AA/kbs_protocol: fix JWE decryption logic due to RFC7516

Per RFC7516, the AEAD's auth tag should be included inside the JWE body.
We fix this to align with trustee side

confidential-containers/trustee#597

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>

attestation-agent/deps/crypto/src/lib.rs

@@ -34,3 +34,5 @@ pub use asymmetric::*;
 
 mod algorithms;
 pub use algorithms::*;
+
+const AEAD_AAD: &[u8] = b"CoCo";

attestation-agent/deps/crypto/src/native/aes256gcm.rs

@@ -8,6 +8,8 @@
 use anyhow::*;
 use openssl::symm::Cipher;
 
+use crate::AEAD_AAD;
+
 const TAG_LENGTH: usize = 16;
 
 pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
@@ -17,15 +19,16 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
     }
 
     let (data, tag) = encrypted_data.split_at(encrypted_data.len() - TAG_LENGTH);
-    openssl::symm::decrypt_aead(cipher, key, Some(iv), &[], data, tag)
+    openssl::symm::decrypt_aead(cipher, key, Some(iv), AEAD_AAD, data, tag)
         .map_err(|e| anyhow!(e.to_string()))
 }
 
 pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
     let cipher = Cipher::aes_256_gcm();
     let mut tag = [0u8; TAG_LENGTH];
-    let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag)
-        .map_err(|e| anyhow!(e.to_string()))?;
+    let mut ciphertext =
+        openssl::symm::encrypt_aead(cipher, key, Some(iv), AEAD_AAD, data, &mut tag)
+            .map_err(|e| anyhow!(e.to_string()))?;
     ciphertext.extend_from_slice(&tag);
     Ok(ciphertext)
 }

attestation-agent/deps/crypto/src/rust/aes256gcm.rs

@@ -5,26 +5,30 @@
 
 //! This mod implements aes-256-gcm encryption & decryption.
 
-use aes_gcm::{aead::Aead, Aes256Gcm, Key, KeyInit, Nonce};
+use aes_gcm::{AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce};
 use anyhow::*;
 
+use crate::AEAD_AAD;
+
 pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
     let decrypting_key = Key::<Aes256Gcm>::from_slice(key);
     let cipher = Aes256Gcm::new(decrypting_key);
     let nonce = Nonce::from_slice(iv);
-    let plain_text = cipher
-        .decrypt(nonce, encrypted_data)
+    let mut plaintext = encrypted_data.to_vec();
+    cipher
+        .decrypt_in_place(nonce, AEAD_AAD, &mut plaintext)
         .map_err(|e| anyhow!("aes-256-gcm decrypt failed: {:?}", e))?;
 
-    Ok(plain_text)
+    Ok(plaintext)
 }
 
 pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
     let encrypting_key = Key::<Aes256Gcm>::from_slice(key);
     let cipher = Aes256Gcm::new(encrypting_key);
     let nonce = Nonce::from_slice(iv);
-    let ciphertext = cipher
-        .encrypt(nonce, data)
+    let mut ciphertext = data.to_vec();
+    cipher
+        .encrypt_in_place(nonce, AEAD_AAD, &mut ciphertext)
         .map_err(|e| anyhow!("aes-256-gcm encrypt failed: {:?}", e))?;
 
     Ok(ciphertext)

attestation-agent/kbs_protocol/src/client/rcar_client.rs

@@ -406,28 +406,28 @@ mod test {
         kbs_config.push("test/kbs-config.toml");
         policy.push("test/policy.rego");
 
-        let image = GenericImage::new(
-            "ghcr.io/confidential-containers/staged-images/kbs",
-            "latest",
-        )
-        .with_exposed_port(8085)
-        .with_volume(
-            tmp.path().as_os_str().to_string_lossy(),
-            "/opt/confidential-containers/kbs/repository",
-        )
-        .with_volume(
-            start_kbs_script.into_os_string().to_string_lossy(),
-            "/usr/local/bin/start_kbs.sh",
-        )
-        .with_volume(
-            kbs_config.into_os_string().to_string_lossy(),
-            "/etc/kbs-config.toml",
-        )
-        .with_volume(
-            policy.into_os_string().to_string_lossy(),
-            "/opa/confidential-containers/kbs/policy.rego",
-        )
-        .with_entrypoint("/usr/local/bin/start_kbs.sh");
+        // TODO: remove the changes after
+        // https://github.com/confidential-containers/trustee/pull/597
+        // gets merged.
+        let image = GenericImage::new("xynnn007/kbs", "fix-aead")
+            .with_exposed_port(8085)
+            .with_volume(
+                tmp.path().as_os_str().to_string_lossy(),
+                "/opt/confidential-containers/kbs/repository",
+            )
+            .with_volume(
+                start_kbs_script.into_os_string().to_string_lossy(),
+                "/usr/local/bin/start_kbs.sh",
+            )
+            .with_volume(
+                kbs_config.into_os_string().to_string_lossy(),
+                "/etc/kbs-config.toml",
+            )
+            .with_volume(
+                policy.into_os_string().to_string_lossy(),
+                "/opa/confidential-containers/kbs/policy.rego",
+            )
+            .with_entrypoint("/usr/local/bin/start_kbs.sh");
         let kbs = docker.run(image);
 
         tokio::time::sleep(Duration::from_secs(10)).await;

attestation-agent/kbs_protocol/src/keypair.rs

@@ -65,8 +65,9 @@ impl TeeKeyPair {
         let symkey = self.decrypt(padding_mode, wrapped_symkey)?;
 
         let iv = URL_SAFE_NO_PAD.decode(&response.iv)?;
-        let ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;
-
+        let mut ciphertext = URL_SAFE_NO_PAD.decode(&response.ciphertext)?;
+        let mut tag = URL_SAFE_NO_PAD.decode(&response.tag)?;
+        ciphertext.append(&mut tag);
         let plaintext = crypto::decrypt(Zeroizing::new(symkey), ciphertext, iv, protected.enc)?;
 
         Ok(plaintext)