Search in sources :

Example 1 with Encryptor

use of org.apache.hadoop.hbase.io.crypto.Encryptor in project hbase by apache.

the class HFileBlockDefaultEncodingContext method compressAfterEncoding.

private Bytes compressAfterEncoding(byte[] uncompressedBytesWithHeaderBuffer, int uncompressedBytesWithHeaderOffset, int uncompressedBytesWithHeaderLength, byte[] headerBytes) throws IOException {
    Encryption.Context cryptoContext = fileContext.getEncryptionContext();
    if (cryptoContext != Encryption.Context.NONE) {
        // Encrypted block format:
        // +--------------------------+
        // | byte iv length           |
        // +--------------------------+
        // | iv data ...              |
        // +--------------------------+
        // | encrypted block data ... |
        // +--------------------------+
        cryptoByteStream.reset();
        // Write the block header (plaintext)
        cryptoByteStream.write(headerBytes);
        InputStream in;
        int plaintextLength;
        // Run any compression before encryption
        if (fileContext.getCompression() != Compression.Algorithm.NONE) {
            compressedByteStream.reset();
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, uncompressedBytesWithHeaderLength - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            byte[] plaintext = compressedByteStream.toByteArray();
            plaintextLength = plaintext.length;
            in = new ByteArrayInputStream(plaintext);
        } else {
            plaintextLength = uncompressedBytesWithHeaderLength - headerBytes.length;
            in = new ByteArrayInputStream(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, plaintextLength);
        }
        if (plaintextLength > 0) {
            // Set up the cipher
            Cipher cipher = cryptoContext.getCipher();
            Encryptor encryptor = cipher.getEncryptor();
            encryptor.setKey(cryptoContext.getKey());
            // Set up the IV
            int ivLength = iv.length;
            Preconditions.checkState(ivLength <= Byte.MAX_VALUE, "IV length out of range");
            cryptoByteStream.write(ivLength);
            if (ivLength > 0) {
                encryptor.setIv(iv);
                cryptoByteStream.write(iv);
            }
            // Encrypt the data
            Encryption.encrypt(cryptoByteStream, in, encryptor);
            // Increment the IV given the final block size
            Encryption.incrementIv(iv, 1 + (cryptoByteStream.size() / encryptor.getBlockSize()));
            return new Bytes(cryptoByteStream.getBuffer(), 0, cryptoByteStream.size());
        } else {
            cryptoByteStream.write(0);
            return new Bytes(cryptoByteStream.getBuffer(), 0, cryptoByteStream.size());
        }
    } else {
        if (this.fileContext.getCompression() != NONE) {
            compressedByteStream.reset();
            compressedByteStream.write(headerBytes);
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeaderBuffer, headerBytes.length + uncompressedBytesWithHeaderOffset, uncompressedBytesWithHeaderLength - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            return new Bytes(compressedByteStream.getBuffer(), 0, compressedByteStream.size());
        } else {
            return null;
        }
    }
}
Also used : Bytes(org.apache.hadoop.hbase.util.Bytes) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Encryptor(org.apache.hadoop.hbase.io.crypto.Encryptor) Encryption(org.apache.hadoop.hbase.io.crypto.Encryption) Cipher(org.apache.hadoop.hbase.io.crypto.Cipher)

Example 2 with Encryptor

use of org.apache.hadoop.hbase.io.crypto.Encryptor in project hbase by apache.

the class AES method createEncryptionStream.

@Override
public OutputStream createEncryptionStream(OutputStream out, Context context, byte[] iv) throws IOException {
    Preconditions.checkNotNull(context);
    Preconditions.checkState(context.getKey() != null, "Context does not have a key");
    Preconditions.checkNotNull(iv);
    Encryptor e = getEncryptor();
    e.setKey(context.getKey());
    e.setIv(iv);
    return e.createEncryptionStream(out);
}
Also used : Encryptor(org.apache.hadoop.hbase.io.crypto.Encryptor)

Example 3 with Encryptor

use of org.apache.hadoop.hbase.io.crypto.Encryptor in project hbase by apache.

the class CommonsCryptoAES method createEncryptionStream.

@Override
public OutputStream createEncryptionStream(OutputStream out, Context context, byte[] iv) throws IOException {
    Preconditions.checkNotNull(context);
    Preconditions.checkState(context.getKey() != null, "Context does not have a key");
    Preconditions.checkNotNull(iv);
    Encryptor e = getEncryptor();
    e.setKey(context.getKey());
    e.setIv(iv);
    return e.createEncryptionStream(out);
}
Also used : Encryptor(org.apache.hadoop.hbase.io.crypto.Encryptor)

Example 4 with Encryptor

use of org.apache.hadoop.hbase.io.crypto.Encryptor in project hbase by apache.

the class HFileBlockDefaultEncodingContext method compressAfterEncoding.

