Merge branch 'master' into update-deprecated-api-flags

Author: lizroth

.gitignore

@@ -5,3 +5,4 @@ target/
 .classpath
 /bin/
 .idea/
+*.iml

.travis.yml

@@ -6,6 +6,6 @@ jdk:
   - openjdk11
   - oraclejdk8
   - oraclejdk9
-script: mvn install -Dgpg.skip=true
+script: mvn install -Dgpg.skip=true '-DtestVectorZip=https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-1.3.8.zip'
 sudo: false
 dist: trusty

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 1.6.1 -- Unreleased
+### Maintenance
+* Add support for standard test vectors via `testVectorZip` system property.
+* No longer require use of BouncyCastle with RSA `JceMasterKey`s
+
 ## 1.6.0 -- 2019-05-31
 
 ### Minor Changes

pom.xml

@@ -156,7 +156,7 @@
                         <extensions>true</extensions>
                         <configuration>
                             <serverId>sonatype-nexus-staging</serverId>
-                            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+                            <nexusUrl>https://aws.oss.sonatype.org</nexusUrl>
                         </configuration>
                     </plugin>
                 </plugins>

src/main/java/com/amazonaws/encryptionsdk/ParsedCiphertext.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * 
+ * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
  * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
  * in compliance with the License. A copy of the License is located at
- * 
+ *
  * http://aws.amazon.com/apache2.0
- * 
+ *
  * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
@@ -15,6 +15,7 @@
 
 import com.amazonaws.encryptionsdk.internal.Utils;
 import com.amazonaws.encryptionsdk.model.CiphertextHeaders;
+import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
@@ -36,6 +37,9 @@ public class ParsedCiphertext extends CiphertextHeaders {
     public ParsedCiphertext(final byte[] ciphertext) {
         ciphertext_ = Utils.assertNonNull(ciphertext, "ciphertext");
         offset_ = deserialize(ciphertext_, 0);
+        if (!this.isComplete()) {
+          throw new BadCiphertextException("Incomplete ciphertext.");
+        }
     }
 
     /**

src/main/java/com/amazonaws/encryptionsdk/jce/JceMasterKey.java

@@ -24,17 +24,22 @@
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 import javax.crypto.spec.SecretKeySpec;
 
 import com.amazonaws.encryptionsdk.CryptoAlgorithm;
@@ -237,17 +242,58 @@ public WrappingData(final Cipher cipher, final byte[] extraInfo) {
     }
 
     private static class Rsa extends JceMasterKey {
+        // MGF1 with SHA-224 isn't really supported, but we include it in the regex because we need it
+        // for proper handling of the algorithm.
         private static final Pattern SUPPORTED_TRANSFORMATIONS =
-            Pattern.compile("RSA/ECB/(?:PKCS1Padding|OAEPWithSHA-(?:1|256|384|512)AndMGF1Padding)",
+            Pattern.compile("RSA/ECB/(?:PKCS1Padding|OAEPWith(SHA-(?:1|224|256|384|512))AndMGF1Padding)",
                     Pattern.CASE_INSENSITIVE);
+        private final AlgorithmParameterSpec parameterSpec_;
         private final String transformation_;
 
         private Rsa(PublicKey wrappingKey, PrivateKey unwrappingKey, String providerName, String keyId,
                 String transformation) {
             super(wrappingKey, unwrappingKey, providerName, keyId);
-            transformation_ = transformation;
-            if (!SUPPORTED_TRANSFORMATIONS.matcher(transformation_).matches()) {
-                LOGGER.warning(transformation_ + " is not officially supported by the JceMasterKey");
+
+            final Matcher matcher = SUPPORTED_TRANSFORMATIONS.matcher(transformation);
+            if (matcher.matches()) {
+                final String hashUnknownCase = matcher.group(1);
+                if (hashUnknownCase != null) {
+                    // OAEP mode a.k.a PKCS #1v2
+                    final String hash = hashUnknownCase.toUpperCase();
+                    transformation_ = "RSA/ECB/OAEPPadding";
+
+                    final MGF1ParameterSpec mgf1Spec;
+                    switch (hash) {
+                        case "SHA-1":
+                            mgf1Spec = MGF1ParameterSpec.SHA1;
+                            break;
+                        case "SHA-224":
+                            LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
+                            mgf1Spec = MGF1ParameterSpec.SHA224;
+                            break;
+                        case "SHA-256":
+                            mgf1Spec = MGF1ParameterSpec.SHA256;
+                            break;
+                        case "SHA-384":
+                            mgf1Spec = MGF1ParameterSpec.SHA384;
+                            break;
+                        case "SHA-512":
+                            mgf1Spec = MGF1ParameterSpec.SHA512;
+                            break;
+                        default:
+                            throw new IllegalArgumentException("Unsupported algorithm: " + transformation);
+                    }
+                    parameterSpec_ = new OAEPParameterSpec(hash, "MGF1", mgf1Spec, PSource.PSpecified.DEFAULT);
+                } else {
+                    // PKCS #1 v1.x
+                    transformation_ = transformation;
+                    parameterSpec_ = null;
+                }
+            } else {
+                LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
+                // Unsupported transformation, just use exactly what we are given
+                transformation_ = transformation;
+                parameterSpec_ = null;
             }
         }
 
