wolfKeyMgr v0.10:

* Added secure vault for key storage using RSA and AES GCM
* Added support for multiple active key types
* Added key find support
* Added middlebox decrypt PCAP replay support
* Added key max use count to limit uses of an ephemeral key
* Added computed "name" based on public key for ETSI key
* Added API unit test framework
* Added `--enable-vault=clear` option to optionally disable vault encryption.
* Fix to not start listeners until key/cert/vault setup
* Fixed issue with worker threads generating new keys and not using existing ones.
* Fix for https example server listen error handling.
* Fixed gets with newline.
* Fix for middlebox/decrypt default loopback interface selection. Default to first interface (1).
* Fix for request / response collision. Centralize the max buffer sizes.
* Moved key gen into ETSI module
* Rename `wolfEtsiKeyGet` to `wolfEtsiKeyGetPtr`.
* Refactor to support multiple active key types.
* Improved printing of public key name in logs
* Improved error for key generation failure.
* Improve libevent and browser issue documentation.
* Improve middle-box decryption error handling for permissions issue.
* Cleanups to remove `WOLFKM_ETSI_SERVICE` and `disableMutalAuth`
* Move the ETSI documentation into `docs/README.md`. Remove copies of specs and use links.
* Cleanup ETSI service configuration and defaults.

Author: dgarske

.gitignore

@@ -45,6 +45,7 @@ examples/https/client
 examples/https/server
 libtool
 wolfkeymgr/options.h
+tests/unit.test
 
 # Generated Cert Files
 certs/ca-*.pem
@@ -60,4 +61,9 @@ certs/server-*.pem
 certs/client-*.der
 certs/client-*.pem
 certs/serial.old
+certs/1*.pem
 tracefile.txt
+
+# test files
+vault.bin
+wolfkeymgr.vault

Makefile.am

@@ -30,6 +30,8 @@ include src/include.am
 include examples/include.am
 include scripts/include.am
 include certs/include.am
+include tests/include.am
+include docs/include.am
 
 check_SCRIPTS+= $(dist_noinst_SCRIPTS)
 

README.md

@@ -53,6 +53,7 @@ openssl ca -config ./certs/ca-ecc.cnf -extensions usr_cert -days 3650 -notext -m
 	-passin pass:'wolfssl' -in ./certs/client-cert.csr -out ./certs/client-cert.pem -batch
 rm ./certs/client-cert.csr
 
+# Server Key
 if [ ! -f ./certs/server-key.pem ]; then
 	echo "Creating Server Key (SECP256R1)"
     openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -v2 aes-128-cbc -outform pem -out ./certs/server-key.pem
@@ -67,6 +68,21 @@ openssl ca -config ./certs/ca-ecc.cnf -extensions server_cert -days 3650 -notext
 	-passin pass:'wolfssl' -in ./certs/server-cert.csr -out ./certs/server-cert.pem -batch
 rm ./certs/server-cert.csr
 
+# Server RSA Key
+if [ ! -f ./certs/server-rsa-key.pem ]; then
+	echo "Creating Server Key (RSA2048)"
+    openssl genrsa -out ./certs/server-rsa-key.pem -passout pass:'wolfssl' -aes128 2048
+fi
+
+# Server RSA Cert
+echo "Creating signed RSA Server certificate"
+openssl req -config ./certs/ca-ecc.cnf -sha256 -new -key ./certs/server-rsa-key.pem -passin pass:'wolfssl' \
+	-out ./certs/server-rsa-cert.csr \
+	-subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=RSA/CN=www.wolfssl.com/[email protected]/"
+openssl ca -config ./certs/ca-ecc.cnf -extensions server_cert -days 3650 -notext -md sha256 \
+	-passin pass:'wolfssl' -in ./certs/server-rsa-cert.csr -out ./certs/server-rsa-cert.pem -batch
+rm ./certs/server-rsa-cert.csr
+
 
