Java Code Examples for org.apache.hadoop.crypto.CipherSuite

The following examples show how to use org.apache.hadoop.crypto.CipherSuite. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop-ozone   Source File: OzoneKMSUtil.java    License: Apache License 2.0 6 votes vote down vote up
public static CryptoCodec getCryptoCodec(ConfigurationSource conf,
    FileEncryptionInfo feInfo) throws IOException {
  CipherSuite suite = feInfo.getCipherSuite();
  if (suite.equals(CipherSuite.UNKNOWN)) {
    throw new IOException("NameNode specified unknown CipherSuite with ID " +
            suite.getUnknownValue() + ", cannot instantiate CryptoCodec.");
  } else {
    Configuration hadoopConfig =
        LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
    CryptoCodec codec = CryptoCodec.getInstance(hadoopConfig, suite);
    if (codec == null) {
      throw new OMException("No configuration found for the cipher suite " +
              suite.getConfigSuffix() + " prefixed with " +
              "hadoop.security.crypto.codec.classes. Please see the" +
              " example configuration hadoop.security.crypto.codec.classes." +
              "EXAMPLE CIPHER SUITE at core-default.xml for details.",
              OMException.ResultCodes.UNKNOWN_CIPHER_SUITE);
    } else {
      return codec;
    }
  }
}
 
Example 2
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo
 * and the available CryptoCodecs configured in the Configuration.
 *
 * @param conf   Configuration
 * @param feInfo FileEncryptionInfo
 * @return CryptoCodec
 * @throws IOException if no suitable CryptoCodec for the CipherSuite is
 *                     available.
 */
private static CryptoCodec getCryptoCodec(Configuration conf,
    FileEncryptionInfo feInfo) throws IOException {
  final CipherSuite suite = feInfo.getCipherSuite();
  if (suite.equals(CipherSuite.UNKNOWN)) {
    throw new IOException("NameNode specified unknown CipherSuite with ID "
        + suite.getUnknownValue() + ", cannot instantiate CryptoCodec.");
  }
  final CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
  if (codec == null) {
    throw new UnknownCipherSuiteException(
        "No configuration found for the cipher suite "
        + suite.getConfigSuffix() + " prefixed with "
        + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX
        + ". Please see the example configuration "
        + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE "
        + "at core-default.xml for details.");
  }
  return codec;
}
 
Example 3
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 6 votes vote down vote up
public static CipherOption convert(CipherOptionProto proto) {
  if (proto != null) {
    CipherSuite suite = null;
    if (proto.getSuite() != null) {
      suite = convert(proto.getSuite());
    }
    byte[] inKey = null;
    if (proto.getInKey() != null) {
      inKey = proto.getInKey().toByteArray();
    }
    byte[] inIv = null;
    if (proto.getInIv() != null) {
      inIv = proto.getInIv().toByteArray();
    }
    byte[] outKey = null;
    if (proto.getOutKey() != null) {
      outKey = proto.getOutKey().toByteArray();
    }
    byte[] outIv = null;
    if (proto.getOutIv() != null) {
      outIv = proto.getOutIv().toByteArray();
    }
    return new CipherOption(suite, inKey, inIv, outKey, outIv);
  }
  return null;
}
 
Example 4
Source Project: hadoop   Source File: TestEncryptionZones.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
private static void mockCreate(ClientProtocol mcp,
    CipherSuite suite, CryptoProtocolVersion version) throws Exception {
  Mockito.doReturn(
      new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
          (short) 777), "owner", "group", new byte[0], new byte[0],
          1010, 0, new FileEncryptionInfo(suite,
          version, new byte[suite.getAlgorithmBlockSize()],
          new byte[suite.getAlgorithmBlockSize()],
          "fakeKey", "fakeVersion"),
          (byte) 0))
      .when(mcp)
      .create(anyString(), (FsPermission) anyObject(), anyString(),
          (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(),
          anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject());
}
 
