feat: implement AES-GCM streaming (#45)

Adds AES-GCM streaming implementation for putObject/encrypt and getObject/decrypt (in delayed auth mode).

Author: kessplas

src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java

@@ -288,7 +288,7 @@ public S3EncryptionClient build() {
             if (_cryptoMaterialsManager == null) {
                 _cryptoMaterialsManager = DefaultCryptoMaterialsManager.builder()
                         .keyring(_keyring)
-                        .cryptoPovider(_cryptoProvider)
+                        .cryptoProvider(_cryptoProvider)
                         .build();
             }
 

src/main/java/software/amazon/encryption/s3/S3EncryptionClientSecurityException.java

@@ -0,0 +1,12 @@
+package software.amazon.encryption.s3;
+
+public class S3EncryptionClientSecurityException extends S3EncryptionClientException {
+
+    public S3EncryptionClientSecurityException(String message) {
+        super(message);
+    }
+
+    public S3EncryptionClientSecurityException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

src/main/java/software/amazon/encryption/s3/algorithms/AlgorithmSuite.java

@@ -84,6 +84,10 @@ public int cipherTagLengthBits() {
         return _cipherTagLengthBits;
     }
 
+    public int cipherTagLengthBytes() {
+        return _cipherTagLengthBits / 8;
+    }
+
     public int nonceLengthBytes() {
         return _cipherNonceLengthBits / 8;
     }
@@ -95,4 +99,8 @@ public int cipherBlockSizeBytes() {
     public long cipherMaxContentLengthBits() {
         return _cipherMaxContentLengthBits;
     }
+
+    public long cipherMaxContentLengthBytes() {
+        return _cipherMaxContentLengthBits / 8;
+    }
 }

src/main/java/software/amazon/encryption/s3/internal/AuthenticatedCipherInputStream.java

@@ -0,0 +1,44 @@
+package software.amazon.encryption.s3.internal;
+
+import software.amazon.encryption.s3.S3EncryptionClientSecurityException;
+
+import javax.crypto.Cipher;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+
+public class AuthenticatedCipherInputStream extends CipherInputStream {
+
+    public AuthenticatedCipherInputStream(InputStream inputStream, Cipher cipher) {
+        super(inputStream, cipher);
+    }
+
+    /**
+     * Authenticated ciphers call doFinal upon the last read,
+     * there is no need to do so upon close.
+     * @throws IOException from the wrapped InputStream
+     */
+    @Override
+    public void close() throws IOException {
+        in.close();
+        currentPosition = maxPosition = 0;
+        abortIfNeeded();
+    }
+
+    @Override
+    protected int endOfFileReached() {
+        eofReached = true;
+        try {
+            outputBuffer = cipher.doFinal();
+            if (outputBuffer == null) {
+                return -1;
+            }
+            currentPosition = 0;
+            return maxPosition = outputBuffer.length;
+        } catch (GeneralSecurityException exception) {
+            // In an authenticated scheme, this indicates a security
+            // exception
+            throw new S3EncryptionClientSecurityException(exception.getMessage(), exception);
+        }
+    }
+}

src/main/java/software/amazon/encryption/s3/internal/BufferedAesGcmContentStrategy.java

@@ -1,11 +1,9 @@
 package software.amazon.encryption.s3.internal;
 
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.encryption.s3.S3EncryptionClientException;
 import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
 import software.amazon.encryption.s3.materials.DecryptionMaterials;
-import software.amazon.encryption.s3.materials.EncryptionMaterials;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -15,52 +13,24 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
 
 /**
- * This class will encrypt data according to the algorithm suite constants
+ * This class will decrypt AES-GCM encrypted data by buffering the ciphertext
+ * stream into memory. This prevents release of unauthenticated plaintext.
  */
-public class BufferedAesGcmContentStrategy implements ContentEncryptionStrategy, ContentDecryptionStrategy {
+public class BufferedAesGcmContentStrategy implements ContentDecryptionStrategy {
 
