Splitting MKP and keyring unit tests

Author: WesleyRosenblum

src/main/java/com/amazonaws/encryptionsdk/AwsCrypto.java

@@ -1006,7 +1006,7 @@ public Builder encryptionContext(Map<String, String> encryptionContext) {
             /**
              * Constructs the AwsCryptoConfig instance.
              *
-             * @return The AwCryptoConfig instance
+             * @return The AwsCryptoConfig instance
              */
             public AwsCryptoConfig build() {
                 return new AwsCryptoConfig(this);

src/test/java/com/amazonaws/encryptionsdk/DefaultCryptoMaterialsManagerTest.java

@@ -45,31 +45,35 @@ public class DefaultCryptoMaterialsManagerTest {
     private static final MasterKey<?> mk1 = new StaticMasterKey("mk1");
     private static final MasterKey<?> mk2 = new StaticMasterKey("mk2");
     private static final Keyring keyring1 = new StaticKeyring("keyring1");
-    private static final Keyring keyring2 = new StaticKeyring("keyring2");
 
     @Test
-    public void encrypt_testBasicFunctionality() {
+    public void encrypt_testBasicFunctionalityWithMkp() {
         EncryptionMaterialsRequest req = EncryptionMaterialsRequest.newBuilder().build();
-        EncryptionMaterials resultMkp = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
-        EncryptionMaterials resultKeyring = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
-
-        assertNotNull(resultMkp.getAlgorithm());
-        assertNotNull(resultMkp.getCleartextDataKey());
-        assertNotNull(resultMkp.getEncryptionContext());
-        assertEquals(1, resultMkp.getEncryptedDataKeys().size());
-        assertEquals(1, resultMkp.getMasterKeys().size());
-        assertEquals(mk1, resultMkp.getMasterKeys().get(0));
-
-        assertNotNull(resultKeyring.getAlgorithm());
-        assertNotNull(resultKeyring.getCleartextDataKey());
-        assertNotNull(resultKeyring.getEncryptionContext());
-        assertNotNull(resultKeyring.getKeyringTrace());
-        assertEquals(1, resultKeyring.getEncryptedDataKeys().size());
-        assertEquals(0, resultKeyring.getMasterKeys().size());
+        EncryptionMaterials result = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
+
+        assertNotNull(result.getAlgorithm());
+        assertNotNull(result.getCleartextDataKey());
+        assertNotNull(result.getEncryptionContext());
+        assertEquals(1, result.getEncryptedDataKeys().size());
+        assertEquals(1, result.getMasterKeys().size());
+        assertEquals(mk1, result.getMasterKeys().get(0));
     }
 
     @Test
-    public void encrypt_noSignatureKeyOnUnsignedAlgo() throws Exception {
+    public void encrypt_testBasicFunctionalityWithKeyring() {
+        EncryptionMaterialsRequest req = EncryptionMaterialsRequest.newBuilder().build();
+        EncryptionMaterials result = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
+
+        assertNotNull(result.getAlgorithm());
+        assertNotNull(result.getCleartextDataKey());
+        assertNotNull(result.getEncryptionContext());
+        assertNotNull(result.getKeyringTrace());
+        assertEquals(1, result.getEncryptedDataKeys().size());
+        assertEquals(0, result.getMasterKeys().size());
+    }
+
+    @Test
+    public void encrypt_noSignatureKeyOnUnsignedAlgoWithMkp() throws Exception {
         CryptoAlgorithm[] algorithms = new CryptoAlgorithm[] {
                 CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256,
                 CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_NO_KDF,
@@ -82,21 +86,38 @@ public void encrypt_noSignatureKeyOnUnsignedAlgo() throws Exception {
         for (CryptoAlgorithm algo : algorithms) {
             EncryptionMaterialsRequest req
                     = EncryptionMaterialsRequest.newBuilder().setRequestedAlgorithm(algo).build();
-            EncryptionMaterials mkpResult = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
-            EncryptionMaterials keyringResult = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
+            EncryptionMaterials result = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
+
+            assertNull(result.getTrailingSignatureKey());
+            assertEquals(0, result.getEncryptionContext().size());
+            assertEquals(algo, result.getAlgorithm());
+        }
+    }
+
+    @Test
+    public void encrypt_noSignatureKeyOnUnsignedAlgoWithKeyring() throws Exception {
+        CryptoAlgorithm[] algorithms = new CryptoAlgorithm[] {
+                CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256,
+                CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_NO_KDF,
+                CryptoAlgorithm.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256,
+                CryptoAlgorithm.ALG_AES_192_GCM_IV12_TAG16_NO_KDF,
+                CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256,
+                CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_NO_KDF
+        };
 
-            assertNull(mkpResult.getTrailingSignatureKey());
-            assertEquals(0, mkpResult.getEncryptionContext().size());
-            assertEquals(algo, mkpResult.getAlgorithm());
+        for (CryptoAlgorithm algo : algorithms) {
+            EncryptionMaterialsRequest req
+                    = EncryptionMaterialsRequest.newBuilder().setRequestedAlgorithm(algo).build();
+            EncryptionMaterials result = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
 
-            assertNull(keyringResult.getTrailingSignatureKey());
-            assertEquals(0, keyringResult.getEncryptionContext().size());
-            assertEquals(algo, keyringResult.getAlgorithm());
+            assertNull(result.getTrailingSignatureKey());
+            assertEquals(0, result.getEncryptionContext().size());
+            assertEquals(algo, result.getAlgorithm());
         }
     }
 
     @Test
-    public void encrypt_hasSignatureKeyForSignedAlgo() throws Exception {
+    public void encrypt_hasSignatureKeyForSignedAlgoWithMkp() throws Exception {
         CryptoAlgorithm[] algorithms = new CryptoAlgorithm[] {
                 CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256,
                 CryptoAlgorithm.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
@@ -107,19 +128,34 @@ public void encrypt_hasSignatureKeyForSignedAlgo() throws Exception {
 
             EncryptionMaterialsRequest req
                     = EncryptionMaterialsRequest.newBuilder().setRequestedAlgorithm(algo).build();
-            EncryptionMaterials mkpResult = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
-            EncryptionMaterials keyringResult = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
+            EncryptionMaterials result = new DefaultCryptoMaterialsManager(mk1).getMaterialsForEncrypt(req);
 
 
-            assertNotNull(mkpResult.getTrailingSignatureKey());
-            assertEquals(1, mkpResult.getEncryptionContext().size());
-            assertNotNull(mkpResult.getEncryptionContext().get(Constants.EC_PUBLIC_KEY_FIELD));
-            assertEquals(algo, mkpResult.getAlgorithm());
+            assertNotNull(result.getTrailingSignatureKey());
+            assertEquals(1, result.getEncryptionContext().size());
+            assertNotNull(result.getEncryptionContext().get(Constants.EC_PUBLIC_KEY_FIELD));
+            assertEquals(algo, result.getAlgorithm());
+        }
+    }
+
+    @Test
+    public void encrypt_hasSignatureKeyForSignedAlgoWithKeyring() throws Exception {
+        CryptoAlgorithm[] algorithms = new CryptoAlgorithm[] {
+                CryptoAlgorithm.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256,
+                CryptoAlgorithm.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
+                CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384
+        };
+
+        for (CryptoAlgorithm algo : algorithms) {
+
+            EncryptionMaterialsRequest req
+                    = EncryptionMaterialsRequest.newBuilder().setRequestedAlgorithm(algo).build();
+            EncryptionMaterials result = new DefaultCryptoMaterialsManager(keyring1).getMaterialsForEncrypt(req);
 
-            assertNotNull(keyringResult.getTrailingSignatureKey());
-            assertEquals(1, keyringResult.getEncryptionContext().size());
-            assertNotNull(keyringResult.getEncryptionContext().get(Constants.EC_PUBLIC_KEY_FIELD));
-            assertEquals(algo, keyringResult.getAlgorithm());
+            assertNotNull(result.getTrailingSignatureKey());
+            assertEquals(1, result.getEncryptionContext().size());
+            assertNotNull(result.getEncryptionContext().get(Constants.EC_PUBLIC_KEY_FIELD));
+            assertEquals(algo, result.getAlgorithm());
         }
     }
 

src/test/java/com/amazonaws/encryptionsdk/internal/StaticKeyring.java

@@ -24,15 +24,13 @@
 import javax.annotation.Nonnull;
 import javax.annotation.concurrent.NotThreadSafe;
 import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.SecureRandom;
 import java.security.spec.KeySpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
@@ -55,11 +53,6 @@
 public class StaticKeyring implements Keyring {
     private static final String PROVIDER_ID = "static_provider";
 
-    /**
-     * Generates random strings that can be used to create data keys.
-     */
-    private static final SecureRandom SRAND = new SecureRandom();
-
     /**
      * Encryption algorithm for the key-pair
      */
@@ -70,15 +63,10 @@ public class StaticKeyring implements Keyring {
      */
     private static final String KEY_FACTORY_ALGORITHM = "RSA";
 
-    /**
-     * Encryption algorithm for the randomly generated data key
-     */
-    private static final String DATA_KEY_ENCRYPTION_ALGORITHM = "AES";
-
     /**
      * The ID of the key
      */
-    private String keyId_;
+    private final String keyId_;
 
     /**
      * The {@link Cipher} object created with the public part of
@@ -92,11 +80,6 @@ public class StaticKeyring implements Keyring {
      */
     private final Cipher keyDecryptionCipher_;
 
-    /**
-     * Generates random data keys.
-     */
-    private KeyGenerator keyGenerator_;
-
     /**
      * Creates a new object that encrypts the data key with a key
      * whose id is {@code keyId}.
@@ -162,9 +145,9 @@ public void onDecrypt(DecryptionMaterials decryptionMaterials, List<? extends En
 
     private void generateDataKey(EncryptionMaterials encryptionMaterials) {
         try {
-            this.keyGenerator_ = KeyGenerator.getInstance(DATA_KEY_ENCRYPTION_ALGORITHM);
-            this.keyGenerator_.init(encryptionMaterials.getAlgorithm().getDataKeyLength() * 8, SRAND);
-            SecretKey key = new SecretKeySpec(keyGenerator_.generateKey().getEncoded(), encryptionMaterials.getAlgorithm().getDataKeyAlgo());
+            final byte[] rawKey = new byte[encryptionMaterials.getAlgorithm().getDataKeyLength()];
+            Utils.getSecureRandom().nextBytes(rawKey);
+            SecretKey key = new SecretKeySpec(rawKey, encryptionMaterials.getAlgorithm().getDataKeyAlgo());
             byte[] encryptedKey = keyEncryptionCipher_.doFinal(key.getEncoded());
 
             encryptionMaterials.setCleartextDataKey(key,