fix: Ranged gets with RSA keys (#288)

* fix: Ranged gets with RSA keys
* checkstyle
* more tests

Author: lucasmcdonald3

src/main/java/software/amazon/encryption/s3/internal/ContentMetadataStrategy.java

@@ -102,7 +102,12 @@ private static ContentMetadata readFromMap(Map<String, String> metadata, GetObje
                 || contentEncryptionAlgorithm.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF.cipherName())) {
             algorithmSuite = AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF;
         } else if (contentEncryptionAlgorithm.equals(AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName())) {
-            algorithmSuite = (contentRange == null ) ? AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF : AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF;
+            // If contentRange is provided, this is a ranged get.
+            // ranged gets require legacy unauthenticated modes.
+            // Change AES-GCM to AES-CTR to disable authentication when reading this message.
+            algorithmSuite = (contentRange == null)
+                    ? AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF
+                    : AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF;
         } else {
             throw new S3EncryptionClientException(
                     "Unknown content encryption algorithm: " + contentEncryptionAlgorithm);

src/main/java/software/amazon/encryption/s3/materials/RsaKeyring.java

@@ -3,6 +3,7 @@
 package software.amazon.encryption.s3.materials;
 
 import software.amazon.encryption.s3.S3EncryptionClientException;
+import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
 import software.amazon.encryption.s3.internal.CryptoFactory;
 
 import javax.crypto.Cipher;
@@ -117,8 +118,7 @@ public byte[] encryptDataKey(SecureRandom secureRandom,
 
             // Create a pseudo-data key with the content encryption appended to the data key
             byte[] dataKey = materials.plaintextDataKey();
-            byte[] dataCipherName = materials.algorithmSuite().cipherName().getBytes(
-                    StandardCharsets.UTF_8);
+            byte[] dataCipherName = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8);
             byte[] pseudoDataKey = new byte[1 + dataKey.length + dataCipherName.length];
 
             pseudoDataKey[0] = (byte)dataKey.length;
@@ -146,7 +146,8 @@ private byte[] parsePseudoDataKey(DecryptionMaterials materials, byte[] pseudoDa
                 throw new S3EncryptionClientException("Invalid key length (" + dataKeyLengthBytes + ") in encrypted data key");
             }
 
-            int dataCipherNameLength = pseudoDataKey.length - dataKeyLengthBytes - 1;
+//            int dataCipherNameLength = pseudoDataKey.length - dataKeyLengthBytes - 1;
+            int dataCipherNameLength = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8).length;
             if (dataCipherNameLength <= 0) {
                 throw new S3EncryptionClientException("Invalid data cipher name length (" + dataCipherNameLength + ") in encrypted data key");
             }
@@ -156,7 +157,7 @@ private byte[] parsePseudoDataKey(DecryptionMaterials materials, byte[] pseudoDa
             System.arraycopy(pseudoDataKey, 1, dataKey, 0, dataKeyLengthBytes);
             System.arraycopy(pseudoDataKey, 1 + dataKeyLengthBytes, dataCipherName, 0, dataCipherNameLength);
 
-            byte[] expectedDataCipherName = materials.algorithmSuite().cipherName().getBytes(StandardCharsets.UTF_8);
+            byte[] expectedDataCipherName = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8);
             if (!Arrays.equals(expectedDataCipherName, dataCipherName)) {
                 throw new S3EncryptionClientException("The data cipher does not match the data cipher used for encryption. The object may be altered or corrupted");
             }