feat: Introduce delayed authentication (#23)

* Introduce delayed authentication:

* Rename enableLegacyModes option to enableUnauthenticatedLegacyModes
* Adds a new configuration option for delayedAuthenticationMode and
  provides it to the GetDecryptedObjectPipeline
* Refactors ContentDecryptionStrategy and its consumers to always use
  InputStream for ciphertext. For the existing implementations, the
  logic to buffer this stream into an array has been encapsulated in
  the content decryption strategies

Author: kessplas

src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java

@@ -36,12 +36,14 @@ public class S3EncryptionClient implements S3Client {
 
     private final S3Client _wrappedClient;
     private final CryptographicMaterialsManager _cryptoMaterialsManager;
-    private final boolean _enableLegacyModes;
+    private final boolean _enableLegacyUnauthenticatedModes;
+    private final boolean _enableDelayedAuthenticationMode;
 
     private S3EncryptionClient(Builder builder) {
         _wrappedClient = builder._wrappedClient;
         _cryptoMaterialsManager = builder._cryptoMaterialsManager;
-        _enableLegacyModes = builder._enableLegacyModes;
+        _enableLegacyUnauthenticatedModes = builder._enableLegacyUnauthenticatedModes;
+        _enableDelayedAuthenticationMode = builder._enableDelayedAuthenticationMode;
     }
 
     public static Builder builder() {
@@ -74,7 +76,8 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
         GetEncryptedObjectPipeline pipeline = GetEncryptedObjectPipeline.builder()
                 .s3Client(_wrappedClient)
                 .cryptoMaterialsManager(_cryptoMaterialsManager)
-                .enableLegacyModes(_enableLegacyModes)
+                .enableLegacyUnauthenticatedModes(_enableLegacyUnauthenticatedModes)
+                .enableDelayedAuthentication(_enableDelayedAuthenticationMode)
                 .build();
 
         return pipeline.getObject(getObjectRequest, responseTransformer);
@@ -97,7 +100,8 @@ public static class Builder {
         private SecretKey _aesKey;
         private PartialRsaKeyPair _rsaKeyPair;
         private String _kmsKeyId;
-        private boolean _enableLegacyModes = false;
+        private boolean _enableLegacyUnauthenticatedModes = false;
+        private boolean _enableDelayedAuthenticationMode = false;
 
         private Builder() {}
 
@@ -172,8 +176,13 @@ private boolean onlyOneNonNull(Object... values) {
             return haveOneNonNull;
         }
 
-        public Builder enableLegacyModes(boolean shouldEnableLegacyModes) {
-            this._enableLegacyModes = shouldEnableLegacyModes;
+        public Builder enableLegacyUnauthenticatedModes(boolean shouldEnableLegacyUnauthenticatedModes) {
+            this._enableLegacyUnauthenticatedModes = shouldEnableLegacyUnauthenticatedModes;
+            return this;
+        }
+
+        public Builder enableDelayedAuthenticationMode(boolean shouldEnableDelayedAuthenticationMode) {
+            this._enableDelayedAuthenticationMode = shouldEnableDelayedAuthenticationMode;
             return this;
         }
 
@@ -186,17 +195,17 @@ public S3EncryptionClient build() {
                 if (_aesKey != null) {
                     _keyring = AesKeyring.builder()
                             .wrappingKey(_aesKey)
-                            .enableLegacyModes(_enableLegacyModes)
+                            .enableLegacyUnauthenticatedModes(_enableLegacyUnauthenticatedModes)
                             .build();
                 } else if (_rsaKeyPair != null) {
                     _keyring = RsaKeyring.builder()
                             .wrappingKeyPair(_rsaKeyPair)
-                            .enableLegacyModes(_enableLegacyModes)
+                            .enableLegacyUnauthenticatedModes(_enableLegacyUnauthenticatedModes)
                             .build();
                 } else if (_kmsKeyId != null) {
                     _keyring = KmsKeyring.builder()
                             .wrappingKeyId(_kmsKeyId)
-                            .enableLegacyModes(_enableLegacyModes)
+                            .enableLegacyUnauthenticatedModes(_enableLegacyUnauthenticatedModes)
                             .build();
                 }
             }

src/main/java/software/amazon/encryption/s3/internal/AesGcmContentStrategy.java renamed to src/main/java/software/amazon/encryption/s3/internal/BufferedAesGcmContentStrategy.java

