@Override public OutputStream createEncryptionStream(OutputStream out, Context context, byte[] iv) throws IOException { Preconditions.checkNotNull(context); Preconditions.checkState(context.getKey() != null, "Context does not have a key"); Preconditions.checkNotNull(iv); Encryptor e = getEncryptor(); e.setKey(context.getKey()); e.setIv(iv); return e.createEncryptionStream(out); }
@Test public void testAESAlgorithm() throws Exception { Configuration conf = HBaseConfiguration.create(); Cipher aes = Encryption.getCipher(conf, "AES"); assertEquals(aes.getKeyLength(), AES.KEY_LENGTH); assertEquals(aes.getIvLength(), AES.IV_LENGTH); Encryptor e = aes.getEncryptor(); e.setKey(new SecretKeySpec(Bytes.fromHex("2b7e151628aed2a6abf7158809cf4f3c"), "AES")); e.setIv(Bytes.fromHex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff")); ByteArrayOutputStream out = new ByteArrayOutputStream(); OutputStream cout = e.createEncryptionStream(out); cout.write(Bytes.fromHex("6bc1bee22e409f96e93d7e117393172a")); cout.write(Bytes.fromHex("ae2d8a571e03ac9c9eb76fac45af8e51")); cout.write(Bytes.fromHex("30c81c46a35ce411e5fbc1191a0a52ef")); cout.write(Bytes.fromHex("f69f2445df4f9b17ad2b417be66c3710")); cout.close(); ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray()); byte[] b = new byte[16]; IOUtils.readFully(in, b); assertTrue("Failed #1", Bytes.equals(b, Bytes.fromHex("874d6191b620e3261bef6864990db6ce"))); IOUtils.readFully(in, b); assertTrue("Failed #2", Bytes.equals(b, Bytes.fromHex("9806f66b7970fdff8617187bb9fffdff"))); IOUtils.readFully(in, b); assertTrue("Failed #3", Bytes.equals(b, Bytes.fromHex("5ae4df3edbd5d35e5b4f09020db03eab"))); IOUtils.readFully(in, b); assertTrue("Failed #4", Bytes.equals(b, Bytes.fromHex("1e031dda2fbe03d1792170a0f3009cee"))); }
protected final WALHeader buildSecureWALHeader(Configuration conf, WALHeader.Builder builder) throws IOException { builder.setWriterClsName(getWriterClassName()); if (conf.getBoolean(HConstants.ENABLE_WAL_ENCRYPTION, false)) { EncryptionTest.testKeyProvider(conf); EncryptionTest.testCipherProvider(conf); // Get an instance of our cipher final String cipherName = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES); Cipher cipher = Encryption.getCipher(conf, cipherName); if (cipher == null) { throw new RuntimeException("Cipher '" + cipherName + "' is not available"); } // Generate an encryption key for this WAL SecureRandom rng = new SecureRandom(); byte[] keyBytes = new byte[cipher.getKeyLength()]; rng.nextBytes(keyBytes); Key key = new SecretKeySpec(keyBytes, cipher.getName()); builder.setEncryptionKey(UnsafeByteOperations.unsafeWrap(EncryptionUtil.wrapKey(conf, conf.get(HConstants.CRYPTO_WAL_KEY_NAME_CONF_KEY, conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName())), key))); // Set up the encryptor Encryptor encryptor = cipher.getEncryptor(); encryptor.setKey(key); setEncryptor(encryptor); if (LOG.isTraceEnabled()) { LOG.trace("Initialized secure protobuf WAL: cipher=" + cipher.getName()); } } builder.setCellCodecClsName(SecureWALCellCodec.class.getName()); return buildWALHeader0(conf, builder); }
protected final void secureInitAfterHeader(boolean doCompress, Encryptor encryptor) throws IOException { if (conf.getBoolean(HConstants.ENABLE_WAL_ENCRYPTION, false) && encryptor != null) { WALCellCodec codec = SecureWALCellCodec.getCodec(this.conf, encryptor); this.cellEncoder = codec.getEncoder(getOutputStreamForCellEncoder()); // We do not support compression this.compressionContext = null; } else { initAfterHeader0(doCompress); } }
