hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JceAesCtrCryptoCodec.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.crypto;

 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;

 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;

 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;

 import com.google.common.base.Preconditions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_KEY;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_DEFAULT;

 /**
  * Implement the AES-CTR crypto codec using JCE provider.
  */
 @InterfaceAudience.Private
 public class JceAesCtrCryptoCodec extends AesCtrCryptoCodec {
   private static final Logger LOG =
       LoggerFactory.getLogger(JceAesCtrCryptoCodec.class.getName());

   private Configuration conf;
   private String provider;
   private SecureRandom random;

   public JceAesCtrCryptoCodec() {
   }

   @Override
   public Configuration getConf() {
     return conf;
   }

   @Override
   public void setConf(Configuration conf) {
     this.conf = conf;
     provider = conf.get(HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY);
     final String secureRandomAlg = conf.get(
         HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_KEY,
         HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_DEFAULT);
     try {
       random = (provider != null) ?
           SecureRandom.getInstance(secureRandomAlg, provider) :
             SecureRandom.getInstance(secureRandomAlg);
     } catch (GeneralSecurityException e) {
       LOG.warn(e.getMessage());
       random = new SecureRandom();
     }
   }

   @Override
   public Encryptor createEncryptor() throws GeneralSecurityException {
     return new JceAesCtrCipher(Cipher.ENCRYPT_MODE, provider);
   }

   @Override
   public Decryptor createDecryptor() throws GeneralSecurityException {
     return new JceAesCtrCipher(Cipher.DECRYPT_MODE, provider);
   }

   @Override
   public void generateSecureRandom(byte[] bytes) {
     random.nextBytes(bytes);
   }

   private static class JceAesCtrCipher implements Encryptor, Decryptor {
     private final Cipher cipher;
     private final int mode;
     private boolean contextReset = false;

     public JceAesCtrCipher(int mode, String provider)
         throws GeneralSecurityException {
       this.mode = mode;
       if (provider == null || provider.isEmpty()) {
         cipher = Cipher.getInstance(SUITE.getName());
       } else {
         cipher = Cipher.getInstance(SUITE.getName(), provider);
       }
     }

     @Override
     public void init(byte[] key, byte[] iv) throws IOException {
       Preconditions.checkNotNull(key);
       Preconditions.checkNotNull(iv);
       contextReset = false;
       try {
         cipher.init(mode, new SecretKeySpec(key, "AES"),
             new IvParameterSpec(iv));
       } catch (Exception e) {
         throw new IOException(e);
       }
     }

     /**
      * AES-CTR will consume all of the input data. It requires enough space in
      * the destination buffer to encrypt entire input buffer.
      */
     @Override
     public void encrypt(ByteBuffer inBuffer, ByteBuffer outBuffer)
         throws IOException {
       process(inBuffer, outBuffer);
     }

     /**
      * AES-CTR will consume all of the input data. It requires enough space in
      * the destination buffer to decrypt entire input buffer.
      */
     @Override
     public void decrypt(ByteBuffer inBuffer, ByteBuffer outBuffer)
         throws IOException {
       process(inBuffer, outBuffer);
     }

     private void process(ByteBuffer inBuffer, ByteBuffer outBuffer)
         throws IOException {
       try {
         int inputSize = inBuffer.remaining();
         // Cipher#update will maintain crypto context.
         int n = cipher.update(inBuffer, outBuffer);
         if (n < inputSize) {
           /**
            * Typically code will not get here. Cipher#update will consume all
            * input data and put result in outBuffer.
            * Cipher#doFinal will reset the crypto context.
            */
           contextReset = true;
           cipher.doFinal(inBuffer, outBuffer);
         }
       } catch (Exception e) {
         throw new IOException(e);
       }
     }

