fix(kms): gate Encrypt on key usage + real RSA-OAEP for asymmetric keys#1793
Merged
Conversation
Encrypt ignored the key's usage and spec entirely: it always built a symmetric AES blob and hardcoded EncryptionAlgorithm=SYMMETRIC_DEFAULT. So a SIGN_VERIFY / GENERATE_VERIFY_MAC / KEY_AGREEMENT key wrongly "encrypted", a symmetric key accepted a bogus EncryptionAlgorithm, and an RSA ENCRYPT_DECRYPT key returned a symmetric blob no external RSA tool could decrypt -- the asymmetric encrypt path was non-functional. - Reject Encrypt on any key whose usage isn't ENCRYPT_DECRYPT (InvalidKeyUsageException). - Symmetric keys: validate the requested EncryptionAlgorithm is SYMMETRIC_DEFAULT and echo it. - Asymmetric RSA keys: encrypt with real RSA-OAEP under the key's public half (new asym::rsa_oaep_wrap), echo the requested RSAES_OAEP_SHA_1/256, and add a `fakecloud-rsa:` ciphertext envelope that Decrypt reverses with the private half. The ciphertext now round-trips through external RSA tooling and KMS Decrypt. - Decrypt echoes the real EncryptionAlgorithm (threaded through DecodedCiphertext) instead of hardcoded SYMMETRIC_DEFAULT. - crates/fakecloud-kms/src/asym.rs: rsa_oaep_wrap - crates/fakecloud-kms/src/service_crypto.rs: usage gate + symmetric/RSA branch - crates/fakecloud-kms/src/helpers.rs: RSA decrypt envelope branch - crates/fakecloud-kms/src/service.rs: DecodedCiphertext.encryption_algorithm - tests: SIGN_VERIFY rejected, symmetric rejects RSA algo, RSA OAEP roundtrip
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Encryptignored the key's usage and spec entirely: it always built a symmetric AES blob and hardcodedEncryptionAlgorithm=SYMMETRIC_DEFAULT. Consequences:SIGN_VERIFY/GENERATE_VERIFY_MAC/KEY_AGREEMENTkey wrongly "encrypted" (AWS returnsInvalidKeyUsageException),EncryptionAlgorithm, andENCRYPT_DECRYPTkey returned a symmetric blob no external RSA tool could decrypt — the asymmetric encrypt path was non-functional end-to-end.Fix:
Encrypton any key whose usage isn'tENCRYPT_DECRYPT.EncryptionAlgorithmisSYMMETRIC_DEFAULTand echo it.asym::rsa_oaep_wrap), echo the requestedRSAES_OAEP_SHA_1/_256, and add afakecloud-rsa:ciphertext envelope thatDecryptreverses with the private half. The ciphertext now round-trips through external RSA tooling and KMSDecrypt.Decryptechoes the realEncryptionAlgorithm(threaded throughDecodedCiphertext) instead of a hardcodedSYMMETRIC_DEFAULT.Found by the 2026-06-20 bug-hunt audit (finding 1.11).
Test plan
encrypt_rejects_non_encrypt_decrypt_key— SIGN_VERIFY key →InvalidKeyUsageException.encrypt_symmetric_rejects_asymmetric_algorithm— symmetric key +RSAES_OAEP_SHA_256→InvalidKeyUsageException.encrypt_rsa_key_uses_real_oaep_and_roundtrips— RSA key encrypts with thefakecloud-rsa:envelope, echoes the algorithm, andDecryptrecovers the plaintext.cargo clippy -p fakecloud-kms --all-targets -- -D warningsclean.Summary by cubic
Gate KMS
Encryptby key usage and implement real RSA‑OAEP for asymmetric keys. This fixes incorrect encryption behavior and ensuresDecryptechoes the correct algorithm.Encryptfor keys not usingENCRYPT_DECRYPT(returnsInvalidKeyUsageException).SYMMETRIC_DEFAULTand now echo it.ENCRYPT_DECRYPTkeys use true RSA‑OAEP withRSAES_OAEP_SHA_1orRSAES_OAEP_SHA_256, producing afakecloud-rsa:<key_id>:<algorithm>:<b64>envelope thatDecryptreverses with the private key.Decryptnow returns the realEncryptionAlgorithminstead of hardcodingSYMMETRIC_DEFAULT.Written for commit 72ddf52. Summary will update on new commits.