Skip to content

Commit

Permalink
Refactor JceMasterKey to extract logic to be shared by raw keyrings.
Browse files Browse the repository at this point in the history 
*Issue #, if available:* #102

*Description of changes:*

In anticipation of the RawAesKeyring and RawRsaKeyring needing logic currently embedded in the JceMasterKey, this change extracts that logic into the JceKeyCipher class so it may be shared.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.
  • Loading branch information
@WesleyRosenblum
WesleyRosenblum committed Nov 1, 2019
1 parent 47fe973 commit 93f9691
Show file tree
Hide file tree
Showing 4 changed files with 377 additions and 243 deletions.
93 changes: 93 additions & 0 deletions src/main/java/com/amazonaws/encryptionsdk/internal/AesGcmJceKeyCipher.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
/*
* Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
* in compliance with the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/

package com.amazonaws.encryptionsdk.internal;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Map;

/**
* A JceKeyCipher based on the Advanced Encryption Standard in Galois/Counter Mode.
*/
class AesGcmJceKeyCipher extends JceKeyCipher {
private static final int NONCE_LENGTH = 12;
private static final int TAG_LENGTH = 128;
private static final String TRANSFORMATION = "AES/GCM/NoPadding";
private final SecureRandom rnd = new SecureRandom();

AesGcmJceKeyCipher(SecretKey key) {
super(key, key);
}

private static byte[] specToBytes(final GCMParameterSpec spec) {
final byte[] nonce = spec.getIV();
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
try (final DataOutputStream dos = new DataOutputStream(baos)) {
dos.writeInt(spec.getTLen());
dos.writeInt(nonce.length);
dos.write(nonce);
dos.close();
baos.close();
} catch (final IOException ex) {
throw new AssertionError("Impossible exception", ex);
}
return baos.toByteArray();
}

private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) {
final ByteArrayInputStream bais = new ByteArrayInputStream(data, offset, data.length - offset);
try (final DataInputStream dis = new DataInputStream(bais)) {
final int tagLen = dis.readInt();
final int nonceLen = dis.readInt();
final byte[] nonce = new byte[nonceLen];
dis.readFully(nonce);
return new GCMParameterSpec(tagLen, nonce);
} catch (final IOException ex) {
throw new AssertionError("Impossible exception", ex);
}
}

@Override
WrappingData buildWrappingCipher(final Key key, final Map<String, String> encryptionContext)
throws GeneralSecurityException {
final byte[] nonce = new byte[NONCE_LENGTH];
rnd.nextBytes(nonce);
final GCMParameterSpec spec = new GCMParameterSpec(TAG_LENGTH, nonce);
final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
final byte[] aad = EncryptionContextSerializer.serialize(encryptionContext);
cipher.updateAAD(aad);
return new WrappingData(cipher, specToBytes(spec));
}

@Override
Cipher buildUnwrappingCipher(final Key key, final byte[] extraInfo, final int offset,
final Map<String, String> encryptionContext) throws GeneralSecurityException {
final GCMParameterSpec spec = bytesToSpec(extraInfo, offset);
final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.DECRYPT_MODE, key, spec);
final byte[] aad = EncryptionContextSerializer.serialize(encryptionContext);
cipher.updateAAD(aad);
return cipher;
}
}
144 changes: 144 additions & 0 deletions src/main/java/com/amazonaws/encryptionsdk/internal/JceKeyCipher.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
/*
* Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
* in compliance with the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/

package com.amazonaws.encryptionsdk.internal;

import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.EncryptedDataKey;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.model.KeyBlob;
import org.apache.commons.lang3.ArrayUtils;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;

import static org.apache.commons.lang3.Validate.notNull;

/**
* Abstract class for encrypting and decrypting JCE data keys.
*/
public abstract class JceKeyCipher {

private final Key wrappingKey;
private final Key unwrappingKey;
private static final Charset KEY_NAME_ENCODING = StandardCharsets.UTF_8;

/**
* Returns a new instance of a JceKeyCipher based on the
* Advanced Encryption Standard in Galois/Counter Mode.
*
* @param secretKey The secret key to use for encrypt/decrypt operations.
* @return The JceKeyCipher.
*/
public static JceKeyCipher aesGcm(SecretKey secretKey) {
return new AesGcmJceKeyCipher(secretKey);
}

/**
* Returns a new instance of a JceKeyCipher based on RSA.
*
* @param wrappingKey The public key to use for encrypting the key.
* @param unwrappingKey The private key to use for decrypting the key.
* @param transformation The transformation.
* @return The JceKeyCipher.
*/
public static JceKeyCipher rsa(PublicKey wrappingKey, PrivateKey unwrappingKey, String transformation) {
return new RsaJceKeyCipher(wrappingKey, unwrappingKey, transformation);
}

JceKeyCipher(Key wrappingKey, Key unwrappingKey) {
notNull(wrappingKey, "wrappingKey is required");
notNull(wrappingKey, "unwrappingKey is required");

this.wrappingKey = wrappingKey;
this.unwrappingKey = unwrappingKey;
}

abstract WrappingData buildWrappingCipher(Key key, Map<String, String> encryptionContext) throws GeneralSecurityException;

abstract Cipher buildUnwrappingCipher(Key key, byte[] extraInfo, int offset,
Map<String, String> encryptionContext) throws GeneralSecurityException;


