You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by hi...@apache.org on 2016/05/19 19:27:40 UTC
[35/36] incubator-geode git commit: Merge branch 'feature/GEODE-1372'
of https://git-wip-us.apache.org/repos/asf/incubator-geode into GEODE-1372
Merge branch 'feature/GEODE-1372' of https://git-wip-us.apache.org/repos/asf/incubator-geode into GEODE-1372
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/4d5f9477
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/4d5f9477
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/4d5f9477
Branch: refs/heads/feature/GEODE-1372
Commit: 4d5f94778c8a38966a201fa9a3024b4ddbd34120
Parents: a08172f c31633c
Author: Hitesh Khamesra <hi...@yahoo.com>
Authored: Thu May 19 10:53:28 2016 -0700
Committer: Hitesh Khamesra <hi...@yahoo.com>
Committed: Thu May 19 10:53:28 2016 -0700
----------------------------------------------------------------------
.../membership/gms/messenger/GMSEncrypt.java | 233 ++++++++-----------
.../gms/messenger/GMSEncryptJUnitTest.java | 13 +-
2 files changed, 109 insertions(+), 137 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4d5f9477/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
----------------------------------------------------------------------
diff --cc geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
index 3d3633d,7cec567..f307290
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
@@@ -42,86 -43,64 +42,77 @@@ import org.apache.logging.log4j.Logger
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.internal.logging.LogService;
--public class GMSEncrypt implements Cloneable{
--
++public class GMSEncrypt implements Cloneable {
++
public static long encodingsPerformed;
public static long decodingsPerformed;
private static final Logger logger = LogService.getLogger();
// Parameters for the Diffie-Hellman key exchange
-- private static final BigInteger dhP = new BigInteger(
-- "13528702063991073999718992897071702177131142188276542919088770094024269"
-- + "73079899070080419278066109785292538223079165925365098181867673946"
-- + "34756714063947534092593553024224277712367371302394452615862654308"
-- + "11180902979719649450105660478776364198726078338308557022096810447"
-- + "3500348898008043285865193451061481841186553");
--
-- private static final BigInteger dhG = new BigInteger(
-- "13058345680719715096166513407513969537624553636623932169016704425008150"
-- + "56576152779768716554354314319087014857769741104157332735258102835"
-- + "93126577393912282416840649805564834470583437473176415335737232689"
-- + "81480201869671811010996732593655666464627559582258861254878896534"
-- + "1273697569202082715873518528062345259949959");
++ private static final BigInteger dhP = new BigInteger("13528702063991073999718992897071702177131142188276542919088770094024269" + "73079899070080419278066109785292538223079165925365098181867673946"
++ + "34756714063947534092593553024224277712367371302394452615862654308" + "11180902979719649450105660478776364198726078338308557022096810447" + "3500348898008043285865193451061481841186553");
++
++ private static final BigInteger dhG = new BigInteger("13058345680719715096166513407513969537624553636623932169016704425008150" + "56576152779768716554354314319087014857769741104157332735258102835"
++ + "93126577393912282416840649805564834470583437473176415335737232689" + "81480201869671811010996732593655666464627559582258861254878896534" + "1273697569202082715873518528062345259949959");
private static final int dhL = 1023;
-- private PrivateKey dhPrivateKey = null;
++ private PrivateKey dhPrivateKey = null;
-- private PublicKey dhPublicKey = null;
++ private PublicKey dhPublicKey = null;
-- private String dhSKAlgo = null;
++ private String dhSKAlgo = null;
private Services services;
-
+
+ private InternalDistributedMember localMember;
+
private NetView view;
