java source code of SAES256v01

sfs-master
- NOTICE.txt
- sfs-docker
  - src
    - main
      - docker
        vertx-logback.xml
        vertx.sh
        sfs.sh
        vertx-conf.json
        Dockerfile
        jdk-8u202-linux-x64.tar.gz
  - pom.xml
- pom.xml
- sfs-example
  - rm-cluster.sh
  - logback.xml
  - start-cluster.sh
  - create-run-cluster.sh
  - stop-cluster.sh
- sfs-server
  - src
    - main
      - resources
        es-object-mapping.json
        es-container-mapping.json
        es-account-mapping.json
        XVolume.proto
        es-container-key-mapping.json
        META-INF
        services
        org.sfs.auth.AuthProvider
        AzureProtoBuff.proto
        es-master-key-mapping.json
      - protobuf
      - java
        org
        sfs
        Server.java
        filesystem
        BlockFile.java
        JournalFile.java
        containerdump
        DumpFileWriter.java
        JournalScanner.java
        temp
        TempDirectoryCleaner.java
        BlobFile.java
        Positional.java
        volume
        ReadStreamBlob.java
        WriteStreamBlob.java
        IndexBlockReader.java
        VolumeStoppedException.java
        VolumeStartedException.java
        WriteStreamTimedOutException.java
        VolumeNotEmptyException.java
        VolumeToBusyExecutionException.java
        Volume.java
        IndexScanner.java
        IndexFile.java
        VolumeManager.java
        HeaderBlob.java
        DigestBlob.java
        MetaFile.java
        VolumeV1.java
        ChecksummedPositional.java
        SfsRequest.java
        vo
        TransientXListener.java
        Identity.java
        TransientBlobReference.java
        MasterKey.java
        XVolume.java
        TransientXVolume.java
        LargeObjectManifest.java
        ServiceDef.java
        Temporal.java
        TransientSegment.java
        XObject.java
        TransientLargeObjectManifest.java
        ContainerStats.java
        Account.java
        TransientVersion.java
        TransientContainerKey.java
        PersistentContainer.java
        ContainerList.java
        PersistentContainerKey.java
        XVersion.java
        XListener.java
        PersistentAccount.java
        TransientMasterKey.java
        Segment.java
        TransientXFileSystem.java
        XAllocatedFile.java
        ObjectPath.java
        XFileSystem.java
        ContainerKey.java
        TransientServiceDef.java
        TransientObject.java
        XBlob.java
        PersistentObject.java
        PersistentServiceDef.java
        BlobReference.java
        TransientContainer.java
        ObjectList.java
        PersistentMasterKey.java
        Container.java
        TransientXAllocatedFile.java
        TransientAccount.java
        SfsVerticle.java
        SfsVertxImpl.java
        metadata
        Metadata.java
        elasticsearch
        masterkey
        GetNewestMasterKey.java
        ListReEncryptableMasterKeys.java
        UpdateMasterKey.java
        LoadMasterKey.java
        PersistMasterKey.java
        IndexUpdateSettings.java
        IndexDelete.java
        ListSfsIndexes.java
        object
        DestroyContainerObjects.java
        UpdateObject.java
        LoadAccountAndContainerAndObject.java
        PersistObject.java
        PersistOrUpdateObject.java
        LoadObject.java
        PersistOrUpdateVersion.java
        RemoveObject.java
        PrefixSearch.java
        IndexRefresh.java
        documents
        DumpDocumentsForNode.java
        CachedAccount.java
        ScanAndScrollStreamProducer.java
        SearchHitMaintainObjectEndableWrite.java
        containerkey
        RemoveContainerKey.java
        PersistContainerKey.java
        GetNewestContainerKey.java
        ListReEncryptableContainerKeys.java
        LoadContainerKey.java
        UpdateContainerKey.java
        IndexCreate.java
        SearchHitEndableWriteStreamUpdateNodeId.java
        AbstractBulkUpdateEndableWriteStream.java
        IndexExists.java
        SearchHitDestroyObjectEndableWrite.java
        IndexUpdateMapping.java
        Jsonify.java
        ListSfsStorageIndexes.java
        ObjectIndexRefresh.java
        container
        LoadContainer.java
        RemoveContainerKeys.java
        RemoveContainer.java
        ListContainerKeys.java
        CreateObjectIndex.java
        PersistContainer.java
        ListObjects.java
        LoadContainerStats.java
        LoadAccountAndOptionalContainer.java
        UpdateContainer.java
        ExistsObjects.java
        LoadAccountAndContainer.java
        RemoveObjectIndex.java
