go-jose icon indicating copy to clipboard operation
go-jose copied to clipboard
verified publisher icon square

Supply custom ECDH key and apu/apv claims

Open NeilMadden opened this issue 8 years ago • 5 comments

NB: this PR needs a bit of work to get it into a mergeable state but I wanted to put it up for your feedback. I have the go-ahead from my employer wrt to the contributor agreement.

This adds two new encryptor options: one provides a callback for generating the apu and apv values and is handed the public keys for both parties; the other allows the caller to specify a custom ephemeral key generator.

For an illustration of the kinds of issues that populating the apu and apv claims is meant to solve, see for instance the rationale for the TLS extended master secret in response to the Triple Handshake vulnerability. In this case, including too little information in the key derivation hash process was identified as the root cause and so the extended master secret was developed that hashes in the full transcript of the TLS handshake up to that point. In particular, you should always at least include the public keys in the KDF hash, hence why we make them available to the callback.

The second change to allow a custom ephemeral key to be provided is to support including a signed hash of the ephemeral public key in the payload of the JWE to authenticate the ephemeral public key. Otherwise, the ephemeral key is generated too late in the process for this to happen so we generate it up front and then supply it to the ECDH key agreement process via this callback.

Let me know if you have comments/feedback. I'm not precious about the approach, so happy to rework if you'd prefer a different design. In the meantime, I'll change the imports back and add some tests.

NeilMadden avatar Oct 27 '17 10:10 NeilMadden

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

:x: NeilMadden
:x: JacoJooste
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Oct 27 '17 10:10 CLAassistant

Apologies - just re-reading the email I got and we are still waiting for a final go-ahead from legal wrt to the CLA. Will push to get a decision on this asap.

NeilMadden avatar Oct 27 '17 10:10 NeilMadden

Hi @NeilMadden, sorry for the delayed response but I was on vacation for the last two weeks. I will make sure to review your code tomorrow, but in general this seems like the right approach. Let me know if you have questions around the CLA and/or if you want to setup a corp CLA instead of individual CLAs.

csstaub avatar Nov 07 '17 00:11 csstaub

Code looks good to me, apart from the import paths.

csstaub avatar Nov 10 '17 18:11 csstaub

Ping @NeilMadden -- any luck on the CLA, wrt. your legal dept? If so I'd be happy to clean this up and merge it.

csstaub avatar May 24 '19 21:05 csstaub