envoyproxy
diff --git a/‎cmd/controller/main.go‎
Lines changed: 62 additions & 45 deletions b/‎cmd/controller/main.go‎
Lines changed: 62 additions & 45 deletions
diff --git a/‎cmd/controller/main_test.go‎
Lines changed: 28 additions & 0 deletions b/‎cmd/controller/main_test.go‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎cmd/extproc/mainlib/main.go‎
Lines changed: 31 additions & 18 deletions b/‎cmd/extproc/mainlib/main.go‎
Lines changed: 31 additions & 18 deletions
diff --git a/‎internal/controller/controller.go‎
Lines changed: 9 additions & 0 deletions b/‎internal/controller/controller.go‎
Lines changed: 9 additions & 0 deletions
@@ -56,10 +56,13 @@ type flags struct {
 	// extProcMaxRecvMsgSize is the maximum message size in bytes that the gRPC server can receive.
 	extProcMaxRecvMsgSize int
 	// maxRecvMsgSize is the maximum message size in bytes that the gRPC extension server can receive.
-	maxRecvMsgSize           int
-	mcpSessionEncryptionSeed string
-	watchNamespaces          []string
-	cacheSyncTimeout         time.Duration
+	maxRecvMsgSize                         int
+	mcpSessionEncryptionSeed               string
+	mcpFallbackSessionEncryptionSeed       string
+	mcpSessionEncryptionIterations         int
+	mcpFallbackSessionEncryptionIterations int
+	watchNamespaces                        []string
+	cacheSyncTimeout                       time.Duration
 }
 
 // parsePullPolicy parses string into a k8s PullPolicy.
@@ -189,13 +192,14 @@ func parseAndValidateFlags(args []string) (flags, error) {
 		2*time.Minute, // This is the controller-runtime default
 		"Maximum time to wait for k8s caches to sync",
 	)
-	mcpSessionEncryptionSeed := fs.String(
-		"mcpSessionEncryptionSeed",
-		"seed",
-		"Arbitrary string seed used to derive the MCP session encryption key. "+
-			"Do not include commas as they are used as separators. You can optionally pass \"fallback\" seed after the first one to allow for key rotation. "+
-			"For example: \"new-seed,old-seed-for-fallback\". The fallback seed is only used for decryption.",
-	)
+	mcpSessionEncryptionSeed := fs.String("mcpSessionEncryptionSeed", "default-insecure-seed",
+		"Seed used to derive the MCP session encryption key. This should be changed and set to a secure value.")
+	mcpSessionEncryptionIterations := fs.Int("mcpSessionEncryptionIterations", 100_000,
+		"Number of iterations to use for PBKDF2 key derivation for MCP session encryption.")
+	mcpFallbackSessionEncryptionSeed := fs.String("mcpFallbackSessionEncryptionSeed", "",
+		"Optional fallback seed used for MCP session key rotation")
+	mcpFallbackSessionEncryptionIterations := fs.Int("mcpFallbackSessionEncryptionIterations", 100_000,
+		"Number of iterations used in the fallback PBKDF2 key derivation for MCP session encryption.")
 
 	if err := fs.Parse(args); err != nil {
 		err = fmt.Errorf("failed to parse flags: %w", err)
@@ -258,28 +262,38 @@ func parseAndValidateFlags(args []string) (flags, error) {
 		}
 	}
 