@Test public void testAESAlgorithm() throws Exception { Configuration conf = HBaseConfiguration.create(); Cipher aes = Encryption.getCipher(conf, "AES"); assertEquals(AES.KEY_LENGTH, aes.getKeyLength()); assertEquals(AES.IV_LENGTH, aes.getIvLength()); Encryptor e = aes.getEncryptor(); e.setKey(new SecretKeySpec(Bytes.fromHex("2b7e151628aed2a6abf7158809cf4f3c"), "AES")); e.setIv(Bytes.fromHex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff")); ByteArrayOutputStream out = new ByteArrayOutputStream(); OutputStream cout = e.createEncryptionStream(out); cout.write(Bytes.fromHex("6bc1bee22e409f96e93d7e117393172a")); cout.write(Bytes.fromHex("ae2d8a571e03ac9c9eb76fac45af8e51")); cout.write(Bytes.fromHex("30c81c46a35ce411e5fbc1191a0a52ef")); cout.write(Bytes.fromHex("f69f2445df4f9b17ad2b417be66c3710")); cout.close(); ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray()); byte[] b = new byte[16]; IOUtils.readFully(in, b); assertTrue("Failed #1", Bytes.equals(b, Bytes.fromHex("874d6191b620e3261bef6864990db6ce"))); IOUtils.readFully(in, b); assertTrue("Failed #2", Bytes.equals(b, Bytes.fromHex("9806f66b7970fdff8617187bb9fffdff"))); IOUtils.readFully(in, b); assertTrue("Failed #3", Bytes.equals(b, Bytes.fromHex("5ae4df3edbd5d35e5b4f09020db03eab"))); IOUtils.readFully(in, b); assertTrue("Failed #4", Bytes.equals(b, Bytes.fromHex("1e031dda2fbe03d1792170a0f3009cee"))); }
@Test public void testAESAlgorithm() throws Exception { Configuration conf = HBaseConfiguration.create(); Cipher aes = Encryption.getCipher(conf, "AES"); assertEquals(CommonsCryptoAES.KEY_LENGTH, aes.getKeyLength()); assertEquals(CommonsCryptoAES.IV_LENGTH, aes.getIvLength()); Encryptor e = aes.getEncryptor(); e.setKey(new SecretKeySpec(Bytes.fromHex("2b7e151628aed2a6abf7158809cf4f3c"), "AES")); e.setIv(Bytes.fromHex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff")); ByteArrayOutputStream out = new ByteArrayOutputStream(); OutputStream cout = e.createEncryptionStream(out); cout.write(Bytes.fromHex("6bc1bee22e409f96e93d7e117393172a")); cout.write(Bytes.fromHex("ae2d8a571e03ac9c9eb76fac45af8e51")); cout.write(Bytes.fromHex("30c81c46a35ce411e5fbc1191a0a52ef")); cout.write(Bytes.fromHex("f69f2445df4f9b17ad2b417be66c3710")); cout.close(); ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray()); byte[] b = new byte[16]; IOUtils.readFully(in, b); assertTrue("Failed #1", Bytes.equals(b, Bytes.fromHex("874d6191b620e3261bef6864990db6ce"))); IOUtils.readFully(in, b); assertTrue("Failed #2", Bytes.equals(b, Bytes.fromHex("9806f66b7970fdff8617187bb9fffdff"))); IOUtils.readFully(in, b); assertTrue("Failed #3", Bytes.equals(b, Bytes.fromHex("5ae4df3edbd5d35e5b4f09020db03eab"))); IOUtils.readFully(in, b); assertTrue("Failed #4", Bytes.equals(b, Bytes.fromHex("1e031dda2fbe03d1792170a0f3009cee"))); }
public SecureWALCellCodec(Configuration conf, Encryptor encryptor) { super(conf, null); this.encryptor = encryptor; }
public EncryptedKvEncoder(OutputStream os, Encryptor encryptor) { super(os); this.encryptor = encryptor; }
public static WALCellCodec getCodec(Configuration conf, Encryptor encryptor) { return new SecureWALCellCodec(conf, encryptor); }
@Override public Encryptor getEncryptor() { return new AESEncryptor(getJCECipherInstance(), rng); }
@Override public OutputStream createEncryptionStream(OutputStream out, Encryptor e) throws IOException { Preconditions.checkNotNull(e); return e.createEncryptionStream(out); }
public EncryptedKvEncoder(OutputStream os, Encryptor encryptor) { super(os); this.encryptor = encryptor; iv = new byte[encryptor.getIvLength()]; }
@Override protected void setEncryptor(Encryptor encryptor) { this.encryptor = encryptor; }
protected void setEncryptor(Encryptor encryptor) { }
@Override public Encryptor getEncryptor() { return new CommonsCryptoAESEncryptor(cipherMode, props, rng); }
@Override public OutputStream createEncryptionStream(OutputStream out, Encryptor encryptor) throws IOException { return encryptor.createEncryptionStream(out); }