@@ -256,8 +302,8 @@ protected WrappingData buildWrappingCipher(Key key, Map<String, String> encrypti
                 throws GeneralSecurityException {
             // We require BouncyCastle to avoid some bugs in the default Java implementation
             // of OAEP.
-            final Cipher cipher = Cipher.getInstance(transformation_, "BC");
-            cipher.init(Cipher.ENCRYPT_MODE, key);
+            final Cipher cipher = Cipher.getInstance(transformation_);
+            cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec_);
             return new WrappingData(cipher, EMPTY_ARRAY);
         }
 
@@ -269,8 +315,8 @@ protected Cipher buildUnwrappingCipher(Key key, byte[] extraInfo, int offset,
             }
             // We require BouncyCastle to avoid some bugs in the default Java implementation
             // of OAEP.
-            final Cipher cipher = Cipher.getInstance(transformation_, "BC");
-            cipher.init(Cipher.DECRYPT_MODE, key);
+            final Cipher cipher = Cipher.getInstance(transformation_);
+            cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec_);
             return cipher;
         }
     }

src/main/java/com/amazonaws/encryptionsdk/model/CiphertextHeaders.java

@@ -30,6 +30,7 @@
 import com.amazonaws.encryptionsdk.internal.Constants;
 import com.amazonaws.encryptionsdk.internal.EncryptionContextSerializer;
 import com.amazonaws.encryptionsdk.internal.PrimitivesParser;
+import com.amazonaws.encryptionsdk.internal.VersionInfo;
 
 /**
  * This class implements the headers for the message (ciphertext) produced by
@@ -179,6 +180,9 @@ public Boolean isComplete() {
      */
     private int parseVersion(final byte[] b, final int off) throws ParseException {
         version_ = PrimitivesParser.parseByte(b, off);
+        if (version_ != VersionInfo.CURRENT_CIPHERTEXT_VERSION) {
+            throw new BadCiphertextException("Invalid version ");
+        }
         return 1;
     }
 

src/test/java/com/amazonaws/encryptionsdk/AllTestsSuite.java

@@ -46,6 +46,7 @@
         AwsCryptoTest.class,
         CryptoInputStreamTest.class,
         CryptoOutputStreamTest.class,
+        TestVectorRunner.class,
         XCompatDecryptTest.class,
         DefaultCryptoMaterialsManagerTest.class,
         NullCryptoMaterialsCacheTest.class,

src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
+ * in compliance with the License. A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.amazonaws.encryptionsdk;
+
+import com.amazonaws.encryptionsdk.internal.StaticMasterKey;
+import com.amazonaws.encryptionsdk.internal.VersionInfo;
+import com.amazonaws.encryptionsdk.model.CiphertextHeaders;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Arrays;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.spy;
+
+public class ParsedCiphertextTest extends CiphertextHeaders {
+    private StaticMasterKey masterKeyProvider;
+    private AwsCrypto encryptionClient_;
+
+    @Before
+    public void init() {
+        masterKeyProvider = spy(new StaticMasterKey("testmaterial"));
+
+        encryptionClient_ = new AwsCrypto();
+        encryptionClient_.setEncryptionAlgorithm(CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256);
+    }
+
+    @Test()
+    public void goodParsedCiphertext() {
+        final int byteSize = 0;
+        final int frameSize = 0;
+        final byte[] plaintextBytes = new byte[byteSize];
+
+        final Map<String, String> encryptionContext = new HashMap<String, String>(1);
+        encryptionContext.put("ENC1", "ParsedCiphertext test with %d" + byteSize);
+
+        encryptionClient_.setEncryptionFrameSize(frameSize);
+
+        final byte[] cipherText = encryptionClient_.encryptData(
+                masterKeyProvider,
+                plaintextBytes,
+                encryptionContext).getResult();
+        final ParsedCiphertext pCt = new ParsedCiphertext(cipherText);
+
+        assertNotNull(pCt.getCiphertext());
+        assertTrue(pCt.getOffset() > 0);
+    }
+
+    @Test(expected = BadCiphertextException.class)
+    public void incompleteZeroByteCiphertext() {
+        final byte[] cipherText = {};
+        ParsedCiphertext pCt = new ParsedCiphertext(cipherText);
+    }
+
+    @Test(expected = BadCiphertextException.class)
+    public void incompleteSingleByteCiphertext() {
+        final byte[] cipherText = {VersionInfo.CURRENT_CIPHERTEXT_VERSION};
+        ParsedCiphertext pCt = new ParsedCiphertext(cipherText);
+    }
+
+    @Test(expected = BadCiphertextException.class)
+    public void incompleteCiphertext() {
+        final int byteSize = 0;
+        final int frameSize = 0;
+        final byte[] plaintextBytes = new byte[byteSize];
+
+        final Map<String, String> encryptionContext = new HashMap<String, String>(1);
+        encryptionContext.put("ENC1", "ParsedCiphertext test with %d" + byteSize);
+
+        encryptionClient_.setEncryptionFrameSize(frameSize);
+
+        final byte[] cipherText = encryptionClient_.encryptData(
+                masterKeyProvider,
+                plaintextBytes,
+                encryptionContext).getResult();
+        ParsedCiphertext pCt = new ParsedCiphertext(cipherText);
+
+        byte[] incompleteCiphertext = Arrays.copyOf(pCt.getCiphertext(), pCt.getOffset() - 1);
+        ParsedCiphertext badPCt = new ParsedCiphertext(incompleteCiphertext);
+    }
+}