Set provider ID correctly in the encrypted data key.

WesleyRosenblum · WesleyRosenblum · commit c6bd3638d6e1 · 2019-11-05T16:06:09.000-08:00
diff --git a/src/main/java/com/amazonaws/encryptionsdk/internal/AesGcmJceKeyCipher.java b/src/main/java/com/amazonaws/encryptionsdk/internal/AesGcmJceKeyCipher.java
@@ -55,17 +55,17 @@ private static byte[] specToBytes(final GCMParameterSpec spec) {
         return baos.toByteArray();
     }
 
-    private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws GeneralSecurityException {
+    private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws InvalidKeyException {
         final ByteArrayInputStream bais = new ByteArrayInputStream(data, offset, data.length - offset);
         try (final DataInputStream dis = new DataInputStream(bais)) {
             final int tagLen = dis.readInt();
             final int nonceLen = dis.readInt();
 
-            if(tagLen != TAG_LENGTH) {
+            if (tagLen != TAG_LENGTH) {
                 throw new InvalidKeyException(String.format("Authentication tag length must be %s", TAG_LENGTH));
             }
 
-            if(nonceLen != NONCE_LENGTH) {
+            if (nonceLen != NONCE_LENGTH) {
                 throw new InvalidKeyException(String.format("Initialization vector (IV) length must be %s", NONCE_LENGTH));
             }
 
diff --git a/src/main/java/com/amazonaws/encryptionsdk/internal/JceKeyCipher.java b/src/main/java/com/amazonaws/encryptionsdk/internal/JceKeyCipher.java
@@ -75,11 +75,12 @@ abstract Cipher buildUnwrappingCipher(Key key, byte[] extraInfo, int offset,
      * Encrypts the given key, incorporating the given keyName and encryptionContext.
      * @param key The key to encrypt.
      * @param keyName A UTF-8 encoded representing a name for the key.
+     * @param keyNamespace A UTF-8 encoded value that namespaces the key.
      * @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
      *                         during encryption and decryption to provide additional authenticated data (AAD).
      * @return The encrypted data key.
      */
-    public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
+    public EncryptedDataKey encryptKey(final byte[] key, final String keyName, final String keyNamespace,
                                        final Map<String, String> encryptionContext) {
 
         final byte[] keyNameBytes = keyName.getBytes(KEY_NAME_ENCODING);
@@ -93,7 +94,7 @@ public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
             System.arraycopy(keyNameBytes, 0, provInfo, 0, keyNameBytes.length);
             System.arraycopy(wData.extraInfo, 0, provInfo, keyNameBytes.length, wData.extraInfo.length);
 
-            return new KeyBlob(keyName, provInfo, encryptedKey);
+            return new KeyBlob(keyNamespace, provInfo, encryptedKey);
         } catch (final GeneralSecurityException gsex) {
             throw new AwsCryptoException(gsex);
         }
@@ -103,7 +104,7 @@ public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
      * Decrypts the given encrypted data key.
      *
      * @param edk The encrypted data key.
-     * @param keyName A UTF-8 encoded representing a name for the key.
+     * @param keyName A UTF-8 encoded String representing a name for the key.
      * @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
      *                          during encryption and decryption to provide additional authenticated data (AAD).
      * @return The decrypted key.
diff --git a/src/main/java/com/amazonaws/encryptionsdk/jce/JceMasterKey.java b/src/main/java/com/amazonaws/encryptionsdk/jce/JceMasterKey.java
@@ -111,7 +111,7 @@ public DataKey<JceMasterKey> generateDataKey(final CryptoAlgorithm algorithm,
             final Map<String, String> encryptionContext) {
         final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
         rnd.nextBytes(rawKey);
-        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, encryptionContext);
+        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, providerName_, encryptionContext);
         return new DataKey<>(new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),
                 encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
     }
@@ -129,7 +129,7 @@ public DataKey<JceMasterKey> encryptDataKey(final CryptoAlgorithm algorithm,
             throw new IllegalArgumentException("Incorrect key algorithm. Expected " + key.getAlgorithm()
                     + " but got " + algorithm.getKeyAlgo());
         }
-        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, encryptionContext);
+        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, providerName_, encryptionContext);
         return new DataKey<>(key, encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -55,17 +55,17 @@ private static byte[] specToBytes(final GCMParameterSpec spec) {`
`55`	`55`	`return baos.toByteArray();`
`56`	`56`	`}`
`57`	`57`
`58`		`- private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws GeneralSecurityException {`
	`58`	`+ private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws InvalidKeyException {`
`59`	`59`	`final ByteArrayInputStream bais = new ByteArrayInputStream(data, offset, data.length - offset);`
`60`	`60`	`try (final DataInputStream dis = new DataInputStream(bais)) {`
`61`	`61`	`final int tagLen = dis.readInt();`
`62`	`62`	`final int nonceLen = dis.readInt();`
`63`	`63`
`64`		`- if(tagLen != TAG_LENGTH) {`
	`64`	`+ if (tagLen != TAG_LENGTH) {`
`65`	`65`	`throw new InvalidKeyException(String.format("Authentication tag length must be %s", TAG_LENGTH));`
`66`	`66`	`}`
`67`	`67`
`68`		`- if(nonceLen != NONCE_LENGTH) {`
	`68`	`+ if (nonceLen != NONCE_LENGTH) {`
`69`	`69`	`throw new InvalidKeyException(String.format("Initialization vector (IV) length must be %s", NONCE_LENGTH));`
`70`	`70`	`}`
`71`	`71`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ public DataKey<JceMasterKey> generateDataKey(final CryptoAlgorithm algorithm,`
`111`	`111`	`final Map<String, String> encryptionContext) {`
`112`	`112`	`final byte[] rawKey = new byte[algorithm.getDataKeyLength()];`
`113`	`113`	`rnd.nextBytes(rawKey);`
`114`		`- EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, encryptionContext);`
	`114`	`+ EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, providerName_, encryptionContext);`
`115`	`115`	`return new DataKey<>(new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),`
`116`	`116`	`encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);`
`117`	`117`	`}`
`@@ -129,7 +129,7 @@ public DataKey<JceMasterKey> encryptDataKey(final CryptoAlgorithm algorithm,`
`129`	`129`	`throw new IllegalArgumentException("Incorrect key algorithm. Expected " + key.getAlgorithm()`
`130`	`130`	`+ " but got " + algorithm.getKeyAlgo());`
`131`	`131`	`}`
`132`		`- EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, encryptionContext);`
	`132`	`+ EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, providerName_, encryptionContext);`
`133`	`133`	`return new DataKey<>(key, encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);`
`134`	`134`	`}`
`135`	`135`