Merge branch 'RM-3258' into 'master'

RM-3258: Restore static salt constant values from CDOC2* to CDOC20*

See merge request cdoc2/cdoc2-java-ref-impl!9

Author: OlesjaAarma

cdoc2-lib/src/main/java/ee/cyber/cdoc2/container/Envelope.java

@@ -199,7 +199,7 @@ static Header deserializeFBSHeader(byte[] buf) {
     public static byte[] getAdditionalData(byte[] header, byte[] headerHMAC) {
         Objects.requireNonNull(header);
         Objects.requireNonNull(headerHMAC);
-        final byte[] cDoc2Payload = "CDOC2payload".getBytes(StandardCharsets.UTF_8);
+        final byte[] cDoc2Payload = "CDOC20payload".getBytes(StandardCharsets.UTF_8);
         ByteBuffer bb = ByteBuffer.allocate(cDoc2Payload.length + header.length + headerHMAC.length);
         bb.put(cDoc2Payload);
         bb.put(header);

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/Crypto.java

@@ -93,7 +93,7 @@ private static SecureRandom createSecureRandom() throws NoSuchAlgorithmException
             DrbgParameters.instantiation(
                 256, // Required security strength
                 PR_AND_RESEED, // configure algorithm to provide prediction resistance and reseeding facilities
-                "CDOC2".getBytes() // personalization string, used to derive seed
+                "CDOC20".getBytes() // personalization string, used to derive seed
             )
         );
         log.info("Initialized SecureRandom.");
@@ -103,17 +103,20 @@ private static SecureRandom createSecureRandom() throws NoSuchAlgorithmException
     public static byte[] generateFileMasterKey() throws NoSuchAlgorithmException {
         byte[] inputKeyingMaterial = new byte[64]; //spec says: ikm should be more than 32bytes of secure random
         getSecureRandom().nextBytes(inputKeyingMaterial);
-        return HKDF.fromHmacSha256().extract("CDOC2salt".getBytes(StandardCharsets.UTF_8), inputKeyingMaterial);
+        return HKDF.fromHmacSha256().extract("CDOC20salt".getBytes(StandardCharsets.UTF_8),
+            inputKeyingMaterial);
     }
 
     public static SecretKey deriveContentEncryptionKey(byte[] fmk) {
         byte[] cekBytes = HKDF.fromHmacSha256()
-                .expand(fmk, "CDOC2cek".getBytes(StandardCharsets.UTF_8), CEK_LEN_BYTES);
+                .expand(fmk, "CDOC20cek".getBytes(StandardCharsets.UTF_8), CEK_LEN_BYTES);
         return new SecretKeySpec(cekBytes, "ChaCha20");
     }
 
     public static SecretKey deriveHeaderHmacKey(byte[] fmk) {
-        byte[] hhk = HKDF.fromHmacSha256().expand(fmk, "CDOC2hmac".getBytes(StandardCharsets.UTF_8), HHK_LEN_BYTES);
+        byte[] hhk = HKDF.fromHmacSha256().expand(
+            fmk, "CDOC20hmac".getBytes(StandardCharsets.UTF_8), HHK_LEN_BYTES
+        );
         return new SecretKeySpec(hhk, HMAC_SHA_256);
     }
 
@@ -156,7 +159,7 @@ public static SecretKey deriveKeyEncryptionKey(
         final HKDF hkdf = HKDF.fromHmacSha256();
         byte[] kekPm = hkdf.extract(salt, preSharedSecretKey.getEncoded());
 
-        String info = "CDOC2kek" + fmkEncMethod + label;
+        String info = "CDOC20kek" + fmkEncMethod + label;
         byte[] kek = hkdf.expand(kekPm, info.getBytes(StandardCharsets.UTF_8), FMK_LEN_BYTES);
 
         return new SecretKeySpec(kek, FMKEncryptionMethod.name(FMKEncryptionMethod.XOR));
@@ -267,10 +270,10 @@ private static byte[] deriveKek(KeyPair ecKeyPair, ECPublicKey otherPublicKey, i
 
