Switch to NewGCMWithRandomNonce for fips (#7474) (#7549)

* Switch to NewGCMWithRandomNonce for fips

(cherry picked from commit 7f1599a)

Co-authored-by: simitt <[email protected]>

Author: mergify[bot]

internal/pkg/agent/vault/aesgcm/aesgcm.go

@@ -5,11 +5,8 @@
 package aesgcm
 
 import (
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
 	"encoding/hex"
-	"syscall"
 )
 
 // AESKeyType indicates the AES key length.
@@ -55,29 +52,6 @@ func NewKeyHexString(kt AESKeyType) (string, error) {
 	return hex.EncodeToString(key), nil
 }
 
-// Encrypt encrypts the data with AES-GCM
-func Encrypt(key, data []byte) ([]byte, error) {
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	aesGCM, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-
-	nonce := make([]byte, aesGCM.NonceSize())
-	if _, err = rand.Read(nonce); err != nil {
-		return nil, err
-	}
-
-	// The first parameter is nonce in order to get the ciphertext as concatenation of nonce and encrypted data
-	ciphertext := aesGCM.Seal(nonce, nonce, data, nil)
-
-	return ciphertext, nil
-}
-
 // EncryptHex encrypts with hex string key, producing hex encoded result
 func EncryptHex(key string, data []byte) (string, error) {
 	bkey, err := hex.DecodeString(key)
@@ -91,27 +65,6 @@ func EncryptHex(key string, data []byte) (string, error) {
 	return hex.EncodeToString(enc), nil
 }
 
-// Decrypt decrypts the data with AES-GCM
-func Decrypt(key, data []byte) ([]byte, error) {
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	aesGCM, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-
-	nonceSize := aesGCM.NonceSize()
-	if len(data) < nonceSize {
-		return nil, syscall.EINVAL
-	}
-	nonce, ciphertext := data[:nonceSize], data[nonceSize:]
-
-	return aesGCM.Open(nil, nonce, ciphertext, nil)
-}
-
 // DecryptHex decrypts with hex string key and data
 func DecryptHex(key string, data string) ([]byte, error) {
 	bkey, err := hex.DecodeString(key)

internal/pkg/agent/vault/aesgcm/aesgcm_fips.go

@@ -0,0 +1,41 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License 2.0;
+// you may not use this file except in compliance with the Elastic License 2.0.
+
+//go:build requirefips
+
+package aesgcm
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+// Encrypt encrypts the data with AES-GCM with random nonce
+func Encrypt(key, data []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	aesGCM, err := cipher.NewGCMWithRandomNonce(block)
+	if err != nil {
+		return nil, err
+	}
+	ciphertext := aesGCM.Seal(nil, nil, data, nil)
+	return ciphertext, nil
+}
+
+// Decrypt decrypts the data with AES-GCM with random nonce
+func Decrypt(key, data []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	aesGCM, err := cipher.NewGCMWithRandomNonce(block)
+	if err != nil {
+		return nil, err
+	}
+	return aesGCM.Open(nil, nil, data, nil)
+}

internal/pkg/agent/vault/aesgcm/aesgcm_nofips.go

@@ -0,0 +1,56 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License 2.0;
+// you may not use this file except in compliance with the Elastic License 2.0.
+
+//go:build !requirefips
+
+package aesgcm
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"syscall"
+)
+
+// Encrypt encrypts the data with AES-GCM
+func Encrypt(key, data []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := make([]byte, aesGCM.NonceSize())
+	if _, err = rand.Read(nonce); err != nil {
+		return nil, err
+	}
+
+	// The first parameter is nonce in order to get the ciphertext as concatenation of nonce and encrypted data
+	ciphertext := aesGCM.Seal(nonce, nonce, data, nil)
+	return ciphertext, nil
+}
+
+// Decrypt decrypts the data with AES-GCM
+func Decrypt(key, data []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	nonceSize := aesGCM.NonceSize()
+	if len(data) < nonceSize {
+		return nil, syscall.EINVAL
+	}
+	nonce, ciphertext := data[:nonceSize], data[nonceSize:]
+	return aesGCM.Open(nil, nonce, ciphertext, nil)
+}

internal/pkg/crypto/io.go

@@ -11,36 +11,11 @@ import (
 	"crypto/pbkdf2"
 	"crypto/rand"
 	"crypto/sha512"
-	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 )
 
