Reorder calls to Cipher object for better support of non-standard JCA providers

Author: SalusaSecondus

src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/DynamoDBEncryptor.java

@@ -31,6 +31,8 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Function;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -58,7 +60,16 @@ public class DynamoDBEncryptor {
     private static final String DEFAULT_DESCRIPTION_BASE = "amzn-ddb-map-"; // Same as the Mapper
     private static final Charset UTF8 = Charset.forName("UTF-8");
     private static final String SYMMETRIC_ENCRYPTION_MODE = "/CBC/PKCS5Padding";
-    
+    private static final ConcurrentHashMap<String, Integer> BLOCK_SIZE_CACHE = new ConcurrentHashMap<>();
+    private static final Function<String, Integer> BLOCK_SIZE_CALCULATOR = (transformation) -> {
+        try {
+            final Cipher c = Cipher.getInstance(transformation);
+            return c.getBlockSize();
+        } catch (final GeneralSecurityException ex) {
+            throw new IllegalArgumentException("Algorithm does not exist", ex);
+        }
+    };
+
     private static final int CURRENT_VERSION = 0;
 
     private String signatureFieldName = DEFAULT_SIGNATURE_FIELD;
@@ -339,7 +350,7 @@ private void actualDecryption(Map<String, AttributeValue> itemAttributes,
         final String encryptionMode = encryptionKey != null ?  encryptionKey.getAlgorithm() +
                     materialDescription.get(symmetricEncryptionModeHeader) : null;
         Cipher cipher = null;
-        int ivSize = -1;
+        int blockSize = -1;
 
         for (Map.Entry<String, AttributeValue> entry: itemAttributes.entrySet()) {
             Set<EncryptionFlags> flags = attributeFlags.get(entry.getKey());
@@ -354,15 +365,13 @@ private void actualDecryption(Map<String, AttributeValue> itemAttributes,
                     plainText = ByteBuffer.wrap(((DelegatedKey)encryptionKey).decrypt(toByteArray(cipherText), null, encryptionMode));
                 } else {
                     if (cipher == null) {
-                        cipher = Cipher.getInstance(
-                                encryptionMode);
-                        ivSize = cipher.getBlockSize();
+                        blockSize = getBlockSize(encryptionMode);
+                        cipher = Cipher.getInstance(encryptionMode);
                     }
-                    byte[] iv = new byte[ivSize];
+                    byte[] iv = new byte[blockSize];
                     cipherText.get(iv);
                     cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new IvParameterSpec(iv), Utils.getRng());
-                    plainText = ByteBuffer.allocate(
-                            cipher.getOutputSize(cipherText.remaining()));
+                    plainText = ByteBuffer.allocate(cipher.getOutputSize(cipherText.remaining()));
                     cipher.doFinal(cipherText, plainText);
                     plainText.rewind();
                 }
@@ -371,6 +380,10 @@ private void actualDecryption(Map<String, AttributeValue> itemAttributes,
         }
     }
 
+    protected int getBlockSize(final String encryptionMode) {
+        return BLOCK_SIZE_CACHE.computeIfAbsent(encryptionMode, BLOCK_SIZE_CALCULATOR);
+    }
+
     /**
      * This method has the side effect of replacing the plaintext
      * attribute-values of "itemAttributes" with ciphertext attribute-values
@@ -388,7 +401,7 @@ private void actualEncryption(Map<String, AttributeValue> itemAttributes,
             encryptionMode = encryptionKey.getAlgorithm() + SYMMETRIC_ENCRYPTION_MODE;
         }
         Cipher cipher = null;
-        int ivSize = -1;
+        int blockSize = -1;
 