         byte[] ecdhSharedSecret = calcEcDhSharedSecret(ecKeyPair.getPrivate(), otherPublicKey);
         byte[] kekPm = HKDF.fromHmacSha256()
-                .extract("CDOC2kekpremaster".getBytes(StandardCharsets.UTF_8), ecdhSharedSecret);
+                .extract("CDOC20kekpremaster".getBytes(StandardCharsets.UTF_8), ecdhSharedSecret);
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        baos.writeBytes("CDOC2kek".getBytes(StandardCharsets.UTF_8));
+        baos.writeBytes("CDOC20kek".getBytes(StandardCharsets.UTF_8));
         baos.writeBytes(FMKEncryptionMethod.name(FMKEncryptionMethod.XOR).getBytes(StandardCharsets.UTF_8));
 
         if (isEncryptionMode) {
@@ -331,4 +334,5 @@ public static byte[] generateSaltForKey() throws NoSuchAlgorithmException {
         getSecureRandom().nextBytes(salt);
         return salt;
     }
+
 }

cdoc2-lib/src/test/java/ee/cyber/cdoc2/crypto/CryptoTest.java

@@ -142,8 +142,7 @@ void deriveKeyEncryptionKeyFromSharedSecret() {
         byte[] kek = kekSecretKey.getEncoded();
         assertNotNull(kek);
         assertEquals(Crypto.FMK_LEN_BYTES, kek.length);
-//        assertEquals("962b1d44a6e36e9d117136e972e2da0bff7b35fc29b3d8ec5bde246d2c145984",
-        assertEquals("9698151f0a83fcd0947ecad13d2cd56d7e4d9ba2980b61f7474ddf58b3bcaedd",
+        assertEquals("962b1d44a6e36e9d117136e972e2da0bff7b35fc29b3d8ec5bde246d2c145984",
                 HexFormat.of().formatHex(kek));
     }
 

test/bats/cdoc2_tests.bats

@@ -63,7 +63,7 @@ run_alias() {
   assert_output --partial '/bats-core/bin/bats'
 }
 
-@test "preparing: assert TEST_VECTORS value exists" {
+@test "preparing: assert TEST_VECTORS package exists" {
   run ${TEST_VECTORS}
   assert_output --partial '/test/testvectors'
 }
@@ -82,13 +82,24 @@ run_alias() {
   assert_output --partial "Created $TEST_RESULTS_DIR/$cdoc_file"
 
   # ensure encrypted container can be decrypted successfully
-  run run_alias cdoc-cli decrypt -f $$TEST_RESULTS_DIR/$cdoc_file -k $CLI_KEYS_DIR/cdoc2client.pem -o $TEST_RESULTS_DIR
+  run run_alias cdoc-cli decrypt -f $TEST_RESULTS_DIR/$cdoc_file -k $CLI_KEYS_DIR/cdoc2client.pem -o $TEST_RESULTS_DIR
   assertSuccessfulDecryption
 
   rm -f $TEST_RESULTS_DIR/$cdoc_file
 }
 
-@test "test2: successfully encrypt CDOC2 container with RSA" {
+@test "test2: assert EC decryption is compatible with earlier encrypted CDOC2" {
+  local cdoc_file="ec_simple_old_version_DO_NOT_DELETE.cdoc"
+
+  echo "# Decrypting ${cdoc_file}">&3
+  run run_alias cdoc-cli decrypt -f ${TEST_VECTORS}/${cdoc_file} -k $CLI_KEYS_DIR/cdoc2client.pem --output $TEST_RESULTS_DIR
+
+  assertSuccessfulExitCode
+  assert_output --partial "Decrypting ${TEST_VECTORS}/${cdoc_file}"
+  assertSuccessfulDecryption
+}
+
+@test "test3: successfully encrypt CDOC2 container with RSA" {
   local cdoc_file="rsa_simple.cdoc"
   run run_alias cdoc-cli create -f $TEST_RESULTS_DIR/$cdoc_file \
           -p $CLI_KEYS_DIR/rsa_pub.pem $FILE_FOR_ENCRYPTION
@@ -104,13 +115,13 @@ run_alias() {
   rm -f $TEST_RESULTS_DIR/$cdoc_file
 }
 
-@test "test3: successfully encrypt CDOC2 container with password" {
+@test "test4: successfully encrypt CDOC2 container with password" {
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER -pw $PASSWORD_WITH_LABEL $FILE_FOR_ENCRYPTION
   assertSuccessfulExitCode
   assert_output --partial "Created $CDOC2_CONTAINER"
 }
 
