Mandate that signed payloads are endpoint-specific and timestamped in Programmability sample #6285

achamayou · 2024-06-21T13:41:02Z

See remaining item on #6223. Introduce DynamicJSEndpointRegistry::record_action_details_for_audit_v1 and DynamicJSEndpointRegistry::is_original_action_execution_v1 to allow an application making use of the programmability feature to easily implement auditability, and protect users allowed to update the application against replay attacks.

This allows an application to define two parameters in the protected header of COSE Sign1 envelopes, for the purposes of:

Making payloads specific to an endpoint, to avoid possible confusion attacks
Making payloads timestamped, to implement replay protection cheaply

I have hardcoded the window size for now, but moving it to the runtime_options may be a good idea, perhaps as cose_replay_protection_window_size, or something similar. It's difficult to imagine this being useful though.

samples/apps/programmability/programmability.cpp

src/endpoints/authentication/cose_auth.cpp

include/ccf/js/registry.h

…se_sign1

include/ccf/base_endpoint_registry.h

achamayou added 7 commits June 19, 2024 17:02

Optional fields in user-signed protected headers

f78716f

Add created_at, make names parameters

259ff33

Check type values in envelopes

47fc419

Check message type on custom endpoints

1f9828a

Tu quoque, runtime_options

944b0e6

Check timestamps on endpoint install

dc7f2ba

Check runtime options too

48f239e

achamayou commented Jun 21, 2024

View reviewed changes

samples/apps/programmability/programmability.cpp Outdated Show resolved Hide resolved

achamayou added 6 commits June 21, 2024 15:11

Merge branch 'main' into timestamped_user_cose_sign1

3fed2ef

More detailed options

ec437c2

Fix e2e logging test

db3c221

Comment other tests back in

db1538b

record_action_details_for_audit_v1

4a2885a

changelog

bdf1549

achamayou marked this pull request as ready for review June 24, 2024 14:51

achamayou requested a review from a team June 24, 2024 14:51

eddyashton reviewed Jun 24, 2024

View reviewed changes

samples/apps/programmability/programmability.cpp Outdated Show resolved Hide resolved

eddyashton reviewed Jun 24, 2024

View reviewed changes

src/endpoints/authentication/cose_auth.cpp Outdated Show resolved Hide resolved

eddyashton reviewed Jun 24, 2024

View reviewed changes

include/ccf/js/registry.h Outdated Show resolved Hide resolved

include/ccf/js/registry.h Outdated Show resolved Hide resolved

achamayou added 3 commits June 24, 2024 15:40

Address review comments

c224102

Merge remote-tracking branch 'upstream/main' into timestamped_user_co…

9bd5ba7

…se_sign1

Naming is the hardest thing we do

e93e280

achamayou commented Jun 24, 2024

View reviewed changes

include/ccf/base_endpoint_registry.h Show resolved Hide resolved

achamayou requested a review from eddyashton June 24, 2024 17:57

achamayou added 2 commits June 25, 2024 08:55

Merge branch 'main' into timestamped_user_cose_sign1

dc8bbb5

Merge branch 'main' into timestamped_user_cose_sign1

bade802

eddyashton approved these changes Jun 26, 2024

View reviewed changes

achamayou merged commit 7768480 into microsoft:main Jun 26, 2024
21 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mandate that signed payloads are endpoint-specific and timestamped in Programmability sample #6285

Mandate that signed payloads are endpoint-specific and timestamped in Programmability sample #6285

achamayou commented Jun 21, 2024 •

edited

Loading

Mandate that signed payloads are endpoint-specific and timestamped in Programmability sample #6285

Mandate that signed payloads are endpoint-specific and timestamped in Programmability sample #6285

Conversation

achamayou commented Jun 21, 2024 • edited Loading

achamayou commented Jun 21, 2024 •

edited

Loading