opentdf · sujankota · Jun 6, 2024 · May 13, 2024 · May 14, 2024 · May 14, 2024
@@ -82,6 +82,11 @@
  <version>4.13.1</version>
  <scope>test</scope>
  </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ <version>1.78.1</version>
+ </dependency>
  <dependency>
  <groupId>com.google.code.gson</groupId>
  <artifactId>gson</artifactId>

@@ -14,7 +14,7 @@
 
 public class AesGcm {
  public static final int GCM_NONCE_LENGTH = 12; // in bytes
- private static final int GCM_TAG_LENGTH = 16; // in bytes
+ public static final int GCM_TAG_LENGTH = 16; // in bytes
  private static final String CIPHER_TRANSFORM = "AES/GCM/NoPadding";
 
  private final SecretKey key;
@@ -115,17 +115,72 @@ public Encrypted encrypt(byte[] plaintext, int offset, int len) {
  return new Encrypted(nonce, cipherText);
  }
 
+ /**
+ * <p>encrypt.</p>
+ *
+ * @param iv the IV vector
+ * @param authTagLen the length of the auth tag
+ * @param plaintext the plaintext byte array to encrypt
+ * @param offset where the input start
+ * @param len input length
+ * @return the encrypted text
+ */
+ public byte[] encrypt(byte[] iv, int authTagLen, byte[] plaintext, int offset, int len) {
+ try {
+ Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
+
+ GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, iv);
+ cipher.init(Cipher.ENCRYPT_MODE, key, spec);
+
+ byte[] cipherText = cipher.doFinal(plaintext, offset, len);
+ byte[] cipherTextWithNonce = new byte[iv.length + cipherText.length];
+ System.arraycopy(iv, 0, cipherTextWithNonce, 0, iv.length);
+ System.arraycopy(cipherText, 0, cipherTextWithNonce, iv.length, cipherText.length);
+ return cipherTextWithNonce;
+ } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
+ throw new RuntimeException("error gcm decrypt", e);
+ } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
+ throw new RuntimeException("error gcm decrypt", e);
+ }
+ }
+
  /**
  * <p>decrypt.</p>
  *
  * @param cipherTextWithNonce the ciphertext with nonce to decrypt
  * @return the decrypted text
  */
- public byte[] decrypt(Encrypted cipherTextWithNonce) throws NoSuchPaddingException, NoSuchAlgorithmException,
- InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
- Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
- GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, cipherTextWithNonce.iv);
- cipher.init(Cipher.DECRYPT_MODE, key, spec);
- return cipher.doFinal(cipherTextWithNonce.ciphertext);
+ public byte[] decrypt(Encrypted cipherTextWithNonce) {
+ try {
+ Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
+ GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, cipherTextWithNonce.iv);
+ cipher.init(Cipher.DECRYPT_MODE, key, spec);
+ return cipher.doFinal(cipherTextWithNonce.ciphertext);
+ } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
+ throw new RuntimeException("error gcm decrypt", e);
+ } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
+ throw new RuntimeException("error gcm decrypt", e);
+ }
+ }
+
+ /**
+ * <p>decrypt.</p>
+ *
+ * @param iv the IV vector
+ * @param authTagLen the length of the auth tag
+ * @param cipherData the cipherData byte array to decrypt
+ * @return the decrypted data
+ */
+ public byte[] decrypt(byte[] iv, int authTagLen, byte[] cipherData) {
+ try {
+ Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
+ GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, iv);
+ cipher.init(Cipher.DECRYPT_MODE, key, spec);
+ return cipher.doFinal(cipherData);
+ } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
+ throw new RuntimeException("error gcm decrypt", e);
+ } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
+ throw new SDKException("error gcm decrypt", e);
+ }
  }
 }
@@ -1,5 +1,9 @@
 package io.opentdf.platform.sdk;
 