-@test "test4: successfully decrypt CDOC2 container from test1 with password" {
+@test "test5: successfully decrypt CDOC2 container from test1 with password" {
   run run_alias cdoc-cli decrypt -f $CDOC2_CONTAINER -pw $PASSWORD_WITH_LABEL --output $TEST_RESULTS_DIR
   assertSuccessfulExitCode
   assert_output --partial "Decrypting $CDOC2_CONTAINER"
@@ -119,20 +130,42 @@ run_alias() {
   removeEncryptedCdoc
 }
 
-@test "test5: successfully encrypt CDOC2 container with few files" {
+@test "test6: assert password decryption is compatible with earlier encrypted CDOC2" {
+  local earlier_encrypted_cdoc2_file="password_old_version_DO_NOT_DELETE.cdoc"
+
+  echo "# Decrypting ${earlier_encrypted_cdoc2_file}">&3
+  run run_alias cdoc-cli decrypt -f ${TEST_VECTORS}/${earlier_encrypted_cdoc2_file} -pw $PASSWORD_WITH_LABEL --output $TEST_RESULTS_DIR
+
+  assertSuccessfulExitCode
+  assert_output --partial "Decrypting ${TEST_VECTORS}/${earlier_encrypted_cdoc2_file}"
+  assertSuccessfulDecryption
+}
+
+@test "test7: assert decryption with symmetric key is compatible with earlier encrypted CDOC2" {
+  local earlier_encrypted_cdoc2_file="symmetric_old_version_DO_NOT_DELETE.cdoc"
+
+  echo "# Decrypting ${earlier_encrypted_cdoc2_file}">&3
+  run run_alias cdoc-cli decrypt -f ${TEST_VECTORS}/${earlier_encrypted_cdoc2_file} --secret $SECRET_WITH_LABEL --output $TEST_RESULTS_DIR
+
+  assertSuccessfulExitCode
+  assert_output --partial "Decrypting ${TEST_VECTORS}/${earlier_encrypted_cdoc2_file}"
+  assertSuccessfulDecryption
+}
+
+@test "test8: successfully encrypt CDOC2 container with few files" {
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER -pw $PASSWORD_WITH_LABEL $FILE_FOR_ENCRYPTION $FILE_FOR_ENCRYPTION2
   assertSuccessfulExitCode
 
   removeEncryptedCdoc
 }
 
-@test "test6: fail to encrypt CDOC2 container with password if it's validation has failed" {
+@test "test9: fail to encrypt CDOC2 container with password if it's validation has failed" {
   password="passwordlabel:short";
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER -pw $password $FILE_FOR_ENCRYPTION
   assertFailure
 }
 
-@test "test7: fail to decrypt CDOC2 container with wrong decryption key type" {
+@test "test10: fail to decrypt CDOC2 container with wrong decryption key type" {
   # encrypt with secret key
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER --secret $SECRET_WITH_LABEL $FILE_FOR_ENCRYPTION
   assertSuccessfulExitCode
@@ -144,7 +177,7 @@ run_alias() {
   removeEncryptedCdoc
 }
 
-@test "test8: successfully encrypt CDOC with two keys and decrypt with one of them" {
+@test "test11: successfully encrypt CDOC with two keys and decrypt with one of them" {
   # encrypt with secret key and password
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER --secret $SECRET_WITH_LABEL -pw $PASSWORD_WITH_LABEL $FILE_FOR_ENCRYPTION
   assertSuccessfulExitCode
@@ -158,7 +191,7 @@ run_alias() {
   removeEncryptedCdoc
 }
 
-@test "test9: successfully re-encrypt CDOC2 container" {
+@test "test12: successfully re-encrypt CDOC2 container" {
   # prepare encrypted container for further re-encryption
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER --secret $SECRET_WITH_LABEL $FILE_FOR_ENCRYPTION
   assertSuccessfulExitCode
@@ -184,7 +217,7 @@ run_alias() {
   removeEncryptedCdoc
 }
 
-@test "test10: fail re-encryption within the same directory" {
+@test "test13: fail re-encryption within the same directory" {
   run run_alias cdoc-cli create -f $CDOC2_CONTAINER --secret $SECRET_WITH_LABEL $FILE_FOR_ENCRYPTION
   assertSuccessfulExitCode