+	if *mcpSessionEncryptionIterations <= 0 {
+		return flags{}, fmt.Errorf("mcp session encryption iterations must be positive: %d", *mcpSessionEncryptionIterations)
+	}
+	if *mcpFallbackSessionEncryptionSeed != "" && *mcpFallbackSessionEncryptionIterations <= 0 {
+		return flags{}, fmt.Errorf("mcp fallback session encryption iterations must be positive: %d", *mcpFallbackSessionEncryptionIterations)
+	}
+
 	return flags{
-		extProcLogLevel:                *extProcLogLevelPtr,
-		extProcImage:                   *extProcImagePtr,
-		extProcImagePullPolicy:         extProcPullPolicy,
-		enableLeaderElection:           *enableLeaderElectionPtr,
-		logLevel:                       zapLogLevel,
-		extensionServerPort:            *extensionServerPortPtr,
-		tlsCertDir:                     *tlsCertDir,
-		tlsCertName:                    *tlsCertName,
-		tlsKeyName:                     *tlsKeyName,
-		caBundleName:                   *caBundleName,
-		metricsRequestHeaderAttributes: *metricsRequestHeaderAttributes,
-		spanRequestHeaderAttributes:    *spanRequestHeaderAttributes,
-		endpointPrefixes:               *endpointPrefixes,
-		rootPrefix:                     *rootPrefix,
-		extProcExtraEnvVars:            *extProcExtraEnvVars,
-		extProcImagePullSecrets:        *extProcImagePullSecrets,
-		extProcMaxRecvMsgSize:          *extProcMaxRecvMsgSize,
-		maxRecvMsgSize:                 *maxRecvMsgSize,
-		watchNamespaces:                parseWatchNamespaces(*watchNamespaces),
-		cacheSyncTimeout:               *cacheSyncTimeout,
-		mcpSessionEncryptionSeed:       *mcpSessionEncryptionSeed,
+		extProcLogLevel:                        *extProcLogLevelPtr,
+		extProcImage:                           *extProcImagePtr,
+		extProcImagePullPolicy:                 extProcPullPolicy,
+		enableLeaderElection:                   *enableLeaderElectionPtr,
+		logLevel:                               zapLogLevel,
+		extensionServerPort:                    *extensionServerPortPtr,
+		tlsCertDir:                             *tlsCertDir,
+		tlsCertName:                            *tlsCertName,
+		tlsKeyName:                             *tlsKeyName,
+		caBundleName:                           *caBundleName,
+		metricsRequestHeaderAttributes:         *metricsRequestHeaderAttributes,
+		spanRequestHeaderAttributes:            *spanRequestHeaderAttributes,
+		endpointPrefixes:                       *endpointPrefixes,
+		rootPrefix:                             *rootPrefix,
+		extProcExtraEnvVars:                    *extProcExtraEnvVars,
+		extProcImagePullSecrets:                *extProcImagePullSecrets,
+		extProcMaxRecvMsgSize:                  *extProcMaxRecvMsgSize,
+		maxRecvMsgSize:                         *maxRecvMsgSize,
+		watchNamespaces:                        parseWatchNamespaces(*watchNamespaces),
+		cacheSyncTimeout:                       *cacheSyncTimeout,
+		mcpSessionEncryptionSeed:               *mcpSessionEncryptionSeed,
+		mcpFallbackSessionEncryptionSeed:       *mcpFallbackSessionEncryptionSeed,
+		mcpSessionEncryptionIterations:         *mcpSessionEncryptionIterations,
+		mcpFallbackSessionEncryptionIterations: *mcpFallbackSessionEncryptionIterations,
 	}, nil
 }
 
