072"
|
|
(asymmetric), "rsa-4096" (asymmetric) are supported. Defaults to "aes256-gcm96".
|
|
`,
|
|
},
|
|
|
|
"derived": {
|
|
Type: framework.TypeBool,
|
|
Description: `Enables key derivation mode. This
|
|
allows for per-transaction unique
|
|
keys for encryption operations.`,
|
|
},
|
|
|
|
"convergent_encryption": {
|
|
Type: framework.TypeBool,
|
|
Description: `Whether to support convergent encryption.
|
|
This is only supported when using a key with
|
|
key derivation enabled and will require all
|
|
requests to carry both a context and 96-bit
|
|
(12-byte) nonce. The given nonce will be used
|
|
in place of a randomly generated nonce. As a
|
|
result, when the same context and nonce are
|
|
supplied, the same ciphertext is generated. It
|
|
is *very important* when using this mode that
|
|
you ensure that all nonces are unique for a
|
|
given context. Failing to do so will severely
|
|
impact the ciphertext's security.`,
|
|
},
|
|
|
|
"exportable": {
|
|
Type: framework.TypeBool,
|
|
Description: `Enables keys to be exportable.
|
|
This allows for all the valid keys
|
|
in the key ring to be exported.`,
|
|
},
|
|
|
|
"allow_plaintext_backup": {
|
|
Type: framework.TypeBool,
|
|
Description: `Enables taking a backup of the named
|
|
key in plaintext format. Once set,
|
|
this cannot be disabled.`,
|
|
},
|
|
|
|
"context": {
|
|
Type: framework.TypeString,
|
|
Description: `Base64 encoded context for key derivation.
|
|
When reading a key with key derivation enabled,
|
|
if the key type supports public keys, this will
|
|
return the public key for the given context.`,
|
|
},
|
|
|
|
"auto_rotate_period": {
|
|
Type: framework.TypeDurationSecond,
|
|
Default: 0,
|
|
Description: `Amount of time the key should live before
|
|
being automatically rotated. A value of 0
|
|
(default) disables automatic rotation for the
|
|
key.`,
|
|
},
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: b.pathPolicyWrite,
|
|
logical.DeleteOperation: b.pathPolicyDelete,
|
|
logical.ReadOperation: b.pathPolicyRead,
|
|
},
|
|
|
|
HelpSynopsis: pathPolicyHelpSyn,
|
|
HelpDescription: pathPolicyHelpDesc,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathKeysList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
entries, err := req.Storage.List(ctx, "policy/")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return logical.ListResponse(entries), nil
|
|
}
|
|
|
|
func (b *backend) pathPolicyWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
name := d.Get("name").(string)
|
|
derived := d.Get("derived").(bool)
|
|
convergent := d.Get("convergent_encryption").(bool)
|
|
keyType := d.Get("type").(string)
|
|
exportable := d.Get("exportable").(bool)
|
|
allowPlaintextBackup := d.Get("allow_plaintext_backup").(bool)
|
|
autoRotatePeriod := time.Second * time.Duration(d.Get("auto_rotate_period").(int))
|
|
|
|
if autoRotatePeriod != 0 && autoRotatePeriod < time.Hour {
|
|
return logical.ErrorResponse("auto rotate period must be 0 to disable or at least an hour"), nil
|
|
}
|
|
|
|
if !derived && convergent {
|
|
return logical.ErrorResponse("convergent encryption requires derivation to be enabled"), nil
|
|
}
|
|
|
|
polReq := keysutil.PolicyRequest{
|
|
Upsert: true,
|
|
Storage: req.Storage,
|
|
Name: name,
|
|
Derived: derived,
|
|
Convergent: convergent,
|
|
Exportable: exportable,
|
|
AllowPlaintextBackup: allowPlaintextBackup,
|
|
AutoRotatePeriod: autoRotatePeriod,
|
|
}
|
|
switch keyType {
|
|
case "aes128-gcm96":
|
|
polReq.KeyType = keysutil.KeyType_AES128_GCM96
|
|
case "aes256-gcm96":
|
|
polReq.KeyType = keysutil.KeyType_AES256_GCM96
|
|
case "chacha20-poly1305":
|
|
polReq.KeyType = keysutil.KeyType_ChaCha20_Poly1305
|
|
case "ecdsa-p256":
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P256
|
|
case "ecdsa-p384":
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P384
|
|
case "ecdsa-p521":
|
|
polReq.KeyType = keysutil.KeyType_ECDSA_P521
|
|
case "ed25519":
|
|
polReq.KeyType = keysutil.KeyType_ED25519
|
|
case "rsa-2048":
|
|
polReq.KeyType = keysutil.KeyType_RSA2048
|
|
case "rsa-3072":
|
|
polReq.KeyType = keysutil.KeyType_RSA3072
|
|
case "rsa-4096":
|
|
polReq.KeyType = keysutil.KeyType_RSA4096
|
|
default:
|
|
return logical.ErrorResponse(fmt.Sprintf("unknown key type %v", keyType)), logical.ErrInvalidRequest
|
|
}
|
|
|
|
p, upserted, err := b.GetPolicy(ctx, polReq, b.GetRandomReader())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if p == nil {
|
|
return nil, fmt.Errorf("error generating key: returned policy was nil")
|
|
}
|
|
if b.System().CachingDisabled() {
|
|
p.Unlock()
|
|
}
|
|
|
|
resp := &logical.Response{}
|
|
if !upserted {
|
|
resp.AddWarning(fmt.Sprintf("key %s already existed", name))
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
// Built-in helper type for returning asymmetric keys
|
|
type asymKey struct {
|
|
Name string `json:"name" structs:"name" mapstructure:"name"`
|
|
PublicKey string `json:"public_key" structs:"public_key" mapstructure:"public_key"`
|
|
CreationTime time.Time `json:"creation_time" structs:"creation_time" mapstructure:"creation_time"`
|
|
}
|
|
|
|
func (b *backend) pathPolicyRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
name := d.Get("name").(string)
|
|
|
|
p, _, err := b.GetPolicy(ctx, keysutil.PolicyRequest{
|
|
Storage: req.Storage,
|
|
Name: name,
|
|
}, b.GetRandomReader())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if p == nil {
|
|
return nil, nil
|
|
}
|
|
if !b.System().CachingDisabled() {
|
|
p.Lock(false)
|
|
}
|
|
defer p.Unlock()
|
|
|
|
// Return the response
|
|
resp := &logical.Response{
|
|
Data: map[string]interface{}{
|
|
"name": p.Name,
|
|
"type": p.Type.String(),
|
|
"derived": p.Derived,
|
|
"deletion_allowed": p.DeletionAllowed,
|
|
"min_available_version": p.MinAvailableVersion,
|
|
"min_decryption_version": p.MinDecryptionVersion,
|
|
"min_encryption_version": p.MinEncryptionVersion,
|
|
"latest_version": p.LatestVersion,
|
|
"exportable": p.Exportable,
|
|
"allow_plaintext_backup": p.AllowPlaintextBackup,
|
|
"supports_encryption": p.Type.EncryptionSupported(),
|
|
"supports_decryption": p.Type.DecryptionSupported(),
|
|
"supports_signing": p.Type.SigningSupported(),
|
|
"supports_derivation": p.Type.DerivationSupported(),
|
|
"auto_rotate_period": int64(p.AutoRotatePeriod.Seconds()),
|
|
"imported_key": p.Imported,
|
|
},
|
|
}
|
|
|
|
if p.Imported {
|
|
resp.Data["imported_key_allow_rotation"] = p.AllowImportedKeyRotation
|
|
}
|
|
|
|
if p.BackupInfo != nil {
|
|
resp.Data["backup_info"] = map[string]interface{}{
|
|
"time": p.BackupInfo.Time,
|
|
"version": p.BackupInfo.Version,
|
|
}
|
|
}
|
|
if p.RestoreInfo != nil {
|
|
resp.Data["restore_info"] = map[string]interface{}{
|
|
"time": p.RestoreInfo.Time,
|
|
"version": p.RestoreInfo.Version,
|
|
}
|
|
}
|
|
|
|
if p.Derived {
|
|
switch p.KDF {
|
|
case keysutil.Kdf_hmac_sha256_counter:
|
|
resp.Data["kdf"] = "hmac-sha256-counter"
|
|
resp.Data["kdf_mode"] = "hmac-sha256-counter"
|
|
case keysutil.Kdf_hkdf_sha256:
|
|
resp.Data["kdf"] = "hkdf_sha256"
|
|
}
|
|
resp.Data["convergent_encryption"] = p.ConvergentEncryption
|
|
if p.ConvergentEncryption {
|
|
resp.Data["convergent_encryption_version"] = p.ConvergentVersion
|
|
}
|
|
}
|
|
|
|
contextRaw := d.Get("context").(string)
|
|
var context []byte
|
|
if len(contextRaw) != 0 {
|
|
context, err = base64.StdEncoding.DecodeString(contextRaw)
|
|
if err != nil {
|
|
return logical.ErrorResponse("failed to base64-decode context"), logical.ErrInvalidRequest
|
|
}
|
|
}
|
|
|
|
switch p.Type {
|
|
case keysutil.KeyType_AES128_GCM96, keysutil.KeyType_AES256_GCM96, keysutil.KeyType_ChaCha20_Poly1305:
|
|
retKeys := map[string]int64{}
|
|
for k, v := range p.Keys {
|
|
retKeys[k] = v.DeprecatedCreationTime
|
|
}
|
|
resp.Data["keys"] = retKeys
|
|
|
|
case keysutil.KeyType_ECDSA_P256, keysutil.KeyType_ECDSA_P384, keysutil.KeyType_ECDSA_P521, keysutil.KeyType_ED25519, keysutil.KeyType_RSA2048, keysutil.KeyType_RSA3072, keysutil.KeyType_RSA4096:
|
|
retKeys := map[string]map[string]interface{}{}
|
|
for k, v := range p.Keys {
|
|
key := asymKey{
|
|
PublicKey: v.FormattedPublicKey,
|
|
CreationTime: v.CreationTime,
|
|
}
|
|
if key.CreationTime.IsZero() {
|
|
key.CreationTime = time.Unix(v.DeprecatedCreationTime, 0)
|
|
}
|
|
|
|
switch p.Type {
|
|
case keysutil.KeyType_ECDSA_P256:
|
|
key.Name = elliptic.P256().Params().Name
|
|
case keysutil.KeyType_ECDSA_P384:
|
|
key.Name = elliptic.P384().Params().Name
|
|
case keysutil.KeyType_ECDSA_P521:
|
|
key.Name = elliptic.P521().Params().Name
|
|
case keysutil.KeyType_ED25519:
|
|
if p.Derived {
|
|
if len(context) == 0 {
|
|
key.PublicKey = ""
|
|
} else {
|
|
ver, err := strconv.Atoi(k)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid version %q: %w", k, err)
|
|
}
|
|
derived, err := p.GetKey(context, ver, 32)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to derive key to return public component")
|
|
}
|
|
pubKey := ed25519.PrivateKey(derived).Public().(ed25519.PublicKey)
|
|
key.PublicKey = base64.StdEncoding.EncodeToString(pubKey)
|
|
}
|
|
}
|
|
key.Name = "ed25519"
|
|
case keysutil.KeyType_RSA2048, keysutil.KeyType_RSA3072, keysutil.KeyType_RSA4096:
|
|
key.Name = "rsa-2048"
|
|
if p.Type == keysutil.KeyType_RSA3072 {
|
|
key.Name = "rsa-3072"
|
|
}
|
|
|
|
if p.Type == keysutil.KeyType_RSA4096 {
|
|
key.Name = "rsa-4096"
|
|
}
|
|
|
|
// Encode the RSA public key in PEM format to return over the
|
|
// API
|
|
derBytes, err := x509.MarshalPKIXPublicKey(v.RSAKey.Public())
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error marshaling RSA public key: %w", err)
|
|
}
|
|
pemBlock := &pem.Block{
|
|
Type: "PUBLIC KEY",
|
|
Bytes: derBytes,
|
|
}
|
|
pemBytes := pem.EncodeToMemory(pemBlock)
|
|
if pemBytes == nil || len(pemBytes) == 0 {
|
|
return nil, fmt.Errorf("failed to PEM-encode RSA public key")
|
|
}
|
|
key.PublicKey = string(pemBytes)
|
|
}
|
|
|
|
retKeys[k] = structs.New(key).Map()
|
|
}
|
|
resp.Data["keys"] = retKeys
|
|
}
|
|
|
|
return resp, nil
|
|
}
|
|
|
|
func (b *backend) pathPolicyDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
name := d.Get("name").(string)
|
|
|
|
// Delete does its own locking
|
|
err := b.lm.DeletePolicy(ctx, req.Storage, name)
|
|
if err != nil {
|
|
return logical.ErrorResponse(fmt.Sprintf("error deleting policy %s: %s", name, err)), err
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
const pathPolicyHelpSyn = `Managed named encryption keys`
|
|
|
|
const pathPolicyHelpDesc = `
|
|
This path is used to manage the named keys that are available.
|
|
Doing a write with no value against a new named key will create
|
|
it using a randomly generated key.
|
|
`
|