private Map<InternalDistributedMember, PeerEncryptor> memberToPeerEncryptor = new ConcurrentHashMap<>();
-
- private ClusterEncryptor clusterEncryptor;
++ private ClusterEncryptor clusterEncryptor;
- protected void installView(NetView view) {
+ protected void installView(NetView view) throws Exception {
this.view = view;
this.view.setPublicKey(services.getJoinLeave().getMemberID(), getPublicKeyBytes());
- // TODO remove ciphers for departed members
}
--
- protected void installView(NetView view, InternalDistributedMember mbr) {
++
+ protected void installView(NetView view, InternalDistributedMember mbr) throws Exception {
this.view = view;
- // this.view.setPublicKey(mbr, getPublicKeyBytes());
- this.view.setPublicKey(mbr, getPublicKeyBytes());
++ // this.view.setPublicKey(mbr, getPublicKeyBytes());
// TODO remove ciphers for departed members
- //addClusterKey();
++ // addClusterKey();
+ }
-
++
+ protected byte[] getSecretBytes() {
+ return this.clusterEncryptor.secretBytes;
+ }
-
++
+ protected synchronized void addClusterKey() throws Exception {
+ this.clusterEncryptor = new ClusterEncryptor(this);
+ }
-
++
+ protected synchronized void addClusterKey(byte[] secretBytes) throws Exception {
+ this.clusterEncryptor = new ClusterEncryptor(secretBytes);
}
protected GMSEncrypt() {
--
++
}
-- public GMSEncrypt(Services services) throws Exception {
++ public GMSEncrypt(Services services) throws Exception {
this.services = services;
initDHKeys(services.getConfig().getDistributionConfig());
}
-
- public GMSEncrypt(Services services, InternalDistributedMember mbr) throws Exception {
+
++ public GMSEncrypt(Services services, InternalDistributedMember mbr) throws Exception {
+ this.services = services;
+ this.localMember = mbr;
+ initDHKeys(services.getConfig().getDistributionConfig());
+ }
+
public byte[] decryptData(byte[] data, InternalDistributedMember member) throws Exception {
return getPeerEncryptor(member).decryptBytes(data);
}
@@@ -129,16 -108,7 +120,15 @@@
public byte[] encryptData(byte[] data, InternalDistributedMember member) throws Exception {
return getPeerEncryptor(member).encryptBytes(data);
}
-
+ public byte[] decryptData(byte[] data) throws Exception {
+ return this.clusterEncryptor.decryptBytes(data);
+ }
+
+ public byte[] encryptData(byte[] data) throws Exception {
+ return this.clusterEncryptor.encryptBytes(data);
+ }
+
protected byte[] getPublicKeyBytes() {
return dhPublicKey.getEncoded();
}
@@@ -158,7 -127,7 +148,7 @@@
System.out.println("private key format " + format);
System.out.println("public ksy format " + this.dhPublicKey.getFormat());
PKCS8EncodedKeySpec x509KeySpecPKey = new PKCS8EncodedKeySpec(this.dhPrivateKey.getEncoded());
--
++
keyFact = KeyFactory.getInstance("DH");
// PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
gmsEncrypt.dhPrivateKey = keyFact.generatePrivate(x509KeySpecPKey);
@@@ -190,7 -162,7 +180,7 @@@
}
}
-- protected synchronized PeerEncryptor getPeerEncryptor(InternalDistributedMember member) throws Exception{
++ protected synchronized PeerEncryptor getPeerEncryptor(InternalDistributedMember member) throws Exception {
PeerEncryptor result = memberToPeerEncryptor.get(member);
if (result == null) {
result = createPeerEncryptor(member);
@@@ -205,7 -177,7 +195,6 @@@
return result;
}
--
private static int getKeySize(String skAlgo) {
// skAlgo contain both algo and key size info
int colIdx = skAlgo.indexOf(':');
@@@ -214,20 -186,20 +203,16 @@@
if (colIdx >= 0) {
algoStr = skAlgo.substring(0, colIdx);
algoKeySize = Integer.parseInt(skAlgo.substring(colIdx + 1));
-- }
-- else {
++ } else {
algoStr = skAlgo;
}
int keysize = -1;
if (algoStr.equalsIgnoreCase("DESede")) {
keysize = 24;
-- }
-- else if (algoStr.equalsIgnoreCase("Blowfish")) {
++ } else if (algoStr.equalsIgnoreCase("Blowfish")) {
