Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KBS: combine CoCo Token and Jwk Token verifier #524

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

KBS: combine CoCo Token and Jwk Token verifier #524

wants to merge 3 commits into from

Conversation

Xynnn007
Copy link
Member

@Xynnn007 Xynnn007 commented Oct 9, 2024
edited
Loading

This patch is part of #514.

ITA token and CoCo Token are both JWTs. They both need a JWK to verify the JWT. The difference is the way to gather the JWK.

This commit combined the two logic, and add two ways to get the JWK.

  1. From the configured JwkSet when launching KBS
  2. From the JWT's Header's jwk field.

The two ways will check the jwk endorsement in different ways. The first way is to configure the trusted JwkSet from the config. The second way is to configure the trusted CA in config. Then get the public key cert chain from Jwk's x5c field. The both ways are also supported in this patch.

The difference between CoCo Token and ITA Token are where Tee Public key is embedded inside the token, this could be configured in the launch toml of KBS, because it is hard to detect during runtime.

Rust does not provide a mature crate to verify cert chain, thus openssl is used in this patch. We also abondon rustls and openssl feature of KBS because openssl is by default used. Then we use openssl by default to make the code base simpler.

Close #486

cc @mythi

@Xynnn007 Xynnn007 mentioned this pull request Oct 9, 2024
Open
@LiuPeng-running
Copy link

Good good good.

@Xynnn007 Xynnn007 marked this pull request as ready for review October 10, 2024 02:00
@Xynnn007 Xynnn007 requested a review from a team as a code owner October 10, 2024 02:00
@Xynnn007
Copy link
Member Author

Xynnn007 commented Oct 10, 2024
edited
Loading

This PR also changes some logic of previous JWK of CoCoAS, so ptal @jialez0

fitzthum
fitzthum approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Wdyt @mythi

kbs/src/token/mod.rs Show resolved Hide resolved
@mythi
Copy link
Contributor

mythi commented Oct 14, 2024

My earlier comment in the original PR was that my preference is to not expose "ITA" as a token type to the user and that seems to be in this PR still. I was wondering whether we could just ask users to provide the list of trust anchors and try to parse the provided file:// and OpenID config paths.

The only reason for "token type" to still exist seems to be the tee-pubkey search path in the claim. Would it make sense to have the paths configurable instead of having them implicit via the token type? The search paths config could be a list to support tokens with different paths simultaneously.

@Xynnn007
Copy link
Member Author

I was wondering whether we could just ask users to provide the list of trust anchors and try to parse the provided file:// and OpenID config paths.

Yes. This PR supports the original ITA way, s.t. provode file:// to speficy jwkset, or openid url for jwksets. The modification is the configuration name in the config file, from trusted_certs_paths to trusted_jwk_sets.

Another option is trusted_certs_paths. It's for trusted root certs to verify the jwk/x5c field within the JWT header.

The only reason for "token type" to still exist seems to be the tee-pubkey search path in the claim. Would it make sense to have the paths configurable instead of having them implicit via the token type? The search paths config could be a list to support tokens with different paths simultaneously.

Nice suggestion. The pro is flexibility while the con is extra complexity to remember the paths. I personally prefer the "token type" way as the user only needs to care about token type rather than claims inside that. I think you are caring about the name ITA to be exposed to users, so what do you prefer to name it?

@mythi
Copy link
Contributor

mythi commented Oct 15, 2024

The modification is the configuration name in the config file, from trusted_certs_paths to trusted_jwk_sets.

Another option is trusted_certs_paths. It's for trusted root certs to verify the jwk/x5c field within the JWT header.

I was not very clear earlier. My comment was that can we have just one config entry. It would be easier for the user. It should be possible to handle ["file:///foo/coco.pem", "file:///foo/ita.jwks"].

The pro is flexibility while the con is extra complexity to remember the paths

True, OTOH, we can always make known paths as the default and only provide the mechanism to add supplemental paths.

@mythi
Copy link
Contributor

mythi commented Oct 15, 2024

Would it be OK to aim fixing #519 with PR too?

@Xynnn007
Copy link
Member Author

Would it be OK to aim fixing #519 with PR too?

Probably not. Currently it is hard for KBS to detect the JWT type (CoCoAS/ITA or else) runtimely. See #519 (comment)

@Xynnn007
Copy link
Member Author

True, OTOH, we can always make known paths as the default and only provide the mechanism to add supplemental paths.

Do you mean that we have two config items

  • type: specify the token type, s.t. CoCo or ITA
  • tee_publickey_path: if this parameter is given, ignore type and try to extract tee key from this path

@mythi
Copy link
Contributor

mythi commented Oct 15, 2024
edited
Loading

Would it be OK to aim fixing #519 with PR too?

Probably not. Currently it is hard for KBS to detect the JWT type (CoCoAS/ITA or else) runtimely. See #519 (comment)

Could kid/x5* header fields be used to map to what trust anchors we have configured. ITA token has kidand we use it to search the corresponding JWK in the JwkSet.