/**
* Encrypts the given key, incorporating the given keyName and encryptionContext.
* @param key The key to encrypt.
* @param keyName A UTF-8 encoded representing a name for the key.
* @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
* during encryption and decryption to provide additional authenticated data (AAD).
* @return The encrypted data key.
*/
public EncryptedDataKey encryptKey(final Key key, final String keyName,
final Map<String, String> encryptionContext) {

final byte[] keyBytes = key.getEncoded();
final byte[] keyNameBytes = keyName.getBytes(KEY_NAME_ENCODING);

try {
final JceKeyCipher.WrappingData wData = buildWrappingCipher(wrappingKey, encryptionContext);
final Cipher cipher = wData.cipher;
final byte[] encryptedKey = cipher.doFinal(keyBytes);

final byte[] provInfo = new byte[keyNameBytes.length + wData.extraInfo.length];
System.arraycopy(keyNameBytes, 0, provInfo, 0, keyNameBytes.length);
System.arraycopy(wData.extraInfo, 0, provInfo, keyNameBytes.length, wData.extraInfo.length);

return new KeyBlob(keyName, provInfo, encryptedKey);
} catch (final GeneralSecurityException gsex) {
throw new AwsCryptoException(gsex);
}
}

/**
* Decrypts the given encrypted data key.
*
* @param algorithm The algorithm that encrypted the data key.
* @param edk The encrypted data key.
* @param keyName A UTF-8 encoded representing a name for the key.
* @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
* during encryption and decryption to provide additional authenticated data (AAD).
* @return The decrypted key.
* @throws GeneralSecurityException If a problem occurred decrypting the key.
*/
public KeyBlob decryptKey(final CryptoAlgorithm algorithm, final EncryptedDataKey edk, final String keyName,
final Map<String, String> encryptionContext) throws GeneralSecurityException {
final byte[] keyNameBytes = keyName.getBytes(KEY_NAME_ENCODING);

final Cipher cipher = buildUnwrappingCipher(unwrappingKey, edk.getProviderInformation(),
keyNameBytes.length, encryptionContext);
final byte[] rawKey = cipher.doFinal(edk.getEncryptedDataKey());
if (rawKey.length != algorithm.getDataKeyLength()) {
// Something's wrong here. Assume that the decryption is invalid.
return null;
}

return new KeyBlob(edk.getProviderId(), edk.getProviderInformation(), rawKey);
}

static class WrappingData {
public final Cipher cipher;
public final byte[] extraInfo;

WrappingData(final Cipher cipher, final byte[] extraInfo) {
this.cipher = cipher;
this.extraInfo = extraInfo != null ? extraInfo : ArrayUtils.EMPTY_BYTE_ARRAY;
}
}
}
110 changes: 110 additions & 0 deletions src/main/java/com/amazonaws/encryptionsdk/internal/RsaJceKeyCipher.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
/*
* Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
* in compliance with the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/

package com.amazonaws.encryptionsdk.internal;

import org.apache.commons.lang3.ArrayUtils;

import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.Map;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
* A JceKeyCipher based on RSA.
*/
class RsaJceKeyCipher extends JceKeyCipher {

private static final Logger LOGGER = Logger.getLogger(RsaJceKeyCipher.class.getName());
// MGF1 with SHA-224 isn't really supported, but we include it in the regex because we need it
// for proper handling of the algorithm.
private static final Pattern SUPPORTED_TRANSFORMATIONS =
Pattern.compile("RSA/ECB/(?:PKCS1Padding|OAEPWith(SHA-(?:1|224|256|384|512))AndMGF1Padding)",
Pattern.CASE_INSENSITIVE);
private final AlgorithmParameterSpec parameterSpec_;
private final String transformation_;

RsaJceKeyCipher(PublicKey wrappingKey, PrivateKey unwrappingKey, String transformation) {
super(wrappingKey, unwrappingKey);

final Matcher matcher = SUPPORTED_TRANSFORMATIONS.matcher(transformation);
if (matcher.matches()) {
final String hashUnknownCase = matcher.group(1);
if (hashUnknownCase != null) {
// OAEP mode a.k.a PKCS #1v2
final String hash = hashUnknownCase.toUpperCase();
transformation_ = "RSA/ECB/OAEPPadding";

final MGF1ParameterSpec mgf1Spec;
switch (hash) {
case "SHA-1":
mgf1Spec = MGF1ParameterSpec.SHA1;
break;
case "SHA-224":
LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
mgf1Spec = MGF1ParameterSpec.SHA224;
break;
case "SHA-256":
mgf1Spec = MGF1ParameterSpec.SHA256;
break;
case "SHA-384":
mgf1Spec = MGF1ParameterSpec.SHA384;
break;
case "SHA-512":
mgf1Spec = MGF1ParameterSpec.SHA512;
break;
default:
throw new IllegalArgumentException("Unsupported algorithm: " + transformation);
}
parameterSpec_ = new OAEPParameterSpec(hash, "MGF1", mgf1Spec, PSource.PSpecified.DEFAULT);
} else {
// PKCS #1 v1.x
transformation_ = transformation;
parameterSpec_ = null;
}
} else {
LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
// Unsupported transformation, just use exactly what we are given
transformation_ = transformation;
parameterSpec_ = null;
}
}

@Override
WrappingData buildWrappingCipher(Key key, Map<String, String> encryptionContext) throws GeneralSecurityException {
final Cipher cipher = Cipher.getInstance(transformation_);
cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec_);
return new WrappingData(cipher, ArrayUtils.EMPTY_BYTE_ARRAY);
}

@Override
Cipher buildUnwrappingCipher(Key key, byte[] extraInfo, int offset, Map<String, String> encryptionContext) throws GeneralSecurityException {
if (extraInfo.length != offset) {
throw new IllegalArgumentException("Extra info must be empty for RSA keys");
}
// We require BouncyCastle to avoid some bugs in the default Java implementation
// of OAEP.
final Cipher cipher = Cipher.getInstance(transformation_);
cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec_);
return cipher;
}
}
Loading

0 comments on commit 93f9691

Please sign in to comment.