@@ -352,19 +366,22 @@ func main() {
 
 	// Start the controller.
 	if err := controller.StartControllers(ctx, mgr, k8sConfig, ctrl.Log.WithName("controller"), controller.Options{
-		ExtProcImage:                   parsedFlags.extProcImage,
-		ExtProcImagePullPolicy:         parsedFlags.extProcImagePullPolicy,
-		ExtProcLogLevel:                parsedFlags.extProcLogLevel,
-		EnableLeaderElection:           parsedFlags.enableLeaderElection,
-		UDSPath:                        extProcUDSPath,
-		MetricsRequestHeaderAttributes: parsedFlags.metricsRequestHeaderAttributes,
-		TracingRequestHeaderAttributes: parsedFlags.spanRequestHeaderAttributes,
-		EndpointPrefixes:               parsedFlags.endpointPrefixes,
-		RootPrefix:                     parsedFlags.rootPrefix,
-		ExtProcExtraEnvVars:            parsedFlags.extProcExtraEnvVars,
-		ExtProcImagePullSecrets:        parsedFlags.extProcImagePullSecrets,
-		ExtProcMaxRecvMsgSize:          parsedFlags.extProcMaxRecvMsgSize,
-		MCPSessionEncryptionSeed:       parsedFlags.mcpSessionEncryptionSeed,
+		ExtProcImage:                           parsedFlags.extProcImage,
+		ExtProcImagePullPolicy:                 parsedFlags.extProcImagePullPolicy,
+		ExtProcLogLevel:                        parsedFlags.extProcLogLevel,
+		EnableLeaderElection:                   parsedFlags.enableLeaderElection,
+		UDSPath:                                extProcUDSPath,
+		MetricsRequestHeaderAttributes:         parsedFlags.metricsRequestHeaderAttributes,
+		TracingRequestHeaderAttributes:         parsedFlags.spanRequestHeaderAttributes,
+		EndpointPrefixes:                       parsedFlags.endpointPrefixes,
+		RootPrefix:                             parsedFlags.rootPrefix,
+		ExtProcExtraEnvVars:                    parsedFlags.extProcExtraEnvVars,
+		ExtProcImagePullSecrets:                parsedFlags.extProcImagePullSecrets,
+		ExtProcMaxRecvMsgSize:                  parsedFlags.extProcMaxRecvMsgSize,
+		MCPSessionEncryptionSeed:               parsedFlags.mcpSessionEncryptionSeed,
+		MCPSessionEncryptionIterations:         parsedFlags.mcpSessionEncryptionIterations,
+		MCPFallbackSessionEncryptionSeed:       parsedFlags.mcpFallbackSessionEncryptionSeed,
+		MCPFallbackSessionEncryptionIterations: parsedFlags.mcpFallbackSessionEncryptionIterations,
 	}); err != nil {
 		setupLog.Error(err, "failed to start controller")
 	}
 
@@ -56,6 +56,10 @@ func Test_parseAndValidateFlags(t *testing.T) {
 					tc.dash + "maxRecvMsgSize=33554432",
 					tc.dash + "watchNamespaces=default,envoy-ai-gateway-system",
 					tc.dash + "cacheSyncTimeout=5m",
+					tc.dash + "mcpSessionEncryptionSeed=my-seed",
+					tc.dash + "mcpSessionEncryptionIterations=100",
+					tc.dash + "mcpFallbackSessionEncryptionSeed=my-fallback-seed",
+					tc.dash + "mcpFallbackSessionEncryptionIterations=200",
 				}
 				f, err := parseAndValidateFlags(args)
 				require.Equal(t, "debug", f.extProcLogLevel)
@@ -70,6 +74,10 @@ func Test_parseAndValidateFlags(t *testing.T) {
 				require.Equal(t, 32*1024*1024, f.maxRecvMsgSize)
 				require.Equal(t, []string{"default", "envoy-ai-gateway-system"}, f.watchNamespaces)
 				require.Equal(t, 5*time.Minute, f.cacheSyncTimeout)
+				require.Equal(t, "my-seed", f.mcpSessionEncryptionSeed)
+				require.Equal(t, 100, f.mcpSessionEncryptionIterations)
+				require.Equal(t, "my-fallback-seed", f.mcpFallbackSessionEncryptionSeed)
+				require.Equal(t, 200, f.mcpFallbackSessionEncryptionIterations)
 				require.NoError(t, err)
 			})
 		}
@@ -126,6 +134,26 @@ func Test_parseAndValidateFlags(t *testing.T) {
 				flags:  []string{"--endpointPrefixes=openai"},
 				expErr: "invalid endpoint prefixes",
 			},
+			{
+				name:   "invalid mcp session encryption iterations",
+				flags:  []string{"--mcpSessionEncryptionIterations=invalid"},
+				expErr: `invalid value "invalid" for flag -mcpSessionEncryptionIterations: parse error`,
+			},
+			{
+				name:   "negative mcp session encryption iterations",
+				flags:  []string{"--mcpSessionEncryptionIterations=-1"},
+				expErr: "mcp session encryption iterations must be positive: -1",
+			},
+			{
+				name:   "invalid mcp fallback session encryption iterations",
+				flags:  []string{"--mcpFallbackSessionEncryptionSeed=fallback", "--mcpFallbackSessionEncryptionIterations=invalid"},
+				expErr: `invalid value "invalid" for flag -mcpFallbackSessionEncryptionIterations: parse error`,
+			},
+			{
+				name:   "negative mcp fallback session encryption iterations",
+				flags:  []string{"--mcpFallbackSessionEncryptionSeed=fallback", "--mcpFallbackSessionEncryptionIterations=-1"},
+				expErr: "mcp fallback session encryption iterations must be positive: -1",
+			},
 		} {
 			t.Run(tc.name, func(t *testing.T) {
 				_, err := parseAndValidateFlags(tc.flags)
 