 # Script to generate a self-signed TLS server certificate for Apache
 # No key password

certs/gen-certs.sh

@@ -12,3 +12,7 @@ EXTRA_DIST += certs/server-key.pem
 EXTRA_DIST += certs/server-cert.pem
 EXTRA_DIST += certs/test-cert.pem
 EXTRA_DIST += certs/test-key.pem
+
+# RSA
+EXTRA_DIST += certs/server-rsa-key.pem
+EXTRA_DIST += certs/server-rsa-cert.pem

certs/include.am

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCA9ygAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDcy
+MjE4NDcwOFoXDTMxMDcyMDE4NDcwOFowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
+MQwwCgYDVQQLDANSU0ExGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAJeWvOKDV2JjoWgSeuHJjvHEBxhRjxR8IOHJoO+YGhThGX2Ib8pa
+FEPVFXa2LyRcfd4KzOw+oIXrMrUzYKmU7hedN8WpyfuurCLO560moiQNil9IdQFe
+7fVlCmxpTvBwlHzJ4lx+E697mnozt+eM25qJE2h7XCZmN+jb1m+lyxpMAjolP7IU
+olnH57pMNkccM6EaToXWA8auk3IQulBfToBdavKB5jEAcI3D+HtHF30klEcqcbA4
+FwkSzP6CdHsDZU9TtDVuyQjbhgTJgiRIO2MigYIOimLZJ83+A9cI8GqMRN8MrC0D
+B4q7Vcu4C/M7Dhs/SM+H7MXo01t71nk22asCAwEAAaOCAVEwggFNMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQWBBRjfckuJfv9Ztl0epw/DE/a
+6ldZMjAPBgNVHREECDAGhwR/AAABMIHXBgNVHSMEgc8wgcyAFGd0eZ7H+R2lQl76
+gLEm6OeMDJZjoYGdpIGaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGlu
+Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UE
+CwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUZzNFzfT3gew6OMtFWGN5KCu962sw
+DgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMC
+A0gAMEUCIQC1rKX9GrvNhaWkqFkf8wYIF4TN8KPtUiGIWLBfiwzzlQIgdOd0O11g
+61w+iJz3sVFhGKcpAyOqU42K+ShqlJhh0RE=
+-----END CERTIFICATE-----

certs/server-rsa-cert.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,68083920376B41E11FEEBBE255D2D307
+
+i803oPiuFmT19NoY4LfI9bx0vwAaApoxELygMMsPxE/VphubgviUC3YYtb5ZowCd
+i7ZlBN/Xg0sWYXm71hVdd+aRIBYuGg6+wC3Q80ISXwxNhEgnwJlNBPvp04L+RuTH
+z8BgoC6EmGMQbjsI3dtKGiotApvT/rPsNmGRtQJ6QnnWtxweisKxTVk5mSW3DCnY
+5cEw1OIbZ/PpHv014+KDY+MLHUi+VjFte3rYv0TMUXIe9jpLoC8lvug18V2W7a4E
+RuUDDeWh2E2Nhqfqr8yhc/uaThwDYhXpvILFK6WW0tW8lN6SzSO8hFNFoqSZj6hR
+pe9xos2NW0mV5VGuTtelQ6dXaFF4JjRh9OEpFsUEgG3olXECSjLx504ABO4rxP/c
+ScH5CwzpuVFJHTBwSYDi/LDAxUDT8tBr2ZAcV8xvh8uFor5QRsTuI+GbtvnCc2v9
+NtSQ0WB2ew9GAwf21p0aXy1fQm8QtzN4qgoPmVdr3Qp7N50a7oVOge7N/hgYQvlV
+fMJdGm//6FXNu9FcHsaAFkj5jpXEcK6CwrI7VETAGSIir4y0xnpbVocj+kNv8N4v
+zQDQ1XOUAdRDOCnyrjXcU2ti/DGSrlKUb1b+tBUSJCLNXGEGHgHJKQuSQOk9C5l5
+SOrgRCazW0BFmRduCCPfssBWOBjQNTdOOFxgswzZmaQuY9mff1dndFV9OPgrPHDm
+ONVPHf0dHD72FtMJbEuqeat5UnyaxwNZxXxnLSBbjdnPgFfjCZMQbik5nuzg4rZE
+zqZsHPEZ7csoX+JfD7LXaDPu7nSfBpWYOOqOul6dOPM3tIW+xoqz+53ci7GATbBQ
+PWBvpt2uaFO+Q2vz4/6QvocT49Sgv7Ic75DfJWkZ8mfsRGdHMei2DdWpsDXhKOyY
+Lo8JlrBllCWb40Tow6PqcbgkN3HKmavJv+sXP23GW5mPAJPUiiNeH/BOXbLIqcF9
+AEHjwti6UA4Haze6227rfG5cDNRF8Rw45EIIigkDB9a1o4VcWvT6UlXXokRSxNdD
+QC8NVQjJZOQdbgqH80IiPTY3if4y62Im66DcHi5lohl1slnscqxUd0SlxNTxEGQC
+ieIK1kYs+r7cw7tabKrvUdDl98lQZFxcvdoTkTG3s+e4h4+QSw5JnZcD4eDVxHaH
+P17aNOJ9T4RflwWPn5v5loa1Tp8o+EI+LLINQ+cUzlUW7sGt0GmCFnOLP/G2aPOt
+BzYbm4dzVoGpfamsVYSMoORcudvflOYSYcyKgCegThwE+P5KLozgPdbAN2Qdm+qe
+nOGpVrsOnCJdKkdyZki7orGqK1hslAqGJGt9TKqEhL6pdDvQZf6LaM/GZzgO2SB3
+lBvr3zSlYRbeadgYghzcbMnZAy0lSDuObB5U5wzPLqaq+1N2e6EhxWelmt1Bz4/q
+QlUamvUvogX7rPOMnjnt7W90kD5uqLS6IqBI0NKL62Ho9QyhyZ46ooZ4/ChFRO2G
+6hQ8hNDGF+UTQ8A0IIrzXnEuerhAy93Abv70Q5mDULQDbWdFxDOgfgqXwiX+EL/V
+wszqU4MN2wtDBuZQnCVzBXGbzd+yR0w1qYKSPip+6d/g8N1g8ybRhiD83CVcODqI
+-----END RSA PRIVATE KEY-----