Example 5
Source Project: hadoop   Source File: FileEncryptionInfo.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a FileEncryptionInfo.
 *
 * @param suite CipherSuite used to encrypt the file
 * @param edek encrypted data encryption key (EDEK) of the file
 * @param iv initialization vector (IV) used to encrypt the file
 * @param keyName name of the key used for the encryption zone
 * @param ezKeyVersionName name of the KeyVersion used to encrypt the
 *                         encrypted data encryption key.
 */
public FileEncryptionInfo(final CipherSuite suite,
    final CryptoProtocolVersion version, final byte[] edek,
    final byte[] iv, final String keyName, final String ezKeyVersionName) {
  checkNotNull(suite);
  checkNotNull(version);
  checkNotNull(edek);
  checkNotNull(iv);
  checkNotNull(keyName);
  checkNotNull(ezKeyVersionName);
  checkArgument(iv.length == suite.getAlgorithmBlockSize(),
      "Unexpected IV length");
  this.cipherSuite = suite;
  this.version = version;
  this.edek = edek;
  this.iv = iv;
  this.keyName = keyName;
  this.ezKeyVersionName = ezKeyVersionName;
}
 
Example 6
Source Project: big-c   Source File: DFSClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo
 * and the available CryptoCodecs configured in the Configuration.
 *
 * @param conf   Configuration
 * @param feInfo FileEncryptionInfo
 * @return CryptoCodec
 * @throws IOException if no suitable CryptoCodec for the CipherSuite is
 *                     available.
 */
private static CryptoCodec getCryptoCodec(Configuration conf,
    FileEncryptionInfo feInfo) throws IOException {
  final CipherSuite suite = feInfo.getCipherSuite();
  if (suite.equals(CipherSuite.UNKNOWN)) {
    throw new IOException("NameNode specified unknown CipherSuite with ID "
        + suite.getUnknownValue() + ", cannot instantiate CryptoCodec.");
  }
  final CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
  if (codec == null) {
    throw new UnknownCipherSuiteException(
        "No configuration found for the cipher suite "
        + suite.getConfigSuffix() + " prefixed with "
        + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX
        + ". Please see the example configuration "
        + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE "
        + "at core-default.xml for details.");
  }
  return codec;
}
 
Example 7
Source Project: big-c   Source File: PBHelper.java    License: Apache License 2.0 6 votes vote down vote up
public static CipherOption convert(CipherOptionProto proto) {
  if (proto != null) {
    CipherSuite suite = null;
    if (proto.getSuite() != null) {
      suite = convert(proto.getSuite());
    }
    byte[] inKey = null;
    if (proto.getInKey() != null) {
      inKey = proto.getInKey().toByteArray();
    }
    byte[] inIv = null;
    if (proto.getInIv() != null) {
      inIv = proto.getInIv().toByteArray();
    }
    byte[] outKey = null;
    if (proto.getOutKey() != null) {
      outKey = proto.getOutKey().toByteArray();
    }
    byte[] outIv = null;
    if (proto.getOutIv() != null) {
      outIv = proto.getOutIv().toByteArray();
    }
    return new CipherOption(suite, inKey, inIv, outKey, outIv);
  }
  return null;
}
 
Example 8
Source Project: big-c   Source File: TestEncryptionZones.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
private static void mockCreate(ClientProtocol mcp,
    CipherSuite suite, CryptoProtocolVersion version) throws Exception {
  Mockito.doReturn(
      new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
          (short) 777), "owner", "group", new byte[0], new byte[0],
          1010, 0, new FileEncryptionInfo(suite,
          version, new byte[suite.getAlgorithmBlockSize()],
          new byte[suite.getAlgorithmBlockSize()],
          "fakeKey", "fakeVersion"),
          (byte) 0))
      .when(mcp)
      .create(anyString(), (FsPermission) anyObject(), anyString(),
          (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(),
          anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject());
}
 