keysize = algoKeySize > 128 ? algoKeySize / 8 : 16;
-- }
-- else if (algoStr.equalsIgnoreCase("AES")) {
-- keysize = (algoKeySize != 192 && algoKeySize != 256) ? 16
-- : algoKeySize / 8;
++ } else if (algoStr.equalsIgnoreCase("AES")) {
++ keysize = (algoKeySize != 192 && algoKeySize != 256) ? 16 : algoKeySize / 8;
}
return keysize;
}
@@@ -237,8 -209,8 +222,7 @@@
String algoStr;
if (colIdx >= 0) {
algoStr = skAlgo.substring(0, colIdx);
-- }
-- else {
++ } else {
algoStr = skAlgo;
}
return algoStr;
@@@ -249,75 -221,101 +233,69 @@@
String algoStr = getDhAlgoStr(skAlgo);
if (algoStr.equalsIgnoreCase("DESede")) {
blocksize = 8;
-- }
-- else if (algoStr.equalsIgnoreCase("Blowfish")) {
++ } else if (algoStr.equalsIgnoreCase("Blowfish")) {
blocksize = 8;
-- }
-- else if (algoStr.equalsIgnoreCase("AES")) {
++ } else if (algoStr.equalsIgnoreCase("AES")) {
blocksize = 16;
}
return blocksize;
}
-- static public byte[] encryptBytes(byte[] data, Cipher encrypt) throws Exception{
-- synchronized(GMSEncrypt.class) {
++ static public byte[] encryptBytes(byte[] data, Cipher encrypt) throws Exception {
++ synchronized (GMSEncrypt.class) {
encodingsPerformed++;
}
return encrypt.doFinal(data);
}
-- static public byte[] decryptBytes(byte[] data, Cipher decrypt)
-- throws Exception{
++ static public byte[] decryptBytes(byte[] data, Cipher decrypt) throws Exception {
try {
byte[] decryptBytes = decrypt.doFinal(data);
-- synchronized(GMSEncrypt.class) {
++ synchronized (GMSEncrypt.class) {
decodingsPerformed++;
}
return decryptBytes;
-- }catch(Exception ex) {
++ } catch (Exception ex) {
throw ex;
}
}
--
protected class PeerEncryptor {
private PublicKey peerPublicKey = null;
private String peerSKAlgo = null;
- private Cipher _encrypt;
+ private Cipher encrypt;
-
+
- protected PeerEncryptor(byte[] peerPublicKeyBytes) throws NoSuchAlgorithmException, InvalidKeySpecException {
- X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(peerPublicKeyBytes);
- KeyFactory keyFact = KeyFactory.getInstance("DH");
- //PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
- this.peerPublicKey = keyFact.generatePublic(x509KeySpec);
+ private Cipher decrypt = null;
+
+ protected PeerEncryptor(byte[] peerPublicKeyBytes) throws Exception {
+ this.peerPublicKey = getPublicKey(peerPublicKeyBytes);
}
-- public byte [] encryptBytes(byte[] data) throws Exception {
++ public byte[] encryptBytes(byte[] data) throws Exception {
String algo = null;
if (this.peerSKAlgo != null) {
algo = this.peerSKAlgo;
} else {
algo = dhSKAlgo;
}
- return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo, this.peerPublicKey));
+ return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo));
}
- private Cipher getEncryptCipher(String dhSKAlgo)
- private Cipher getEncryptCipher(String dhSKAlgo, PublicKey publicKey)
-- throws Exception{
++ private Cipher getEncryptCipher(String dhSKAlgo) throws Exception {
try {
- if(encrypt == null) {
- if(_encrypt == null) {
- KeyAgreement ka = KeyAgreement.getInstance("DH");
- ka.init(dhPrivateKey);
- ka.doPhase(publicKey, true);
-
- Cipher encrypt;
-
- int keysize = getKeySize(dhSKAlgo);
- int blocksize = getBlockSize(dhSKAlgo);
-
- if (keysize == -1 || blocksize == -1) {
- SecretKey sKey = ka.generateSecret(dhSKAlgo);
- encrypt = Cipher.getInstance(dhSKAlgo);
- encrypt.init(Cipher.ENCRYPT_MODE, sKey);
- }
- else {
- String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
-
- byte[] sKeyBytes = ka.generateSecret();
- SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
- IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
-
- encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
- encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
- }
- _encrypt = encrypt;
++ if (encrypt == null) {
+ encrypt = GMSEncrypt.getEncryptCipher(dhSKAlgo, dhPrivateKey, this.peerPublicKey);