        nodes
        GetServiceDefs.java
        PersistServiceDef.java
        LoadServiceDef.java
        UpdateServiceDef.java
        DeleteServiceDef.java
        AssignUnassignedDocumentsToNode.java
        GetDocumentsCountForNode.java
        ListSfsObjectIndexes.java
        IndexWaitForStatus.java
        Elasticsearch.java
        account
        UpdateAccount.java
        PersistAccount.java
        LoadAccount.java
        ExistsContainers.java
        RemoveAccount.java
        ListContainers.java
        SearchHitEndableWriteStreamToJsonLine.java
        CachedContainer.java
        rx
        ToVoid.java
        NullSubscriber.java
        Defer.java
        SingleAsyncResultSubscriber.java
        KeptAliveTerminus.java
        WaitForEmptyQueue.java
        BufferToString.java
        Holder4.java
        RxVertx.java
        HttpClientResponseBodyBuffer.java
        BufferToJsonObject.java
        HandleServerToBusy.java
        Holder5.java
        SingleOnSubscribeAdapter.java
        ToType.java
        Holder2.java
        ConnectionCloseTerminus.java
        Terminus.java
        BufferToDom.java
        Holder1.java
        Sleep.java
        ObservableFuture.java
        HttpClientKeepAliveResponseBodyBuffer.java
        ContextHandler.java
        BufferToJsonArray.java
        ContextScheduler.java
        Holder3.java
        RxHelper.java
        protobuf
        AzureProtoBuff.java
        SfsFileSystem.java
        validate
        ValidateOptimisticAccountLock.java
        ValidateHeaderIsBase64Encoded.java
        ValidateVersionHasSegments.java
        ValidatePersistentContainerNotExists.java
        ValidatePersistentContainerExists.java
        ValidateActionAdminOrSystem.java
        ValidateOptimisticContainerLock.java
        ValidateOptimisticMasterKeyLock.java
        ValidateActionAuthenticated.java
        ValidateObjectPath.java
        ValidateNodeIdMatchesLocalNodeId.java
        ValidateHeaderNotExists.java
        ValidatePersistentAccountExists.java
        ValidateActionContainerUpdate.java
        ValidateActionAdmin.java
        ValidateHeaderExists.java
        ValidateDynamicLargeObjectManifest.java
        ValidatePersistentObjectVersionExists.java
        ValidateVersionSegmentsHasData.java
        ValidateParamExists.java
        ValidateParamIsBase64Encoded.java
        ValidateOptimisticContainerKeyLock.java
        ValidateActionObjectCreate.java
        ValidateAccountPath.java
        ValidateHeaderIsBase16LowercaseEncoded.java
        ValidateActionContainerListObjects.java
        ValidateActionContainerCreate.java
        ValidateParamBetweenLong.java
        ValidateBlobExists.java
        ValidateVersionIsReadable.java
        ValidateNodeIsMasterNode.java
        ValidateActionContainerRead.java
        ValidatePath.java
        ValidateActionObjectUpdate.java
        ValidateContainerPath.java
        ValidateActionContainerDelete.java
        ValidateHeaderBetweenLong.java
        ValidateDynamicLargeObjectHasParts.java
        ValidateParamNotExists.java
        ValidateTtl.java
        ValidateVersionNotExpired.java
        ValidateHeaderBetweenInteger.java
        ValidatePersistentObjectLatestVersionExists.java
        ValidateParamComputedDigest.java
        ValidateContainerIsEmpty.java
        ValidateParamBetweenInteger.java
        ValidateVersionNotDeleteMarker.java
        HttpRequestExceptionValidations.java
        ValidateOptimisticObjectLock.java
        ValidateNodeIsDataNode.java
        ValidatePersistentObjectExists.java
        ValidateActionObjectRead.java
        ValidateActionObjectDelete.java
        ValidateVersionNotDeleted.java
        ValidateHeaderIsBoolean.java
        util
        Buffers.java
        IdentityComparator.java
        FileSystemLock.java
        HttpClientRequestAndResponse.java
        UUIDGen.java
        HttpStatusCodeException.java
        NullSafeAscii.java
        MacDigestFactory.java
        ConfigHelper.java
        HttpServerRequestHeaderLogger.java
        SfsHttpUtil.java
        HttpStatusCodeServerBusyException.java
        ExceptionHelper.java
        SfsHttpQueryParams.java
        SfsHttpPathParams.java
        KeepAliveHttpServerResponse.java
        DateFormatter.java
        HttpClientResponseHeaderLogger.java
        HttpBodyLogger.java
        HttpRequestValidationException.java
        MessageDigestFactory.java
        KnownMetadataKeys.java
        SfsHttpHeaders.java
        Limits.java
        JsonHelper.java
        StreamProducer.java
        PrngRandom.java
