feat(BKS): Get* HV-2 Branch Keys #1342
Conversation
This reverts commit 53abc2c.
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/ErrorMessages.dfy
Outdated
Show resolved
Hide resolved
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
…e/src/ErrorMessages.dfy Co-authored-by: Tony Knapp <[email protected]>
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
| EncryptionContext := hv2EC, | ||
| CiphertextBlob := branchKeyItemFromStorage.CiphertextBlob | ||
| ); | ||
| var branchKey: KMS.DecryptResponse :- KMSKeystoreOperations.DecryptKeyForHV2( |
There was a problem hiding this comment.
This is most definitely not a branchKey ;)
| var branchKey: KMS.DecryptResponse :- KMSKeystoreOperations.DecryptKeyForHV2( | |
| var kmsDecryptRes: KMS.DecryptResponse :- KMSKeystoreOperations.DecryptKeyForHV2( |
There was a problem hiding this comment.
| "Failed to create SHA of MD Digest."); | ||
| return Failure(e); | ||
| } | ||
| var plaintextBranchKeyWithMdDigest := branchKey.Plaintext.value; |
There was a problem hiding this comment.
| var plaintextBranchKeyWithMdDigest := branchKey.Plaintext.value; | |
| var plaintextBranchKeyWithMdDigest := kmsDecryptRes.Plaintext.value; |
| "This Branch Key item has failed the authentication check. Either it has been tampered with or the wrong 'Logical Key Store Name' has been provided." | ||
|
|
||
| const KMS_DECRYPT_INVALID_KEY_LENGTH_HV2 := | ||
| "Invalid response from AWS KMS Decrypt: Key is not of 80 bytes. This could mean Branch Key Item in the Storage has been tampered." |
There was a problem hiding this comment.
| "Invalid response from AWS KMS Decrypt: Key is not of 80 bytes. This could mean Branch Key Item in the Storage has been tampered." | |
| "Invalid response from AWS KMS Decrypt: Plaintext is not 80 bytes. This could mean the persisted branch key Item has been tampered." |
There was a problem hiding this comment.
| "Invalid response from AWS KMS Decrypt: Key is not of 80 bytes. This could mean Branch Key Item in the Storage has been tampered." | ||
|
|
||
| const INVALID_BRANCH_KEY_CONTEXT := | ||
| "The branch key item is missing a required attribute. The branch key item might have been tampered to remove some attribute(s)." |
There was a problem hiding this comment.
| "The branch key item is missing a required attribute. The branch key item might have been tampered to remove some attribute(s)." | |
| "The branch key item is missing a required attribute. The branch key item might have been tampered with." |
There was a problem hiding this comment.
| "Invalid hierarchy version. Expected version 1 or 2." | ||
|
|
||
| const MD_DIGEST_SHA_NOT_MATCHED := | ||
| "This Branch Key item has failed the authentication check. Either it has been tampered with or the wrong 'Logical Key Store Name' has been provided." |
There was a problem hiding this comment.
| "This Branch Key item has failed the authentication check. Either it has been tampered with or the wrong 'Logical Key Store Name' has been provided." | |
| "This branch key item has failed the authentication check. Either it has been tampered with or the wrong 'Logical Key Store Name' has been provided." |
| :: k := item[k] | ||
| } | ||
|
|
||
| method GetHV2EC( |
There was a problem hiding this comment.
I get it, but for today, let's distinguish b/w the various ECs.
KMS EC :: What KMS sees.
| method GetHV2EC( | |
| method GetHv2KmsEc( |
| { | ||
| var item :| item in items; | ||
| items := items - { item }; | ||
| if (|item.0| >= |Structure.ENCRYPTION_CONTEXT_PREFIX| && item.0[..|Structure.ENCRYPTION_CONTEXT_PREFIX|] == Structure.ENCRYPTION_CONTEXT_PREFIX) { | ||
| var newKey := item.0[|Structure.ENCRYPTION_CONTEXT_PREFIX|..]; | ||
| newMap := newMap[newKey := item.1]; | ||
| } else { | ||
| newMap := newMap[item.0 := item.1]; | ||
| } | ||
| } |
There was a problem hiding this comment.
For M1, this OK... but we probably will need to refactor to a more efficient solution.
Dafny maps are not mutable... so these are new allocations (I think).
i.e: each iteration is a new allocation of the map.
There is a action we can use.
There was a problem hiding this comment.
Added a TODO for this method. I think I might need to change this method into a function so that i can use it in pre and post condition for verification.
| function method RemoveRestrictedFields(a:map<string, string>) : (output:map<string, string>) | ||
| ensures Structure.Hv2EncryptionContext?(output) | ||
| { | ||
| a - Structure.BRANCH_KEY_RESTRICTED_FIELD_NAMES | ||
| } |
There was a problem hiding this comment.
