transitapi: add http handler enc/dec #1199
Conversation
jmxnzo
added
no changelog
jmxnzo
changed the title
jmxnzo
force-pushed
the
http-handler/transit-engine-api
branch
3 times, most recently
from
eed6fd3 to
2b3b3ce
Compare
jmxnzo
force-pushed
the
http-handler/transit-engine-api
branch
from
2b3b3ce to
9cd6b17
Compare
| // Copyright 2024 Edgeless Systems GmbH | ||
| // SPDX-License-Identifier: AGPL-3.0-only | ||
|
|
||
| package transitengine |
There was a problem hiding this comment.
There should be a package comment that explains what this is and where it comes from.
| if err != nil { | ||
| return nil, err | ||
| } | ||
| ciphertext := gcm.Seal(nil, nonce, plaintext, nil) |
There was a problem hiding this comment.
We want to pass additionalData here, right?
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func TestCryptoAPICyclic(t *testing.T) { |
There was a problem hiding this comment.
This does not test crypto.go, but transitengine.go. May I suggest moving this test to transitengine_test.go and add a cyclic test for symmetric*cryptRaw here?
|
|
||
| const ( | ||
| // aesGCMNonceSize specifies the default nonce size in bytes used in AES GCM. | ||
| aesGCMNonceSize = 12 |
There was a problem hiding this comment.
https://pkg.go.dev/crypto/cipher#AEAD has a NonceSize().
| } | ||
|
|
||
| // symmetricDecryptRaw returns the decrypted ciphertext based on the symmetric options and encryption keys handed in. | ||
| func symmetricDecryptRaw(decKey, ciphertext []byte, opts symOpts) ([]byte, error) { |
There was a problem hiding this comment.
It's a bit weird that the encryption function outputs nonce:ciphertext but we get the nonce here through symOpts. I'd have expected either
- The nonce is a separate output of encrypt, and a separate input of decrypt.
- The nonce is prepended to the ciphertext by encrypt, and stripped from the ciphertext by decrypt.
- encrypt returns a struct containing ciphertext and nonce, decrypt accepts such struct. This would likely replace
prefixb64Ciphertext.
No. 3 might actually be best considering that we want to serialize the output - could be a method on that struct.
| pathParts := strings.Split(strings.Trim(r.URL.Path, "/"), "/") | ||
| if len(pathParts) < 4 || pathParts[1] != "transit" { | ||
| http.NotFound(w, r) | ||
| return | ||
| } | ||
| action := pathParts[2] |
There was a problem hiding this comment.
You can register the routes directly:
mux.Handle("/transit/encrypt/{name}", getEncryptHandler())
mux.Handle("/transit/decrypt/{name}", getDecryptHandler())Then get the secret name with https://pkg.go.dev/net/http#Request.PathValue.
| if err := json.NewDecoder(r.Body).Decode(&plaintext); err != nil { | ||
| return b64Plaintext{}, symOpts{}, err | ||
| } | ||
| // TODO(jmxnzo): Read symOpts from HTTP request params |
There was a problem hiding this comment.
I think we should also fail if there's an option that we don't implement/understand.
| eg.Go(func() error { | ||
| mux := transitengine.NewTransitEngineAPI(meshAuth, logger) | ||
| logger.Info("Transit Engine API initialized") | ||
| port := 8200 | ||
| fmt.Printf("Serving transit engine API on port %d\n", port) | ||
| if err := http.ListenAndServe(fmt.Sprintf(":%d", port), mux); err != nil { | ||
| logger.Error("Failed to start transit engine API", "err", err) | ||
| } | ||
| return nil | ||
| }) | ||
|
|
There was a problem hiding this comment.
This should only be enabled after authorization.
This PR adds basic http handling functionality for the encrypt and decrypt endpoints of the transit engine API, allowing the auto-unsealing process for user-managed Vaults. Additionally a cyclic cryptographic unit test, testing the implemented handler functions for encrypt and decrypt was added.
ToDo's