예제 #1
0
 protected final SecretKey generateCEK() {
   KeyGenerator generator;
   try {
     generator = KeyGenerator.getInstance(contentCryptoScheme.getKeyGeneratorAlgorithm());
     generator.init(contentCryptoScheme.getKeyLengthInBits(), cryptoScheme.getSecureRandom());
     return generator.generateKey();
   } catch (NoSuchAlgorithmException e) {
     throw new AmazonClientException(
         "Unable to generate envelope symmetric key:" + e.getMessage(), e);
   }
 }
예제 #2
0
 protected S3CryptoModuleBase(
     S3Direct s3,
     AWSCredentialsProvider credentialsProvider,
     EncryptionMaterialsProvider kekMaterialsProvider,
     ClientConfiguration clientConfig,
     CryptoConfiguration cryptoConfig,
     S3CryptoScheme cryptoScheme) {
   this.kekMaterialsProvider = kekMaterialsProvider;
   this.cryptoConfig = cryptoConfig;
   this.s3 = s3;
   this.cryptoScheme = cryptoScheme;
   this.contentCryptoScheme = cryptoScheme.getContentCryptoScheme();
 }
예제 #3
0
 protected final SecuredCEK secureCEK(
     SecretKey toBeEncrypted, EncryptionMaterials materials, Provider cryptoProvider) {
   Key kek;
   if (materials.getKeyPair() != null) {
     // Do envelope encryption with public key from key pair
     kek = materials.getKeyPair().getPublic();
   } else {
     // Do envelope encryption with symmetric key
     kek = materials.getSymmetricKey();
   }
   S3KeyWrapScheme kwScheme = cryptoScheme.getKeyWrapScheme();
   String keyWrapAlgo = kwScheme.getKeyWrapAlgorithm(kek);
   try {
     if (keyWrapAlgo != null) {
       Cipher cipher =
           cryptoProvider == null
               ? Cipher.getInstance(keyWrapAlgo)
               : Cipher.getInstance(keyWrapAlgo, cryptoProvider);
       cipher.init(Cipher.WRAP_MODE, kek, cryptoScheme.getSecureRandom());
       return new SecuredCEK(cipher.wrap(toBeEncrypted), keyWrapAlgo);
     }
     // fall back to the Encryption Only (EO) key encrypting method
     Cipher cipher;
     byte[] toBeEncryptedBytes = toBeEncrypted.getEncoded();
     String algo = kek.getAlgorithm();
     if (cryptoProvider != null) {
       cipher = Cipher.getInstance(algo, cryptoProvider);
     } else {
       cipher = Cipher.getInstance(algo); // Use default JCE Provider
     }
     cipher.init(Cipher.ENCRYPT_MODE, kek);
     return new SecuredCEK(cipher.doFinal(toBeEncryptedBytes), null);
   } catch (Exception e) {
     throw new AmazonClientException("Unable to encrypt symmetric key: " + e.getMessage(), e);
   }
 }
예제 #4
0
 /**
  * Generates and returns the content encryption material with the given kek material and security
  * providers.
  */
 protected final ContentCryptoMaterial newContentCryptoMaterial(
     EncryptionMaterialsProvider kekMaterialProvider, Provider provider) {
   // Generate a one-time use symmetric key and initialize a cipher to encrypt object data
   SecretKey cek = generateCEK();
   // Randomly generate the IV
   byte[] iv = new byte[contentCryptoScheme.getIVLengthInBytes()];
   cryptoScheme.getSecureRandom().nextBytes(iv);
   // Encrypt the envelope symmetric key
   EncryptionMaterials kekMaterials = kekMaterialProvider.getEncryptionMaterials();
   SecuredCEK cekSecured = secureCEK(cek, kekMaterials, provider);
   // Return a new instruction with the appropriate fields.
   return new ContentCryptoMaterial(
       kekMaterials.getMaterialsDescription(),
       cekSecured.encrypted,
       cekSecured.keyWrapAlgorithm,
       contentCryptoScheme.createCipherLite(cek, iv, Cipher.ENCRYPT_MODE, provider));
 }