slosilo 1.1.0 → 2.2.2

data/SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the CyberArk Conjur
+suite of tools and products.
+
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
+Thank you for improving the security of the Conjur suite. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead maintainers at security@conjur.org.
+
+The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
+send a more detailed response within 2 business days of our acknowledgement indicating
+the next steps in handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

data/lib/slosilo.rb

@@ -1,3 +1,4 @@
+require "slosilo/jwt"
 require "slosilo/version"
 require "slosilo/keystore"
 require "slosilo/symmetric"

data/lib/slosilo/adapters/sequel_adapter.rb

@@ -14,7 +14,7 @@ module Slosilo
       def create_model
         model = Sequel::Model(:slosilo_keystore)
         model.unrestrict_primary_key
-        model.attr_encrypted :key if secure?
+        model.attr_encrypted(:key, aad: :id) if secure?
         model
       end
       
@@ -49,6 +49,17 @@ module Slosilo
         end
       end
 
+      def recalculate_fingerprints
+        # Use a transaction to ensure that all fingerprints are updated together. If any update fails,
+        # we want to rollback all updates.
+        model.db.transaction do
+          model.each do |m|
+            m.update fingerprint: Slosilo::Key.new(m.key).fingerprint
+          end
+        end
+      end
+
+
       def migrate!
         unless fingerprint_in_db?
           model.db.transaction do
@@ -59,9 +70,7 @@ module Slosilo
             # reload the schema
             model.set_dataset model.dataset
 
-            model.each do |m|
-              m.update fingerprint: Slosilo::Key.new(m.key).fingerprint
-            end
+            recalculate_fingerprints
 
             model.db.alter_table :slosilo_keystore do
               set_column_not_null :fingerprint

data/lib/slosilo/attr_encrypted.rb

@@ -5,21 +5,44 @@ module Slosilo
   # so we encrypt sensitive attributes before storing them
   module EncryptedAttributes
     module ClassMethods
+
+      # @param options [Hash]
+      # @option :aad [#to_proc, #to_s]  Provide additional authenticated data for
+      #   encryption.  This should be something unique to the instance having
+      #   this attribute, such as a primary key; this will ensure that an attacker can't swap
+      #   values around -- trying to decrypt value with a different auth data will fail.
+      #   This means you have to be able to recover it in order to decrypt attributes.
+      #   The following values are accepted:
+      #
+      #   * Something proc-ish: will be called with self each time auth data is needed.
+      #   * Something stringish: will be to_s-d and used for all instances as auth data.
+      #     Note that this will only prevent swapping in data using another string.
+      #
+      #   The recommended way to use this option is to pass a proc-ish that identifies the record.
+      #   Note the proc-ish can be a simple method name; for example in case of a Sequel::Model:
+      #       attr_encrypted :secret, aad: :pk
       def attr_encrypted *a
+        options = a.last.is_a?(Hash) ? a.pop : {}
+        aad = options[:aad]
+        # note nil.to_s is "", which is exactly the right thing
+        auth_data = aad.respond_to?(:to_proc) ? aad.to_proc : proc{ |_| aad.to_s }
+        raise ":aad proc must take one argument" unless auth_data.arity.abs == 1 # take abs to allow *args arity, -1
+
         # push a module onto the inheritance hierarchy
         # this allows calling super in classes
         include(accessors = Module.new)
         accessors.module_eval do 
           a.each do |attr|
             define_method "#{attr}=" do |value|
-              super(EncryptedAttributes.encrypt value)
+              super(EncryptedAttributes.encrypt(value, aad: auth_data[self]))
             end
             define_method attr do
-              EncryptedAttributes.decrypt(super())
+              EncryptedAttributes.decrypt(super(), aad: auth_data[self])
             end
           end
         end
       end
+
     end
     
     def self.included base
@@ -27,14 +50,14 @@ module Slosilo
     end
 
     class << self
-      def encrypt value
+      def encrypt value, opts={}
         return nil unless value
-        cipher.encrypt value, key: key
+        cipher.encrypt value, key: key, aad: opts[:aad]
       end
       
