Feat crypto migrate to ed25519 identities (#80)

* feat(container): migrate to ed25519 identities. * feat(transform): add JWE transformers. * chore(doc): update changelog. * feat(transformer): dynamic factory for encryption. * chore(doc): update changelog.
zntrio · Nov 15, 2021 · b9e84b1 · b9e84b1
1 parent 41bd1a7
commit b9e84b1
Show file tree

Hide file tree

Showing 30 changed files with 1,121 additions and 297 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,9 +5,11 @@
 BREAKING-CHANGES:
 
 * cmd/ruleset: Ruleset generation from a Bundle has been relocated to `to ruleset` command. [#77](https://github.com/elastic/harp/pull/77)
-* bundle/filter: Parameter `--jmespath` as been renamed to `--query`. [#77](https://github.com/elastic/harp/pull/77)
-* bundle/dump: Parameter `--jmespath` as been renamed to `--query`. [#77](https://github.com/elastic/harp/pull/77)
-* deprecation: Package `github.com/elastic/harp/pkg/bundle/vfs` has been removed. The Golang 1.16 `fs.FS` implementation must be used and located at `github.com/elastic/harp/pkg/bundle/fs`. [#77](https://github.com/elastic/harp/pull/77)
+* bundle/filter: parameter `--jmespath` as been renamed to `--query`. [#77](https://github.com/elastic/harp/pull/77)
+* bundle/dump: parameter `--jmespath` as been renamed to `--query`. [#77](https://github.com/elastic/harp/pull/77)
+* deprecation: package `github.com/elastic/harp/pkg/bundle/vfs` has been removed. The Golang 1.16 `fs.FS` implementation must be used and located at `github.com/elastic/harp/pkg/bundle/fs`. [#77](https://github.com/elastic/harp/pull/77)
+* container/identity: identities are using `ed25519` key pairs vs `x25519` keys in previous versions. Allows identities to be used for signing and encryption purpose. [#79](https://github.com/elastic/harp/pull/80)
+* sdk/transformer: Encryption transformers must be imported to be registered in the encryption transformer registry. [#80](https://github.com/elastic/harp/pull/80)
 
 FEATURES:
 
@@ -21,6 +23,15 @@ FEATURES:
 * sdk/cmdutil: `DirectWriter(io.Writer)` is a `io.Writer` provider used to delegate to input writer. [#77](https://github.com/elastic/harp/pull/77)
 * sdk/cmdutil: `NewClosedWriter()` is a `io.Writer` implementation who always return on `Write()` calls. [#77](https://github.com/elastic/harp/pull/77)
 * pkg/kv: integration tests and behavior validation test suite. [#78](https://github.com/elastic/harp/pull/78)
+* value/transformers: expose new JWE based encryption transformers [#80](https://github.com/elastic/harp/pull/80)
+  * `jwe:a128kw:<base64>` to initialize a AES128 Key Wrapper with AES128 GCM Encryption transformer
+  * `jwe:a192kw:<base64>` to initialize a AES192 Key Wrapper with AES192 GCM Encryption transformer
+  * `jwe:a256kw:<base64>` to initialize a AES256 Key Wrapper with AES256 GCM Encryption transformer
+  * `jwe:pbes2-a128kw:<ascii>` to initialize a PBES2 key derivation function for AES128 key wrapping with AES128 GCM Encryption transformer
+  * `jwe:pbes2-a192kw:<ascii>` to initialize a PBES2 key derivation function for AES192 key wrapping with AES192 GCM Encryption transformer
+  * `jwe:pbes2-a256kw:<ascii>` to initialize a PBES2 key derivation function for AES256 key wrapping with AES256 GCM Encryption transformer
+* sdk/transformer: Encryption transformer dynamic factory. [#80](https://github.com/elastic/harp/pull/80)
+  * Use `github.com/elastic/harp/pkg/value/encryption.Register(prefix, factory)` to register a transformer factory matching the given prefix.
 
 CHANGES:
 

diff --git a/cmd/harp/main.go b/cmd/harp/main.go
@@ -23,6 +23,13 @@ import (
 
 	"github.com/elastic/harp/cmd/harp/internal/cmd"
 	"github.com/elastic/harp/pkg/sdk/log"
+
+	// Register encryption transformers
+	_ "github.com/elastic/harp/pkg/sdk/value/encryption/aead"
+	_ "github.com/elastic/harp/pkg/sdk/value/encryption/fernet"
+	_ "github.com/elastic/harp/pkg/sdk/value/encryption/jwe"
+	_ "github.com/elastic/harp/pkg/sdk/value/encryption/secretbox"
+	_ "github.com/elastic/harp/pkg/vault/transit/transformer"
 )
 
 func init() {

diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ replace github.com/satori/go.uuid => github.com/satori/go.uuid v1.2.1-0.20181028
 replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
 
 require (
+	filippo.io/edwards25519 v1.0.0-rc.1
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/Masterminds/sprig/v3 v3.2.2
 	github.com/alessio/shellescape v1.4.1

diff --git a/go.sum b/go.sum
@@ -43,6 +43,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU=
+filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=

diff --git a/pkg/container/identity/codec.go b/pkg/container/identity/codec.go
@@ -18,7 +18,7 @@
 package identity
 
 import (
-	"crypto/rand"
+	"crypto/ed25519"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -28,7 +28,6 @@ import (
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
 	"github.com/gosimple/slug"
-	"golang.org/x/crypto/nacl/box"
 
