diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-04 17:22:54 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-05 15:23:38 +0100 |
commit | b9292918b2ec3c26492ae2424756080059a089b4 (patch) | |
tree | 18cb7dfd715759f0d64d0d67c574af3981e7cf21 /vespaclient-java | |
parent | bb6638634f5bec608f62d710c97b0b97f79fc07f (diff) |
Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based crypto
This is to get around the limitation where AES GCM can only produce
a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before
its security properties break down. ChaCha20-Poly1305 does not have any
practical limitations here.
ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits.
A HKDF is used to internally expand the key material to 256 bits.
To let token based decryption be fully backwards compatible, introduce
a token version 2. V1 tokens will be decrypted with AES-GCM 128, while
V2 tokens use ChaCha20-Poly1305.
As a bonus, cryptographic operations will generally be _faster_ after
this cipher change, as we use BouncyCastle ciphers and these do not use
any native AES instructions. ChaCha20-Poly1305 is usually considerably
faster when running without specialized hardware support. An ad-hoc
experiment with a large ciphertext showed a near 70% performance increase
over AES-GCM 128.
Diffstat (limited to 'vespaclient-java')
-rw-r--r-- | vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java | 2 | ||||
-rw-r--r-- | vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java index ce3f5a89cd5..4fbe89d4b03 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java @@ -113,7 +113,7 @@ public class DecryptTool implements Tool { var privateKey = ToolUtils.resolvePrivateKeyFromInvocation(invocation, sealedSharedKey.keyId(), !CliUtils.useStdIo(inputArg) && !CliUtils.useStdIo(outputArg)); var secretShared = SharedKeyGenerator.fromSealedKey(sealedSharedKey, privateKey); - var cipher = SharedKeyGenerator.makeAesGcmDecryptionCipher(secretShared); + var cipher = secretShared.makeDecryptionCipher(); boolean unZstd = arguments.hasOption(ZSTD_DECOMPRESS_OPTION); try (var inStream = CliUtils.inputStreamFromFileOrStream(inputArg, invocation.stdIn()); diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java index 81a3eecce6b..76e7419baf7 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java @@ -87,7 +87,7 @@ public class EncryptTool implements Tool { var recipientPubKey = KeyUtils.fromBase58EncodedX25519PublicKey(CliUtils.optionOrThrow(arguments, RECIPIENT_PUBLIC_KEY_OPTION).strip()); var keyId = KeyId.ofString(CliUtils.optionOrThrow(arguments, KEY_ID_OPTION)); var shared = SharedKeyGenerator.generateForReceiverPublicKey(recipientPubKey, keyId); - var cipher = SharedKeyGenerator.makeAesGcmEncryptionCipher(shared); + var cipher = shared.makeEncryptionCipher(); boolean zstd = arguments.hasOption(ZSTD_COMPRESS_OPTION); try (var inStream = CliUtils.inputStreamFromFileOrStream(inputArg, invocation.stdIn()); |