updates to the S3 Encryption Client

---------

Co-authored-by: Andy Jewell <ajewell@amazon.com>
Co-authored-by: Ryan Emery <ryanemer@amazon.com>

Author: 3 people

src/aws-cpp-sdk-core/include/aws/core/utils/crypto/ContentCryptoMaterial.h

@@ -35,6 +35,11 @@ namespace Aws
                 */
                 ContentCryptoMaterial(const Aws::Utils::CryptoBuffer& cek, ContentCryptoScheme contentCryptoScheme);
 
+                /*
+                Initialize in the error state.
+                */
+                ContentCryptoMaterial(const char * msg);
+
                 /**
                 * Gets the underlying content encryption key.
                 */
@@ -59,6 +64,30 @@ namespace Aws
                     return m_iv;
                 }
 
+                /**
+                * Gets the underlying encryption context
+                */
+                inline const Aws::Map<Aws::String, Aws::String>& GetEncryptionContext() const
+                {
+                    return m_encryptionContext;
+                }
+
+                /**
+                * Gets the underlying key commitment
+                */
+                inline const Aws::Utils::CryptoBuffer& GetKeyCommitment() const
+                {
+                    return m_keyCommitment;
+                }
+
+                /**
+                * Gets the underlying message ID
+                */
+                inline const Aws::Utils::CryptoBuffer& GetMessageID() const
+                {
+                    return m_messageId;
+                }
+
                 /**
                 * Gets the underlying crypto tag length
                 */
@@ -123,6 +152,43 @@ namespace Aws
                     m_iv = iv;
                 }
 
+                /**
+                * Sets the underlying iv to 12 bytes of zero, as needed for V3 encoding
+                */
+                inline void SetV3IV()
+                {
+                    //= ../specification/s3-encryption/key-derivation.md#hkdf-operation
+                    //# When encrypting or decrypting with ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY, the IV used in the AES-GCM content encryption/decryption MUST consist entirely of bytes with the value 0x01.
+                    //# The IV's total length MUST match the IV length defined by the algorithm suite.
+                    unsigned char iv[12] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
+                    CryptoBuffer iv2(&iv[0], 12);
+                    SetIV(iv2);
+                }
+
+                /**
+                * Sets the underlying encryption context. Copies from parameter encryptionContext.
+                */
+                inline void SetEncryptionContext(const Aws::Map<Aws::String, Aws::String>& encryptionContext)
+                {
+                    m_encryptionContext = encryptionContext;
+                }
+
+                /**
+                * Sets the underlying key commitment. Copies from parameter keyCommitment.
+                */
+                inline void SetKeyCommitment(const Aws::Utils::CryptoBuffer& keyCommitment)
+                {
+                    m_keyCommitment = keyCommitment;
+                }
+
+                /**
+                * Sets the underlying message ID. Copies from parameter messageId.
+                */
+                inline void SetMessageID(const Aws::Utils::CryptoBuffer& messageId)
+                {
+                    m_messageId = messageId;
+                }
+
                 /**
                 * Sets the underlying crypto Tag Length. Copies from parameter cryptoTagLength.
                 */
@@ -223,6 +289,28 @@ namespace Aws
                     return m_finalCEK;
                 }
 
+                //= ../specification/s3-encryption/key-derivation.md#hkdf-operation
+                //= type=implication
+                //# The client MUST set the AAD to the Algorithm Suite ID represented as bytes.
+
+                //= ../specification/s3-encryption/encryption.md#alg-aes-256-gcm-iv12-tag16-no-kdf
+                //= type=implication
+                //# The client MUST NOT provide any AAD when encrypting with ALG_AES_256_GCM_IV12_TAG16_NO_KDF.
+                inline const Aws::Utils::CryptoBuffer GetAAD() const
+                {
+                    if (m_contentCryptoScheme == ContentCryptoScheme::GCM_COMMIT) {
+		        // Algorithm Suite 0x0073 as bytes
+                        static const uint8_t gcmAAD[2] = {0, 0x73};
+                        return Aws::Utils::CryptoBuffer(gcmAAD, 2);
+                    } else {
+                        return Aws::Utils::CryptoBuffer();
+                    }
+                }
+
+                inline bool Ok() const {return m_error.empty();}
+                inline bool Fail() const {return !m_error.empty();}
+                inline const Aws::String & Error() const {return m_error;}
+
             private:
                 Aws::Utils::CryptoBuffer m_contentEncryptionKey;
                 Aws::Utils::CryptoBuffer m_encryptedContentEncryptionKey;
@@ -234,10 +322,14 @@ namespace Aws
                 Aws::Utils::CryptoBuffer m_cekIV;
                 Aws::Utils::CryptoBuffer m_gcmAAD;
                 Aws::Utils::CryptoBuffer m_cekGCMTag;
+                Aws::Map<Aws::String, Aws::String> m_encryptionContext;
+                Aws::Utils::CryptoBuffer m_keyCommitment;
+                Aws::Utils::CryptoBuffer m_messageId;
                 size_t m_cryptoTagLength;
                 Aws::Map<Aws::String, Aws::String> m_materialsDescription;
                 KeyWrapAlgorithm m_keyWrapAlgorithm;
                 ContentCryptoScheme m_contentCryptoScheme;
+                Aws::String m_error;
             };
         }
     }

src/aws-cpp-sdk-core/include/aws/core/utils/crypto/ContentCryptoScheme.h

@@ -17,9 +17,12 @@ namespace Aws
                 CBC,
                 CTR,
                 GCM,
+                GCM_COMMIT,
                 NONE
             };
-
+            inline bool IsGCM(ContentCryptoScheme scheme) {
+                return scheme == ContentCryptoScheme::GCM || scheme == ContentCryptoScheme::GCM_COMMIT;
+            }
             namespace ContentCryptoSchemeMapper
             {
                 AWS_CORE_API ContentCryptoScheme GetContentCryptoSchemeForName(const Aws::String& name);
@@ -29,4 +32,4 @@ namespace Aws
         } //namespace Crypto
 
     }//namespace Utils
-}//namespace Aws
+}//namespace Aws

src/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoMaterial.cpp

@@ -18,6 +18,13 @@ namespace Aws
             {
             }
 
+            ContentCryptoMaterial::ContentCryptoMaterial(const char * msg) :
+                m_cryptoTagLength(0), m_keyWrapAlgorithm(KeyWrapAlgorithm::NONE), m_contentCryptoScheme(ContentCryptoScheme::NONE),
+                m_error(msg)
+            {
+                AWS_LOGSTREAM_ERROR("DataHandler", msg);
+            }
+
             ContentCryptoMaterial::ContentCryptoMaterial(ContentCryptoScheme contentCryptoScheme) :
                 m_contentEncryptionKey(SymmetricCipher::GenerateKey()), m_cryptoTagLength(0), m_keyWrapAlgorithm(KeyWrapAlgorithm::NONE), m_contentCryptoScheme(contentCryptoScheme)
             {

src/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoScheme.cpp

@@ -20,6 +20,8 @@ namespace Aws
                 static const int cryptoScheme_CBC_HASH = HashingUtils::HashString("AES/CBC/PKCS5Padding");
                 static const int cryptoScheme_CTR_HASH = HashingUtils::HashString("AES/CTR/NoPadding");
                 static const int cryptoScheme_GCM_HASH = HashingUtils::HashString("AES/GCM/NoPadding");
+                // "115" represents ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY (0x0073)
+                static const int cryptoScheme_COMMIT_HASH = HashingUtils::HashString("115");
 
                 ContentCryptoScheme GetContentCryptoSchemeForName(const Aws::String& name)
                 {
@@ -36,8 +38,12 @@ namespace Aws
                     {
                         return ContentCryptoScheme::GCM;
                     }
-                    assert(0);
-                    return ContentCryptoScheme::NONE;
+                else if (hashcode == cryptoScheme_COMMIT_HASH)
+                {
+                    return ContentCryptoScheme::GCM_COMMIT;
+                }
+                // Return NONE for unrecognized schemes instead of asserting
+                return ContentCryptoScheme::NONE;
                 }
 
                 Aws::String GetNameForContentCryptoScheme(ContentCryptoScheme enumValue)
@@ -50,6 +56,8 @@ namespace Aws
                         return "AES/CTR/NoPadding";
                     case ContentCryptoScheme::GCM:
                         return "AES/GCM/NoPadding";
+                    case ContentCryptoScheme::GCM_COMMIT:
+                        return "115";
                     default:
                         assert(0);
                         return "";
@@ -58,4 +66,4 @@ namespace Aws
             }//namespace ContentCryptoSchemeMapper
         } //namespace Crypto
     }//namespace Utils
-}//namespace Aws
+}//namespace Aws

src/aws-cpp-sdk-core/source/utils/crypto/KeyWrapAlgorithm.cpp

@@ -37,12 +37,12 @@ namespace Aws
                     {
                         return KeyWrapAlgorithm::AES_KEY_WRAP;
                     } 
-                    else if (hashcode == keyWrapAlgorithm_AES_GCM_HASH)
-                    {
-                        return KeyWrapAlgorithm::AES_GCM;
-                    }
-                    assert(0);
-                    return KeyWrapAlgorithm::NONE;
+                else if (hashcode == keyWrapAlgorithm_AES_GCM_HASH)
+                {
+                    return KeyWrapAlgorithm::AES_GCM;
+                }
+                // Return NONE for unrecognized algorithms instead of asserting
+                return KeyWrapAlgorithm::NONE;
                 }
 
                 Aws::String GetNameForKeyWrapAlgorithm(KeyWrapAlgorithm enumValue)

src/aws-cpp-sdk-s3-encryption/SUPPORT_POLICY.rst

@@ -0,0 +1,34 @@
+Overview
+========
+This page describes the support policy for the S3EncryptionClient.
+We regularly provide the S3EncryptionClient with updates that may contain support for new or updated APIs, new features, enhancements, bug fixes, security patches, or documentation updates. Updates may also address changes with dependencies, and operating systems.
+
+We recommend users to stay up-to-date with S3EncryptionClient to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported S3EncryptionClient version is not recommended and is done at the user’s discretion
+
+
+Major Version Lifecycle
+========================
+The S3 Encryption Client uses separately named classes for new major versions.
+
+Version Support Matrix
+===============================
+This table describes the current support status of each major version of the S3EncryptionClient. It also shows the next status each major version will transition to, and the date at which that transition will happen.
+
+.. list-table::
+    :widths: 30 50 50
+    :header-rows: 1
+
+    * - Major version
+      - Current status
+      - Next status
+    * - S3EncryptionClient
+      - End Of Support
+      -
+    * - S3EncryptionClientV2
+      - Maintenance
+      - End Of Support
+    * - S3EncryptionClientV3
+      - Generally Available
+      -
+
+.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle