Skip to content

MONGOCRYPT-563 add CryptographicUsageMask to Register request #603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Mar 22, 2023
Merged

MONGOCRYPT-563 add CryptographicUsageMask to Register request #603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0b8c3d1
format kms_kmip_request.c
kevinAlbs Mar 21, 2023
aa1dfaa
fix error checks of `kms_kmip_request.*new`
kevinAlbs Mar 21, 2023
cb2c577
add `Cryptographic Usage Mask` attribute to KMIP `Register` request
kevinAlbs Mar 21, 2023
234ed67
change `Key Format Type` from `Raw` to `Opaque`.
kevinAlbs Mar 21, 2023
5715f40
update comments and test data
kevinAlbs Mar 21, 2023
f676d7c
fix comment. SecretDataType used is Seed, not Password
kevinAlbs Mar 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 26 additions & 7 deletions kms-message/src/kms_kmip_request.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@
#include <stdint.h>

static void
copy_writer_buffer (kms_request_t *req, kmip_writer_t *writer) {
copy_writer_buffer (kms_request_t *req, kmip_writer_t *writer)
{
const uint8_t *buf;
size_t buflen;

Expand Down Expand Up @@ -54,11 +55,15 @@ kms_kmip_request_register_secretdata_new (void *reserved,
<RequestPayload tag="0x420079" type="Structure">
<ObjectType tag="0x420057" type="Enumeration" value="7"/>
<TemplateAttribute tag="0x420091" type="Structure">
<Attribute tag="0x420008" type="Structure">
<AttributeName tag="0x42000a" type="TextString" value="Cryptographic
Usage Mask"/> <AttributeValue tag="0x42000b" type="Integer" value="0"/>
</Attribute>
</TemplateAttribute>
<SecretData tag="0x420085" type="Structure">
<SecretDataType tag="0x420086" type="Enumeration" value="1"/>
<SecretDataType tag="0x420086" type="Enumeration" value="2"/>
<KeyBlock tag="0x420040" type="Structure">
<KeyFormatType tag="0x420042" type="Enumeration" value="1"/>
<KeyFormatType tag="0x420042" type="Enumeration" value="2"/>
<KeyValue tag="0x420045" type="Structure">
<KeyMaterial tag="0x420043" type="ByteString" value="..."/>
</KeyValue>
Expand Down Expand Up @@ -101,15 +106,29 @@ kms_kmip_request_register_secretdata_new (void *reserved,
/* 0x07 == SecretData */
kmip_writer_write_enumeration (writer, KMIP_TAG_ObjectType, 0x07);
kmip_writer_begin_struct (writer, KMIP_TAG_TemplateAttribute);
// Add required Cryptographic Usage Mask attribute.
{
kmip_writer_begin_struct (writer, KMIP_TAG_Attribute);
const char *cryptographicUsageMaskStr = "Cryptographic Usage Mask";
kmip_writer_write_string (writer,
KMIP_TAG_AttributeName,
cryptographicUsageMaskStr,
strlen (cryptographicUsageMaskStr));
// Use 0 because the Secret Data object is not used in cryptographic
// operations on the KMIP server.
kmip_writer_write_integer (writer, KMIP_TAG_AttributeValue, 0);
kmip_writer_close_struct (writer);
}
kmip_writer_close_struct (writer); /* KMIP_TAG_TemplateAttribute */
kmip_writer_begin_struct (writer, KMIP_TAG_SecretData);
/* 0x01 = Password */
/* 0x02 = Seed */
kmip_writer_write_enumeration (writer, KMIP_TAG_SecretDataType, 0x02);
kmip_writer_begin_struct (writer, KMIP_TAG_KeyBlock);
/* 0x01 = Raw */
kmip_writer_write_enumeration (writer, KMIP_TAG_KeyFormatType, 0x01);
/* 0x02 = Opaque */
kmip_writer_write_enumeration (writer, KMIP_TAG_KeyFormatType, 0x02);
kmip_writer_begin_struct (writer, KMIP_TAG_KeyValue);
kmip_writer_write_bytes (writer, KMIP_TAG_KeyMaterial, (const char *) data, len);
kmip_writer_write_bytes (
writer, KMIP_TAG_KeyMaterial, (const char *) data, len);
kmip_writer_close_struct (writer); /* KMIP_TAG_KeyValue */
kmip_writer_close_struct (writer); /* KMIP_TAG_KeyBlock */
kmip_writer_close_struct (writer); /* KMIP_TAG_SecretData */
Expand Down
51 changes: 29 additions & 22 deletions kms-message/test/test_kms_kmip_request.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,20 @@
</RequestHeader>
<BatchItem tag="0x42000f" type="Structure">
<Operation tag="0x42005c" type="Enumeration" value="3"/>
<UniqueBatchItemID tag="0x420093" type="ByteString" value="41"/>
<RequestPayload tag="0x420079" type="Structure">
<ObjectType tag="0x420057" type="Enumeration" value="7"/>
<TemplateAttribute tag="0x420091" type="Structure">
<Attribute tag="0x420008" type="Structure">
<AttributeName tag="0x42000a" type="TextString" value="Cryptographic Usage
Mask"/> <AttributeValue tag="0x42000b" type="Integer" value="0"/>
</Attribute>
</TemplateAttribute>
<SecretData tag="0x420085" type="Structure">
<SecretDataType tag="0x420086" type="Enumeration" value="1"/>
<SecretDataType tag="0x420086" type="Enumeration" value="2"/>
<KeyBlock tag="0x420040" type="Structure">
<KeyFormatType tag="0x420042" type="Enumeration" value="1"/>
<KeyFormatType tag="0x420042" type="Enumeration" value="2"/>
<KeyValue tag="0x420045" type="Structure">
<KeyMaterial tag="0x420043" type="ByteString"
<KeyMaterial tag="0x420043" type="ByteString"
value="ffa8cc79e8c3763b0121fcd06bb3488c8bf42c0774604640279b16b264194030eeb08396241defcc4d32d16ea831ad777138f08e2f985664c004c2485d6f4991eb3d9ec32802537836a9066b4e10aeb56a5ccf6aa46901e625e3400c7811d2ec"/>
</KeyValue>
</KeyBlock>
Expand All @@ -33,30 +36,35 @@ value="ffa8cc79e8c3763b0121fcd06bb3488c8bf42c0774604640279b16b264194030eeb083962
</RequestMessage>
*/
#define REGISTER_SECRETDATA_REQUEST \
0x42, 0x00, 0x78, 0x01, 0x00, 0x00, 0x01, 0x18, 0x42, 0x00, 0x77, 0x01, \
0x42, 0x00, 0x78, 0x01, 0x00, 0x00, 0x01, 0x50, 0x42, 0x00, 0x77, 0x01, \
0x00, 0x00, 0x00, 0x38, 0x42, 0x00, 0x69, 0x01, 0x00, 0x00, 0x00, 0x20, \
0x42, 0x00, 0x6a, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, \
0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x6b, 0x02, 0x00, 0x00, 0x00, 0x04, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x0d, 0x02, \
0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, \
0x42, 0x00, 0x0f, 0x01, 0x00, 0x00, 0x00, 0xd0, 0x42, 0x00, 0x5c, 0x05, \
0x42, 0x00, 0x0f, 0x01, 0x00, 0x00, 0x01, 0x08, 0x42, 0x00, 0x5c, 0x05, \
0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, \
0x42, 0x00, 0x79, 0x01, 0x00, 0x00, 0x00, 0xb8, 0x42, 0x00, 0x57, 0x05, \
0x42, 0x00, 0x79, 0x01, 0x00, 0x00, 0x00, 0xf0, 0x42, 0x00, 0x57, 0x05, \
0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, \
0x42, 0x00, 0x91, 0x01, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x85, 0x01, \
0x00, 0x00, 0x00, 0x98, 0x42, 0x00, 0x86, 0x05, 0x00, 0x00, 0x00, 0x04, \
0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x40, 0x01, \
0x00, 0x00, 0x00, 0x80, 0x42, 0x00, 0x42, 0x05, 0x00, 0x00, 0x00, 0x04, \
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x45, 0x01, \
0x00, 0x00, 0x00, 0x68, 0x42, 0x00, 0x43, 0x08, 0x00, 0x00, 0x00, 0x60, \
0xff, 0xa8, 0xcc, 0x79, 0xe8, 0xc3, 0x76, 0x3b, 0x01, 0x21, 0xfc, 0xd0, \
0x6b, 0xb3, 0x48, 0x8c, 0x8b, 0xf4, 0x2c, 0x07, 0x74, 0x60, 0x46, 0x40, \
0x27, 0x9b, 0x16, 0xb2, 0x64, 0x19, 0x40, 0x30, 0xee, 0xb0, 0x83, 0x96, \
0x24, 0x1d, 0xef, 0xcc, 0x4d, 0x32, 0xd1, 0x6e, 0xa8, 0x31, 0xad, 0x77, \
0x71, 0x38, 0xf0, 0x8e, 0x2f, 0x98, 0x56, 0x64, 0xc0, 0x04, 0xc2, 0x48, \
0x5d, 0x6f, 0x49, 0x91, 0xeb, 0x3d, 0x9e, 0xc3, 0x28, 0x02, 0x53, 0x78, \
0x36, 0xa9, 0x06, 0x6b, 0x4e, 0x10, 0xae, 0xb5, 0x6a, 0x5c, 0xcf, 0x6a, \
0xa4, 0x69, 0x01, 0xe6, 0x25, 0xe3, 0x40, 0x0c, 0x78, 0x11, 0xd2, 0xec
0x42, 0x00, 0x91, 0x01, 0x00, 0x00, 0x00, 0x38, 0x42, 0x00, 0x08, 0x01, \
0x00, 0x00, 0x00, 0x30, 0x42, 0x00, 0x0a, 0x07, 0x00, 0x00, 0x00, 0x18, \
0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x69, \
0x63, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x20, 0x4d, 0x61, 0x73, 0x6b, \
0x42, 0x00, 0x0b, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x85, 0x01, 0x00, 0x00, 0x00, 0x98, \
0x42, 0x00, 0x86, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, \
0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x40, 0x01, 0x00, 0x00, 0x00, 0x80, \
0x42, 0x00, 0x42, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, \
0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x45, 0x01, 0x00, 0x00, 0x00, 0x68, \
0x42, 0x00, 0x43, 0x08, 0x00, 0x00, 0x00, 0x60, 0xff, 0xa8, 0xcc, 0x79, \
0xe8, 0xc3, 0x76, 0x3b, 0x01, 0x21, 0xfc, 0xd0, 0x6b, 0xb3, 0x48, 0x8c, \
0x8b, 0xf4, 0x2c, 0x07, 0x74, 0x60, 0x46, 0x40, 0x27, 0x9b, 0x16, 0xb2, \
0x64, 0x19, 0x40, 0x30, 0xee, 0xb0, 0x83, 0x96, 0x24, 0x1d, 0xef, 0xcc, \
0x4d, 0x32, 0xd1, 0x6e, 0xa8, 0x31, 0xad, 0x77, 0x71, 0x38, 0xf0, 0x8e, \
0x2f, 0x98, 0x56, 0x64, 0xc0, 0x04, 0xc2, 0x48, 0x5d, 0x6f, 0x49, 0x91, \
0xeb, 0x3d, 0x9e, 0xc3, 0x28, 0x02, 0x53, 0x78, 0x36, 0xa9, 0x06, 0x6b, \
0x4e, 0x10, 0xae, 0xb5, 0x6a, 0x5c, 0xcf, 0x6a, 0xa4, 0x69, 0x01, 0xe6, \
0x25, 0xe3, 0x40, 0x0c, 0x78, 0x11, 0xd2, 0xec