}
-- }catch(Exception ex) {
++ } catch (Exception ex) {
throw ex;
}
- return _encrypt;
+ return encrypt;
}
-
- public byte[] decryptBytes(byte[] data) throws Exception
- {
+
-
- public byte[] decryptBytes(byte[] data) throws Exception
- {
++ public byte[] decryptBytes(byte[] data) throws Exception {
String algo = null;
if (this.peerSKAlgo != null) {
algo = this.peerSKAlgo;
@@@ -327,213 -325,48 +305,206 @@@
Cipher c = getDecryptCipher(algo, this.peerPublicKey);
return GMSEncrypt.decryptBytes(data, c);
- }
+ }
- private Cipher getDecryptCipher( String dhSKAlgo, PublicKey publicKey)
- throws Exception{
- if(decrypt == null) {
++ private Cipher getDecryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception {
++ if (decrypt == null) {
+ decrypt = GMSEncrypt.getDecryptCipher(dhSKAlgo, dhPrivateKey, this.peerPublicKey);
+ }
+ return decrypt;
+ }
+
+ }
- protected static Cipher getEncryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey peerPublicKey)
- throws Exception{
++ protected static Cipher getEncryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey peerPublicKey) throws Exception {
+ KeyAgreement ka = KeyAgreement.getInstance("DH");
+ ka.init(privateKey);
+ ka.doPhase(peerPublicKey, true);
-
+
- private Cipher _decrypt = null;
+ Cipher encrypt;
- private Cipher getDecryptCipher( String dhSKAlgo, PublicKey publicKey)
- throws Exception{
- if(_decrypt == null) {
- try {
- KeyAgreement ka = KeyAgreement.getInstance("DH");
- ka.init(dhPrivateKey);
- ka.doPhase(publicKey, true);
+ int keysize = getKeySize(dhSKAlgo);
+ int blocksize = getBlockSize(dhSKAlgo);
- Cipher decrypt;
+ if (keysize == -1 || blocksize == -1) {
+ SecretKey sKey = ka.generateSecret(dhSKAlgo);
+ encrypt = Cipher.getInstance(dhSKAlgo);
+ encrypt.init(Cipher.ENCRYPT_MODE, sKey);
- }
- else {
++ } else {
+ String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
- int keysize = getKeySize(dhSKAlgo);
- int blocksize = getBlockSize(dhSKAlgo);
+ byte[] sKeyBytes = ka.generateSecret();
+ SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
+ IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
- if (keysize == -1 || blocksize == -1) {
- SecretKey sKey = ka.generateSecret(dhSKAlgo);
- decrypt = Cipher.getInstance(dhSKAlgo);
- decrypt.init(Cipher.DECRYPT_MODE, sKey);
- }
- else {
- String algoStr = getDhAlgoStr(dhSKAlgo);
+ encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
+ encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
+ }
- byte[] sKeyBytes = ka.generateSecret();
- SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
- IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
+ return encrypt;
+ }
-
- protected static Cipher getEncryptCipher(String dhSKAlgo, byte[] secretBytes)
- throws Exception{
-
- Cipher encrypt = null;
-
- int keysize = getKeySize(dhSKAlgo);
- int blocksize = getBlockSize(dhSKAlgo);
-
- if (keysize == -1 || blocksize == -1) {
- //TODO how should we do here
- /*SecretKey sKey = ka.generateSecret(dhSKAlgo);
- encrypt = Cipher.getInstance(dhSKAlgo);
- encrypt.init(Cipher.ENCRYPT_MODE, sKey);*/
- }
- else {
- String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
- SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, dhAlgoStr);
- IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
- decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
- decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
- }
++ protected static Cipher getEncryptCipher(String dhSKAlgo, byte[] secretBytes) throws Exception {
- encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
- encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
- }
- _decrypt = decrypt;
- }catch(Exception ex) {
- throw ex;
++ Cipher encrypt = null;
+
- return encrypt;
++ int keysize = getKeySize(dhSKAlgo);
++ int blocksize = getBlockSize(dhSKAlgo);
++