     // 64MiB ought to be enough for most usecases
     private static final long BUFFERED_MAX_CONTENT_LENGTH_MiB = 64;
     private static final long BUFFERED_MAX_CONTENT_LENGTH_BYTES = 1024 * 1024 * BUFFERED_MAX_CONTENT_LENGTH_MiB;
 
-    final private SecureRandom _secureRandom;
-
     private BufferedAesGcmContentStrategy(Builder builder) {
-        this._secureRandom = builder._secureRandom;
     }
 
     public static Builder builder() {
         return new Builder();
     }
 
-    @Override
-    public EncryptedContent encryptContent(EncryptionMaterials materials, byte[] content) {
-        final AlgorithmSuite algorithmSuite = materials.algorithmSuite();
-
-        final byte[] nonce = new byte[algorithmSuite.nonceLengthBytes()];
-        _secureRandom.nextBytes(nonce);
-
-        final String cipherName = algorithmSuite.cipherName();
-        try {
-            final Cipher cipher = CryptoFactory.createCipher(algorithmSuite.cipherName(), materials.cryptoProvider());
-
-            cipher.init(Cipher.ENCRYPT_MODE,
-                    materials.dataKey(),
-                    new GCMParameterSpec(algorithmSuite.cipherTagLengthBits(), nonce));
-
-            EncryptedContent result = new EncryptedContent();
-            result.nonce = nonce;
-            result.ciphertext = cipher.doFinal(content);
-
-            return result;
-        } catch (GeneralSecurityException e) {
-            throw new S3EncryptionClientException("Unable to " + cipherName + " content encrypt.", e);
-        }
-    }
-
     @Override
     public InputStream decryptContent(ContentMetadata contentMetadata, DecryptionMaterials materials,
                                       InputStream ciphertextStream) {
@@ -100,24 +70,10 @@ public InputStream decryptContent(ContentMetadata contentMetadata, DecryptionMat
     }
 
     public static class Builder {
-        private SecureRandom _secureRandom;
 
         private Builder() {
         }
 
-        /**
-         * Note that this does NOT create a defensive copy of the SecureRandom object. Any modifications to the
-         * object will be reflected in this Builder.
-         */
-        @SuppressFBWarnings(value = "EI_EXPOSE_REP")
-        public Builder secureRandom(SecureRandom secureRandom) {
-            if (secureRandom == null) {
-                throw new S3EncryptionClientException("SecureRandom provided to BufferedAesGcmContentStrategy cannot be null");
-            }
-            _secureRandom = secureRandom;
-            return this;
-        }
-
         public BufferedAesGcmContentStrategy build() {
             return new BufferedAesGcmContentStrategy(this);
         }

src/main/java/software/amazon/encryption/s3/internal/CipherInputStream.java

@@ -14,13 +14,13 @@
 public class CipherInputStream extends SdkFilterInputStream {
     private static final int MAX_RETRY_COUNT = 1000;
     private static final int DEFAULT_IN_BUFFER_SIZE = 512;
-    private final Cipher cipher;
+    protected final Cipher cipher;
 
-    private boolean eofReached;
-    private byte[] inputBuffer;
-    private byte[] outputBuffer;
-    private int currentPosition;
-    private int maxPosition;
+    protected boolean eofReached;
+    protected byte[] inputBuffer;
+    protected byte[] outputBuffer;
+    protected int currentPosition;
+    protected int maxPosition;
 
     public CipherInputStream(InputStream inputStream, Cipher cipher) {
         super(inputStream);
@@ -121,6 +121,8 @@ public void close() throws IOException {
         } catch (BadPaddingException | IllegalBlockSizeException ex) {
             // Swallow the exception
         }
+        currentPosition = maxPosition = 0;
+        abortIfNeeded();
     }
 