#define REGISTER_SECRETDATA_SECRETDATA \
0xff, 0xa8, 0xcc, 0x79, 0xe8, 0xc3, 0x76, 0x3b, 0x01, 0x21, 0xfc, 0xd0, \
Expand Down Expand Up @@ -93,7 +101,6 @@ kms_kmip_request_register_secretdata_test (void)
void
kms_kmip_request_register_secretdata_invalid_test (void)
{

kms_request_t *req;
uint8_t secret_data[KMS_KMIP_REQUEST_SECRETDATA_LENGTH] = {0};

Expand Down
6 changes: 3 additions & 3 deletions src/mongocrypt-kms-ctx.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1646,7 +1646,7 @@ _mongocrypt_kms_ctx_init_kmip_register (mongocrypt_kms_ctx_t *kms_ctx,
kms_ctx->req = kms_kmip_request_register_secretdata_new (
NULL /* reserved */, secretdata, secretdata_len);

if (!kms_ctx->req) {
if (kms_request_get_error (kms_ctx->req)) {
CLIENT_ERR ("Error creating KMIP register request: %s",
kms_request_get_error (kms_ctx->req));
goto done;
Expand Down Expand Up @@ -1687,7 +1687,7 @@ _mongocrypt_kms_ctx_init_kmip_activate (mongocrypt_kms_ctx_t *kms_ctx,
kms_ctx->req =
kms_kmip_request_activate_new (NULL /* reserved */, unique_identifier);