     @Override
     public boolean isContextReset() {
       return contextReset;
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.crypto;

	import java.io.IOException;
	import java.nio.ByteBuffer;
	import java.security.GeneralSecurityException;
	import java.security.SecureRandom;

	import javax.crypto.Cipher;
	import javax.crypto.spec.IvParameterSpec;
	import javax.crypto.spec.SecretKeySpec;

	import org.apache.hadoop.classification.InterfaceAudience;
	import org.apache.hadoop.conf.Configuration;

	import com.google.common.base.Preconditions;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY;
	import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_KEY;
	import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_DEFAULT;

	/**
	* Implement the AES-CTR crypto codec using JCE provider.
	*/
	@InterfaceAudience.Private
	public class JceAesCtrCryptoCodec extends AesCtrCryptoCodec {
	private static final Logger LOG =
	LoggerFactory.getLogger(JceAesCtrCryptoCodec.class.getName());

	private Configuration conf;
	private String provider;
	private SecureRandom random;

	public JceAesCtrCryptoCodec() {
	}

	@Override
	public Configuration getConf() {
	return conf;
	}

	@Override
	public void setConf(Configuration conf) {
	this.conf = conf;
	provider = conf.get(HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY);
	final String secureRandomAlg = conf.get(
	HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_KEY,
	HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_DEFAULT);
	try {
	random = (provider != null) ?
	SecureRandom.getInstance(secureRandomAlg, provider) :
	SecureRandom.getInstance(secureRandomAlg);
	} catch (GeneralSecurityException e) {
	LOG.warn(e.getMessage());
	random = new SecureRandom();
	}
	}

	@Override
	public Encryptor createEncryptor() throws GeneralSecurityException {
	return new JceAesCtrCipher(Cipher.ENCRYPT_MODE, provider);
	}

	@Override
	public Decryptor createDecryptor() throws GeneralSecurityException {
	return new JceAesCtrCipher(Cipher.DECRYPT_MODE, provider);
	}

	@Override
	public void generateSecureRandom(byte[] bytes) {
	random.nextBytes(bytes);
	}

	private static class JceAesCtrCipher implements Encryptor, Decryptor {
	private final Cipher cipher;
	private final int mode;
	private boolean contextReset = false;

	public JceAesCtrCipher(int mode, String provider)
	throws GeneralSecurityException {
	this.mode = mode;
	if (provider == null \|\| provider.isEmpty()) {
	cipher = Cipher.getInstance(SUITE.getName());
	} else {
	cipher = Cipher.getInstance(SUITE.getName(), provider);
	}
	}

	@Override
	public void init(byte[] key, byte[] iv) throws IOException {
	Preconditions.checkNotNull(key);
	Preconditions.checkNotNull(iv);
	contextReset = false;
	try {
	cipher.init(mode, new SecretKeySpec(key, "AES"),
	new IvParameterSpec(iv));
	} catch (Exception e) {
	throw new IOException(e);
	}
	}

	/**
	* AES-CTR will consume all of the input data. It requires enough space in
	* the destination buffer to encrypt entire input buffer.
	*/
	@Override
	public void encrypt(ByteBuffer inBuffer, ByteBuffer outBuffer)
	throws IOException {
	process(inBuffer, outBuffer);
	}

	/**
	* AES-CTR will consume all of the input data. It requires enough space in
	* the destination buffer to decrypt entire input buffer.
	*/
	@Override
	public void decrypt(ByteBuffer inBuffer, ByteBuffer outBuffer)
	throws IOException {
	process(inBuffer, outBuffer);
	}

	private void process(ByteBuffer inBuffer, ByteBuffer outBuffer)
	throws IOException {
	try {
	int inputSize = inBuffer.remaining();
	// Cipher#update will maintain crypto context.
	int n = cipher.update(inBuffer, outBuffer);
	if (n < inputSize) {
	/**
	* Typically code will not get here. Cipher#update will consume all
	* input data and put result in outBuffer.
	* Cipher#doFinal will reset the crypto context.
	*/
	contextReset = true;
	cipher.doFinal(inBuffer, outBuffer);
	}
	} catch (Exception e) {
	throw new IOException(e);
	}
	}

	@Override
	public boolean isContextReset() {
	return contextReset;
	}
	}
	}