     @Override
@@ -145,29 +147,34 @@ public void reset() throws IOException {
      * stream.
      * @throws IOException if there is an IO exception from the underlying input stream
      */
-    private int nextChunk() throws IOException {
+    protected int nextChunk() throws IOException {
         abortIfNeeded();
         if (eofReached) {
             return -1;
         }
         outputBuffer = null;
         int length = in.read(inputBuffer);
         if (length == -1) {
-            eofReached = true;
-            try {
-                outputBuffer = cipher.doFinal();
-                if (outputBuffer == null) {
-                    return -1;
-                }
-                currentPosition = 0;
-                return maxPosition = outputBuffer.length;
-            } catch (IllegalBlockSizeException | BadPaddingException ignore) {
-                // Swallow exceptions
-            }
-            return -1;
+            return endOfFileReached();
         }
         outputBuffer = cipher.update(inputBuffer, 0, length);
         currentPosition = 0;
         return maxPosition = (outputBuffer == null ? 0 : outputBuffer.length);
     }
+
+    protected int endOfFileReached() {
+        eofReached = true;
+        try {
+            outputBuffer = cipher.doFinal();
+            if (outputBuffer == null) {
+                return -1;
+            }
+            currentPosition = 0;
+            return maxPosition = outputBuffer.length;
+        } catch (IllegalBlockSizeException | BadPaddingException ignore) {
+            // Swallow exceptions
+        }
+        return -1;
+
+    }
 }

src/main/java/software/amazon/encryption/s3/internal/ContentEncryptionStrategy.java

@@ -2,7 +2,9 @@
 
 import software.amazon.encryption.s3.materials.EncryptionMaterials;
 
+import java.io.InputStream;
+
 @FunctionalInterface
 public interface ContentEncryptionStrategy {
-    EncryptedContent encryptContent(EncryptionMaterials materials, byte[] content);
+    EncryptedContent encryptContent(EncryptionMaterials materials, InputStream content);
 }

src/main/java/software/amazon/encryption/s3/internal/ContentMetadataStrategy.java

@@ -57,7 +57,7 @@ public PutObjectRequest encodeMetadata(EncryptionMaterials materials,
             Map<String, String> metadata = new HashMap<>(request.metadata());
             EncryptedDataKey edk = materials.encryptedDataKeys().get(0);
             metadata.put(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2, ENCODER.encodeToString(edk.encryptedDatakey()));
-            metadata.put(MetadataKeyConstants.CONTENT_NONCE, ENCODER.encodeToString(encryptedContent.nonce));
+            metadata.put(MetadataKeyConstants.CONTENT_NONCE, ENCODER.encodeToString(encryptedContent.getNonce()));
             metadata.put(MetadataKeyConstants.CONTENT_CIPHER, materials.algorithmSuite().cipherName());
             metadata.put(MetadataKeyConstants.CONTENT_CIPHER_TAG_LENGTH, Integer.toString(materials.algorithmSuite().cipherTagLengthBits()));
             metadata.put(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM, new String(edk.keyProviderInfo(), StandardCharsets.UTF_8));

src/main/java/software/amazon/encryption/s3/internal/EncryptedContent.java

@@ -1,7 +1,28 @@
 package software.amazon.encryption.s3.internal;
 
+import java.io.InputStream;
+
 public class EncryptedContent {
 
-    public byte[] ciphertext;
-    public byte[] nonce;
+    private InputStream _ciphertext;
+    private long _ciphertextLength;
+    private byte[] _nonce;
+    public EncryptedContent(final byte[] nonce, final InputStream ciphertext, final long ciphertextLength) {
+        _nonce = nonce;
+        _ciphertext = ciphertext;
+        _ciphertextLength = ciphertextLength;
+    }
+
+    public byte[] getNonce() {
+        return _nonce;
+    }
+
+    public InputStream getCiphertext() {
+        return _ciphertext;
+    }
+
+    public long getCiphertextLength() {
+        return _ciphertextLength;
+    }
+
 }

src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java

@@ -94,9 +94,7 @@ private ContentDecryptionStrategy selectContentDecryptionStrategy(final Decrypti
                 return UnauthenticatedContentStrategy.builder().build();
             case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
                 if (_enableDelayedAuthentication) {
-                    // TODO: Implement StreamingAesGcmContentStrategy
-                    throw new UnsupportedOperationException("Delayed Authentication mode using streaming AES-GCM decryption" +
-                            "is currently unsupported.");
+                    return StreamingAesGcmContentStrategy.builder().build();
                 } else {
                     return BufferedAesGcmContentStrategy.builder().build();
                 }

src/main/java/software/amazon/encryption/s3/internal/PutEncryptedObjectPipeline.java

