E2E encryption implementation using Bouncycastle FIPS provider and only the FIPS-library provided tools

[z-kovacs]

Search before asking

• [X] I searched in the issues and found nothing similar.

Motivation

my firm would like to use Pulsar but using Bouncycastle FIPS approved libs in approved mode for E2E encryption.

Currently the MessageCryptoBc is the only MessageCrypto implementation (non FIPS), and it is explicitly referenced from ProducerImpl and ConsumerImpl - unless overridden.

I think it would be greate if someone adds an encryption key and a CryptoKeyReader, based on the loaded modules pulsar would use the fips or non-fips implementation. As related job has been done in pulsar to separate out different version (non-fips or fips) of BouncyCastle dependencies, we could expand on it.

Solution

An idea about the tasks:

1. Create a new MessageCrypto implementation using only bouncycastle FIPS provider and API calls and add it to a new org.apache.pulsar:pulsar-client-messagecrypto-bcfips module (pulsar-client-messagecrypto-bc already exists).
2. ProducerImpl and ConsumerImpl should check which version (bc or bc-fips) of MessageCrypto can be found on the classpath and that should be used. Decision should be logged. Defaulting back to the origial non-fips solution for backward compatibility if both are on classpath.

Alternatives

n/a

Anything else?

Notes:

• ECDSA keys cannot be used to wrap/encrypt keys - in BC's FIPS library only RSA or ELGAMAL cyphers can wrap keys (https://downloads.bouncycastle.org/fips-java/BC-FJA-UserGuide-1.0.2.pdf, chapter 4)
• in MessageCryptoBc data key encryption is using encrypt/decryp mode of cypher, but it should use wrap and unwrap (please confirm)
• SecureRandom should be changed probably in the new MessageCryprto implementation: maybe using "NONCEANDIV" for IV generation (what is done for each message), and another "DEFAULT" type for AES data key generation (DEFAULT may exhaust entropy if used for Nonce and IV generation)

Are you willing to submit a PR?

• [X] I'm willing to submit a PR!

[david-streamlio]

@z-kovacs You have indicated that you are willing to submit a PR for this issue. Do you have an existing code fix for this issue that you want to submit for review?

[z-kovacs]

@z-kovacs You have indicated that you are willing to submit a PR for this issue. Do you have an existing code fix for this issue that you want to submit for review?

@david-streamlio - I am working on the PR, hopefully I can present it soon.

[github-actions[bot]]

The issue had no activity for 30 days, mark with Stale label.