Allow checking OIDC token signatures #1071

znewman01 · 2023-03-17T21:39:21Z

Thanks to @EthanHeilman for the idea and sketch of how it might work.

Proof of concept plan:

Write/find code for GQ signatures which can be used as a (non-interactive) zero-knowledge proof of knowledge of a valid RSA signature.
When Fulcio gets a JWT and populates the corresponding X.509 extensions, add a new extension for the JWT header/body and copy the raw bytes through. Also create a ZKPoK for the RSA signature over the JWT.
In the client, in addition to checking the Fulcio cert chain, check the ZKPoK, and check the JWT. For now, magically assume we have the public keys for all of the OIDC providers we care about. Monitors should do this as well.

Before actually deploying we'll probably want a doc that works through things like:

Double checking security.
Privacy implications of exposing the JWT header/payload.
What do we need to check about the JWT? Seems like we'd need to replicate Fulcio's behavior exactly.
Is there a better place to stick the tokens? Do we actually want them in the certs?
How should clients get the identity providers' public keys? See OIDC public key transparency log #1055
Neat long-run extensions like Use proof-of-possession with OIDC tokens. #1056 . Could we possibly even have a Fulcio-free flow?

Proof of concept for sigstore#1071 . To test: ``` $ go run main.go serve --port 5555 --ca ephemeralca --ct-log-url="" $ ./cosign sign-blob \ ~/git/cosign --fulcio-url http://localhost:5555 \ --insecure-skip-verify \ --tlog-upload=false \ --output-certificate crt.pem.b64 \ --output-signature sig \ --yes \ /dev/null $ step certificate inspect --format json <(base64 -d crt.pem.b64) Certificate: Data: Version: 3 (0x2) Serial Number: 591924787950286913218593311682257250005470899824 (0x67aed352de3c3eb6c935b5b93f64624b80576e70) Signature Algorithm: ECDSA-SHA256 Issuer: C=USA,ST=WA,L=Kirkland,STREET=767 6th St S,POSTALCODE=98033,O=sigstore Validity Not Before: Jul 13 03:02:12 2023 UTC Not After : Jul 13 03:12:12 2023 UTC Subject: Subject Public Key Info: Public Key Algorithm: ECDSA Public-Key: (256 bit) X: 5d:00:66:db:8e:01:2d:7a:51:26:b6:96:65:ad:fd: 66:28:db:c4:10:fd:6c:7e:b7:74:be:7e:38:c4:e8: bc:4d Y: df:ad:e0:e4:fa:94:d9:36:81:0e:96:77:31:13:bc: 13:ea:04:69:4c:4e:a0:62:1b:98:8c:1c:d3:f0:13: 3d:31 Curve: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: Code Signing X509v3 Subject Key Identifier: 22:47:23:46:A6:C4:8A:FE:DD:1E:E3:A0:39:B6:98:5B:13:61:83:B4 X509v3 Authority Key Identifier: keyid:93:54:F8:AF:1B:DC:2B:C2:71:FB:8F:E7:70:5F:08:86:14:AA:3B:79 X509v3 Subject Alternative Name: critical email:[email protected] Sigstore OIDC Issuer: https://accounts.google.com 1.3.6.1.4.1.57264.1.8: ..https://accounts.google.com 1.3.9901: ....eyJhbGciOiJSUzI1NiIsImtpZCI6ImEzNDUzNjE0YzVkOThhYThiNzQyYjJiYTVhZTFjNTY2NzFmYjgyYWYifQ.eyJpc3MiOiJodHRwczovL29hdXRoMi5zaWdzdG9yZS5kZXYvYXV0aCIsInN1YiI6IkNoVXhNVGd5TnpFek1qSTFNVFV6TmpFeE1EazJNekVTSDJoMGRIQnpPaVV5UmlVeVJtRmpZMjkxYm5SekxtZHZiMmRzWlM1amIyMCIsImF1ZCI6InNpZ3N0b3JlIiwiZXhwIjoxNjg5MjE3MzkyLCJpYXQiOjE2ODkyMTczMzIsIm5vbmNlIjoiMlNWMkdOdDRtV2t6STE1Wk5FZ0dTU3FMbHVCIiwiYXRfaGFzaCI6InZET1lZbnRlX0c4RkNGOFgxSnlqMHciLCJjX2hhc2giOiJJQkNJRmRLVUl3dnpxX290TjZBREZ3IiwiZW1haWwiOiJ6am5AY2hhaW5ndWFyZC5kZXYiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmVkZXJhdGVkX2NsYWltcyI6eyJjb25uZWN0b3JfaWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJ1c2VyX2lkIjoiMTE4MjcxMzIyNTE1MzYxMTA5NjMxIn19 1.3.9902: ....{"Data":{"Round1":{"Pub":{"N":28070169755581386667437819450594913842446058566312248362488431550452327180771668694566958982231153239223207750514843228889849138467821049164767718727244839495922422496304381549328654085511887755075971204801723207114576081583911873129739320162443294174496792029835924675740072553464008368490661565630606061935141754560520595862703723981716412325623767556613166179401496695829458751124848584649668298938416237727401130044300603750914600510582900320509286362001468253982253031417502341212077586248942527869541614414254482042263206306154518897469365521680684942548823841919122471527179903649562711489277652019751462647739,"V":65537,"X":986236757547332986472011617696226561292849812918563355472727826767720188564083584387121625107510786855734801053524719833194566624465665316622563244215340671405971599343902468620306327831715457360719532421388780770165778156818229863337344187575566725786793391480600129482653072861971002459947277805295727097226389568776499707662505334062639449916265137796823793276300221537201727072401742985542559596685092673521228140822200236743113743661549252453726123450722876929538747702356573783116197523966334991563351853851212597377279504828784737035057630632270649616902422974306504680292018366321657348804190525202425699},"Msg1":{"T":2351076426232626148752483123315923449891310622328956880091101853373383247112012179424044324821006974774293124100582355517074320400151805903752206752519359906866266355131814824142359891140408021169969026923603493083607859590541997601652785145556988411763394573993032192436328983449099723590584914539545744196468848429652503889874096862905913537056029653464052940400576470910836246301669489448525151467864234919761978720209173001593225591389889308142322072838320986145158317496860440927831452769413779581145703178021032034600819119398863254219505712692893599595889886210602693471576404593924841607524137029909992803963}},"D":83,"Msg2":{"T":18959599301938102359557306258727591685947268304912402802229111659306878630842974344671290933616860374219837425749602925125131463212045780964350522234550666883161207109290182944695295226265223633341170476623254934623340647216243823514191972880710976273840382028518009858687372256758231291478829745548537842205646651604955581491737928734515931900834419145338861082397683997577789545907136662845403488217686102159618500589437050379925691843568643952251864205297536417828150834590850305495292849471744452792814804441968742070796386634978604153177013805125605023745430986337734931444997274902771795258148120953054587602138}}} Signature Algorithm: ECDSA-SHA256 30:45:02:21:00:eb:bc:81:81:fa:2d:c2:d5:15:04:58:15:d7: fa:97:9f:15:5a:ca:59:2f:e4:7f:6f:80:28:24:79:81:4b:48: c9:02:20:02:52:c1:e3:ea:16:ef:41:5c:a6:6d:54:1f:15:b5: 5f:30:ae:12:0f:58:df:87:04:c3:e8:6d:79:5d:e8:03:6d ``` In particular, look for the `1.3.9001` and `1.3.9002` extensions above, which now embed (respectively) a JWT token header/body (no signature!) and a GQ proof-of-knowledge-of-signature. This change includes: - Reimplementing RSA signature validation for JWTs. - Turning RSA signatures for JWTs into GQ proofs-of-knowledge-of-signatures. Involves implementing GQ scheme manually, along with a probably-insecure implementation of the Fiat-Shamir transform. - Adding the JWT and GQ proof into the certificate. This is crammed in awkardly, doing inefficient things like re-fetching the JWKs (and hard-coding the JWK URL for the issuer used for testing).

