Rely on the new ECMR support in jose

latchset · Jun 10, 2017 · 8c7a42f · 8c7a42f
1 parent 8251818
commit 8c7a42f
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 7 deletions.
diff --git a/doc/tang.8 b/doc/tang.8
@@ -16,7 +16,7 @@ The Tang project arose as a tool to help the automation of decryption\. Existing
 However, escrow servers have many additional requirements, including authentication (so that clients can\'t get keys they aren\'t suppossed to have) and transport encryption (so that attackers listening on the network can\'t eavesdrop on the keys in transit)\.
 .
 .P
-Tang avoids this complexity\. Instead of storing a symmetric key remotely, the client performs an asymmetric key exchange with the Tang server\. Since the Tang server doesn\'t store or transport symmetric keys, neither authentication nor encryption are required\. Thus, Tang is completely stateless and zero\-configuration\.
+Tang avoids this complexity\. Instead of storing a symmetric key remotely, the client performs an asymmetric key exchange with the Tang server\. Since the Tang server doesn\'t store or transport symmetric keys, neither authentication nor encryption are required\. Thus, Tang is completely stateless and zero\-configuration\. Further, clients can be completely anonymous\.
 .
 .P
 Tang does not provide a client\. But it does export a simple REST API and it transfers only standards compliant JSON Object Signing and Encryption (JOSE) objects, allowing you to create your own clients using off the shelf components\. For an off\-the\-shelf automated encryption framework with support for Tang, see the Clevis project\. For the full technical details of the Tang protocol, see the Tang project\'s homepage\.
@@ -52,7 +52,7 @@ To rotate keys, first we need to generate new keys in the key database directory
 
 # DB=/var/db/tang
 # jose jwk gen \-i \'{"alg":"ES512"}\' \-o $DB/new_sig\.jwk
-# jose jwk gen \-i \'{"alg":"ECDH","crv":"P\-521"}\' \-o $DB/new_exc\.jwk
+# jose jwk gen \-i \'{"alg":"ECMR"}\' \-o $DB/new_exc\.jwk
 .
 .fi
 .

diff --git a/doc/tang.8.md b/doc/tang.8.md
@@ -22,7 +22,7 @@ Tang avoids this complexity. Instead of storing a symmetric key remotely,
 the client performs an asymmetric key exchange with the Tang server. Since
 the Tang server doesn't store or transport symmetric keys, neither
 authentication nor encryption are required. Thus, Tang is completely stateless
-and zero-configuration.
+and zero-configuration. Further, clients can be completely anonymous.
 
 Tang does not provide a client. But it does export a simple REST API and
 it transfers only standards compliant JSON Object Signing and Encryption
@@ -60,7 +60,7 @@ new signature and exchange keys with the following commands:
 
     # DB=/var/db/tang
     # jose jwk gen -i '{"alg":"ES512"}' -o $DB/new_sig.jwk
-    # jose jwk gen -i '{"alg":"ECDH","crv":"P-521"}' -o $DB/new_exc.jwk
+    # jose jwk gen -i '{"alg":"ECMR"}' -o $DB/new_exc.jwk
 
 Next, rename the old keys to have a leading `.` in order to hide them from
 advertisement:

diff --git a/src/nagios.c b/src/nagios.c
@@ -355,9 +355,11 @@ nagios_recover(conn_t *con, const char *host, const char *path,
     if (!kid)
         return true;
 
-    lcl = json_pack("{s:O,s:O}",
+    lcl = json_pack("{s:O,s:O,s:s,s:[s]}",
                     "kty", json_object_get(jwk, "kty"),
-                    "crv", json_object_get(jwk, "crv"));
+                    "crv", json_object_get(jwk, "crv"),
+                    "alg", "ECMR",
+                    "key_ops", "deriveKey");
     if (!lcl)
         return false;
 

diff --git a/src/tangd.c b/src/tangd.c
@@ -97,18 +97,34 @@ rec(enum http_method method, const char *path, const char *body,
     json_auto_t *jwk = NULL;
     json_auto_t *req = NULL;
     json_auto_t *rep = NULL;
+    const char *alg = NULL;
     const char *kty = NULL;
+    const char *d = NULL;
+
+    /*
+     * Parse and validate the request JWK
+     */
 
     req = json_loads(body, 0, NULL);
     if (!req)
         return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
 
-    if (json_unpack(req, "{s:s}", "kty", &kty) != 0)
+    if (!jose_jwk_prm(NULL, req, false, "deriveKey"))
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    if (json_unpack(req, "{s:s,s?s}", "kty", &kty, "alg", &alg) < 0)
         return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
 
     if (strcmp(kty, "EC") != 0)
         return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
 
+    if (alg && strcmp(alg, "ECMR") != 0)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    /*
+     * Parse and validate the server-side JWK
+     */
+
     thp = strndup(&path[matches[1].rm_so], size);
     if (!thp)
         return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
@@ -123,10 +139,25 @@ rec(enum http_method method, const char *path, const char *body,
     if (!jose_jwk_prm(NULL, jwk, true, "deriveKey"))
         return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
 
+    if (json_unpack(jwk, "{s:s,s?s}", "d", &d, "alg", &alg) < 0)
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    if (alg && strcmp(alg, "ECMR") != 0)
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    /*
+     * Perform the exchange and return
+     */
     rep = jose_jwk_exc(NULL, jwk, req);
     if (!rep)
         return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
 
+    if (json_object_set_new(rep, "alg", json_string("ECMR")) < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    if (json_object_set_new(rep, "key_ops", json_pack("[s]", "deriveKey")) < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
     enc = json_dumps(rep, JSON_SORT_KEYS | JSON_COMPACT);
     if (!enc)
         return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);