++ if (keysize == -1 || blocksize == -1) {
++ // TODO how should we do here
++ /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
++ * encrypt = Cipher.getInstance(dhSKAlgo);
++ * encrypt.init(Cipher.ENCRYPT_MODE, sKey); */
++ } else {
++ String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
++
++ SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, dhAlgoStr);
++ IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
++
++ encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
++ encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
+ }
-
++
++ return encrypt;
++ }
++
+ protected static Cipher getDecryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey publicKey) throws Exception {
+ KeyAgreement ka = KeyAgreement.getInstance("DH");
+ ka.init(privateKey);
+ ka.doPhase(publicKey, true);
-
++
+ Cipher decrypt;
+
+ int keysize = getKeySize(dhSKAlgo);
+ int blocksize = getBlockSize(dhSKAlgo);
+
+ if (keysize == -1 || blocksize == -1) {
+ SecretKey sKey = ka.generateSecret(dhSKAlgo);
+ decrypt = Cipher.getInstance(dhSKAlgo);
+ decrypt.init(Cipher.DECRYPT_MODE, sKey);
+ } else {
+ String algoStr = getDhAlgoStr(dhSKAlgo);
+
+ byte[] sKeyBytes = ka.generateSecret();
+ SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
+ IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
+
+ decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
+ decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
+ }
+ return decrypt;
+ }
-
++
+ protected static Cipher getDecryptCipher(String dhSKAlgo, byte[] secretBytes) throws Exception {
+ Cipher decrypt = null;
+
+ int keysize = getKeySize(dhSKAlgo);
+ int blocksize = getBlockSize(dhSKAlgo);
+
+ if (keysize == -1 || blocksize == -1) {
- //TODO: how to do here
- /*SecretKey sKey = ka.generateSecret(dhSKAlgo);
- decrypt = Cipher.getInstance(dhSKAlgo);
- decrypt.init(Cipher.DECRYPT_MODE, sKey);*/
++ // TODO: how to do here
++ /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
++ * decrypt = Cipher.getInstance(dhSKAlgo);
++ * decrypt.init(Cipher.DECRYPT_MODE, sKey); */
+ } else {
+ String algoStr = getDhAlgoStr(dhSKAlgo);
+
+ SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, algoStr);
+ IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
+
+ decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
+ decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
+ }
+ return decrypt;
+ }
++
+ protected static byte[] generateSecret(String dhSKAlgo, PrivateKey privateKey, PublicKey otherPublicKey) throws Exception {
+ KeyAgreement ka = KeyAgreement.getInstance("DH");
+ ka.init(privateKey);
+ ka.doPhase(otherPublicKey, true);
-
++
+ int keysize = getKeySize(dhSKAlgo);
+ int blocksize = getBlockSize(dhSKAlgo);
+
+ if (keysize == -1 || blocksize == -1) {
+ SecretKey sKey = ka.generateSecret(dhSKAlgo);
+ return sKey.getEncoded();
+ } else {
+ String algoStr = getDhAlgoStr(dhSKAlgo);
+
+ return ka.generateSecret();
+ }
+ }
-
++
+ protected static PublicKey getPublicKey(byte[] publicKeyBytes) throws Exception {
+ X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKeyBytes);
+ KeyFactory keyFact = KeyFactory.getInstance("DH");
- //PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
++ // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
+ return keyFact.generatePublic(x509KeySpec);
+ }
+
- protected static void initEncryptCipher(KeyAgreement ka, List<PublicKey> publicKeys) throws Exception{
++ protected static void initEncryptCipher(KeyAgreement ka, List<PublicKey> publicKeys) throws Exception {
+ Iterator<PublicKey> itr = publicKeys.iterator();
- while(itr.hasNext()) {
- ka.doPhase(itr.next(), !itr.hasNext());
++ while (itr.hasNext()) {
++ ka.doPhase(itr.next(), !itr.hasNext());
+ }
+ }
++
+ /***
+ * this will hold the common key for cluster
+ * that will be created using publickey of all the members..