@@ -36,15 +36,18 @@ import (
 
 // extProcFlags is the struct that holds the flags passed to the external processor.
 type extProcFlags struct {
-	configPath                     string        // path to the configuration file.
-	extProcAddr                    string        // gRPC address for the external processor.
-	logLevel                       slog.Level    // log level for the external processor.
-	adminPort                      int           // HTTP port for the admin server (metrics and health).
-	metricsRequestHeaderAttributes string        // comma-separated key-value pairs for mapping HTTP request headers to otel metric attributes.
-	spanRequestHeaderAttributes    string        // comma-separated key-value pairs for mapping HTTP request headers to otel span attributes.
-	mcpAddr                        string        // address for the MCP proxy server which can be either tcp or unix domain socket.
-	mcpSessionEncryptionSeed       string        // Seed for deriving the key for encrypting MCP sessions.
-	mcpWriteTimeout                time.Duration // the maximum duration before timing out writes of the MCP response.
+	configPath                             string        // path to the configuration file.
+	extProcAddr                            string        // gRPC address for the external processor.
+	logLevel                               slog.Level    // log level for the external processor.
+	adminPort                              int           // HTTP port for the admin server (metrics and health).
+	metricsRequestHeaderAttributes         string        // comma-separated key-value pairs for mapping HTTP request headers to otel metric attributes.
+	spanRequestHeaderAttributes            string        // comma-separated key-value pairs for mapping HTTP request headers to otel span attributes.
+	mcpAddr                                string        // address for the MCP proxy server which can be either tcp or unix domain socket.
+	mcpSessionEncryptionSeed               string        // Seed for deriving the key for encrypting MCP sessions.
+	mcpSessionEncryptionIterations         int           // Number of iterations to use for PBKDF2 key derivation for MCP session encryption.
+	mcpFallbackSessionEncryptionSeed       string        // Fallback seed for deriving the key for encrypting MCP sessions.
+	mcpFallbackSessionEncryptionIterations int           // Number of iterations to use for PBKDF2 key derivation for fallback MCP session encryption.
+	mcpWriteTimeout                        time.Duration // the maximum duration before timing out writes of the MCP response.
 	// rootPrefix is the root prefix for all the processors.
 	rootPrefix string
 	// maxRecvMsgSize is the maximum message size in bytes that the gRPC server can receive.
@@ -104,13 +107,14 @@ func parseAndValidateFlags(args []string) (extProcFlags, error) {
 		"Maximum message size in bytes that the gRPC server can receive. Default is 4MB.",
 	)
 	fs.StringVar(&flags.mcpAddr, "mcpAddr", "", "the address (TCP or UDS) for the MCP proxy server, such as :1063 or unix:///tmp/ext_proc.sock. Optional.")
-	fs.StringVar(&flags.mcpSessionEncryptionSeed,
-		"mcpSessionEncryptionSeed",
-		"default-insecure-seed",
-		"Arbitrary string seed used to derive the MCP session encryption key. "+
-			"Do not include commas as they are used as separators. You can optionally pass \"fallback\" seed after the first one to allow for key rotation. "+
-			"For example: \"new-seed,old-seed-for-fallback\". The fallback seed is only used for decryption.",
-	)
+	fs.StringVar(&flags.mcpSessionEncryptionSeed, "mcpSessionEncryptionSeed", "default-insecure-seed",
+		"Seed used to derive the MCP session encryption key. This should be changed and set to a secure value.")
+	fs.IntVar(&flags.mcpSessionEncryptionIterations, "mcpSessionEncryptionIterations", 100_000,
+		"Number of iterations to use for PBKDF2 key derivation for MCP session encryption.")
+	fs.StringVar(&flags.mcpFallbackSessionEncryptionSeed, "mcpFallbackSessionEncryptionSeed", "",
+		"Optional fallback seed used for MCP session key rotation.")
+	fs.IntVar(&flags.mcpFallbackSessionEncryptionIterations, "mcpFallbackSessionEncryptionIterations", 100_000,
+		"Number of iterations used in the fallback PBKDF2 key derivation for MCP session encryption.")
 	fs.DurationVar(&flags.mcpWriteTimeout, "mcpWriteTimeout", 120*time.Second,
 		"The maximum duration before timing out writes of the MCP response")
 
@@ -269,8 +273,17 @@ func Main(ctx context.Context, args []string, stderr io.Writer) (err error) {
 
 	var mcpServer *http.Server
 	if mcpLis != nil {
-		seed, fallbackSeed, _ := strings.Cut(flags.mcpSessionEncryptionSeed, ",")
-		mcpSessionCrypto := mcpproxy.DefaultSessionCrypto(seed, fallbackSeed)
+		mcpSessionCrypto := mcpproxy.NewPBKDF2AesGcmSessionCrypto(flags.mcpSessionEncryptionSeed, flags.mcpSessionEncryptionIterations)
+		if flags.mcpFallbackSessionEncryptionSeed != "" {
+			mcpSessionCrypto = &mcpproxy.FallbackEnabledSessionCrypto{
+				Primary: mcpSessionCrypto,
+				Fallback: mcpproxy.NewPBKDF2AesGcmSessionCrypto(
+					flags.mcpFallbackSessionEncryptionSeed,
+					flags.mcpFallbackSessionEncryptionIterations,
+				),
+			}
+		}
+
 		var mcpProxyMux *http.ServeMux
 		var mcpProxyConfig *mcpproxy.ProxyConfig
 		mcpProxyConfig, mcpProxyMux, err = mcpproxy.NewMCPProxy(l.With("component", "mcp-proxy"), mcpMetrics,
 
@@ -87,6 +87,12 @@ type Options struct {
 	ExtProcMaxRecvMsgSize int
 	// MCPSessionEncryptionSeed is the seed used to derive the encryption key for MCP session encryption.
 	MCPSessionEncryptionSeed string
+	// MCPSessionEncryptionIterations is the number of iterations to use for PBKDF2 key derivation for MCP session encryption.
+	MCPSessionEncryptionIterations int
+	// MCPFallbackSessionEncryptionSeed is the optional fallback seed used for MCP session key rotation.
+	MCPFallbackSessionEncryptionSeed string
+	// MCPFallbackSessionEncryptionIterations is the number of iterations used in the fallback PBKDF2 key derivation for MCP session encryption.
+	MCPFallbackSessionEncryptionIterations int
 	// EndpointPrefixes is the comma-separated key-value pairs for endpoint prefixes.
 	EndpointPrefixes string
 }
@@ -228,6 +234,9 @@ func StartControllers(ctx context.Context, mgr manager.Manager, config *rest.Con
 			options.ExtProcMaxRecvMsgSize,
 			isKubernetes133OrLater(versionInfo, logger),
 			options.MCPSessionEncryptionSeed,
+			options.MCPSessionEncryptionIterations,
+			options.MCPFallbackSessionEncryptionSeed,
+			options.MCPFallbackSessionEncryptionIterations,
 		))
 		mgr.GetWebhookServer().Register("/mutate", &webhook.Admission{Handler: h})
 	}