/**
   * @param uncompressedBytesWithHeader
   * @param headerBytes
   * @throws IOException
   */
protected void compressAfterEncoding(byte[] uncompressedBytesWithHeader, byte[] headerBytes) throws IOException {
    Encryption.Context cryptoContext = fileContext.getEncryptionContext();
    if (cryptoContext != Encryption.Context.NONE) {
        // Encrypted block format:
        // +--------------------------+
        // | byte iv length           |
        // +--------------------------+
        // | iv data ...              |
        // +--------------------------+
        // | encrypted block data ... |
        // +--------------------------+
        cryptoByteStream.reset();
        // Write the block header (plaintext)
        cryptoByteStream.write(headerBytes);
        InputStream in;
        int plaintextLength;
        // Run any compression before encryption
        if (fileContext.getCompression() != Compression.Algorithm.NONE) {
            compressedByteStream.reset();
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeader, headerBytes.length, uncompressedBytesWithHeader.length - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            byte[] plaintext = compressedByteStream.toByteArray();
            plaintextLength = plaintext.length;
            in = new ByteArrayInputStream(plaintext);
        } else {
            plaintextLength = uncompressedBytesWithHeader.length - headerBytes.length;
            in = new ByteArrayInputStream(uncompressedBytesWithHeader, headerBytes.length, plaintextLength);
        }
        if (plaintextLength > 0) {
            // Set up the cipher
            Cipher cipher = cryptoContext.getCipher();
            Encryptor encryptor = cipher.getEncryptor();
            encryptor.setKey(cryptoContext.getKey());
            // Set up the IV
            int ivLength = iv.length;
            Preconditions.checkState(ivLength <= Byte.MAX_VALUE, "IV length out of range");
            cryptoByteStream.write(ivLength);
            if (ivLength > 0) {
                encryptor.setIv(iv);
                cryptoByteStream.write(iv);
            }
            // Encrypt the data
            Encryption.encrypt(cryptoByteStream, in, encryptor);
            onDiskBytesWithHeader = cryptoByteStream.toByteArray();
            // Increment the IV given the final block size
            Encryption.incrementIv(iv, 1 + (onDiskBytesWithHeader.length / encryptor.getBlockSize()));
        } else {
            cryptoByteStream.write(0);
            onDiskBytesWithHeader = cryptoByteStream.toByteArray();
        }
    } else {
        if (this.fileContext.getCompression() != NONE) {
            compressedByteStream.reset();
            compressedByteStream.write(headerBytes);
            compressionStream.resetState();
            compressionStream.write(uncompressedBytesWithHeader, headerBytes.length, uncompressedBytesWithHeader.length - headerBytes.length);
            compressionStream.flush();
            compressionStream.finish();
            onDiskBytesWithHeader = compressedByteStream.toByteArray();
        } else {
            onDiskBytesWithHeader = uncompressedBytesWithHeader;
        }
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Encryptor(org.apache.hadoop.hbase.io.crypto.Encryptor) Encryption(org.apache.hadoop.hbase.io.crypto.Encryption) Cipher(org.apache.hadoop.hbase.io.crypto.Cipher)

Example 5 with Encryptor

use of org.apache.hadoop.hbase.io.crypto.Encryptor in project hbase by apache.

the class AbstractProtobufLogWriter method buildSecureWALHeader.

// should be called in sub classes's buildWALHeader method to build WALHeader for secure
// environment. Do not forget to override the setEncryptor method as it will be called in this
// method to init your encryptor.
protected final WALHeader buildSecureWALHeader(Configuration conf, WALHeader.Builder builder) throws IOException {
    builder.setWriterClsName(getWriterClassName());
    if (conf.getBoolean(HConstants.ENABLE_WAL_ENCRYPTION, false)) {
        EncryptionTest.testKeyProvider(conf);
        EncryptionTest.testCipherProvider(conf);
        // Get an instance of our cipher
        final String cipherName = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
        Cipher cipher = Encryption.getCipher(conf, cipherName);
        if (cipher == null) {
            throw new RuntimeException("Cipher '" + cipherName + "' is not available");
        }
        // Generate an encryption key for this WAL
        SecureRandom rng = new SecureRandom();
        byte[] keyBytes = new byte[cipher.getKeyLength()];
        rng.nextBytes(keyBytes);
        Key key = new SecretKeySpec(keyBytes, cipher.getName());
        builder.setEncryptionKey(UnsafeByteOperations.unsafeWrap(EncryptionUtil.wrapKey(conf, conf.get(HConstants.CRYPTO_WAL_KEY_NAME_CONF_KEY, conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName())), key)));
        // Set up the encryptor
        Encryptor encryptor = cipher.getEncryptor();
        encryptor.setKey(key);
        setEncryptor(encryptor);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Initialized secure protobuf WAL: cipher=" + cipher.getName());
        }
    }
    builder.setCellCodecClsName(SecureWALCellCodec.class.getName());
    return buildWALHeader0(conf, builder);
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) SecureRandom(java.security.SecureRandom) Encryptor(org.apache.hadoop.hbase.io.crypto.Encryptor) Cipher(org.apache.hadoop.hbase.io.crypto.Cipher) Key(java.security.Key)

Aggregations

Encryptor (org.apache.hadoop.hbase.io.crypto.Encryptor)7 Cipher (org.apache.hadoop.hbase.io.crypto.Cipher)5 ByteArrayInputStream (java.io.ByteArrayInputStream)4 SecretKeySpec (javax.crypto.spec.SecretKeySpec)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStream (java.io.InputStream)2 OutputStream (java.io.OutputStream)2 Configuration (org.apache.hadoop.conf.Configuration)2 HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)2 Encryption (org.apache.hadoop.hbase.io.crypto.Encryption)2 Test (org.junit.Test)2 Key (java.security.Key)1 SecureRandom (java.security.SecureRandom)1 Bytes (org.apache.hadoop.hbase.util.Bytes)1