| /******************************************************************** |
| * 2014 - |
| * open source under Apache License Version 2.0 |
| ********************************************************************/ |
| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #ifndef _HDFS_LIBHDFS3_CLIENT_CRYPTOCODEC_H_ |
| #define _HDFS_LIBHDFS3_CLIENT_CRYPTOCODEC_H_ |
| |
| #include <string> |
| |
| #include "openssl/conf.h" |
| #include "openssl/evp.h" |
| #include "openssl/err.h" |
| #include "FileEncryptionInfo.h" |
| #include "KmsClientProvider.h" |
| |
| #define KEY_LENGTH_256 32 |
| #define KEY_LENGTH_128 16 |
| |
| namespace Hdfs { |
| |
| enum CryptoMethod { |
| DECRYPT = 0, |
| ENCRYPT = 1 |
| }; |
| |
| class CryptoCodec { |
| public: |
| /** |
| * Construct a CryptoCodec instance. |
| * @param encryptionInfo the encryption info of file. |
| * @param kcp a KmsClientProvider instance to get key from kms server. |
| * @param bufSize crypto buffer size. |
| */ |
| CryptoCodec(FileEncryptionInfo *encryptionInfo, shared_ptr<KmsClientProvider> kcp, int32_t bufSize); |
| |
| /** |
| * Destroy a CryptoCodec instance. |
| */ |
| virtual ~CryptoCodec(); |
| |
| /** |
| * encrypt/decrypt(depends on init()) buffer data |
| * @param buffer |
| * @param size |
| * @return encrypt/decrypt result string |
| */ |
| virtual std::string cipher_wrap(const char * buffer, int64_t size); |
| |
| /** |
| * init CryptoCodec |
| * @param method CryptoMethod |
| * @param stream_offset 0 when open a new file; file_lenght when append a existed file |
| * @return 1 success; 0 no need(already inited); -1 failed |
| */ |
| virtual int init(CryptoMethod crypto_method, int64_t stream_offset = 0); |
| |
| /** |
| * Reset iv and padding value when seek file. |
| * @param crypto_method do encrypt/decrypt work according to crypto_method. |
| * @param stream_offset the offset of the current file. |
| * @return 1 sucess; -1 failed. |
| */ |
| virtual int resetStreamOffset(CryptoMethod crypto_method, int64_t stream_offset); |
| |
| private: |
| |
| /** |
| * Get decrypted key from kms. |
| */ |
| std::string getDecryptedKeyFromKms(); |
| |
| /** |
| * calculate new IV for appending a existed file |
| * @param initIV |
| * @param counter |
| * @return new IV string |
| */ |
| std::string calculateIV(const std::string& initIV, unsigned long counter); |
| |
| shared_ptr<KmsClientProvider> kcp; |
| FileEncryptionInfo* encryptionInfo; |
| EVP_CIPHER_CTX* cipherCtx; |
| const EVP_CIPHER* cipher; |
| CryptoMethod method; |
| |
| bool is_init; |
| int32_t bufSize; |
| int64_t padding; |
| int64_t counter; |
| std::string decryptedKey; |
| uint64_t AlgorithmBlockSize; |
| }; |
| |
| } |
| #endif |