Do you mean that we have two config items

Just one because type isn't used for anything else than just for mapping to tee-pubkey paths. So I'm thinking could we drop type completely, have some default tee-pubkey paths and allow users to configure supplemental tee_publickey_paths.

@Xynnn007
Copy link
Member Author

Could kid/x5*header fields be used to map to what trust anchors we have configured. ITA token haskid`and we use it to search the corresponding JWK in the JwkSet.

Yes it can and it is implemented in this PR. What #519 aims is to support different public key claim path.

Just one because type isn't used for anything else than just for mapping to tee-pubkey paths. So I'm thinking could we drop type completely, have some default tee-pubkey paths and allow users to configure supplemental tee_publickey_paths.

Ok. Could you provide an example for this in your mind?

@mythi
Copy link
Contributor

mythi commented Oct 16, 2024

Could kid/x5*header fields be used to map to what trust anchors we have configured. ITA token haskid`and we use it to search the corresponding JWK in the JwkSet.

Yes it can and it is implemented in this PR. What #519 aims is to support different public key claim path.

Right, sorry. I had missed that and got side tracked when you wrote that JWT detection cannot be done easily.

Just one because type isn't used for anything else than just for mapping to tee-pubkey paths. So I'm thinking could we drop type completely, have some default tee-pubkey paths and allow users to configure supplemental tee_publickey_paths.

Ok. Could you provide an example for this in your mind?

Instead of match self.token_type we could just loop all configured/known paths until claim.pointer(path) returns Ok. For starters this could be just the two we know today (i.e., TOKEN_TEE_PUBKEY_PATH_COCO and TOKEN_TEE_PUBKEY_PATH_ITA) but maybe we want to add a config entry that allows users to add more paths to search.

@Xynnn007 Xynnn007 force-pushed the refactor-token branch 3 times, most recently from 8f2d7af to 2e9d713 Compare October 16, 2024 08:57
@Xynnn007
KBS: combine CoCo Token and Jwk Token verifier
340b883 
Actually, the ITA token and CoCo Token are both JWTs. They both need a
JWK to verify the JWT. The difference is the way to gather the JWK.

This commit combined the two logic, and add two ways to get the JWK.
1. From the configured JwkSet when launching KBS
2. From the JWT's Header's jwk field.

The two ways will check the jwk endorsement in different ways. The first
way is to configure the trusted JwkSet from the config. The second way
is to configure the trusted CA in config. Then get the public key cert
chain from Jwk's x5c field. The both ways are also supported in this
patch.

Rust does not provide a mature crate to verify cert chain, thus openssl
is used in this patch. We also abondon rustls and openssl feature of KBS
because openssl is by default used. Then we use openssl by default to
make the code base simpler.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
AS: move JWK to the JWT Header field
679a7b8 
Due to RFC 7515, JWK should be part of a JOSE Header rather than claim
body.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
docs/ci: abondon HTTPS_CRYPTO and update token verifier config
2756ca3 
Due to latest change, KBS will not maintain both rustls and openssl
suites for HTTPS. Thus we need to delete all the options of HTTPS_CRYPTO
config in documents and codes.

Also, the latest change changes the config format of
`attestation_token_config`, so we also change the type field to new name
and rename `Jwk` to `ITA`.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
Copy link
Member Author

@mythi Adds the change that you suggested. I think it is good to have some internal defined paths together with user defined extra paths.

@mythi
Copy link
Contributor

mythi commented Oct 16, 2024

@mythi Adds the change that you suggested. I think it is good to have some internal defined paths together with user defined extra paths.

thanks! I personally feel it's better this way and I guess this now meets #519 also. My remaining concern is whether we need separate user facing config entries for trusted_certs_paths and trusted_jwk_sets.

@Xynnn007
Copy link
Member Author

Xynnn007 commented Oct 16, 2024
edited
Loading

Well as they are different things. One is jwkset and the other is root pem certs

mythi
mythi reviewed Oct 16, 2024
View reviewed changes
kbs/src/attestation/intel_trust_authority/mod.rs
extra_teekey_paths: vec![],
trusted_certs_paths: vec![],
trusted_jwk_sets: vec![config.certs_file.clone()],
insecure_key: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
insecure_key: true,
insecure_key: false,

@mythi
Copy link
Contributor

mythi commented Oct 16, 2024

Well as they are different things. One is jwkset and the other is root pem certs

If the take this path, we might need a third one for "OpenID Configuration endpoints" which is what the default ITA config prefers. But my point was that some generic config entry would probably keep things simple for the users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mythi mythi mythi left review comments

@fitzthum fitzthum fitzthum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add "insecure" opt-in for Trustee AS/KBS token signing/verification
4 participants
@Xynnn007 @LiuPeng-running @mythi @fitzthum