+import io.opentdf.platform.sdk.nanotdf.ECCMode;
+import io.opentdf.platform.sdk.nanotdf.NanoTDFType;
+import io.opentdf.platform.sdk.nanotdf.SymmetricAndPayloadConfig;
+
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -79,4 +83,67 @@ public static Consumer<TDFConfig> withMetaData(String metaData) {
  public static Consumer<TDFConfig> withSegmentSize(int size) {
  return (TDFConfig config) -> config.defaultSegmentSize = size;
  }
+
+ public static class NanoTDFConfig {
+ public ECCMode eccMode;
+ public NanoTDFType.Cipher cipher;
+ public SymmetricAndPayloadConfig config;
+ public List<String> attributes;
+ public List<KASInfo> kasInfoList;
+
+ public NanoTDFConfig() {
+ this.eccMode = new ECCMode();
+ this.eccMode.setEllipticCurve(NanoTDFType.ECCurve.SECP256R1);
+ this.eccMode.setECDSABinding(false);
+
+ this.cipher = NanoTDFType.Cipher.AES_256_GCM_96_TAG;
+
+ this.config = new SymmetricAndPayloadConfig();
+ this.config.setHasSignature(false);
+ this.config.setSymmetricCipherType(NanoTDFType.Cipher.AES_256_GCM_96_TAG);
+
+ this.attributes = new ArrayList<>();
+ this.kasInfoList = new ArrayList<>();
+ }
+ }
+
+ public static NanoTDFConfig newNanoTDFConfig(Consumer<NanoTDFConfig>... options) {
+ NanoTDFConfig config = new NanoTDFConfig();
+ for (Consumer<NanoTDFConfig> option : options) {
+ option.accept(config);
+ }
+ return config;
+ }
+
+ public static Consumer<NanoTDFConfig> witDataAttributes(String... attributes) {
+ return (NanoTDFConfig config) -> {
+ Collections.addAll(config.attributes, attributes);
+ };
+ }
+
+ public static Consumer<NanoTDFConfig> withNanoKasInformation(KASInfo... kasInfoList) {
+ return (NanoTDFConfig config) -> {
+ Collections.addAll(config.kasInfoList, kasInfoList);
+ };
+ }
+
+ public static Consumer<NanoTDFConfig> withEllipticCurve(String curve) {
+ NanoTDFType.ECCurve ecCurve;
+ if (curve == null || curve.isEmpty()) {
+ ecCurve = NanoTDFType.ECCurve.SECP256R1; // default curve
+ } else if (curve.compareToIgnoreCase(NanoTDFType.ECCurve.SECP384R1.toString()) == 0) {
+ ecCurve = NanoTDFType.ECCurve.SECP384R1;
+ } else if (curve.compareToIgnoreCase(NanoTDFType.ECCurve.SECP521R1.toString()) == 0) {
+ ecCurve = NanoTDFType.ECCurve.SECP521R1;
+ } else if (curve.compareToIgnoreCase(NanoTDFType.ECCurve.SECP256R1.toString()) == 0) {
+ ecCurve = NanoTDFType.ECCurve.SECP256R1;
+ } else {
+ throw new IllegalArgumentException("The supplied curve string " + curve + " is not recognized.");
+ }
+ return (NanoTDFConfig config) -> config.eccMode.setEllipticCurve(ecCurve);
+ }
+
+ public static Consumer<NanoTDFConfig> WithECDSAPolicyBinding() {
+ return (NanoTDFConfig config) -> config.eccMode.setECDSABinding(false);
+ }
 }
@@ -1,6 +1,7 @@
 package io.opentdf.platform.sdk;
 
 import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
@@ -12,7 +13,11 @@
 import io.opentdf.platform.kas.AccessServiceGrpc;
 import io.opentdf.platform.kas.PublicKeyRequest;
 import io.opentdf.platform.kas.RewrapRequest;
+import io.opentdf.platform.sdk.nanotdf.ECKeyPair;
+import io.opentdf.platform.sdk.nanotdf.NanoTDFType;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.time.Duration;
@@ -48,6 +53,13 @@ public KASClient(Function <String, ManagedChannel> channelFactory, RSAKey dpopKe
  publicKeyPEM = CryptoUtils.getRSAPublicKeyPEM(encryptionKeypair.getPublic());
  }
 
+ @Override
+ public String getECPublicKey(Config.KASInfo kasInfo, NanoTDFType.ECCurve curve) {
+ return getStub(kasInfo.URL)
+ .publicKey(PublicKeyRequest.newBuilder().setAlgorithm(String.format("ec:%s", curve.toString())).build())
+ .getPublicKey();
+ }
+
  @Override
  public String getPublicKey(Config.KASInfo kasInfo) {
  return getStub(kasInfo.URL)
@@ -97,6 +109,19 @@ static class RewrapRequestBody {
  Manifest.KeyAccess keyAccess;
  }
 
+ static class NanoTDFKeyAccess {
+ String header;
+ String type;
+ String url;
+ String protocol;
+ }
+
+ static class NanoTDFRewrapRequestBody {
+ String algorithm;
+ String clientPublicKey;
+ NanoTDFKeyAccess keyAccess;
+ }
+
  private static final Gson gson = new Gson();
 
  @Override
@@ -130,6 +155,62 @@ public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy) {
  return decryptor.decrypt(wrappedKey);
  }
 
+ public byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kasURL) {
+ ECKeyPair keyPair = new ECKeyPair(curve.toString(), ECKeyPair.ECAlgorithm.ECDH);
+
+ NanoTDFKeyAccess keyAccess = new NanoTDFKeyAccess();
+ keyAccess.header = header;
+ keyAccess.type = "remote";
+ keyAccess.url = kasURL;
+ keyAccess.protocol = "kas";
+
+ NanoTDFRewrapRequestBody body = new NanoTDFRewrapRequestBody();
+ body.algorithm = String.format("ec:%s", curve.toString());
+ body.clientPublicKey = keyPair.publicKeyInPEMFormat();
+ body.keyAccess = keyAccess;
+
+ var requestBody = gson.toJson(body);
+ var claims = new JWTClaimsSet.Builder()
+ .claim("requestBody", requestBody)
+ .issueTime(Date.from(Instant.now()))
+ .expirationTime(Date.from(Instant.now().plus(Duration.ofMinutes(1))))
+ .build();
+
+ var jws = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
+ SignedJWT jwt = new SignedJWT(jws, claims);
+ try {
+ jwt.sign(signer);
+ } catch (JOSEException e) {
+ throw new SDKException("error signing KAS request", e);
+ }
+
+ var request = RewrapRequest
+ .newBuilder()
+ .setSignedRequestToken(jwt.serialize())
+ .build();
+
+ var response = getStub(keyAccess.url).rewrap(request);
+ var wrappedKey = response.getEntityWrappedKey().toByteArray();
+
+ // Generate symmetric key
+ byte[] symmetricKey = ECKeyPair.computeECDHKey(ECKeyPair.publicKeyFromPem(response.getSessionPublicKey()),
+ keyPair.getPrivateKey());
+
+ // Generate HKDF key
+ MessageDigest digest;
+ try {
+ digest = MessageDigest.getInstance("SHA-256");
+ } catch (NoSuchAlgorithmException e) {
+ throw new SDKException("error creating SHA-256 message digest", e);
+ }
+ byte[] hashOfSalt = digest.digest(NanoTDF.MAGIC_NUMBER_AND_VERSION);
+ byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey);
+
+ AesGcm gcm = new AesGcm(key);
+ AesGcm.Encrypted encrypted = new AesGcm.Encrypted(wrappedKey);
+ return gcm.decrypt(encrypted);
+ }
+
  private final HashMap<String, CacheEntry> stubs = new HashMap<>();
  private static class CacheEntry {
  final ManagedChannel channel;