-
Notifications
You must be signed in to change notification settings - Fork 170
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2634bdd
commit dd4ff7d
Showing
21 changed files
with
496 additions
and
133 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 36 additions & 3 deletions
39
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/Aead.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,49 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import net.snowflake.client.jdbc.cloud.storage.GcmEncryptionProvider; | ||
|
||
public enum Aead { | ||
AES_GCM_128((byte) 0), | ||
AES_GCM_256((byte) 1); | ||
// TODO confirm id | ||
AES_GCM_256((byte) 0, "AES/GCM/NoPadding", 32, 12, 16, new GcmEncryptionProvider()), | ||
AES_GCM_128((byte) 1, "AES/GCM/NoPadding", 16, 12, 16, new GcmEncryptionProvider()); | ||
|
||
private byte id; | ||
private String jceName; | ||
private int keyLength; | ||
private int ivLength; | ||
private int authTagLength; | ||
private AeadProvider aeadProvider; | ||
|
||
Aead(byte id) { | ||
Aead(byte id, String jceName, int keyLength, int ivLength, int authTagLength, AeadProvider aeadProvider) { | ||
this.jceName = jceName; | ||
this.keyLength = keyLength; | ||
this.id = id; | ||
this.ivLength = ivLength; | ||
this.authTagLength = authTagLength; | ||
this.aeadProvider = aeadProvider; | ||
} | ||
|
||
byte getId() { | ||
return id; | ||
} | ||
|
||
String getJceName() { | ||
return jceName; | ||
} | ||
|
||
int getKeyLength() { | ||
return keyLength; | ||
} | ||
|
||
int getIvLength() { | ||
return ivLength; | ||
} | ||
|
||
int getAuthTagLength() { | ||
return authTagLength; | ||
} | ||
|
||
AeadProvider getAeadProvider() { | ||
return aeadProvider; | ||
} | ||
} |
22 changes: 22 additions & 0 deletions
22
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/AeadAad.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import java.nio.ByteBuffer; | ||
|
||
class AeadAad { | ||
private final byte[] bytes; | ||
|
||
private AeadAad(long segmentCounter, byte terminalityByte) { | ||
ByteBuffer buf = ByteBuffer.allocate(9); | ||
buf.putLong(segmentCounter); | ||
buf.put(terminalityByte); | ||
this.bytes = buf.array(); | ||
} | ||
|
||
static AeadAad nonTerminal(long segmentCounter) { | ||
return new AeadAad(segmentCounter, (byte) 0); | ||
} | ||
|
||
byte[] getBytes() { | ||
return bytes; | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/AeadIv.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import java.nio.ByteBuffer; | ||
|
||
class AeadIv { | ||
private final byte[] bytes; | ||
|
||
AeadIv(byte[] bytes) { | ||
this.bytes = bytes; | ||
} | ||
|
||
public static AeadIv generateRandom(FloeRandom floeRandom, int ivLength) { | ||
return new AeadIv(floeRandom.ofLength(ivLength)); | ||
} | ||
|
||
public static AeadIv from(ByteBuffer buffer, int ivLength) { | ||
byte[] bytes = new byte[ivLength]; | ||
buffer.get(bytes); | ||
return new AeadIv(bytes); | ||
} | ||
|
||
byte[] getBytes() { | ||
return bytes; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/AeadKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import javax.crypto.SecretKey; | ||
|
||
class AeadKey { | ||
private final SecretKey key; | ||
|
||
AeadKey(SecretKey key) { | ||
this.key = key; | ||
} | ||
|
||
SecretKey getKey() { | ||
return key; | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/AeadProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import javax.crypto.SecretKey; | ||
import java.security.GeneralSecurityException; | ||
|
||
public interface AeadProvider { | ||
byte[] encrypt(SecretKey key, byte[] iv, byte[] aad, byte[] plaintext) throws GeneralSecurityException; | ||
byte[] decrypt(SecretKey key, byte[] iv, byte[] aad, byte[] ciphertext) throws GeneralSecurityException; | ||
} |
37 changes: 37 additions & 0 deletions
37
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/BaseSegmentProcessor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
import javax.crypto.SecretKey; | ||
import javax.crypto.spec.SecretKeySpec; | ||
|
||
abstract class BaseSegmentProcessor { | ||
protected static final int NON_TERMINAL_SEGMENT_SIZE_MARKER = -1; | ||
protected static final int headerTagLength = 32; | ||
|
||
protected final FloeParameterSpec parameterSpec; | ||
protected final FloeKey floeKey; | ||
protected final FloeAad floeAad; | ||
|
||
protected final KeyDerivator floeKdf; | ||
|
||
private AeadKey currentAeadKey; | ||
|
||
BaseSegmentProcessor(FloeParameterSpec parameterSpec, FloeKey floeKey, FloeAad floeAad) { | ||
this.parameterSpec = parameterSpec; | ||
this.floeKey = floeKey; | ||
this.floeAad = floeAad; | ||
this.floeKdf = new KeyDerivator(parameterSpec); | ||
} | ||
|
||
protected AeadKey getKey(FloeKey floeKey, FloeIv floeIv, FloeAad floeAad, long segmentCounter) { | ||
if (currentAeadKey == null || segmentCounter % parameterSpec.getKeyRotationModulo() == 0) { | ||
currentAeadKey = deriveKey(floeKey, floeIv, floeAad, segmentCounter); | ||
} | ||
return currentAeadKey; | ||
} | ||
|
||
private AeadKey deriveKey(FloeKey floeKey, FloeIv floeIv, FloeAad floeAad, long segmentCounter) { | ||
byte[] keyBytes = floeKdf.hkdfExpand(floeKey, floeIv, floeAad, new DekTagFloePurpose(segmentCounter), parameterSpec.getAead().getKeyLength()); | ||
SecretKey key = new SecretKeySpec(keyBytes, "AES"); // for now it is safe as we use only AES as AEAD | ||
return new AeadKey(key); | ||
} | ||
} |
18 changes: 0 additions & 18 deletions
18
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/FloeBase.java
This file was deleted.
Oops, something went wrong.
4 changes: 3 additions & 1 deletion
4
src/main/java/net/snowflake/client/jdbc/cloud/storage/floe/FloeDecryptor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
package net.snowflake.client.jdbc.cloud.storage.floe; | ||
|
||
public interface FloeDecryptor {} | ||
public interface FloeDecryptor extends SegmentProcessor { | ||
|
||
} |
Oops, something went wrong.