         for (Map.Entry<String, AttributeValue> entry: itemAttributes.entrySet()) {
             Set<EncryptionFlags> flags = attributeFlags.get(entry.getKey());
@@ -405,16 +418,22 @@ private void actualEncryption(Map<String, AttributeValue> itemAttributes,
                             dk.encrypt(toByteArray(plainText), null, encryptionMode));
                 } else {
                     if (cipher == null) {
+                        blockSize = getBlockSize(encryptionMode);
                         cipher = Cipher.getInstance(encryptionMode);
-                        ivSize = cipher.getBlockSize();
                     }
                     // Encryption format: <iv><ciphertext>
                     // Note a unique iv is generated per attribute
-                    byte[] iv = Utils.getRandom(ivSize);
-                    cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new IvParameterSpec(iv), Utils.getRng());
-                    cipherText = ByteBuffer.allocate(ivSize + cipher.getOutputSize(plainText.remaining()));
-                    cipherText.put(iv);
+                    cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, Utils.getRng());
+                    cipherText = ByteBuffer.allocate(blockSize + cipher.getOutputSize(plainText.remaining()));
+                    cipherText.position(blockSize);
                     cipher.doFinal(plainText, cipherText);
+                    cipherText.flip();
+                    final byte[] iv = cipher.getIV();
+                    if (iv.length != blockSize) {
+                        throw new IllegalStateException(String.format("Generated IV length (%d) not equal to block size (%d)",
+                                iv.length, blockSize));
+                    }
+                    cipherText.put(iv);
                     cipherText.rewind();
                 }
                 // Replace the plaintext attribute value with the encrypted content
@@ -539,17 +558,22 @@ protected static Map<String, String> unmarshallDescription(AttributeValue attrib
             attributeValue.getB().reset();
         }
     }
-    
+
     private static byte[] toByteArray(ByteBuffer buffer) {
-        if (buffer.hasArray()) {
+        buffer = buffer.duplicate();
+        // We can only return the array directly if:
+        // 1. The ByteBuffer exposes an array
+        // 2. The ByteBuffer starts at the beginning of the array
+        // 3. The ByteBuffer uses the entire array
+        if (buffer.hasArray() && buffer.arrayOffset() == 0) {
             byte[] result = buffer.array();
-            buffer.rewind();
-            return result;
-        } else {
-            byte[] result = new byte[buffer.remaining()];
-            buffer.get(result);
-            buffer.rewind();
-            return result;
+            if (buffer.remaining() == result.length) {
+                return result;
+            }
         }
+
+        byte[] result = new byte[buffer.remaining()];
+        buffer.get(result);
+        return result;
     }
 }

src/test/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/DynamoDBEncryptorTest.java

@@ -14,20 +14,21 @@
  */
 package com.amazonaws.services.dynamodbv2.datamodeling.encryption;
 
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 
+import java.lang.reflect.Method;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
 import java.security.Security;
 import java.security.SignatureException;
 import java.util.Collection;
@@ -118,7 +119,7 @@ public void testSetMaterialDescriptionFieldName() {
 
     @Test
     public void fullEncryption() throws GeneralSecurityException {
-        Map<String, AttributeValue> encryptedAttributes = 
+        Map<String, AttributeValue> encryptedAttributes =
                 encryptor.encryptAllFieldsExcept(Collections.unmodifiableMap(attribs), context, "hashKey", "rangeKey", "version");
         assertThat(encryptedAttributes, AttrMatcher.invert(attribs));
 
@@ -298,6 +299,40 @@ public void EcdsaSignedOnlyBadSignature() throws GeneralSecurityException {
         encryptor.decryptAllFieldsExcept(encryptedAttributes, context, attribs.keySet().toArray(new String[0]));
     }
 
+    @Test
+    public void toByteArray() throws ReflectiveOperationException {
+        final byte[] expected = new byte[] {0, 1, 2, 3, 4, 5};
+        assertToByteArray("Wrap", expected, ByteBuffer.wrap(expected));
+        assertToByteArray("Wrap-RO", expected, ByteBuffer.wrap(expected).asReadOnlyBuffer());
+
+        assertToByteArray("Wrap-Truncated-Sliced", expected, ByteBuffer.wrap(new byte[] {0, 1, 2, 3, 4, 5, 6}, 0, 6).slice());
+        assertToByteArray("Wrap-Offset-Sliced", expected, ByteBuffer.wrap(new byte[] {6, 0, 1, 2, 3, 4, 5, 6}, 1, 6).slice());
+        assertToByteArray("Wrap-Truncated", expected, ByteBuffer.wrap(new byte[] {0, 1, 2, 3, 4, 5, 6}, 0, 6));
+        assertToByteArray("Wrap-Offset", expected, ByteBuffer.wrap(new byte[] {6, 0, 1, 2, 3, 4, 5, 6}, 1, 6));
+
+        ByteBuffer buff = ByteBuffer.allocate(expected.length + 10);
+        buff.put(expected);
+        buff.flip();
+        assertToByteArray("Normal", expected, buff);
+
+        buff = ByteBuffer.allocateDirect(expected.length + 10);
+        buff.put(expected);
+        buff.flip();
+        assertToByteArray("Direct", expected, buff);
+    }
+
+    private void assertToByteArray(final String msg, final byte[] expected, final ByteBuffer testValue) throws ReflectiveOperationException {
+        Method m = DynamoDBEncryptor.class.getDeclaredMethod("toByteArray", ByteBuffer.class);
+        m.setAccessible(true);
+
+        int oldPosition = testValue.position();
+        int oldLimit = testValue.limit();
+
+        assertArrayEquals(msg + ":Array", expected, (byte[]) m.invoke(null, testValue));
+        assertEquals(msg + ":Position", oldPosition, testValue.position());
+        assertEquals(msg + ":Limit", oldLimit, testValue.limit());
+    }
+
     private void assertAttrEquals(AttributeValue o1, AttributeValue o2) {
         Assert.assertEquals(o1.getB(), o2.getB());
         assertSetsEqual(o1.getBS(), o2.getBS());