certs/server-rsa-key.pem

@@ -5,7 +5,7 @@
 
 AC_PREREQ(2.59)
 
-AC_INIT([wolfKeyManager],[0.9],[http://www.wolfssl.com])
+AC_INIT([wolfKeyManager],[0.10],[http://www.wolfssl.com])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADERS([wolfkeymgr/config.h])
 AC_CONFIG_MACRO_DIR(m4)
@@ -71,7 +71,7 @@ LT_PREREQ([2.2])
 LT_INIT([disable-static win32-dll])
 
 # Shared library versioning
-WOLFKM_LIBRARY_VERSION=5:1:0
+WOLFKM_LIBRARY_VERSION=6:0:0
 #                      | | |
 #               +------+ | +---+
 #               |        |     |
@@ -86,7 +86,7 @@ WOLFKM_LIBRARY_VERSION=5:1:0
 AC_SUBST([WOLFKM_LIBRARY_VERSION])
 
 # compiler options
-CFLAGS="$CFLAGS -Wall"
+CFLAGS="$CFLAGS -Wall -Wextra -Wabi -Wpedantic"
 CFLAGS_DEBUG="-g"
 CFLAGS_OPTIMIZE="-O2"
 
@@ -121,18 +121,6 @@ esac
 # Checks for library functions.
 LIB_SOCKET_NSL
 
-# ETSI Service
-AC_ARG_ENABLE([etsisvc],
-    [AS_HELP_STRING([--enable-etsisvc],[Enable the ETSI key service (default: enabled)])],
-    [ ENABLED_ETSI_SERVICE=$enableval ],
-    [ ENABLED_ETSI_SERVICE=yes ]
-    )
-
-if test "x$ENABLED_ETSI_SERVICE" = "xyes"
-then
-    CFLAGS="$CFLAGS -DWOLFKM_ETSI_SERVICE"
-fi
-
 
 # SNIFFER
 AC_ARG_ENABLE([sniffer],
@@ -149,11 +137,29 @@ AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
           )
       ])
 
+# VAULT
+AC_ARG_ENABLE([vault],
+    [AS_HELP_STRING([--enable-vault],[Enable key storage and retrieval (use =clear to disable encryption) (default: enabled)])],
+    [ ENABLED_VAULT=$enableval ],
+    [ ENABLED_VAULT=yes ]
+    )
+
+if test "x$ENABLED_VAULT" != "xno"
+then
+    CFLAGS="$CFLAGS -DWOLFKM_VAULT"
+    if test "x$ENABLED_VAULT" == "xclear"
+    then
+        CFLAGS="$CFLAGS -DWOLFKM_NO_VAULT_ENC"
+    fi
+fi
+
+
 
 # The following AM_CONDITIONAL statements set flags for use in the Makefiles.
 # Some of these affect build targets and objects, some trigger different
 # test scripts for make check.
-AM_CONDITIONAL([BUILD_ETSI_SERVICE],[test "x$ENABLED_ETSI_SERVICE" = "xyes"])
+AM_CONDITIONAL([BUILD_SNIFFER],[test "x$ENABLED_SNIFFER" = "xyes"])
+AM_CONDITIONAL([BUILD_VAULT],[test "x$ENABLED_VAULT" = "xyes"])
 
 
 # FINAL
@@ -252,4 +258,5 @@ echo "   * CPP Flags:                 $CPPFLAGS"
 echo "   * LIB Flags:                 $LIB"
 echo "   * Debug enabled:             $ax_enable_debug"
 
-echo "   * ETSI Service               $ENABLED_ETSI_SERVICE"
+echo "   * Vault                      $ENABLED_VAULT"
+echo "   * Sniffer                    $ENABLED_SNIFFER"

configure.ac

@@ -0,0 +1,101 @@
+# wolf Key Manager ETSI Reference
+
+Based on [ETSI TS 103 523-3 V1.3.1](https://www.etsi.org/deliver/etsi_ts/103500_103599/10352303/01.03.01_60/ts_10352303v010301p.pdf)
+
+## Components
+
+![ETSI Components](ETSI-Components.png)
+
+* Key Manager (`src/wolfkeymgr`)
+* Enterprise Transport Security Server (`examples/https/server` or Apache httpd, nginx, etc...)
+* Middlebox Decryption (`examples/middlebox/decrypt` using wolfSSL sniffer)
+* TLS v1.3 client (browser or `examples/https/client`)
+* Asymmetric Key Package (RFC 5958 - PKCS8)
+
+## ETSI Security
+
+All communication between consumer and ETSI Key Manager will use TLS v1.3 with mutual authentication.
+
+The Enterprise Transport Security profile does not provide per-session forward secrecy. Knowledge of a given static private key can be used to decrypt all sessions encrypted with that key, and forward secrecy for all of those sessions begins when all copies of that static private key have been destroyed.
+
+Typically an organization will use standard TLS 1.3 to connect with external clients to the enterprise network or data centre. For connections within its own data center and could deployments the Enterprise Transport Security profile can be used.
+
+An organization can rotate their keys as frequently as they choose.
+
+The use of X.509 Visibility Information in the TLS server certificate should be used, but is not required for private internal use. The visibility information OID 0.4.0.3523.3.1 provides a public way to indicate the ETSI security profile is being used.
+
+## ETSI (Enterprise Transport Security)
+
+### ETSI Request Case (HTTPS GET)
+
+`GET /.well-known/enterprise-transport-security/keys?fingerprints=[fingerprints]`, where:
+
+a) `fingerprints` shall be present and its value, `[fingerprints]`, shall be either empty or shall be a comma-separated list of the hexadecimal string representation where each entry in the list is the static Diffie-Hellman public key fingerprint, as defined in clause 4.3.3, for which the corresponding public/private key pairs are being requested.
+
+b) The key manager shall return a key package that contains the corresponding public/private key pair for each fingerprint for which it has a record. In the unlikely case that the key manager has more than one public/private key pair corresponding to a given fingerprint, it shall return all of them in the key package. If `[fingerprints]` is empty, the actions of the implementation are out of scope of the present document.
+
+c) The key manager shall return an appropriate HTTP error code if there is not at least one matching public/private key pair [12].
+
+Example:
+
+```
+GET /.well-known/enterprise-transport-security/keys?fingerprints=00010203040506070809,09080706050403020100
+Accept: application/pkcs8, application/cms
+```
+
+### ETSI Request with Groups (key type)
+
+`GET /.well-known/enterprise-transport- security/keys?groups=[groups]&certs=[sigalgs]&context=contextstr`, where:
+
+a) groups shall be non-empty and its value, [groups], shall be a comma-separated list where each entry in the list is a NamedGroup value defined in clause 4.2.7 in IETF RFC 8446 [2], represented in hexadecimal notation, for which an associated static Diffie-Hellman key pair is being requested.
+
+b) certs may be included. If certs is included, its value, [sigalgs], shall be a comma-separated list where each entry is a colon-separated pair of SignatureScheme values defined in clause B.3.1.3 in IETF RFC 8446 [2], in hexadecimal notation. The first value in the pair shall indicate the requested algorithm for the certificate issuer to use to sign the certificate. The second value in the pair shall indicate the requested algorithm to be used to generate the certificate subject's signing key pair. If certs is included, then for each entry in the list, the key consumer shall request one additional server certificate using that scheme, which is bound to all returned key pairs. If certs is not included, then no certificates are being requested, and so none shall be provided by the key manager.