Nit: I hate bad variable names. I get it, input vs a really does not matter.
But some part of me just does not have the flexibility to accept this.
| function method RemoveRestrictedFields(a:map<string, string>) : (output:map<string, string>) | |
| ensures Structure.Hv2EncryptionContext?(output) | |
| { | |
| a - Structure.BRANCH_KEY_RESTRICTED_FIELD_NAMES | |
| } | |
| function method RemoveRestrictedFields(input:map<string, string>) : (output:map<string, string>) | |
| ensures Structure.Hv2EncryptionContext?(output) | |
| { | |
| input - Structure.BRANCH_KEY_RESTRICTED_FIELD_NAMES | |
| } |
| assert forall r | r in parseResults.Values :: r.Success?; | ||
| var utf8KeysUnique := forall k, k' | k in parseResults && k' in parseResults | ||
| :: k != k' ==> parseResults[k].value.0 != parseResults[k'].value.0; | ||
| if !utf8KeysUnique then Failure(Types.KeyStoreException( | ||
| message := "Encryption context keys are not unique")) // this should never happen... | ||
| else Success(map r | r in parseResults.Values :: r.value.0 := r.value.1) |
There was a problem hiding this comment.
I think I have a helper method in BKSA for proving this.
| //= aws-encryption-sdk-specification/framework/branch-key-store.md#aws-kms-branch-key-decryption | ||
| //= type=implication | ||
| //# - `EncryptionContext` MUST be the [encryption context](#encryption-context) of the provided EncryptedHierarchicalKey | ||
| && decryptRequest.EncryptionContext == Some(versionItem.EncryptionContext) |
There was a problem hiding this comment.
Blocking: I suspect this is wrong.
Unless you know versionItem.EncryptionContext is the un-prefixed user supplied EC.
There was a problem hiding this comment.
Added a TODO for this predicate. Will get into it later
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
rishav-karanjit
temporarily deployed
to
Duvet CI
GitHub Actions
Inactive
| var item :| item in items; | ||
| items := items - { item }; | ||
| if (|item.0| >= |Structure.ENCRYPTION_CONTEXT_PREFIX| && item.0[..|Structure.ENCRYPTION_CONTEXT_PREFIX|] == Structure.ENCRYPTION_CONTEXT_PREFIX) { | ||
| var newKey := item.0[|Structure.ENCRYPTION_CONTEXT_PREFIX|..]; | ||
| newMap := newMap[newKey := item.1]; | ||
| } else { | ||
| newMap := newMap[item.0 := item.1]; |
There was a problem hiding this comment.
It looks like this method doesn't actually remove ENCRYPTION_CONTEXT_PREFIX. I think we should write some tests around EC.
There was a problem hiding this comment.
Yes it does not remove ENCRYPTION_CONTEXT_PREFIX if it is not in the EC (else block) but if ENCRYPTION_CONTEXT_PREFIX is there it will remove it (if block)
There was a problem hiding this comment.
But, there is definitely a bug in GetHV2EC because it is returning withoutRestrictedField instead of newMap
| } else if (branchKeyItemFromStorage.EncryptionContext[Structure.HIERARCHY_VERSION] == Structure.HIERARCHY_VERSION_2) { | ||
| // branchKeyItemFromStorage.EncryptionContext comes from storage is not the actual EC. | ||
| // branchKeyItemFromStorage.EncryptionContext contains all the items in the dynamodb table and table name. | ||
| var hv2EC := HierarchicalVersionUtils.GetHV2EC(branchKeyItemFromStorage.EncryptionContext); |
There was a problem hiding this comment.
I think we can use either before calling KMS.Decrypt or Here.
| var hv2EC := HierarchicalVersionUtils.GetHV2EC(branchKeyItemFromStorage.EncryptionContext); | |
| var hv2EC := Structure.ExtractCustomEncryptionContextAs(branchKeyItemFromStorage.EncryptionContext); |
There was a problem hiding this comment.
The reason ExtractCustomEncryptionContextAs won't work is it filters EC that are greater than ENCRYPTION_CONTEXT_PREFIX (here). So, if EC is ["Robbie":"is a dog"] then it removes this key-value which is not expected. In Get operation we only remove ENCRYPTION_CONTEXT_PREFIX if its there because there could be a customer who might be extending MPL having their own create operation. So, to untransform the EC in get operation, we remove the restricted fields and then remove the prefix only if its there.
Issue #, if available:
Description of changes:
Squash/merge commit message, if applicable:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.