feat: Improvements to the message decryption process (#250)

See GHSA-55xh-53m6-936r

Co-authored-by: Robin Salkeld <[email protected]>

Author: texastony

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "src/test/resources/aws-encryption-sdk-test-vectors"]
+	path = src/test/resources/aws-encryption-sdk-test-vectors
+	url = https://github.com/awslabs/private-aws-encryption-sdk-test-vectors-staging.git

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.9.0 -- 2021-05-27
+
+* feat: Improvements to the message decryption process. 
+  
+  See https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r
+
 ## 1.7.0 -- 2020-09-24
 
 * feat: Updates to the AWS Encryption SDK. bdb31dc

README.md

@@ -56,7 +56,7 @@ You can get the latest release from Maven:
 <dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-encryption-sdk-java</artifactId>
-  <version>1.7.0</version>
+  <version>1.9.0</version>
 </dependency>
 ```
 

codebuild/corretto11.yml

@@ -6,4 +6,4 @@ phases:
             java: corretto11
     build:
         commands:
-          - mvn install -Dgpg.skip=true '-DtestVectorZip=https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-1.3.8.zip'
+            - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip"

codebuild/corretto8.yml

@@ -6,4 +6,4 @@ phases:
             java: corretto8
     build:
         commands:
-          - mvn install -Dgpg.skip=true '-DtestVectorZip=https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-1.3.8.zip'
+          - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip"

codebuild/openjdk11.yml

@@ -6,4 +6,4 @@ phases:
             java: openjdk11
     build:
         commands:
-          - mvn install -Dgpg.skip=true '-DtestVectorZip=https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-1.3.8.zip'
+            - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip"

codebuild/openjdk8.yml

@@ -6,4 +6,4 @@ phases:
             java: openjdk8
     build:
         commands:
-          - mvn install -Dgpg.skip=true '-DtestVectorZip=https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-1.3.8.zip'
+            - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip"

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>com.amazonaws</groupId>
     <artifactId>aws-encryption-sdk-java</artifactId>
-    <version>1.7.0</version>
+    <version>1.9.0</version>
     <packaging>jar</packaging>
 
     <name>aws-encryption-sdk-java</name>
@@ -60,9 +60,9 @@
         </dependency>
 
         <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.13.1</version>
+            <groupId>org.junit.vintage</groupId>
+            <artifactId>junit-vintage-engine</artifactId>
+            <version>5.7.1</version>
             <scope>test</scope>
         </dependency>
 

src/examples/java/com/amazonaws/crypto/examples/EscrowedEncryptExample.java

@@ -3,6 +3,8 @@
 
 package com.amazonaws.crypto.examples;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.security.GeneralSecurityException;
@@ -125,10 +127,16 @@ private static void standardDecrypt(final String kmsArn, final String fileName)
         // use an encryption context. For an example, see the other SDK samples.
         final FileInputStream in = new FileInputStream(fileName + ".encrypted");
         final FileOutputStream out = new FileOutputStream(fileName + ".decrypted");
-        final CryptoOutputStream<?> decryptingStream = crypto.createDecryptingStream(provider, out);
+        // Since we are using a signing algorithm suite, we avoid streaming decryption directly to the output file,
+        // to ensure that the trailing signature is verified before writing any untrusted plaintext to disk.
+        final ByteArrayOutputStream plaintextBuffer = new ByteArrayOutputStream();
+        final CryptoOutputStream<?> decryptingStream = crypto.createDecryptingStream(provider, plaintextBuffer);
         IOUtils.copy(in, decryptingStream);
         in.close();
         decryptingStream.close();
+        final ByteArrayInputStream plaintextReader = new ByteArrayInputStream(plaintextBuffer.toByteArray());
+        IOUtils.copy(plaintextReader, out);
+        out.close();
     }
 
     private static void escrowDecrypt(final String fileName) throws Exception {

src/examples/java/com/amazonaws/crypto/examples/FileStreamingExample.java

@@ -14,6 +14,7 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import com.amazonaws.encryptionsdk.AwsCrypto;
+import com.amazonaws.encryptionsdk.CryptoAlgorithm;
 import com.amazonaws.encryptionsdk.CryptoInputStream;
 import com.amazonaws.encryptionsdk.MasterKey;
 import com.amazonaws.encryptionsdk.jce.JceMasterKey;
@@ -49,7 +50,12 @@ public static void main(String[] args) throws IOException {
 
         // Instantiate the SDK with a specific commitment policy.
         // ForbidEncryptAllowDecrypt is the only available policy in 1.7.0.
-        final AwsCrypto crypto = AwsCrypto.builder().withCommitmentPolicy(CommitmentPolicy.ForbidEncryptAllowDecrypt).build();
+        // This also chooses to encrypt with an algorithm suite that doesn't include signing for faster decryption,
+        // since this use case assumes that the contexts that encrypt and decrypt are equally trusted.
+        final AwsCrypto crypto = AwsCrypto.builder()
+                .withCommitmentPolicy(CommitmentPolicy.ForbidEncryptAllowDecrypt)
+                .withEncryptionAlgorithm(CryptoAlgorithm.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY)
+                .build();
 
         // Create an encryption context to identify this ciphertext
         Map<String, String> context = Collections.singletonMap("Example", "FileStreaming");
@@ -65,14 +71,16 @@ public static void main(String[] args) throws IOException {
         out.close();
 
         // Decrypt the file. Verify the encryption context before returning the plaintext.
+        // Since we encrypted using an unsigned algorithm suite, we can use the recommended
+        // createUnsignedMessageDecryptingStream method that only accepts unsigned messages.
         in = new FileInputStream(srcFile + ".encrypted");
-        CryptoInputStream<JceMasterKey> decryptingStream = crypto.createDecryptingStream(masterKey, in);
+        CryptoInputStream<JceMasterKey> decryptingStream = crypto.createUnsignedMessageDecryptingStream(masterKey, in);
         // Does it contain the expected encryption context?
         if (!"FileStreaming".equals(decryptingStream.getCryptoResult().getEncryptionContext().get("Example"))) {
             throw new IllegalStateException("Bad encryption context");
         }
 
-        // Return the plaintext data
+        // Write the plaintext data to disk.
         out = new FileOutputStream(srcFile + ".decrypted");
         IOUtils.copy(decryptingStream, out);
         decryptingStream.close();