if (!kms_ctx->req) {
if (kms_request_get_error (kms_ctx->req)) {
CLIENT_ERR ("Error creating KMIP activate request: %s",
kms_request_get_error (kms_ctx->req));
goto done;
Expand Down Expand Up @@ -1728,7 +1728,7 @@ _mongocrypt_kms_ctx_init_kmip_get (mongocrypt_kms_ctx_t *kms_ctx,
kms_ctx->req =
kms_kmip_request_get_new (NULL /* reserved */, unique_identifier);

if (!kms_ctx->req) {
if (kms_request_get_error (kms_ctx->req)) {
CLIENT_ERR ("Error creating KMIP get request: %s",
kms_request_get_error (kms_ctx->req));
goto done;
Expand Down
32 changes: 20 additions & 12 deletions test/test-mongocrypt-kms-ctx.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,15 @@
<RequestPayload tag="0x420079" type="Structure">
<ObjectType tag="0x420057" type="Enumeration" value="7"/>
<TemplateAttribute tag="0x420091" type="Structure">
<Attribute tag="0x420008" type="Structure">
<AttributeName tag="0x42000a" type="TextString" value="Cryptographic Usage
Mask"/> <AttributeValue tag="0x42000b" type="Integer" value="0"/>
</Attribute>
</TemplateAttribute>
<SecretData tag="0x420085" type="Structure">
<SecretDataType tag="0x420086" type="Enumeration" value="2"/>
<KeyBlock tag="0x420040" type="Structure">
<KeyFormatType tag="0x420042" type="Enumeration" value="1"/>
<KeyFormatType tag="0x420042" type="Enumeration" value="2"/>
<KeyValue tag="0x420045" type="Structure">
<KeyMaterial tag="0x420043" type="ByteString"
value="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"/>
Expand All @@ -50,29 +54,33 @@ value="0000000000000000000000000000000000000000000000000000000000000000000000000
</RequestMessage>
*/
static const uint8_t REGISTER_REQUEST[] = {
0x42, 0x00, 0x78, 0x01, 0x00, 0x00, 0x01, 0x18, 0x42, 0x00, 0x77, 0x01, 0x00,
0x42, 0x00, 0x78, 0x01, 0x00, 0x00, 0x01, 0x50, 0x42, 0x00, 0x77, 0x01, 0x00,
0x00, 0x00, 0x38, 0x42, 0x00, 0x69, 0x01, 0x00, 0x00, 0x00, 0x20, 0x42, 0x00,
0x6a, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x42, 0x00, 0x6b, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x0d, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x0f, 0x01, 0x00, 0x00,
0x00, 0xd0, 0x42, 0x00, 0x5c, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x79, 0x01, 0x00, 0x00, 0x00, 0xb8,
0x01, 0x08, 0x42, 0x00, 0x5c, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x79, 0x01, 0x00, 0x00, 0x00, 0xf0,
0x42, 0x00, 0x57, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x07, 0x00,
0x00, 0x00, 0x00, 0x42, 0x00, 0x91, 0x01, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00,
0x85, 0x01, 0x00, 0x00, 0x00, 0x98, 0x42, 0x00, 0x86, 0x05, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x40, 0x01,
0x00, 0x00, 0x00, 0x80, 0x42, 0x00, 0x42, 0x05, 0x00, 0x00, 0x00, 0x04, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x45, 0x01, 0x00, 0x00,
0x00, 0x68, 0x42, 0x00, 0x43, 0x08, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x42, 0x00, 0x91, 0x01, 0x00, 0x00, 0x00, 0x38, 0x42, 0x00,
0x08, 0x01, 0x00, 0x00, 0x00, 0x30, 0x42, 0x00, 0x0a, 0x07, 0x00, 0x00, 0x00,
0x18, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x69,
0x63, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x20, 0x4d, 0x61, 0x73, 0x6b, 0x42,
0x00, 0x0b, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x42, 0x00, 0x85, 0x01, 0x00, 0x00, 0x00, 0x98, 0x42, 0x00, 0x86,
0x05, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00,
0x42, 0x00, 0x40, 0x01, 0x00, 0x00, 0x00, 0x80, 0x42, 0x00, 0x42, 0x05, 0x00,
0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00,
0x45, 0x01, 0x00, 0x00, 0x00, 0x68, 0x42, 0x00, 0x43, 0x08, 0x00, 0x00, 0x00,
0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00};
0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

/*
<ResponseMessage tag="0x42007b" type="Structure">
Expand Down