        ByteLength.java
        AtomicIntMap.java
        HttpServerRequestHeaderToJsonObject.java
        UrlScaper.java
        thread
        NamedForkJoinWorkerThread.java
        NamedForkJoinPool.java
        NamedCapacityFixedThreadPool.java
        NamedForkJoinThreadFactory.java
        NamedThreadFactory.java
        VertxContext.java
        SfsServer.java
        block
        RecyclingAllocator.java
        RangeLock.java
        Range.java
        io
        ReadStreamDataHandlerOutputStream.java
        NoCloseOutputStream.java
        CipherReadStream.java
        AsyncFileWriter.java
        AsyncFileWriterImpl.java
        CountingEndableWriteStream.java
        DigestReadStream.java
        BufferWriteEndableWriteStream.java
        NoEndEndableWriteStream.java
        CountingReadStream.java
        WriteQueueSupport.java
        MultiEndableWriteStream.java
        PipedReadStream.java
        NullEndableWriteStream.java
        AsyncIO.java
        LimitedWriteEndableWriteStream.java
        AsyncFileEndableWriteStream.java
        BufferEndableWriteStreamOutputStream.java
        WaitForEmptyWriteQueue.java
        BufferEndableWriteStream.java
        EndableWriteStream.java
        Block.java
        HttpClientRequestEndableWriteStream.java
        PipedEndableWriteStream.java
        WaitForActiveWriters.java
        LimitedReadStream.java
        BufferReadStream.java
        InflaterReadStream.java
        EndableReadStream.java
        AsyncFileReader.java
        BufferOutputStream.java
        DeflateEndableWriteStream.java
        CipherEndableWriteStream.java
        ReplayReadStream.java
        HttpServerResponseEndableWriteStream.java
        InflaterEndableWriteStream.java
        AsyncFileReaderImpl.java
        DigestEndableWriteStream.java
        FileBackedBuffer.java
        BufferedEndableWriteStream.java
        SfsSingletonServer.java
        nodes
        XNode.java
        LocalNode.java
        InsufficientReplicaVolumesAvailableException.java
        RemoteMasterNode.java
        VolumeReplicaGroup.java
        NodeStats.java
        NodeWriteStreamBlob.java
        master
        MasterNodeExecuteJob.java
        MasterNodeStopJob.java
        MasterNodeWaitForJob.java
        all
        blobreference
        VerifyBlobReference.java
        GetBlobReferenceReadStream.java
        DeleteBlobReference.java
        AcknowledgeBlobReference.java
        versions
        PruneDeletedSegments.java
        ExpireVersions.java
        elasticsearch
        RefreshIndex.java
        segment
        PruneDeletedBlobs.java
        AcknowledgeSegment.java
        RebalanceSegment.java
        VerifySegmentQuick.java
        GetSegmentReadStream.java
        stats
        GetClusterStats.java
        GetNodeStats.java
        ClusterInfo.java
        HttpClientResponseException.java
        WriteConsistency.java
        AbstractNode.java
        compute
        masterkey
        ReEncryptMasterKeys.java
        VerifyRepairMasterKeys.java
        object
        WriteHttpServerResponseHeaders.java
        VerifyRepairObjectExecute.java
        PruneObject.java
        GetObject.java
        DeleteObject.java
        DeleteDataInVolumes.java
        WriteNewSegment.java
        VerifyRepairObjectStop.java
        HeadObject.java
        VerifyRepairObjectWait.java
        GetObjectMeta.java
        PruneVersions.java
        EmitDynamicLargeObjectParts.java
        PostObject.java
        CopySegmentsReadStreams.java
        ReadSegments.java
        CopyVersionsReadStreams.java
        PutObject.java
        test
        UpdateClusterStats.java
        ResetForTest.java
        identity
        PostTokens.java
        container
        VerifyRepairContainerWait.java
        GetContainerMeta.java
        PostContainer.java
        ImportContainer.java
        VerifyRepairContainerStop.java
        VerifyRepairContainerExecute.java
        PutContainer.java
        HeadContainer.java
        VerifyRepairAllContainersStop.java
        ExportContainer.java
        DeleteContainer.java
        DeleteOrDestroyContainer.java
        DestroyContainer.java
        VerifyRepairAllContainersExecute.java
        VerifyRepairAllContainersWait.java
        GetContainer.java
        containerkeys
        ReEncryptContainerKeys.java
        account
        HeadAccount.java
        GetAccount.java
        PostAccount.java
        DeleteAccount.java
        GetAccountMeta.java
        RemoteNode.java
        data
        CanWriteVolume.java
        CanReadVolume.java
        WriteHeaderBlobAsHttpResponseHeaders.java