+
+c) context may be included. If context is included, its value, contextstr, is a free string that the key manager shall use to determine what key pair and certificate contents to return. The structure of contextstr is not specified in the present document.
+
+d) The key manager shall return a key package containing a static Diffie-Hellman key pair for each group listed in [groups]that the key manager supports. For each static Diffie-Hellman key pair in the key package, the key manager shall also return a corresponding server certificate for each given signature algorithm pair listed in [sigalgs] that it supports.
+
+e) If no group in [groups] is supported by the key manager, the key manager shall return an appropriate HTTP error code as defined in clause 6 of IETF RFC 7231 [12]. If the key manager is unable to use contextstr, the key manager may return an appropriate HTTP error code, as defined in clause 6 of IETF RFC 7231 [12], or it may handle the error itself in a way outside the scope of the present document.
+
+Example:
+
+```
+GET /.well-known/enterprise-transport-security/keys?groups=0x0018,0x001d&certs=0x0401:0x0809,0x0503:0x0503
+Accept: application/pkcs8
+```
+
+### ETSI Push (HTTPS PUT)
+
+The key consumer shall support receiving a key package via an HTTP PUT request to a request-target, given here in origin-form, of:
+`/enterprise-transport-security/keys`
+
+### Asymmetric Key Packages (RFC 5958)
+
+When an Enterprise Transport Security static Diffie-Hellman public/private key pair are sent from the key manager to a key consumer, they shall be packaged using the Asymmetric Key Package defined in IETF RFC 5958 [3]. Each Asymmetric Key Package shall contain one or more OneAsymmetricKey elements. Such an element will be one of either:
+
+a) a static Diffie-Hellman key pair, hereafter referred to as Type A elements; or
+b) a private signing key and a certificate, hereafter referred to as Type B elements.
+
+First the case is defined where elements are static Diffie-Hellman key pairs, and so the Asymmetric Key Package shall contain fields and attributes pertaining to these key pairs, defined below. Though certificates are not sent in the same OneAsymmetricKey element as a static key pair, each Asymmetric Key Package may contain one or more Type B elements (server certificates and corresponding private signing keys). Where such Type B elements are sent, all certificates in the Asymmetric Key Package shall be bound to all of the static Diffie-Hellman key pairs in the Asymmetric Key Package. The use of multiple certificates is intended for the situation where it is necessary to provide certificates with different signature algorithms.
+With reference to clause 2 of IETF RFC 5958 [3], the Type A OneAsymmetricKey element used to store each key pair
+in the Asymmetric Key Package shall have the following fields set as follows:
+
+1) Version shall be set to version 2 (integer value of 1).
+2) privateKeyAlgorithm shall be set to the key pair algorithm identifier (see below).
+3) privateKey shall be set to the Diffie-Hellman private key encoded as an octet string.
+4) publicKey shall be set to the Diffie-Hellman public key encoded as a bit string.
+5) Attributes shall include a validity period for the key pair using the attribute defined in clause 15 of IETF RFC 7906 [4].
+
+### Server Certificate Visibility
+
+The ETSI specification part 3 section 4.3.3 requires the TLS server to present a "visibility" information field indicating "Enterprise Transport Security" is being used.
+
+```
+VisibilityInformation ::= SEQUENCE {
+    fingerprint OCTET STRING (SIZE(10)),
+    accessDescription UTF8String }
+```
+
+where the SHA-256 digest of the static Diffie-Hellman public key as transmitted in the key_share extension of the ServerHello message shall be represented as the vector of 32-bit words (H0, H1,..., H7) as defined in FIPS 180-4 [11]. The fingerprint field shall be set to H0||H1||(H2>>16), which is the first 80 bits of the digest vector read in big-endian format. The accessDescription field shall be a human-readable text string that identifies, either generally or specifically, the controlling or authorizing entities or roles or domains, or any combination of these, of any middle-boxes that may be allowed access to the Enterprise Transport Security static Diffie-Hellman private key.
+
+See Recommendation ITU-T X.509 (10/2016) | ISO/IEC 9594-8: "Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks".