Java Code Examples for org.apache.hadoop.crypto.CryptoCodec#generateSecureRandom()

The following examples show how to use org.apache.hadoop.crypto.CryptoCodec#generateSecureRandom() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   File: CryptoUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * This method creates and initializes an IV (Initialization Vector)
 * 
 * @param conf
 * @return byte[]
 * @throws IOException
 */
public static byte[] createIV(Configuration conf) throws IOException {
  CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf);
  if (isEncryptedSpillEnabled(conf)) {
    byte[] iv = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
    cryptoCodec.generateSecureRandom(iv);
    return iv;
  } else {
    return null;
  }
}
 
Example 2
Source Project: hadoop   File: DataTransferSaslUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 3
@Override
public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
    throws IOException, GeneralSecurityException {
  // Fetch the encryption key
  KeyVersion encryptionKey = keyProvider.getCurrentKey(encryptionKeyName);
  Preconditions.checkNotNull(encryptionKey,
      "No KeyVersion exists for key '%s' ", encryptionKeyName);
  // Generate random bytes for new key and IV

  CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf());
  final byte[] newKey = new byte[encryptionKey.getMaterial().length];
  cc.generateSecureRandom(newKey);
  final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()];
  cc.generateSecureRandom(iv);
  // Encryption key IV is derived from new key's IV
  final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
  Encryptor encryptor = cc.createEncryptor();
  encryptor.init(encryptionKey.getMaterial(), encryptionIV);
  int keyLen = newKey.length;
  ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen);
  ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen);
  bbIn.put(newKey);
  bbIn.flip();
  encryptor.encrypt(bbIn, bbOut);
  bbOut.flip();
  byte[] encryptedKey = new byte[keyLen];
  bbOut.get(encryptedKey);    
  return new EncryptedKeyVersion(encryptionKeyName,
      encryptionKey.getVersionName(), iv,
      new KeyVersion(encryptionKey.getName(), EEK, encryptedKey));
}
 
Example 4
Source Project: big-c   File: CryptoUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * This method creates and initializes an IV (Initialization Vector)
 * 
 * @param conf
 * @return byte[]
 * @throws IOException
 */
public static byte[] createIV(Configuration conf) throws IOException {
  CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf);
  if (isEncryptedSpillEnabled(conf)) {
    byte[] iv = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
    cryptoCodec.generateSecureRandom(iv);
    return iv;
  } else {
    return null;
  }
}
 
Example 5
Source Project: big-c   File: DataTransferSaslUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 6
@Override
public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
    throws IOException, GeneralSecurityException {
  // Fetch the encryption key
  KeyVersion encryptionKey = keyProvider.getCurrentKey(encryptionKeyName);
  Preconditions.checkNotNull(encryptionKey,
      "No KeyVersion exists for key '%s' ", encryptionKeyName);
  // Generate random bytes for new key and IV

  CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf());
  final byte[] newKey = new byte[encryptionKey.getMaterial().length];
  cc.generateSecureRandom(newKey);
  final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()];
  cc.generateSecureRandom(iv);
  // Encryption key IV is derived from new key's IV
  final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
  Encryptor encryptor = cc.createEncryptor();
  encryptor.init(encryptionKey.getMaterial(), encryptionIV);
  int keyLen = newKey.length;
  ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen);
  ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen);
  bbIn.put(newKey);
  bbIn.flip();
  encryptor.encrypt(bbIn, bbOut);
  bbOut.flip();
  byte[] encryptedKey = new byte[keyLen];
  bbOut.get(encryptedKey);    
  return new EncryptedKeyVersion(encryptionKeyName,
      encryptionKey.getVersionName(), iv,
      new KeyVersion(encryptionKey.getName(), EEK, encryptedKey));
}