@@ -1,5 +1,8 @@
 package software.amazon.encryption.s3.internal;
 
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -11,6 +14,8 @@
 import javax.crypto.SecretKey;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+
+import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.encryption.s3.S3EncryptionClientException;
 import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
 import software.amazon.encryption.s3.materials.DecryptionMaterials;
@@ -19,11 +24,15 @@
 /**
  * This class will encrypt data according to the algorithm suite constants
  */
-public class AesGcmContentStrategy implements ContentEncryptionStrategy, ContentDecryptionStrategy {
+public class BufferedAesGcmContentStrategy implements ContentEncryptionStrategy, ContentDecryptionStrategy {
+
+    // 64MiB ought to be enough for most usecases
+    private final long BUFFERED_MAX_CONTENT_LENGTH_MiB = 64;
+    private final long BUFFERED_MAX_CONTENT_LENGTH_BYTES = 1024 * 1024 * BUFFERED_MAX_CONTENT_LENGTH_MiB;
 
     final private SecureRandom _secureRandom;
 
-    private AesGcmContentStrategy(Builder builder) {
+    private BufferedAesGcmContentStrategy(Builder builder) {
         this._secureRandom = builder._secureRandom;
     }
 
@@ -60,7 +69,26 @@ public EncryptedContent encryptContent(EncryptionMaterials materials, byte[] con
     }
 
     @Override
-    public byte[] decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials, byte[] ciphertext) {
+    public InputStream decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials,
+                                      InputStream ciphertextStream) {
+        // Check the size of the object. If it exceeds a predefined limit in default mode,
+        // do not buffer it into memory. Throw an exception and instruct the client to
+        // reconfigure using Delayed Authentication mode which supports decryption of
+        // large objects over an InputStream.
+        if (materials.ciphertextLength() > BUFFERED_MAX_CONTENT_LENGTH_BYTES) {
+            throw new S3EncryptionClientException(String.format("The object you are attempting to decrypt exceeds the maximum content " +
+                    "length allowed in default mode. Please enable Delayed Authentication mode to decrypt objects larger" +
+                    "than %d", BUFFERED_MAX_CONTENT_LENGTH_MiB));
+        }
+
+        // Buffer the ciphertextStream into a byte array
+        byte[] ciphertext;
+        try {
+            ciphertext = IoUtils.toByteArray(ciphertextStream);
+        } catch (IOException e) {
+            throw new S3EncryptionClientException("Unexpected exception while buffering ciphertext input stream!", e);
+        }
+
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
         SecretKey contentKey = new SecretKeySpec(materials.plaintextDataKey(), algorithmSuite.dataKeyAlgorithm());
         final int tagLength = algorithmSuite.cipherTagLengthBits();
@@ -80,7 +108,7 @@ public byte[] decryptContent(ContentMetadata contentMetadata, DecryptionMaterial
             throw new S3EncryptionClientException("Unable to " + algorithmSuite.cipherName() + " content decrypt.", e);
         }
 
-        return plaintext;
+        return new ByteArrayInputStream(plaintext);
     }
 
     public static class Builder {
@@ -93,8 +121,8 @@ public Builder secureRandom(SecureRandom secureRandom) {
             return this;
         }
 
-        public AesGcmContentStrategy build() {
-            return new AesGcmContentStrategy(this);
+        public BufferedAesGcmContentStrategy build() {
+            return new BufferedAesGcmContentStrategy(this);
         }
     }
 }

src/main/java/software/amazon/encryption/s3/internal/ContentDecryptionStrategy.java

@@ -2,7 +2,9 @@
 
 import software.amazon.encryption.s3.materials.DecryptionMaterials;
 
+import java.io.InputStream;
+
 @FunctionalInterface
 public interface ContentDecryptionStrategy {
-    byte[] decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials, byte[] ciphertext);
+    InputStream decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials, InputStream ciphertext);
 }

src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java

@@ -2,6 +2,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.Collections;
 import java.util.List;
 
