Skip to content

IllegalArgumentException getting a master key due to localization #1879

New issue
New issue
Closed
#1880
Closed
IllegalArgumentException getting a master key due to localization#1879
#1880
@dbwiddis

Description

@dbwiddis
dbwiddis
opened on Dec 1, 2023

Problem:

Coming from opensearch-project/flow-framework#233 (comment)

The code in JceMasterKey.getInstance() does an uppercase conversion without locale information:

aws-encryption-sdk-java/src/main/java/com/amazonaws/encryptionsdk/jce/JceMasterKey.java

Lines 57 to 68 in 43e078a

public static JceMasterKey getInstance(
final SecretKey key,
final String provider,
final String keyId,
final String wrappingAlgorithm) {
switch (wrappingAlgorithm.toUpperCase()) {
case "AES/GCM/NOPADDING":
return new JceMasterKey(provider, keyId, JceKeyCipher.aesGcm(key));
default:
throw new IllegalArgumentException("Right now only AES/GCM/NoPadding is supported");
}
}

When operating in some locales, the case check fails. For example, locale tr-TR converts the "i" in padding to this unicode character.

This is noted here:

For instance with the Turkish language, when converting the small letter 'i' to upper case, the result is capital letter 'I' with a dot over it.

Solution:

The toUppercase() call in the above code (and everywhere, really) should specify Locale.ROOT.

String WRAPPING_ALGORITHM = "AES/GCM/NoPadding";
String t1 = WRAPPING_ALGORITHM.toUpperCase();
String t2 = WRAPPING_ALGORITHM.toUpperCase(Locale.ROOT);

t1 in hex: 41 45 53 2F 47 43 4D 2F 4E 4F 50 41 44 44 C4 B0 4E 47
t2 in hex: 41 45 53 2F 47 43 4D 2F 4E 4F 50 41 44 44 49 4E 47

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions