Skip to content
Permalink
Browse files

Added extension functions in misk-crypto and encrypting hibernate cac…

…he (#981)
  • Loading branch information...
yoavamit committed May 14, 2019
1 parent f861d93 commit a7342787db0226cbcfcfc818503cfa1ae5656818
@@ -15,6 +15,7 @@ import com.google.inject.Singleton
import com.google.inject.name.Names
import okio.ByteString
import okio.ByteString.Companion.toByteString
import java.util.Base64

/**
* Configures and registers the keys listed in the configuration file.
@@ -94,4 +95,44 @@ fun Aead.decrypt(ciphertext: ByteString, aad: ByteArray? = null): ByteString {
val decrypted = decryptedBytes.toByteString()
decryptedBytes.fill(0)
return decrypted
}

/**
* Extension function for convenient encryption of [ByteString]s.
* This function also makes sure that no extra copies of the plaintext data are kept in memory.
*/
fun DeterministicAead.encryptDeterministically(plaintext: ByteString, aad: ByteArray? = null
): ByteString {
val plaintextBytes = plaintext.toByteArray()
val encrypted = this.encryptDeterministically(plaintextBytes, aad ?: byteArrayOf())
plaintextBytes.fill(0)
return encrypted.toByteString()
}

/**
* Extension function for convenient decryption of [ByteString]s.
* This function also makes sure that no extra copies of the plaintext data are kept in memory.
*/
fun DeterministicAead.decryptDeterministically(ciphertext: ByteString, aad: ByteArray? = null
): ByteString {
val decryptedBytes = this.decryptDeterministically(ciphertext.toByteArray(), aad)
val decrypted = decryptedBytes.toByteString()
decryptedBytes.fill(0)
return decrypted
}

/**
* Extension function for conveniently computing an HMAC and encoding it with Base64.
*/
fun Mac.computeMac(data: String): String {
return Base64.getEncoder().encode(this.computeMac(data.toByteArray())).toString(Charsets.UTF_8)
}

/**
* Extension function for conveniently verifying a message's authenticity.
* This function expects the [tag] string variable to contain a [Base64] encoded array of bytes.
*/
fun Mac.verifyMac(tag: String, data: String) {
val decodedTag = Base64.getDecoder().decode(tag)
this.verifyMac(decodedTag, data.toByteArray())
}
@@ -44,7 +44,6 @@ internal class SecretColumnType : UserType, ParameterizedType, TypeConfiguration
} else {
AeadAdapter(_typeConfiguration, keyName)
}

}

override fun hashCode(x: Any): Int = (x as ByteArray).hashCode()
@@ -57,9 +56,17 @@ internal class SecretColumnType : UserType, ParameterizedType, TypeConfiguration

override fun returnedClass() = ByteArray::class.java

override fun assemble(cached: Serializable?, owner: Any?) = cached
override fun assemble(cached: Serializable?, owner: Any?): ByteArray {
return encryptionAdapter.decrypt(cached as ByteArray, null)
}

override fun disassemble(value: Any?) = (value as ByteArray).copyOf() as Serializable
/**
* This method is used by Hibernate when caching values, see [org.hibernate.type.Type.disassemble].
* This implementation makes sure that data is stored encrypted even when being cached in memory.
*/
override fun disassemble(value: Any?): Serializable {
return encryptionAdapter.encrypt(value as ByteArray, null)
}

override fun nullSafeSet(
st: PreparedStatement,

0 comments on commit a734278

Please sign in to comment.
You can’t perform that action at this time.