Kyle Isom
64d921827e
Implement a two-level key hierarchy: the MEK now wraps per-engine DEKs stored in a new barrier_keys table, rather than encrypting all barrier entries directly. A v2 ciphertext format (0x02) embeds the key ID so the barrier can resolve which DEK to use on decryption. v1 ciphertext remains supported for backward compatibility. Key changes: - crypto: EncryptV2/DecryptV2/ExtractKeyID for v2 ciphertext with key IDs - barrier: key registry (CreateKey, RotateKey, ListKeys, MigrateToV2, ReWrapKeys) - seal: RotateMEK re-wraps DEKs without re-encrypting data - engine: Mount auto-creates per-engine DEK - REST + gRPC: barrier/keys, barrier/rotate-mek, barrier/rotate-key, barrier/migrate - proto: BarrierService (v1 + v2) with ListKeys, RotateMEK, RotateKey, Migrate - db: migration v2 adds barrier_keys table Also includes: security audit report, CSRF protection, engine design specs (sshca, transit, user), path-bound AAD migration tool, policy engine enhancements, and ARCHITECTURE.md updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
120 lines
3.4 KiB
Go
120 lines
3.4 KiB
Go
package webserver
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
"sync"
|
|
)
|
|
|
|
const (
|
|
csrfCookieName = "metacrypt_csrf"
|
|
csrfFieldName = "csrf_token"
|
|
csrfTokenLen = 32
|
|
)
|
|
|
|
// csrfProtect provides CSRF protection using the signed double-submit cookie
|
|
// pattern. A random secret is generated at startup. CSRF tokens are an HMAC of
|
|
// a random nonce, sent as both a cookie and a hidden form field. On POST the
|
|
// middleware verifies that the form field matches the cookie's HMAC.
|
|
type csrfProtect struct {
|
|
secret []byte
|
|
once sync.Once
|
|
}
|
|
|
|
func newCSRFProtect() *csrfProtect {
|
|
secret := make([]byte, 32)
|
|
if _, err := rand.Read(secret); err != nil {
|
|
panic("csrf: failed to generate secret: " + err.Error())
|
|
}
|
|
return &csrfProtect{secret: secret}
|
|
}
|
|
|
|
// generateToken creates a new CSRF token: base64(nonce) + "." + base64(hmac(nonce)).
|
|
func (c *csrfProtect) generateToken() (string, error) {
|
|
nonce := make([]byte, csrfTokenLen)
|
|
if _, err := rand.Read(nonce); err != nil {
|
|
return "", fmt.Errorf("csrf: generate nonce: %w", err)
|
|
}
|
|
nonceB64 := base64.RawURLEncoding.EncodeToString(nonce)
|
|
mac := hmac.New(sha256.New, c.secret)
|
|
mac.Write(nonce)
|
|
sigB64 := base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
|
|
return nonceB64 + "." + sigB64, nil
|
|
}
|
|
|
|
// validToken checks that a token has a valid HMAC signature.
|
|
func (c *csrfProtect) validToken(token string) bool {
|
|
parts := strings.SplitN(token, ".", 2)
|
|
if len(parts) != 2 {
|
|
return false
|
|
}
|
|
nonce, err := base64.RawURLEncoding.DecodeString(parts[0])
|
|
if err != nil || len(nonce) != csrfTokenLen {
|
|
return false
|
|
}
|
|
sig, err := base64.RawURLEncoding.DecodeString(parts[1])
|
|
if err != nil {
|
|
return false
|
|
}
|
|
mac := hmac.New(sha256.New, c.secret)
|
|
mac.Write(nonce)
|
|
return hmac.Equal(mac.Sum(nil), sig)
|
|
}
|
|
|
|
// setToken generates a new CSRF token, sets it as a cookie, and returns it
|
|
// for embedding in a form.
|
|
func (c *csrfProtect) setToken(w http.ResponseWriter) string {
|
|
token, err := c.generateToken()
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: csrfCookieName,
|
|
Value: token,
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
Secure: true,
|
|
SameSite: http.SameSiteStrictMode,
|
|
})
|
|
return token
|
|
}
|
|
|
|
// middleware returns an HTTP middleware that enforces CSRF validation on
|
|
// mutation requests (POST, PUT, PATCH, DELETE). GET/HEAD/OPTIONS are passed
|
|
// through. The HTMX hx-post for /v1/seal is excluded since it hits the API
|
|
// server directly and uses token auth, not cookies.
|
|
func (c *csrfProtect) middleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet, http.MethodHead, http.MethodOptions:
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Read token from form field (works for both regular forms and
|
|
// multipart forms since ParseForm/ParseMultipartForm will have
|
|
// been called or the field is available via FormValue).
|
|
formToken := r.FormValue(csrfFieldName)
|
|
|
|
// Read token from cookie.
|
|
cookie, err := r.Cookie(csrfCookieName)
|
|
if err != nil || cookie.Value == "" {
|
|
http.Error(w, "CSRF validation failed", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
// Both tokens must be present, match each other, and be validly signed.
|
|
if formToken == "" || formToken != cookie.Value || !c.validToken(formToken) {
|
|
http.Error(w, "CSRF validation failed", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|