add new encryption mode aes cbc

Author: aldoli

CHANGELOG.md

@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.6.56]
+- add encryption mode aes cbc
+
 ## [5.6.55]
 - add batch image auditing api
 - add DocumentAuditing api

pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.qcloud</groupId>
     <artifactId>cos_api</artifactId>
-    <version>5.6.55</version>
+    <version>5.6.56</version>
     <packaging>jar</packaging>
     <name>cos-java-sdk</name>
     <description>java sdk for qcloud cos</description>

src/main/java/com/qcloud/cos/internal/crypto/AesCbc.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ 
+ * According to cos feature, we modify some class，comment, field name, etc.
+ */
+
+package com.qcloud.cos.internal.crypto;
+
+class AesCbc extends ContentCryptoScheme {
+    
+    private byte[] iv = null;
+
+    @Override String getKeyGeneratorAlgorithm() { return AES_GCM.getKeyGeneratorAlgorithm(); }
+    @Override String getCipherAlgorithm() { return "AES/CBC/PKCS5Padding"; }
+    @Override int getKeyLengthInBits() { return AES_GCM.getKeyLengthInBits(); }
+    @Override int getBlockSizeInBytes() { return AES_GCM.getBlockSizeInBytes(); }
+    @Override int getIVLengthInBytes() { return 16; }
+    @Override long getMaxPlaintextSize() {  return MAX_CTR_BYTES;  }
+    @Override byte[] getIV() { return this.iv; }
+
+    @Override
+    byte[] adjustIV(byte[] iv, long byteOffset) {
+        // currently only support iv of length 12 for AES/GCM.
+        // Anything else is quite a bit complicated.
+        if (iv.length != 12)
+            throw new UnsupportedOperationException();
+        final int blockSize = getBlockSizeInBytes();
+        final long blockOffset = byteOffset / blockSize;
+        if (blockOffset * blockSize != byteOffset) {
+            throw new IllegalArgumentException(
+                    "Expecting byteOffset to be multiple of 16, but got blockOffset="
+                            + blockOffset + ", blockSize=" + blockSize
+                            + ", byteOffset=" + byteOffset);
+        }
+        byte[] J0 = computeJ0(iv);
+        return incrementBlocks(J0, blockOffset);
+    }
+
+    @Override
+    public void setIV(byte[] iv) {
+        this.iv = iv;
+    }
+
+    private byte[] computeJ0(byte[] nonce) {
+        final int blockSize = getBlockSizeInBytes();
+        byte[] J0 = new byte[blockSize];
+        System.arraycopy(nonce, 0, J0, 0, nonce.length);
+        J0[blockSize - 1] = 0x01;
+        return incrementBlocks(J0, 1);
+    }
+}

src/main/java/com/qcloud/cos/internal/crypto/AesCtr.java

@@ -19,12 +19,15 @@
 package com.qcloud.cos.internal.crypto;
 
 class AesCtr extends ContentCryptoScheme {
+
     @Override String getKeyGeneratorAlgorithm() { return AES_GCM.getKeyGeneratorAlgorithm(); }
     @Override String getCipherAlgorithm() { return "AES/CTR/NoPadding"; }
     @Override int getKeyLengthInBits() { return AES_GCM.getKeyLengthInBits(); }
     @Override int getBlockSizeInBytes() { return AES_GCM.getBlockSizeInBytes(); }
     @Override int getIVLengthInBytes() { return 16; }
     @Override long getMaxPlaintextSize() {  return MAX_CTR_BYTES;  }
+    @Override byte[] getIV() { return null; }
+    @Override void setIV(byte[] iv) {}
 
     @Override
     byte[] adjustIV(byte[] iv, long byteOffset) {
@@ -44,11 +47,12 @@ byte[] adjustIV(byte[] iv, long byteOffset) {
         return incrementBlocks(J0, blockOffset);
     }
 
-     private byte[] computeJ0(byte[] nonce) {
-         final int blockSize = getBlockSizeInBytes();
-         byte[] J0 = new byte[blockSize];
-         System.arraycopy(nonce, 0, J0, 0, nonce.length);
-         J0[blockSize - 1] = 0x01;
-         return incrementBlocks(J0, 1);
-     }
+    private byte[] computeJ0(byte[] nonce) {
+        final int blockSize = getBlockSizeInBytes();
+        byte[] J0 = new byte[blockSize];
+        System.arraycopy(nonce, 0, J0, 0, nonce.length);
+        J0[blockSize - 1] = 0x01;
+        return incrementBlocks(J0, 1);
+    }
+
 }

src/main/java/com/qcloud/cos/internal/crypto/AesGcm.java

@@ -35,6 +35,9 @@ class AesGcm extends ContentCryptoScheme {
     @Override int getBlockSizeInBytes() { return 16; }
     @Override int getIVLengthInBytes() { return 12; }
     @Override long getMaxPlaintextSize() { return MAX_GCM_BYTES; }
+    @Override byte[] getIV() { return null; }
+    @Override void setIV(byte[] iv) {}
+
     /**
      * Used to explicitly record the tag length in COS for interoperability
      * with other services.
@@ -60,4 +63,5 @@ CipherLite createAuxillaryCipher(SecretKey cek, byte[] ivOrig,
     protected CipherLite newCipherLite(Cipher cipher,  SecretKey cek, int cipherMode) {
         return new GCMCipherLite(cipher, cek, cipherMode);
     }
+
 }

src/main/java/com/qcloud/cos/internal/crypto/COSCryptoModuleAE.java

@@ -350,7 +350,7 @@ private void assertParameterNotNull(Object parameterValue, String errorMessage)
     }
 
     @Override
-    protected final long ciphertextLength(long originalContentLength) {
+    protected long ciphertextLength(long originalContentLength) {
         // Add 16 bytes for the 128-bit tag length using AES/GCM
         return originalContentLength + contentCryptoScheme.getTagLengthInBits() / 8;
     }

src/main/java/com/qcloud/cos/internal/crypto/COSCryptoModuleAECbc.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ 
+ * According to cos feature, we modify some class，comment, field name, etc.
+ */
+
+
+package com.qcloud.cos.internal.crypto;
+
+import com.qcloud.cos.auth.COSCredentialsProvider;
+import com.qcloud.cos.internal.COSDirect;
+
+public class COSCryptoModuleAECbc extends COSCryptoModuleAE {
+
+    public COSCryptoModuleAECbc(COSDirect cos, COSCredentialsProvider credentialsProvider,
+            EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig) {
+        this(null, cos, credentialsProvider, kekMaterialsProvider, cryptoConfig);
+    }
+
+    public COSCryptoModuleAECbc(QCLOUDKMS kms, COSDirect cos,
+            COSCredentialsProvider credentialsProvider,
+            EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig) {
+        super(kms, cos, credentialsProvider, kekMaterialsProvider, cryptoConfig);
+    }
+
+    protected long ciphertextLength(long originalContentLength) {
+        return originalContentLength + 16 - originalContentLength % 16;
+    }
+}

src/main/java/com/qcloud/cos/internal/crypto/COSCryptoModuleBase.java

@@ -117,6 +117,9 @@ protected COSCryptoModuleBase(QCLOUDKMS kms, COSDirect cos,
         this.cryptoScheme = COSCryptoScheme.from(cryptoConfig.getCryptoMode());
         this.contentCryptoScheme = cryptoScheme.getContentCryptoScheme();
         this.kms = kms;
+
+        // if have user defined iv, set it to contentCryptoScheme.
+        this.contentCryptoScheme.setIV(cryptoConfig.getIV());
     }
 
     /**
@@ -467,9 +470,13 @@ private ContentCryptoMaterial newContentCryptoMaterial(
      */
     private ContentCryptoMaterial buildContentCryptoMaterial(EncryptionMaterials materials,
             Provider provider, CosServiceRequest req) {
-        // Randomly generate the IV
-        final byte[] iv = new byte[contentCryptoScheme.getIVLengthInBytes()];
-        cryptoScheme.getSecureRandom().nextBytes(iv);
+        byte[] iv = contentCryptoScheme.getIV();
+
+        if (iv == null) {
+            // Randomly generate the IV
+            iv = new byte[contentCryptoScheme.getIVLengthInBytes()];
+            cryptoScheme.getSecureRandom().nextBytes(iv);
+        }
 
         if (materials.isKMSEnabled()) {
             final Map<String, String> encryptionContext =
@@ -569,7 +576,6 @@ protected final <R extends AbstractPutObjectRequest> R wrapWithCipher(final R re
         if (plaintextLength >= 0) {
             metadata.addUserMetadata(Headers.ENCRYPTION_UNENCRYPTED_CONTENT_LENGTH,
                     Long.toString(plaintextLength));
-            // Put the ciphertext length in the metadata
             metadata.setContentLength(ciphertextLength(plaintextLength));
         }
         request.setMetadata(metadata);

src/main/java/com/qcloud/cos/internal/crypto/COSCryptoScheme.java

@@ -55,6 +55,9 @@ static boolean isAesGcm(String cipherAlgorithm) {
 
     static COSCryptoScheme from(CryptoMode mode) {
         switch (mode) {
+        case AesCbcEncryption:
+            return new COSCryptoScheme(ContentCryptoScheme.AES_CBC,
+                    new COSKeyWrapScheme());
         case AesCtrEncryption:
             return new COSCryptoScheme(ContentCryptoScheme.AES_CTR,
                     new COSKeyWrapScheme());

src/main/java/com/qcloud/cos/internal/crypto/ContentCryptoScheme.java

@@ -70,6 +70,11 @@ abstract class ContentCryptoScheme {
      */
     static final ContentCryptoScheme AES_CTR = new AesCtr();
 
+    /**
+     * Crypto scheme "AES/CBC/PKCS5Padding"
+     */
+    static final ContentCryptoScheme AES_CBC = new AesCbc();
+
     abstract String getKeyGeneratorAlgorithm();
     abstract String getCipherAlgorithm();
 
@@ -82,6 +87,8 @@ abstract class ContentCryptoScheme {
     abstract int getKeyLengthInBits();
     abstract int getBlockSizeInBytes();
     abstract int getIVLengthInBytes();
+    abstract byte[] getIV();
+    abstract void setIV(byte[] iv);
 
     int getTagLengthInBits() { return 0; } // default to zero ie no tag
 
@@ -152,6 +159,10 @@ static ContentCryptoScheme fromCEKAlgo(String cekAlgo, boolean isRangeGet) {
             return AES_CTR;
         }
 
+        if (AES_CBC.getCipherAlgorithm().equals(cekAlgo)) {
+            return AES_CBC;
+        }
+
         throw new UnsupportedOperationException("Unsupported content encryption scheme: " + cekAlgo);
     }