znewman01 · 2023-07-13T03:36:24Z

FYI I have implemented a proof of concept in Fulcio ( znewman01#2 ) and Cosign ( znewman01/cosign#118 ). Both janky but seem to work!

znewman01 · 2023-08-14T16:39:13Z

Seems like there's movement on selective disclosure for JWTs: https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-02.html

They do some nifty tricks to make sure that there's format-compatibility. But it's still a pretty big shift and clients need to be SD-JWT aware before these are useful. Fulcio would be a great candidate client.

hectorj2f · 2023-11-20T22:56:41Z

@haydentherapper @bobcallaway @priyawadhwa Is there any intention to adopt this approach in the future ? It'd be to use zero knowledge proofs within sigstore.

haydentherapper · 2023-11-21T08:25:44Z

This is super neat work, but there’s a few things to consider before pursuing this further:

we need to consider the threat model and address if ZKP actually solves a threat. You’re trusting the identity provider still. You have less trust in the CA since it can only embed a valid identity token, but we already write certs to a transparency log to make issuance auditable.
there are privacy concerns with having to embed the entire identity token.
Verifying old token signatures is hard/impossible to do without maintaining a history of keys, this has been discussed more on other blog posts.
the proposed prototype works only with RSA, which is not sigstores default scheme. Also, this is not forward looking as we start investigating post quantum, and I would rather not invest a bunch to have it be broken in PQC.
novel crypto implementations would require significant review before it can be integrated.
selective disclosure requires IDPs to change, which is unlikely.

I do want to see this work explored more!

znewman01 added the enhancement New feature or request label Mar 17, 2023

znewman01 mentioned this issue Jul 13, 2023

Add GQ proofs-of-authentication. znewman01/fulcio#2

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow checking OIDC token signatures #1071

Allow checking OIDC token signatures #1071

znewman01 commented Mar 17, 2023

znewman01 commented Jul 13, 2023

znewman01 commented Aug 14, 2023

hectorj2f commented Nov 20, 2023

haydentherapper commented Nov 21, 2023

Allow checking OIDC token signatures #1071

Allow checking OIDC token signatures #1071

Comments

znewman01 commented Mar 17, 2023

znewman01 commented Jul 13, 2023

znewman01 commented Aug 14, 2023

hectorj2f commented Nov 20, 2023

haydentherapper commented Nov 21, 2023