        PutBlob.java
        GetBlob.java
        DeleteBlob.java
        WriteReadStreamBlobAsHttpResponseHeaders.java
        ChecksumBlob.java
        AckBlob.java
        Nodes.java
        MasterNode.java
        jobs
        ReEncryptMasterKeys.java
        AbstractJob.java
        JobStoppedException.java
        AssignDocumentsToNodeJob.java
        VerifyRepairAllContainerObjects.java
        VerifyRepairObject.java
        ReEncryptContainerKeys.java
        VerifyRepairContainerObjects.java
        Jobs.java
        JobParams.java
        RepairMasterKeys.java
        Job.java
        math
        Rounding.java
        SfsVertx.java
        auth
        UserAndRole.java
        AuthProvider.java
        Role.java
        AuthProviderService.java
        Authenticate.java
        User.java
        SimpleAuthProvider.java
        encryption
        impl
        SAES256v02.java
        SAES256v01.java
        ContainerKeys.java
        Algorithm.java
        KeyDigestMismatchException.java
        KmsFactory.java
        AzureKms.java
        Encrypted.java
        MasterKeyCheckEndableWriteStream.java
        SecureSecret.java
        AwsKms.java
        MasterKeys.java
        MasterKeyCheckStreamProducer.java
        Kms.java
        AlgorithmDef.java
    - test
      - resources
        logback.xml
        intgtestconfig.json
      - java
        org
        sfs
        filesystem
        JournalFileTest.java
        temp
        TempDirectoryCleanerTest.java
        volume
        VolumeV1Test.java
        IndexBlockTest.java
        DeleteFile.java
        PutFile.java
        GetFile.java
        FileSize.java
        Stop.java
        VolumeV1HugeTest.java
        AckFile.java
        AssertHeader.java
        FileHash.java
        SetUpdateDateTime.java
        Reclaim.java
        vo
        ObjectPathTest.java
        TestSubscriber.java
        RunTestOnContextRx.java
        integration
        java
        help
        AuthorizationFactory.java
        func
        RunNodeJobs.java
        AssertObjectHeaders.java
        RefreshIndex.java
        ContainerExport.java
        WaitForHealthCheck.java
        ExecuteBufferRequest.java
        HeadAccount.java
        PutObjectStream.java
        WaitForCluster.java
        PostContainer.java
        GetObject.java
        KeystoneAuth.java
        GetAccount.java
        DeleteObject.java
        PostAccount.java
        HeadObject.java
        UpdateClusterStats.java
        ResetForTest.java
        ContainerImport.java
        PrintMessage.java
        ExecuteRequest.java
        AssertObjectData.java
        PutContainer.java
        MasterKeysCheck.java
        PostObject.java
        ExecuteEmptyRequest.java
        AssertHttpClientResponseStatusCode.java
        GetHealth.java
        HeadContainer.java
        DeleteContainer.java
        HttpClientResponseAndBuffer.java
        DestroyContainer.java
        VerifyRepairAllContainersExecute.java
        GetContainer.java
        PutObject.java
        test
        masterkey
        MasterKeysCheckTest.java
        object
        CreateUpdateDeleteObjectTest.java
        contextroot
        ContextRootTest.java
        identity
        KeystoneAuthTest.java
        container
        ContainerListingTest.java
        ContainerExportImportTest.java
        ContainerPermissionsGetContainerTest.java
        ContainerMetadataTest.java
        ContainerPermissionsWithoutTest.java
        ContainerDestroyTest.java
        ContainerPermissionsHeadContainerTest.java
        jobs
        BalanceUpTest.java
        PurgeTest.java
        blob
        RemoteBlobActionsTest.java
        account
        AccountListingTest.java
        AccountPermissionsTest.java
        AccountMetadataTest.java
        farm
        ReplicatedWriteTest.java
        BaseTestVerticle.java
        rx
        IterableIteratorsTest.java
        RxHelperTest.java
        util
        PipedStreamTest.java
        AsyncIOTest.java
        MultiWriteStreamTest.java
        VertxAssert.java
        FileBackedBufferTest.java
        RunBootedTestOnContextRx.java
        block
        RangeTest.java
        RecyclingAllocatorTest.java
        RangeLockTest.java
        math
        RoundingTest.java
        encryption
        impl
        SAES256v02Test.java
        AlgorithmTest.java
        MasterKeysTest.java
        AlgorithmKeyResponseSizeCalculatorTest.java
        ContainerKeysTest.java
        CipherWriteStreamValidation.java
  - pom.xml
- .gitattributes
- README.md
- .gitignore
- LICENSE.txt