@@ -2,15 +2,12 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
-import java.io.IOException;
 import java.security.SecureRandom;
 
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.PutObjectResponse;
-import software.amazon.awssdk.utils.IoUtils;
-import software.amazon.encryption.s3.S3EncryptionClientException;
 import software.amazon.encryption.s3.materials.EncryptionMaterials;
 import software.amazon.encryption.s3.materials.EncryptionMaterialsRequest;
 import software.amazon.encryption.s3.materials.CryptographicMaterialsManager;
@@ -19,7 +16,6 @@ public class PutEncryptedObjectPipeline {
 
     final private S3Client _s3Client;
     final private CryptographicMaterialsManager _cryptoMaterialsManager;
-    final private SecureRandom _secureRandom;
     final private ContentEncryptionStrategy _contentEncryptionStrategy;
     final private ContentMetadataEncodingStrategy _contentMetadataEncodingStrategy;
 
@@ -28,29 +24,22 @@ public class PutEncryptedObjectPipeline {
     private PutEncryptedObjectPipeline(Builder builder) {
         this._s3Client = builder._s3Client;
         this._cryptoMaterialsManager = builder._cryptoMaterialsManager;
-        this._secureRandom = builder._secureRandom;
         this._contentEncryptionStrategy = builder._contentEncryptionStrategy;
         this._contentMetadataEncodingStrategy = builder._contentMetadataEncodingStrategy;
     }
 
     public PutObjectResponse putObject(PutObjectRequest request, RequestBody requestBody) {
         EncryptionMaterialsRequest.Builder requestBuilder = EncryptionMaterialsRequest.builder()
-                .s3Request(request);
+                .s3Request(request)
+                .plaintextLength(requestBody.optionalContentLength().orElse(-1L));
 
         EncryptionMaterials materials = _cryptoMaterialsManager.getEncryptionMaterials(requestBuilder.build());
 
-        byte[] input;
-        try {
-            // TODO: this needs to be a stream and not a byte[]
-            input = IoUtils.toByteArray(requestBody.contentStreamProvider().newStream());
-        } catch (IOException e) {
-            throw new S3EncryptionClientException("Cannot read input.", e);
-        }
-        EncryptedContent encryptedContent = _contentEncryptionStrategy.encryptContent(materials, input);
+        EncryptedContent encryptedContent = _contentEncryptionStrategy.encryptContent(materials, requestBody.contentStreamProvider().newStream());
 
         request = _contentMetadataEncodingStrategy.encodeMetadata(materials, encryptedContent, request);
 
-        return _s3Client.putObject(request, RequestBody.fromBytes(encryptedContent.ciphertext));
+        return _s3Client.putObject(request, RequestBody.fromInputStream(encryptedContent.getCiphertext(), encryptedContent.getCiphertextLength()));
     }
 
     public static class Builder {
@@ -86,10 +75,10 @@ public Builder secureRandom(SecureRandom secureRandom) {
         public PutEncryptedObjectPipeline build() {
             // Default to AesGcm since it is the only active (non-legacy) content encryption strategy
             if (_contentEncryptionStrategy == null) {
-                _contentEncryptionStrategy = BufferedAesGcmContentStrategy
-                    .builder()
-                    .secureRandom(_secureRandom)
-                    .build();
+                _contentEncryptionStrategy = StreamingAesGcmContentStrategy
+                        .builder()
+                        .secureRandom(_secureRandom)
+                        .build();
             }
             return new PutEncryptedObjectPipeline(this);
         }