-      def decrypt ctxt
+      def decrypt ctxt, opts={}
         return nil unless ctxt
-        cipher.decrypt ctxt, key: key
+        cipher.decrypt ctxt, key: key, aad: opts[:aad]
       end
 
       def key

data/lib/slosilo/errors.rb

@@ -8,5 +8,8 @@ module Slosilo
         super
       end
     end
+
+    class TokenValidationError < Error
+    end
   end
 end

data/lib/slosilo/jwt.rb

@@ -0,0 +1,122 @@
+require 'json'
+
+module Slosilo
+  # A JWT-formatted Slosilo token.
+  # @note This is not intended to be a general-purpose JWT implementation.
+  class JWT
+    # Create a new unsigned token with the given claims.
+    # @param claims [#to_h] claims to embed in this token.
+    def initialize claims = {}
+      @claims = JSONHash[claims]
+    end
+
+    # Parse a token in compact representation
+    def self.parse_compact raw
+      load *raw.split('.', 3).map(&Base64.method(:urlsafe_decode64))
+    end
+
+    # Parse a token in JSON representation.
+    # @note only single signature is currently supported.
+    def self.parse_json raw
+      raw = JSON.load raw unless raw.respond_to? :to_h
+      parts = raw.to_h.values_at(*%w(protected payload signature))
+      fail ArgumentError, "input not a complete JWT" unless parts.all?
+      load *parts.map(&Base64.method(:urlsafe_decode64))
+    end
+
+    # Add a signature.
+    # @note currently only a single signature is handled;
+    # the token will be frozen after this operation.
+    def add_signature header, &sign
+      @claims = canonicalize_claims.freeze
+      @header = JSONHash[header].freeze
+      @signature = sign[string_to_sign].freeze
+      freeze
+    end
+
+    def string_to_sign
+      [header, claims].map(&method(:encode)).join '.'
+    end
+
+    # Returns the JSON serialization of this JWT.
+    def to_json *a
+      {
+        protected: encode(header),
+        payload: encode(claims),
+        signature: encode(signature)
+      }.to_json *a
+    end
+
+    # Returns the compact serialization of this JWT.
+    def to_s
+      [header, claims, signature].map(&method(:encode)).join('.')
+    end
+
+    attr_accessor :claims, :header, :signature
+
+    private
+
+    # Create a JWT token object from existing header, payload, and signature strings.
+    # @param header [#to_s] URLbase64-encoded representation of the protected header
+    # @param payload [#to_s] URLbase64-encoded representation of the token payload
+    # @param signature [#to_s] URLbase64-encoded representation of the signature
+    def self.load header, payload, signature
+      self.new(JSONHash.load payload).tap do |token|
+        token.header = JSONHash.load header
+        token.signature = signature.to_s.freeze
+        token.freeze
+      end
+    end
+
+    def canonicalize_claims
+      claims[:iat] = Time.now unless claims.include? :iat
+      claims[:iat] = claims[:iat].to_time.to_i
+      claims[:exp] = claims[:exp].to_time.to_i if claims.include? :exp
+      JSONHash[claims.to_a]
+    end
+
+    # Convenience method to make the above code clearer.
+    # Converts to string and urlbase64-encodes.
+    def encode s
+      Base64.urlsafe_encode64 s.to_s
+    end
+
+    # a hash with a possibly frozen JSON stringification
+    class JSONHash < Hash
+      def to_s
+        @repr || to_json
+      end
+
+      def freeze
+        @repr = to_json.freeze
+        super
+      end
+
+      def self.load raw
+        self[JSON.load raw.to_s].tap do |h|
+          h.send :repr=, raw
+        end
+      end
+
+      private
+
+      def repr= raw
+        @repr = raw.freeze
+        freeze
+      end
+    end
+  end
+
+  # Try to convert by detecting token representation and parsing
+  def self.JWT raw
+    if raw.is_a? JWT
+      raw
+    elsif raw.respond_to?(:to_h) || raw =~ /\A\s*\{/
+      JWT.parse_json raw
+    else
+      JWT.parse_compact raw
+    end
+  rescue
+    raise ArgumentError, "invalid value for JWT(): #{raw.inspect}"
+  end
+end

data/lib/slosilo/key.rb

@@ -3,6 +3,8 @@ require 'json'
 require 'base64'
 require 'time'
 
+require 'slosilo/errors'
+
 module Slosilo
   class Key
     def initialize raw_key = nil
@@ -13,6 +15,10 @@ module Slosilo
       else
         OpenSSL::PKey::RSA.new 2048
       end
+    rescue OpenSSL::PKey::PKeyError => e
+      # old openssl versions used to report ArgumentError
+      # which arguably makes more sense here, so reraise as that
+      raise ArgumentError, e, e.backtrace
     end
     
     attr_reader :key
@@ -71,14 +77,80 @@ module Slosilo
       token["key"] = fingerprint
       token
     end
+
+    JWT_ALGORITHM = 'conjur.org/slosilo/v2'.freeze
+
+    # Issue a JWT with the given claims.
+    # `iat` (issued at) claim is automatically added.
+    # Other interesting claims you can give are:
+    # - `sub` - token subject, for example a user name;
+    # - `exp` - expiration time (absolute);
+    # - `cidr` (Conjur extension) - array of CIDR masks that are accepted to
+    #   make requests that bear this token
+    def issue_jwt claims
+      token = Slosilo::JWT.new claims
+      token.add_signature \
+          alg: JWT_ALGORITHM,
+          kid: fingerprint,
+          &method(:sign)
+      token.freeze
+    end
+
+    DEFAULT_EXPIRATION = 8 * 60
     
-    def token_valid? token, expiry = 8 * 60
+    def token_valid? token, expiry = DEFAULT_EXPIRATION
+      return jwt_valid? token if token.respond_to? :header
       token = token.clone
       expected_key = token.delete "key"
       return false if (expected_key and (expected_key != fingerprint))
       signature = Base64::urlsafe_decode64(token.delete "signature")
       (Time.parse(token["timestamp"]) + expiry > Time.now) && verify_signature(token, signature)
     end
+
+    # Validate a JWT.
+    #
+    # Convenience method calling #validate_jwt and returning false if an
+    # exception is raised.
+    #
+    # @param token [JWT] pre-parsed token to verify
+    # @return [Boolean]
+    def jwt_valid? token
+      validate_jwt token
+      true
+    rescue
+      false
+    end
+
+    # Validate a JWT.
+    #
+    # First checks whether algorithm is 'conjur.org/slosilo/v2' and the key id
+    # matches this key's fingerprint. Then verifies if the token is not expired,
+    # as indicated by the `exp` claim; in its absence tokens are assumed to
+    # expire in `iat` + 8 minutes.
+    #
+    # If those checks pass, finally the signature is verified.
+    #
+    # @raises TokenValidationError if any of the checks fail.
+    #
+    # @note It's the responsibility of the caller to examine other claims
+    # included in the token; consideration needs to be given to handling
+    # unrecognized claims.
+    #
+    # @param token [JWT] pre-parsed token to verify
+    def validate_jwt token
+      def err msg
+        raise Error::TokenValidationError, msg, caller
+      end
+
+      header = token.header
+      err 'unrecognized algorithm' unless header['alg'] == JWT_ALGORITHM
+      err 'mismatched key' if (kid = header['kid']) && kid != fingerprint
+      iat = Time.at token.claims['iat'] || err('unknown issuing time')
+      exp = Time.at token.claims['exp'] || (iat + DEFAULT_EXPIRATION)
+      err 'token expired' if exp <= Time.now
+      err 'invalid signature' unless verify_signature token.string_to_sign, token.signature
+      true
+    end
     
     def sign_string value
       salt = shake_salt
@@ -86,7 +158,7 @@ module Slosilo
     end
     
     def fingerprint
-      @fingerprint ||= OpenSSL::Digest::MD5.hexdigest key.public_key.to_der
+      @fingerprint ||= OpenSSL::Digest::SHA256.hexdigest key.public_key.to_der
     end
 
     def == other
@@ -114,7 +186,7 @@ module Slosilo
     # Note that this is currently somewhat shallow stringification -- 
     # to implement originating tokens we may need to make it deeper.
     def stringify value
-      case value
+      string = case value
       when Hash
         value.to_a.sort.to_json
       when String
@@ -122,6 +194,17 @@ module Slosilo
       else
         value.to_json
       end
+
+      # Make sure that the string is ascii_8bit (i.e. raw bytes), and represents
+      # the utf-8 encoding of the string.  This accomplishes two things: it normalizes
+      # the representation of the string at the byte level (so we don't have an error if
+      # one username is submitted as ISO-whatever, and the next as UTF-16), and it prevents
+      # an incompatible encoding error when we concatenate it with the salt.
+      if string.encoding != Encoding::ASCII_8BIT
+        string.encode(Encoding::UTF_8).force_encoding(Encoding::ASCII_8BIT)
+      else
+        string
+      end
     end
     
     def shake_salt

data/lib/slosilo/keystore.rb

@@ -59,15 +59,26 @@ module Slosilo
       keystore.any? { |k| k.token_valid? token }
     end
     
+    # Looks up the signer by public key fingerprint and checks the validity
+    # of the signature. If the token is JWT, exp and/or iat claims are also
+    # verified; the caller is responsible for validating any other claims.
     def token_signer token
-      key, id = keystore.get_by_fingerprint token['key']
+      begin
+        # see if maybe it's a JWT
+        token = JWT token
+        fingerprint = token.header['kid']
+      rescue ArgumentError
+        fingerprint = token['key']
+      end
+
+      key, id = keystore.get_by_fingerprint fingerprint
       if key && key.token_valid?(token)
         return id
       else
         return nil
       end
     end
-    
+
     attr_accessor :adapter
     
     private