-// Option is the default options used to generate the encrypt and decrypt writer.
-// NOTE: the defined options need to be same for both the Reader and the writer.
-type Option struct {
-	Generator       bytesGen
-	IterationsCount int
-	KeyLength       int
-	SaltLength      int
-	IVLength        int
-
-	// BlockSize must be a factor of aes.BlockSize
-	BlockSize int
-}
-
-// DefaultOptions is the default options to use when creating the writer, changing might decrease
-// the efficacity of the encryption.
-var DefaultOptions = &Option{
-	IterationsCount: 10000,
-	KeyLength:       32,
-	SaltLength:      64,
-	IVLength:        12,
-	Generator:       randomBytes,
-	BlockSize:       bytes.MinRead,
-}
-
 // versionMagicHeader is the format version that will be added at the beginning of the header and
 // can be used to change how the decryption work in future version.
 var versionMagicHeader = []byte("v2")
@@ -122,7 +97,7 @@ func (w *Writer) Write(b []byte) (int, error) {
 			return 0, w.err
 		}
 
-		aesgcm, err := cipher.NewGCM(block)
+		aesgcm, err := getCipherAEAD(block)
 		if err != nil {
 			w.err = fmt.Errorf("could not create the GCM to encrypt: %w", err)
 			return 0, w.err
@@ -160,33 +135,6 @@ func (w *Writer) Write(b []byte) (int, error) {
 	return len(b), nil
 }
 
-func (w *Writer) writeBlock(b []byte) error {
-	// randomly generate the salt and the initialization vector, this information will be saved
-	// on disk in the file as part of the header
-	iv, err := w.generator(w.option.IVLength)
-	if err != nil {
-		w.err = fmt.Errorf("fail to generate random IV: %w", err)
-		return w.err
-	}
-
-	//nolint:errcheck // Ignore the error at this point.
-	w.writer.Write(iv)
-
-	encodedBytes := w.gcm.Seal(nil, iv, b, nil)
-
-	l := make([]byte, 4)
-	binary.LittleEndian.PutUint32(l, uint32(len(encodedBytes))) //nolint:gosec // ignoring unsafe type conversion
-	//nolint:errcheck // Ignore the error at this point.
-	w.writer.Write(l)
-
-	_, err = w.writer.Write(encodedBytes)
-	if err != nil {
-		return fmt.Errorf("fail to encode data: %w", err)
-	}
-
-	return nil
-}
-
 // Reader implements the io.Reader interface and allow to decrypt bytes from the Writer. The reader
 // will lazy read the header from the wrapper reader to initialize everything required to decrypt
 // the data.
@@ -262,7 +210,7 @@ func (r *Reader) Read(b []byte) (int, error) {
 			return 0, r.err
 		}
 
-		aesgcm, err := cipher.NewGCM(block)
+		aesgcm, err := getCipherAEAD(block)
 		if err != nil {
 			r.err = fmt.Errorf("could not create the GCM to decrypt the data: %w", err)
 			return 0, r.err
@@ -300,43 +248,6 @@ func (r *Reader) readTo(b []byte) (int, error) {
 	return n, r.err
 }
 
-func (r *Reader) consumeBlock() error {
-	// Retrieve block information:
-	// - Initialization vector
-	// - Length of the block
-	iv, l, err := r.readBlockInfo()
-	if err != nil {
-		return err
-	}
-
-	encodedBytes := make([]byte, l)
-	_, err = io.ReadAtLeast(r.reader, encodedBytes, l)
-	if err != nil {
-		r.err = fmt.Errorf("fail read the block of %d bytes: %w", l, err)
-	}
-
-	decodedBytes, err := r.gcm.Open(nil, iv, encodedBytes, nil)
-	if err != nil {
-		return fmt.Errorf("fail to decode bytes: %w", err)
-	}
-	r.buf = append(r.buf[:], decodedBytes...)
-
-	return nil
-}
-
-func (r *Reader) readBlockInfo() ([]byte, int, error) {
-	buf := make([]byte, r.option.IVLength+4)
-	_, err := io.ReadAtLeast(r.reader, buf, len(buf))
-	if err != nil {
-		return nil, 0, err
-	}
-
-	iv := buf[0:r.option.IVLength]
-	l := binary.LittleEndian.Uint32(buf[r.option.IVLength:])
-
-	return iv, int(l), nil
-}
-
 // Close will propagate the Close call to the wrapped reader.
 func (r *Reader) Close() error {
 	a, ok := r.reader.(io.ReadCloser)