 	"github.com/elastic/harp/pkg/sdk/security/crypto/bech32"
 	"github.com/elastic/harp/pkg/sdk/types"
@@ -42,22 +41,22 @@ const (
 // -----------------------------------------------------------------------------
 
 // New identity from description.
-func New(description string) (*Identity, []byte, error) {
+func New(random io.Reader, description string) (*Identity, []byte, error) {
 	// Check arguments
 	if err := validation.Validate(description, validation.Required, is.ASCII); err != nil {
 		return nil, nil, fmt.Errorf("unable to create identity with invalid description: %w", err)
 	}
 
-	// Generate x25519 keys
-	pub, priv, err := box.GenerateKey(rand.Reader)
+	// Generate ed25519 keys as identity
+	pub, priv, err := ed25519.GenerateKey(random)
 	if err != nil {
 		return nil, nil, fmt.Errorf("unable to generate identity keypair: %w", err)
 	}
 
 	// Wrap as JWK
 	jwk := JSONWebKey{
 		Kty: "OKP",
-		Crv: "X25519",
+		Crv: "Ed25519",
 		X:   base64.RawURLEncoding.EncodeToString(pub[:]),
 		D:   base64.RawURLEncoding.EncodeToString(priv[:]),
 	}

diff --git a/pkg/container/identity/codec_test.go b/pkg/container/identity/codec_test.go
@@ -0,0 +1,98 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package identity
+
+import (
+	"bytes"
+	"crypto/rand"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	securityIdentity = []byte(`{"@apiVersion": "harp.elastic.co/v1", "@kind": "ContainerIdentity", "@timestamp": "2021-11-15T11:58:13.662568Z", "@description": "security", "public": "security1r6t9kagaafun6zvkx4ysm2kh9xswca6x79dlu4lvmg6hynywx7nsvpgple", "private": { "encoding": "jwe", "content": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjUwMDAwMSwicDJzIjoiTlVVNVlWZDZTRVpJVldoMFNFSnNaUSJ9.pqZ9kim7OzW6lVLmPf4wXRYx8IvHmZi7ChzxmWqtGHo2zHeyp3Bhqw.x76wqFYsB-E-E0ov.1Adrme-LS8tC05n1D3FLUSiDGCMcf30lRjWDCB2CSh-3x4K2fZ2gibsvtp7aO4IjxkESnrUV6vCCAtXDa2I4f-aYAYzl1CkgSw-1JulQmVjl4l3NTcI189icJT0HxJ7-F0SGtpmTU1bGoGR9z_ERVErom3I6bSAl2OV4WcDVTfmyXBoJqM-hXYtIeIpLC0B4sxi3CFPhFQlEHF65AYwC2QgZb2qoP-tLnJG1FA.g-hH5zr7ksKhWS2aXAWP0Q"}}`)
+	publicOnly       = []byte(`{"@apiVersion": "harp.elastic.co/v1", "@kind": "ContainerIdentity", "@timestamp": "2021-11-15T11:58:13.662568Z", "@description": "security", "public": "security1r6t9kagaafun6zvkx4ysm2kh9xswca6x79dlu4lvmg6hynywx7nsvpgple"}`)
+)
+
+func TestCodec_New(t *testing.T) {
+	t.Run("invalid description", func(t *testing.T) {
+		id, pub, err := New(rand.Reader, "é")
+		assert.Error(t, err)
+		assert.Nil(t, pub)
+		assert.Nil(t, id)
+	})
+
+	t.Run("large description", func(t *testing.T) {
+		id, pub, err := New(rand.Reader, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+		assert.Error(t, err)
+		assert.Nil(t, pub)
+		assert.Nil(t, id)
+	})
+
+	t.Run("invalid random source", func(t *testing.T) {
+		id, pub, err := New(bytes.NewBuffer(nil), "test")
+		assert.Error(t, err)
+		assert.Nil(t, pub)
+		assert.Nil(t, id)
+	})
+
+	t.Run("valid", func(t *testing.T) {
+		id, pub, err := New(bytes.NewBuffer([]byte("deterministic-random-source-for-test-0001")), "security")
+		assert.NoError(t, err)
+		assert.NotNil(t, pub)
+		assert.NotNil(t, id)
+		assert.Equal(t, "harp.elastic.co/v1", id.APIVersion)
+		assert.Equal(t, "security", id.Description)
+		assert.Equal(t, "ContainerIdentity", id.Kind)
+		assert.Equal(t, "security1mqtkctl32wy695wryccfgrdw4hr8cn9smk9vduc9yy5l3dfwr69swl0vee", id.Public)
+		assert.Nil(t, id.Private)
+		assert.False(t, id.HasPrivateKey())
+	})
+}
+
+func TestCodec_FromReader(t *testing.T) {
+	t.Run("nil", func(t *testing.T) {
+		id, err := FromReader(nil)
+		assert.Error(t, err)
+		assert.Nil(t, id)
+	})
+
+	t.Run("empty", func(t *testing.T) {
+		id, err := FromReader(bytes.NewReader([]byte("{}")))
