jeantil commented on a change in pull request #342:
URL: https://github.com/apache/james-project/pull/342#discussion_r602884477
##########
File path:
server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/AESBlobStoreDAO.java
##########
@@ -41,71 +36,54 @@
import com.github.fge.lambdas.Throwing;
import com.google.common.base.Preconditions;
import com.google.common.io.ByteSource;
-import com.google.crypto.tink.Aead;
-import com.google.crypto.tink.aead.AeadConfig;
-import com.google.crypto.tink.subtle.AesGcmJce;
+import com.google.common.io.FileBackedOutputStream;
+import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
public class AESBlobStoreDAO implements BlobStoreDAO {
- private static final byte[] EMPTY_ASSOCIATED_DATA = new byte[0];
- private static final int PBKDF2_ITERATIONS = 65536;
- private static final int KEY_SIZE = 256;
- private static final String SECRET_KEY_FACTORY_ALGORITHM =
"PBKDF2WithHmacSHA256";
-
private final BlobStoreDAO underlying;
- private final Aead aead;
+ private final AesGcmHkdfStreaming streamingAead;
public AESBlobStoreDAO(BlobStoreDAO underlying, CryptoConfig cryptoConfig)
{
this.underlying = underlying;
-
- try {
- AeadConfig.register();
-
- SecretKey secretKey = deriveKey(cryptoConfig);
- aead = new AesGcmJce(secretKey.getEncoded());
- } catch (GeneralSecurityException e) {
- throw new RuntimeException("Error while starting AESPayloadCodec",
e);
- }
+ this.streamingAead =
PBKDF2StreamingAeadFactory.newAesGcmHkdfStreaming(cryptoConfig);
}
- private static SecretKey deriveKey(CryptoConfig cryptoConfig) throws
NoSuchAlgorithmException, InvalidKeySpecException {
- byte[] saltBytes = cryptoConfig.salt();
- SecretKeyFactory skf =
SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM);
- PBEKeySpec spec = new PBEKeySpec(cryptoConfig.password(), saltBytes,
PBKDF2_ITERATIONS, KEY_SIZE);
- return skf.generateSecret(spec);
- }
-
- public byte[] encrypt(byte[] input) {
- try {
- return aead.encrypt(input, EMPTY_ASSOCIATED_DATA);
- } catch (GeneralSecurityException e) {
+ public FileBackedOutputStream encrypt(InputStream input) {
+ try (FileBackedOutputStream encryptedContent = new
FileBackedOutputStream(100 * 1024)) {
+ OutputStream outputStream =
streamingAead.newEncryptingStream(encryptedContent,
PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
+ input.transferTo(outputStream);
+ outputStream.close();
+ return encryptedContent;
+ } catch (GeneralSecurityException | IOException e) {
throw new RuntimeException("Unable to build payload for object
storage, failed to encrypt", e);
}
}
- public byte[] decrypt(byte[] ciphertext) throws IOException {
+ public InputStream decrypt(InputStream ciphertext) throws IOException {
try {
- return aead.decrypt(ciphertext, EMPTY_ASSOCIATED_DATA);
+ return streamingAead.newDecryptingStream(ciphertext,
PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
Review comment:
Thanks for the clear explanation, it could warrant a comment ( or an
extended commit message with the details ) since the reason for it is not
obvious without a lot of contextual knowledge.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