@@ -30,33 +31,29 @@ public class GetEncryptedObjectPipeline {
 
     private final S3Client _s3Client;
     private final CryptographicMaterialsManager _cryptoMaterialsManager;
-    private final boolean _enableLegacyModes;
+    private final boolean _enableLegacyUnauthenticatedModes;
+    private final boolean _enableDelayedAuthentication;
 
     public static Builder builder() { return new Builder(); }
 
     private GetEncryptedObjectPipeline(Builder builder) {
         this._s3Client = builder._s3Client;
         this._cryptoMaterialsManager = builder._cryptoMaterialsManager;
-        this._enableLegacyModes = builder._enableLegacyModes;
+        this._enableLegacyUnauthenticatedModes = builder._enableLegacyUnauthenticatedModes;
+        this._enableDelayedAuthentication = builder._enableDelayedAuthentication;
     }
 
     public <T> T getObject(GetObjectRequest getObjectRequest,
             ResponseTransformer<GetObjectResponse, T> responseTransformer) {
         ResponseInputStream<GetObjectResponse> objectStream = _s3Client.getObject(
                 getObjectRequest);
-        byte[] ciphertext;
-        try {
-            ciphertext = IoUtils.toByteArray(objectStream);
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
 
         GetObjectResponse getObjectResponse = objectStream.response();
         ContentMetadata contentMetadata = ContentMetadataStrategy.decode(_s3Client, getObjectRequest, getObjectResponse);
 
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
-        if (!_enableLegacyModes && algorithmSuite.isLegacy()) {
-            throw new S3EncryptionClientException("Enable legacy modes to use legacy content encryption: " + algorithmSuite.cipherName());
+        if (!_enableLegacyUnauthenticatedModes && algorithmSuite.isLegacy()) {
+            throw new S3EncryptionClientException("Enable legacy unauthenticated modes to use legacy content decryption: " + algorithmSuite.cipherName());
         }
 
         List<EncryptedDataKey> encryptedDataKeys = Collections.singletonList(contentMetadata.encryptedDataKey());
@@ -66,33 +63,46 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
                 .algorithmSuite(algorithmSuite)
                 .encryptedDataKeys(encryptedDataKeys)
                 .encryptionContext(contentMetadata.encryptedDataKeyContext())
+                .ciphertextLength(getObjectResponse.contentLength())
                 .build();
 
         DecryptionMaterials materials = _cryptoMaterialsManager.decryptMaterials(materialsRequest);
 
-        ContentDecryptionStrategy contentDecryptionStrategy = null;
-        switch (algorithmSuite) {
-            case ALG_AES_256_CBC_IV16_NO_KDF:
-                contentDecryptionStrategy = AesCbcContentStrategy.builder().build();
-                break;
-            case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
-                contentDecryptionStrategy = AesGcmContentStrategy.builder().build();
-                break;
-        }
-        byte[] plaintext = contentDecryptionStrategy.decryptContent(contentMetadata, materials, ciphertext);
+        ContentDecryptionStrategy contentDecryptionStrategy = selectContentDecryptionStrategy(materials);
+        final InputStream plaintext = contentDecryptionStrategy.decryptContent(contentMetadata, materials, objectStream);
 
         try {
             return responseTransformer.transform(getObjectResponse,
-                    AbortableInputStream.create(new ByteArrayInputStream(plaintext)));
+                    AbortableInputStream.create(plaintext));
         } catch (Exception e) {
             throw new S3EncryptionClientException("Unable to transform response.", e);
         }
     }
 
+    private ContentDecryptionStrategy selectContentDecryptionStrategy(final DecryptionMaterials materials) {
+        switch (materials.algorithmSuite()) {
+            case ALG_AES_256_CBC_IV16_NO_KDF:
+                return AesCbcContentStrategy.builder().build();
+            case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
+                if (_enableDelayedAuthentication) {
+                    // TODO: Implement StreamingAesGcmContentStrategy
+                    throw new UnsupportedOperationException("Delayed Authentication mode using streaming AES-GCM decryption" +
+                            "is currently unsupported.");
+                } else {
+                    return BufferedAesGcmContentStrategy.builder().build();
+                }
+            default:
+                // This should never happen in practice.
+                throw new S3EncryptionClientException(String.format("No content strategy available for algorithm suite:" +
+                        " %s", materials.algorithmSuite()));
+        }
+    }
+
     public static class Builder {
         private S3Client _s3Client;
         private CryptographicMaterialsManager _cryptoMaterialsManager;
-        private boolean _enableLegacyModes;
+        private boolean _enableLegacyUnauthenticatedModes;
+        private boolean _enableDelayedAuthentication;
 
         private Builder() {}
 
@@ -106,8 +116,13 @@ public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptoMateri
             return this;
         }
 
-        public Builder enableLegacyModes(boolean enableLegacyModes) {
-            this._enableLegacyModes = enableLegacyModes;
+        public Builder enableLegacyUnauthenticatedModes(boolean enableLegacyUnauthenticatedModes) {
+            this._enableLegacyUnauthenticatedModes = enableLegacyUnauthenticatedModes;
+            return this;
+        }
+
+        public Builder enableDelayedAuthentication(boolean enableDelayedAuthentication) {
+            this._enableDelayedAuthentication = enableDelayedAuthentication;
             return this;
         }
 

src/main/java/software/amazon/encryption/s3/internal/PutEncryptedObjectPipeline.java

@@ -53,7 +53,7 @@ public static class Builder {
         private CryptographicMaterialsManager _cryptoMaterialsManager;
         // Default to AesGcm since it is the only active (non-legacy) content encryption strategy
         private ContentEncryptionStrategy _contentEncryptionStrategy =
-                AesGcmContentStrategy
+                BufferedAesGcmContentStrategy
                         .builder()
                         .build();
         private ContentMetadataEncodingStrategy _contentMetadataEncodingStrategy = ContentMetadataStrategy.OBJECT_METADATA;

src/main/java/software/amazon/encryption/s3/legacy/internal/AesCbcContentStrategy.java

@@ -1,5 +1,8 @@
 package software.amazon.encryption.s3.legacy.internal;
 
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -10,6 +13,8 @@
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+
+import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.encryption.s3.S3EncryptionClientException;
 import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
 import software.amazon.encryption.s3.internal.ContentDecryptionStrategy;
@@ -26,7 +31,16 @@ private AesCbcContentStrategy(Builder builder) {}
     public static Builder builder() { return new Builder(); }
 
     @Override
-    public byte[] decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials, byte[] ciphertext) {
+    public InputStream decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials,
+                                      InputStream ciphertextStream) {
+        // TODO: AES-CBC should always use a stream cipher.
+        byte[] ciphertext;
+        try {
+            ciphertext = IoUtils.toByteArray(ciphertextStream);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
         SecretKey contentKey = new SecretKeySpec(materials.plaintextDataKey(), algorithmSuite.dataKeyAlgorithm());
         byte[] iv = contentMetadata.contentNonce();
@@ -45,7 +59,7 @@ public byte[] decryptContent(ContentMetadata contentMetadata, DecryptionMaterial
             throw new S3EncryptionClientException("Unable to " + algorithmSuite.cipherName() + " content decrypt.", e);
         }
 
-        return plaintext;
+        return new ByteArrayInputStream(plaintext);
     }
 
     public static class Builder {

src/main/java/software/amazon/encryption/s3/materials/DecryptMaterialsRequest.java

@@ -12,12 +12,14 @@ public class DecryptMaterialsRequest {
     private final AlgorithmSuite _algorithmSuite;
     private final List<EncryptedDataKey> _encryptedDataKeys;
     private final Map<String, String> _encryptionContext;
+    private final long _ciphertextLength;
 
     private DecryptMaterialsRequest(Builder builder) {
         this._s3Request = builder._s3Request;
         this._algorithmSuite = builder._algorithmSuite;
         this._encryptedDataKeys = builder._encryptedDataKeys;
         this._encryptionContext = builder._encryptionContext;
+        this._ciphertextLength = builder._ciphertextLength;
     }
 
     static public Builder builder() {
@@ -40,12 +42,17 @@ public Map<String, String> encryptionContext() {
         return _encryptionContext;
     }
 
+    public long ciphertextLength() {
+        return _ciphertextLength;
+    }
+
     static public class Builder {
 
         public GetObjectRequest _s3Request = null;
         private AlgorithmSuite _algorithmSuite = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF;
         private Map<String, String> _encryptionContext = Collections.emptyMap();
         private List<EncryptedDataKey> _encryptedDataKeys = Collections.emptyList();
+        private long _ciphertextLength = -1;
 
         private Builder() {
         }
@@ -74,6 +81,11 @@ public Builder encryptedDataKeys(List<EncryptedDataKey> encryptedDataKeys) {
             return this;
         }
 
+        public Builder ciphertextLength(long ciphertextLength) {
+            _ciphertextLength = ciphertextLength;
+            return this;
+        }
+
         public DecryptMaterialsRequest build() {
             return new DecryptMaterialsRequest(this);
         }