Example 9
Source Project: big-c   Source File: FileEncryptionInfo.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a FileEncryptionInfo.
 *
 * @param suite CipherSuite used to encrypt the file
 * @param edek encrypted data encryption key (EDEK) of the file
 * @param iv initialization vector (IV) used to encrypt the file
 * @param keyName name of the key used for the encryption zone
 * @param ezKeyVersionName name of the KeyVersion used to encrypt the
 *                         encrypted data encryption key.
 */
public FileEncryptionInfo(final CipherSuite suite,
    final CryptoProtocolVersion version, final byte[] edek,
    final byte[] iv, final String keyName, final String ezKeyVersionName) {
  checkNotNull(suite);
  checkNotNull(version);
  checkNotNull(edek);
  checkNotNull(iv);
  checkNotNull(keyName);
  checkNotNull(ezKeyVersionName);
  checkArgument(iv.length == suite.getAlgorithmBlockSize(),
      "Unexpected IV length");
  this.cipherSuite = suite;
  this.version = version;
  this.edek = edek;
  this.iv = iv;
  this.keyName = keyName;
  this.ezKeyVersionName = ezKeyVersionName;
}
 
Example 10
/**
 * O
 * btain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo
 * and the available CryptoCodecs configured in the Configuration.
 *
 * @param conf   Configuration
 * @param feInfo FileEncryptionInfo
 * @return CryptoCodec
 * @throws IOException if no suitable CryptoCodec for the CipherSuite is
 *                     available.
 */
private static CryptoCodec getCryptoCodec(Configuration conf,
                                          FileEncryptionInfo feInfo) throws IOException {
    final CipherSuite suite = feInfo.getCipherSuite();
    if (suite.equals(CipherSuite.UNKNOWN)) {
        throw new IOException("NameNode specified unknown CipherSuite with ID "
                + suite.getUnknownValue() + ", cannot instantiate CryptoCodec.");
    }
    final CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
    if (codec == null) {
        throw new UnknownCipherSuiteException(
                "No configuration found for the cipher suite "
                        + suite.getConfigSuffix() + " prefixed with "
                        + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX
                        + ". Please see the example configuration "
                        + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE "
                        + "at core-default.xml for details.");
    }
    return codec;
}
 
Example 11
Source Project: hadoop-ozone   Source File: EncryptionBucketInfo.java    License: Apache License 2.0 5 votes vote down vote up
public EncryptionBucketInfo(long id, String path, CipherSuite suite,
                      CryptoProtocolVersion version, String keyName) {
  this.id = id;
  this.path = path;
  this.suite = suite;
  this.version = version;
  this.keyName = keyName;
}
 
Example 12
Source Project: hadoop-ozone   Source File: BucketEncryptionKeyInfo.java    License: Apache License 2.0 5 votes vote down vote up
public BucketEncryptionKeyInfo(
    CryptoProtocolVersion version, CipherSuite suite,
    String keyName) {
  this.version = version;
  this.suite = suite;
  this.keyName = keyName;
}
 
Example 13
Source Project: hadoop-ozone   Source File: OMPBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static FileEncryptionInfo convert(FileEncryptionInfoProto proto) {
  if (proto == null) {
    return null;
  }
  CipherSuite suite = convert(proto.getSuite());
  CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion());
  byte[] key = proto.getKey().toByteArray();
  byte[] iv = proto.getIv().toByteArray();
  String ezKeyVersionName = proto.getEzKeyVersionName();
  String keyName = proto.getKeyName();
  return new FileEncryptionInfo(suite, version, key, iv, keyName,
      ezKeyVersionName);
}
 
Example 14
Source Project: hadoop-ozone   Source File: OMPBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static CipherSuite convert(CipherSuiteProto proto) {
  switch(proto) {
  case AES_CTR_NOPADDING:
    return CipherSuite.AES_CTR_NOPADDING;
  default:
    // Set to UNKNOWN and stash the unknown enum value
    CipherSuite suite = CipherSuite.UNKNOWN;
    suite.setUnknownValue(proto.getNumber());
    return suite;
  }
}
 
Example 15
Source Project: hadoop-ozone   Source File: OMPBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static CipherSuiteProto convert(CipherSuite suite) {
  switch (suite) {
  case UNKNOWN:
    return CipherSuiteProto.UNKNOWN;
  case AES_CTR_NOPADDING:
    return CipherSuiteProto.AES_CTR_NOPADDING;
  default:
    return null;
  }
}
 
