Examples with Cipher org.apache.hadoop.hbase.io.crypto.Cipher used on opensource projects

Example 1 with Cipher

use of org.apache.hadoop.hbase.io.crypto.Cipher in project hbase by apache.

the class HFileReaderImpl method createHFileContext.

protected HFileContext createHFileContext(FSDataInputStreamWrapper fsdis, long fileSize, HFileSystem hfs, Path path, FixedFileTrailer trailer) throws IOException {
    HFileContextBuilder builder = new HFileContextBuilder().withIncludesMvcc(shouldIncludeMemstoreTS()).withHBaseCheckSum(true).withHFileName(this.getName()).withCompression(this.compressAlgo);
    // Check for any key material available
    byte[] keyBytes = trailer.getEncryptionKey();
    if (keyBytes != null) {
        Encryption.Context cryptoContext = Encryption.newContext(conf);
        Key key;
        key = EncryptionUtil.unwrapKey(conf, keyBytes);
        // Use the algorithm the key wants
        Cipher cipher = Encryption.getCipher(conf, key.getAlgorithm());
        if (cipher == null) {
            throw new IOException("Cipher '" + key.getAlgorithm() + "' is not available");
        }
        cryptoContext.setCipher(cipher);
        cryptoContext.setKey(key);
        builder.withEncryptionContext(cryptoContext);
    }
    HFileContext context = builder.build();
    if (LOG.isTraceEnabled()) {
        LOG.trace("Reader" + (path != null ? " for " + path : "") + " initialized with cacheConf: " + cacheConf + " comparator: " + comparator.getClass().getSimpleName() + " fileContext: " + context);
    }
    return context;
}

Example 2 with Cipher

use of org.apache.hadoop.hbase.io.crypto.Cipher in project hbase by apache.

the class HFileBlockDefaultEncodingContext method compressAfterEncoding.

private Bytes compressAfterEncoding(byte[] uncompressedBytesWithHeaderBuffer, int uncompressedBytesWithHeaderOffset, int uncompressedBytesWithHeaderLength, byte[] headerBytes) throws IOException {
    Encryption.Context cryptoContext = fileContext.getEncryptionContext();
    if (cryptoContext != Encryption.Context.NONE) {
        // Encrypted block format:
        // +--------------------------+
        // | byte iv length           |
        // +--------------------------+
        // | iv data ...              |
        // +--------------------------+
        // | encrypted block data ... |
        // +--------------------------+
        cryptoByteStream.reset();
        // Write the block header (plaintext)
        cryptoByteStream.write(headerBytes);
        InputStream in;
        int plaintextLength;
        // Run any compression before encryption
        if (fileContext.getCompression() != Compression.Algorithm.NONE) {
            compressedByteStream.reset();
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, uncompressedBytesWithHeaderLength - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            byte[] plaintext = compressedByteStream.toByteArray();
            plaintextLength = plaintext.length;
            in = new ByteArrayInputStream(plaintext);
        } else {
            plaintextLength = uncompressedBytesWithHeaderLength - headerBytes.length;
            in = new ByteArrayInputStream(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, plaintextLength);
        }
        if (plaintextLength > 0) {
            // Set up the cipher
            Cipher cipher = cryptoContext.getCipher();
            Encryptor encryptor = cipher.getEncryptor();
            encryptor.setKey(cryptoContext.getKey());
            // Set up the IV
            int ivLength = iv.length;
            Preconditions.checkState(ivLength <= Byte.MAX_VALUE, "IV length out of range");
            cryptoByteStream.write(ivLength);
            if (ivLength > 0) {
                encryptor.setIv(iv);
                cryptoByteStream.write(iv);
            }
            // Encrypt the data
            Encryption.encrypt(cryptoByteStream, in, encryptor);
            // Increment the IV given the final block size
            Encryption.incrementIv(iv, 1 + (cryptoByteStream.size() / encryptor.getBlockSize()));
            return new Bytes(cryptoByteStream.getBuffer(), 0, cryptoByteStream.size());
        } else {
            cryptoByteStream.write(0);
            return new Bytes(cryptoByteStream.getBuffer(), 0, cryptoByteStream.size());
        }
    } else {
        if (this.fileContext.getCompression() != NONE) {
            compressedByteStream.reset();
            compressedByteStream.write(headerBytes);
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, uncompressedBytesWithHeaderLength - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            return new Bytes(compressedByteStream.getBuffer(), 0, compressedByteStream.size());
        } else {
            return null;
        }
    }
}

Example 3 with Cipher

use of org.apache.hadoop.hbase.io.crypto.Cipher in project hbase by apache.

the class HFileBlockDefaultDecodingContext method prepareDecoding.

@Override
public void prepareDecoding(int onDiskSizeWithoutHeader, int uncompressedSizeWithoutHeader, ByteBuff blockBufferWithoutHeader, ByteBuff onDiskBlock) throws IOException {
    final ByteBuffInputStream byteBuffInputStream = new ByteBuffInputStream(onDiskBlock);
    InputStream dataInputStream = new DataInputStream(byteBuffInputStream);
    try {
        Encryption.Context cryptoContext = fileContext.getEncryptionContext();
        if (cryptoContext != Encryption.Context.NONE) {
            Cipher cipher = cryptoContext.getCipher();
            Decryptor decryptor = cipher.getDecryptor();
            decryptor.setKey(cryptoContext.getKey());
            // Encrypted block format:
            // +--------------------------+
            // | byte iv length           |
            // +--------------------------+
            // | iv data ...              |
            // +--------------------------+
            // | encrypted block data ... |
            // +--------------------------+
            int ivLength = dataInputStream.read();
            if (ivLength > 0) {
                byte[] iv = new byte[ivLength];
                IOUtils.readFully(dataInputStream, iv);
                decryptor.setIv(iv);
                // All encrypted blocks will have a nonzero IV length. If we see an IV
                // length of zero, this means the encoding context had 0 bytes of
                // plaintext to encode.
                decryptor.reset();
                dataInputStream = decryptor.createDecryptionStream(dataInputStream);
            }
            onDiskSizeWithoutHeader -= Bytes.SIZEOF_BYTE + ivLength;
        }
        Compression.Algorithm compression = fileContext.getCompression();
        if (compression != Compression.Algorithm.NONE) {
            Decompressor decompressor = null;
            try {
                decompressor = compression.getDecompressor();
                // same when creating decompression streams. We can ignore these cases wrt reinit.
                if (decompressor instanceof CanReinit) {
                    ((CanReinit) decompressor).reinit(conf);
                }
                try (InputStream is = compression.createDecompressionStream(dataInputStream, decompressor, 0)) {
                    BlockIOUtils.readFullyWithHeapBuffer(is, blockBufferWithoutHeader, uncompressedSizeWithoutHeader);
                }
            } finally {
                if (decompressor != null) {
                    compression.returnDecompressor(decompressor);
                }
            }
        } else {
            BlockIOUtils.readFullyWithHeapBuffer(dataInputStream, blockBufferWithoutHeader, onDiskSizeWithoutHeader);
        }
    } finally {
        byteBuffInputStream.close();
        dataInputStream.close();
    }
}

Example 4 with Cipher

use of org.apache.hadoop.hbase.io.crypto.Cipher in project hbase by apache.

the class HFileInfo method createHFileContext.

private HFileContext createHFileContext(Path path, FixedFileTrailer trailer, Configuration conf) throws IOException {
    HFileContextBuilder builder = new HFileContextBuilder().withHBaseCheckSum(true).withHFileName(path.getName()).withCompression(trailer.getCompressionCodec()).withCellComparator(FixedFileTrailer.createComparator(trailer.getComparatorClassName()));
    // Check for any key material available
    byte[] keyBytes = trailer.getEncryptionKey();
    if (keyBytes != null) {
        Encryption.Context cryptoContext = Encryption.newContext(conf);
        Key key = EncryptionUtil.unwrapKey(conf, keyBytes);
        // Use the algorithm the key wants
        Cipher cipher = Encryption.getCipher(conf, key.getAlgorithm());
        if (cipher == null) {
            throw new IOException("Cipher '" + key.getAlgorithm() + "' is not available" + ", path=" + path);
        }
        cryptoContext.setCipher(cipher);
        cryptoContext.setKey(key);
        builder.withEncryptionContext(cryptoContext);
    }
    HFileContext context = builder.build();
    return context;
}

Example 5 with Cipher

use of org.apache.hadoop.hbase.io.crypto.Cipher in project hbase by apache.

the class EncryptionUtil method unwrapWALKey.

/**
 * Unwrap a wal key by decrypting it with the secret key of the given subject. The configuration
 * must be set up correctly for key alias resolution.
 * @param conf configuration
 * @param subject subject key alias
 * @param value the encrypted key bytes
 * @return the raw key bytes
 * @throws IOException if key is not found for the subject, or if some I/O error occurs
 * @throws KeyException if fail to unwrap the key
 */
public static Key unwrapWALKey(Configuration conf, String subject, byte[] value) throws IOException, KeyException {
    EncryptionProtos.WrappedKey wrappedKey = EncryptionProtos.WrappedKey.PARSER.parseDelimitedFrom(new ByteArrayInputStream(value));
    String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
    Cipher cipher = Encryption.getCipher(conf, algorithm);
    if (cipher == null) {
        throw new RuntimeException("Cipher '" + algorithm + "' not available");
    }
    return getUnwrapKey(conf, subject, wrappedKey, cipher);
}