/*
 * Copyright 2016 The Simple File Server Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.sfs.encryption.impl;

import com.google.common.hash.Hashing;
import com.google.common.math.LongMath;
import io.vertx.core.buffer.Buffer;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.io.CipherOutputStream;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.sfs.encryption.Algorithm;
import org.sfs.io.BufferEndableWriteStream;
import org.sfs.io.CipherEndableWriteStream;
import org.sfs.io.CipherReadStream;
import org.sfs.io.EndableReadStream;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;

public class SAES256v01 extends Algorithm {

    public static final int KEY_SIZE_BYTES = 32;
    public static final int NONCE_SIZE_BYTES = 12;
    private static final int MAC_SIZE_BITS = 96;
    private byte[] salt;
    private final GCMBlockCipher encryptor;
    private final GCMBlockCipher decryptor;
    private static final long MAX_LONG_BUFFER_SIZE = Long.MAX_VALUE - 12;
    private static final int MAC_SIZE_BYTES = MAC_SIZE_BITS / 8;

    public SAES256v01(byte[] secretBytes, byte[] salt) {
        this.salt = salt.clone();
        secretBytes = secretBytes.clone();
        if (secretBytes.length != KEY_SIZE_BYTES) {
            secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes();
        }
        try {
            KeyParameter key = new KeyParameter(secretBytes);
            AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt);

            this.encryptor = new GCMBlockCipher(new AESFastEngine());
            this.encryptor.init(true, params);

            this.decryptor = new GCMBlockCipher(new AESFastEngine());
            this.decryptor.init(false, params);

        } catch (Exception e) {
            throw new RuntimeException("could not create cipher for AES256", e);
        } finally {
            Arrays.fill(secretBytes, (byte) 0);
        }
    }

    public long maxEncryptInputSize() {
        return MAX_LONG_BUFFER_SIZE;
    }

    @Override
    public long encryptOutputSize(long size) {
        try {
            return LongMath.checkedAdd(size, MAC_SIZE_BYTES);
        } catch (ArithmeticException e) {
            // do nothing
        }
        return -1;
    }

    @Override
    public byte[] getSalt() {
        return salt.clone();
    }


    @Override
    public byte[] encrypt(byte[] buffer) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try (CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, encryptor)) {
            cipherOutputStream.write(buffer);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override
    public byte[] decrypt(byte[] buffer) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try (CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, decryptor)) {
            cipherOutputStream.write(buffer);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override
    public Buffer encrypt(Buffer buffer) {
        return Buffer.buffer(encrypt(buffer.getBytes()));
    }

    @Override
    public Buffer decrypt(Buffer buffer) {
        return Buffer.buffer(decrypt(buffer.getBytes()));
    }

    @Override
    public <T extends CipherEndableWriteStream> T decrypt(BufferEndableWriteStream writeStream) {
        return (T) new CipherEndableWriteStream(writeStream, decryptor);
    }

    @Override
    public <T extends CipherEndableWriteStream> T encrypt(BufferEndableWriteStream writeStream) {
        return (T) new CipherEndableWriteStream(writeStream, encryptor);
    }

    @Override
    public <T extends CipherReadStream> T encrypt(EndableReadStream<Buffer> readStream) {
        return (T) new CipherReadStream(readStream, encryptor);
    }

    @Override
    public <T extends CipherReadStream> T decrypt(EndableReadStream<Buffer> readStream) {
        return (T) new CipherReadStream(readStream, decryptor);
    }
}