Example 16
Source Project: hadoop-ozone   Source File: OMBucketCreateRequest.java    License: Apache License 2.0 5 votes vote down vote up
private BucketEncryptionInfoProto getBeinfo(
    KeyProviderCryptoExtension kmsProvider, BucketInfo bucketInfo)
    throws IOException {
  BucketEncryptionInfoProto bek = bucketInfo.getBeinfo();
  BucketEncryptionInfoProto.Builder bekb = null;
  if (kmsProvider == null) {
    throw new OMException("Invalid KMS provider, check configuration " +
        CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
        OMException.ResultCodes.INVALID_KMS_PROVIDER);
  }
  if (bek.getKeyName() == null) {
    throw new OMException("Bucket encryption key needed.", OMException
        .ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // Talk to KMS to retrieve the bucket encryption key info.
  KeyProvider.Metadata metadata = kmsProvider.getMetadata(
      bek.getKeyName());
  if (metadata == null) {
    throw new OMException("Bucket encryption key " + bek.getKeyName()
        + " doesn't exist.",
        OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // If the provider supports pool for EDEKs, this will fill in the pool
  kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
  bekb = BucketEncryptionInfoProto.newBuilder()
      .setKeyName(bek.getKeyName())
      .setCryptoProtocolVersion(ENCRYPTION_ZONES)
      .setSuite(OMPBHelper.convert(
          CipherSuite.convert(metadata.getCipher())));
  return bekb.build();
}
 
Example 17
Source Project: hadoop   Source File: DataTransferSaslUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 18
Source Project: hadoop   Source File: EncryptionZone.java    License: Apache License 2.0 5 votes vote down vote up
public EncryptionZone(long id, String path, CipherSuite suite,
    CryptoProtocolVersion version, String keyName) {
  this.id = id;
  this.path = path;
  this.suite = suite;
  this.version = version;
  this.keyName = keyName;
}
 
Example 19
Source Project: hadoop   Source File: FSDirectory.java    License: Apache License 2.0 5 votes vote down vote up
XAttr createEncryptionZone(String src, CipherSuite suite,
    CryptoProtocolVersion version, String keyName)
  throws IOException {
  writeLock();
  try {
    return ezManager.createEncryptionZone(src, suite, version, keyName);
  } finally {
    writeUnlock();
  }
}
 
Example 20
Source Project: hadoop   Source File: EncryptionZoneManager.java    License: Apache License 2.0 5 votes vote down vote up
EncryptionZoneInt(long inodeId, CipherSuite suite,
    CryptoProtocolVersion version, String keyName) {
  Preconditions.checkArgument(suite != CipherSuite.UNKNOWN);
  Preconditions.checkArgument(version != CryptoProtocolVersion.UNKNOWN);
  this.inodeId = inodeId;
  this.suite = suite;
  this.version = version;
  this.keyName = keyName;
}
 
Example 21
Source Project: hadoop   Source File: EncryptionZoneManager.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new encryption zone.
 * <p/>
 * Called while holding the FSDirectory lock.
 */
XAttr createEncryptionZone(String src, CipherSuite suite,
    CryptoProtocolVersion version, String keyName)
    throws IOException {
  assert dir.hasWriteLock();
  final INodesInPath srcIIP = dir.getINodesInPath4Write(src, false);
  if (dir.isNonEmptyDirectory(srcIIP)) {
    throw new IOException(
        "Attempt to create an encryption zone for a non-empty directory.");
  }

  if (srcIIP != null &&
      srcIIP.getLastINode() != null &&
      !srcIIP.getLastINode().isDirectory()) {
    throw new IOException("Attempt to create an encryption zone for a file.");
  }
  EncryptionZoneInt ezi = getEncryptionZoneForPath(srcIIP);
  if (ezi != null) {
    throw new IOException("Directory " + src + " is already in an " +
        "encryption zone. (" + getFullPathName(ezi) + ")");
  }

  final HdfsProtos.ZoneEncryptionInfoProto proto =
      PBHelper.convert(suite, version, keyName);
  final XAttr ezXAttr = XAttrHelper
      .buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, proto.toByteArray());

  final List<XAttr> xattrs = Lists.newArrayListWithCapacity(1);
  xattrs.add(ezXAttr);
  // updating the xattr will call addEncryptionZone,
  // done this way to handle edit log loading
  FSDirXAttrOp.unprotectedSetXAttrs(dir, src, xattrs,
                                    EnumSet.of(XAttrSetFlag.CREATE));
  return ezXAttr;
}
 
Example 22
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static CipherSuiteProto convert(CipherSuite suite) {
  switch (suite) {
  case UNKNOWN:
    return CipherSuiteProto.UNKNOWN;
  case AES_CTR_NOPADDING:
    return CipherSuiteProto.AES_CTR_NOPADDING;
  default:
    return null;
  }
}
 
Example 23
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static CipherSuite convert(CipherSuiteProto proto) {
  switch (proto) {
  case AES_CTR_NOPADDING:
    return CipherSuite.AES_CTR_NOPADDING;
  default:
    // Set to UNKNOWN and stash the unknown enum value
    CipherSuite suite = CipherSuite.UNKNOWN;
    suite.setUnknownValue(proto.getNumber());
    return suite;
  }
}
 
Example 24
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static HdfsProtos.ZoneEncryptionInfoProto convert(
    CipherSuite suite, CryptoProtocolVersion version, String keyName) {
  if (suite == null || version == null || keyName == null) {
    return null;
  }
  return HdfsProtos.ZoneEncryptionInfoProto.newBuilder()
      .setSuite(convert(suite))
      .setCryptoProtocolVersion(convert(version))
      .setKeyName(keyName)
      .build();
}
 
Example 25
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static FileEncryptionInfo convert(
    HdfsProtos.FileEncryptionInfoProto proto) {
  if (proto == null) {
    return null;
  }
  CipherSuite suite = convert(proto.getSuite());
  CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion());
  byte[] key = proto.getKey().toByteArray();
  byte[] iv = proto.getIv().toByteArray();
  String ezKeyVersionName = proto.getEzKeyVersionName();
  String keyName = proto.getKeyName();
  return new FileEncryptionInfo(suite, version, key, iv, keyName,
      ezKeyVersionName);
}
 
Example 26
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static FileEncryptionInfo convert(
    HdfsProtos.PerFileEncryptionInfoProto fileProto,
    CipherSuite suite, CryptoProtocolVersion version, String keyName) {
  if (fileProto == null || suite == null || version == null ||
      keyName == null) {
    return null;
  }
  byte[] key = fileProto.getKey().toByteArray();
  byte[] iv = fileProto.getIv().toByteArray();
  String ezKeyVersionName = fileProto.getEzKeyVersionName();
  return new FileEncryptionInfo(suite, version, key, iv, keyName,
      ezKeyVersionName);
}
 
Example 27
Source Project: big-c   Source File: DataTransferSaslUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 28
Source Project: big-c   Source File: EncryptionZone.java    License: Apache License 2.0 5 votes vote down vote up
public EncryptionZone(long id, String path, CipherSuite suite,
    CryptoProtocolVersion version, String keyName) {
  this.id = id;
  this.path = path;
  this.suite = suite;
  this.version = version;
  this.keyName = keyName;
}
 
Example 29
Source Project: big-c   Source File: FSDirectory.java    License: Apache License 2.0 5 votes vote down vote up
XAttr createEncryptionZone(String src, CipherSuite suite,
    CryptoProtocolVersion version, String keyName)
  throws IOException {
  writeLock();
  try {
    return ezManager.createEncryptionZone(src, suite, version, keyName);
  } finally {
    writeUnlock();
  }
}
 
Example 30
Source Project: big-c   Source File: EncryptionZoneManager.java    License: Apache License 2.0 5 votes vote down vote up
EncryptionZoneInt(long inodeId, CipherSuite suite,
    CryptoProtocolVersion version, String keyName) {
  Preconditions.checkArgument(suite != CipherSuite.UNKNOWN);
  Preconditions.checkArgument(version != CryptoProtocolVersion.UNKNOWN);
  this.inodeId = inodeId;
  this.suite = suite;
  this.version = version;
  this.keyName = keyName;
}