+		assert.Error(t, err)
+		assert.Nil(t, id)
+	})
+
+	t.Run("invalid json", func(t *testing.T) {
+		id, err := FromReader(bytes.NewReader([]byte("{")))
+		assert.Error(t, err)
+		assert.Nil(t, id)
+	})
+
+	t.Run("public key only", func(t *testing.T) {
+		id, err := FromReader(bytes.NewReader(publicOnly))
+		assert.Error(t, err)
+		assert.Nil(t, id)
+	})
+
+	t.Run("valid", func(t *testing.T) {
+		id, err := FromReader(bytes.NewReader(securityIdentity))
+		assert.NoError(t, err)
+		assert.NotNil(t, id)
+	})
+}
diff --git a/pkg/sdk/security/crypto/extra25519/convert.go b/pkg/sdk/security/crypto/extra25519/convert.go
@@ -0,0 +1,120 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package extra25519
+
+import (
+	"crypto/ed25519"
+	"crypto/sha512"
+
+	"filippo.io/edwards25519"
+)
+
+// edBlacklist is a list of elements of the ed25519 curve that have low order.
+// The list was copied from https://github.com/jedisct1/libsodium/blob/141288535127c22162944e12fcadb8bc269671cc/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
+var edBlacklist = [7][32]byte{
+	/* 0 (order 4) */
+	{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+	/* 1 (order 1) */
+	{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+	/* 2707385501144840649318225287225658788936804267575313519463743609750303402022
+	   (order 8) */
+	{0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, 0x45, 0xc3, 0xf4,
+		0x89, 0xf2, 0xef, 0x98, 0xf0, 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6,
+		0x33, 0x39, 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05},
+	/* 55188659117513257062467267217118295137698188065244968500265048394206261417927
+	   (order 8) */
+	{0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, 0xba, 0x3c, 0x0b,
+		0x76, 0x0d, 0x10, 0x67, 0x0f, 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39,
+		0xcc, 0xc6, 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a},
+	/* p-1 (order 2) */
+	{0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+	/* p (=0, order 4) */
+	{0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+	/* p+1 (=1, order 1) */
+	{0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+}
+
+// IsLowOrder checks if the passed group element is of low order.
+// Algorithm translated from the same source as the blacklist (see above).
+func IsEdLowOrder(ge []byte) bool {
+	var (
+		c    [7]byte
+		k    int
+		i, j int
+	)
+
+	// cases j = 0..30
+	for j = 0; j < 31; j++ {
+		for i = 0; i < len(edBlacklist); i++ {
+			c[i] |= ge[j] ^ edBlacklist[i][j]
+		}
+	}
+
+	// case j = 31, ignore highest bit
+	for i = 0; i < len(edBlacklist); i++ {
+		c[i] |= (ge[j] & 0x7f) ^ edBlacklist[i][j]
+	}
+
+	k = 0
+	for i = 0; i < len(edBlacklist); i++ {
+		k |= int(c[i]) - 1
+	}
+
+	return ((k >> 8) & 1) == 1
+}
+
+// PrivateKeyToCurve25519 converts an Ed25519 private key into a corresponding
+// curve25519 private key such that the resulting curve25519 public key will
+// equal the result from PublicKeyToCurve25519.
+func PrivateKeyToCurve25519(curve25519Private *[32]byte, privateKey ed25519.PrivateKey) {
+	h := sha512.New()
+	h.Write(privateKey[:32])
+	digest := h.Sum(nil)
+
+	digest[0] &= 248
+	digest[31] &= 127
+	digest[31] |= 64
+
+	copy(curve25519Private[:], digest)
+}
+
+// PublicKeyToCurve25519 converts an Ed25519 public key into the curve25519
+// public key that would be generated from the same private key.
+func PublicKeyToCurve25519(curveBytes *[32]byte, edBytes ed25519.PublicKey) bool {
+	if IsEdLowOrder(edBytes) {
+		return false
+	}
+
+	edPoint, err := new(edwards25519.Point).SetBytes(edBytes)
+	if err != nil {
+		return false
+	}
+
+	copy(curveBytes[:], edPoint.BytesMontgomery())
+	return true
+}