+ *
+ */
- protected class ClusterEncryptor{
++ protected class ClusterEncryptor {
+ byte[] secretBytes;
+ Cipher encrypt;
+ Cipher decrypt;
+ int viewId;
+ Set<InternalDistributedMember> mbrs;
-
++
+ public ClusterEncryptor(GMSEncrypt other) throws Exception {
- GMSEncrypt mine = new GMSEncrypt(other.services);
++ GMSEncrypt mine = new GMSEncrypt(other.services);
+ this.secretBytes = GMSEncrypt.generateSecret(mine.dhSKAlgo, mine.dhPrivateKey, other.dhPublicKey);
+ }
-
++
+ public ClusterEncryptor(byte[] sb) {
+ this.secretBytes = sb;
+ }
-
- public byte [] encryptBytes(byte[] data) throws Exception {
++
++ public byte[] encryptBytes(byte[] data) throws Exception {
+ String algo = dhSKAlgo;
+ return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo));
+ }
+
- private Cipher getEncryptCipher(String dhSKAlgo)
- throws Exception{
++ private Cipher getEncryptCipher(String dhSKAlgo) throws Exception {
+ try {
- if(encrypt == null) {
++ if (encrypt == null) {
+ synchronized (this) {
- if(encrypt == null)
++ if (encrypt == null)
+ encrypt = GMSEncrypt.getEncryptCipher(dhSKAlgo, secretBytes);
- }
++ }
}
- }catch(Exception ex) {
++ } catch (Exception ex) {
+ throw ex;
}
- return _decrypt;
+ return encrypt;
}
-
- public byte[] decryptBytes(byte[] data) throws Exception
- {
+
++ public byte[] decryptBytes(byte[] data) throws Exception {
+ String algo = dhSKAlgo;
+ Cipher c = getDecryptCipher(algo);
+ return GMSEncrypt.decryptBytes(data, c);
+ }
+
- private Cipher getDecryptCipher( String dhSKAlgo)
- throws Exception{
- if(decrypt == null) {
++ private Cipher getDecryptCipher(String dhSKAlgo) throws Exception {
++ if (decrypt == null) {
+ synchronized (this) {
- if(decrypt == null)
++ if (decrypt == null)
+ decrypt = GMSEncrypt.getDecryptCipher(dhSKAlgo, secretBytes);
- }
++ }
+ }
+ return decrypt;
+ }
}
}
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4d5f9477/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
index 8652b67,de90328..3a08faa
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
@@@ -9,15 -8,9 +8,18 @@@ import com.gemstone.gemfire.distributed
import com.gemstone.gemfire.distributed.internal.membership.gms.ServiceConfig;
import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
import com.gemstone.gemfire.internal.admin.remote.RemoteTransportConfig;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+ import org.junit.Assert;
+ import org.junit.Test;
+
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
@@@ -151,406 -137,4 +152,406 @@@ public class GMSEncryptJUnitTest
Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
}
+
+ @Test
+ public void testForClusterSecretKey() throws Exception{
+ initMocks();
+
+ GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender
+ gmsEncrypt1.addClusterKey();
+ // establish the public keys for the sender and receiver
+ netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
+
+ gmsEncrypt1.installView(netView, mockMembers[1]);
+
+ // sender encrypts a message, so use receiver's public key
+ String ch = "Hello world";
+ byte[] challenge = ch.getBytes();
+ byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge);
+
+ // receiver decrypts the message using the sender's public key
+ byte[] decryptBytes = gmsEncrypt1.decryptData(encryptedChallenge);
+
+ Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
+
+ Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
+ }
+
+ @Test
+ public void testForClusterSecretKeyFromOtherMember() throws Exception{
+ initMocks();
+
+ GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender
+ gmsEncrypt1.addClusterKey();
+ GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the sender
+
+ // establish the public keys for the sender and receiver
+ netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
+ netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
+
+ gmsEncrypt1.installView(netView, mockMembers[1]);
+
+ byte[] secretBytes = gmsEncrypt1.getSecretBytes();
+ gmsEncrypt2.addClusterKey(secretBytes);
+
+ gmsEncrypt2.installView(netView, mockMembers[1]);
+
+ // sender encrypts a message, so use receiver's public key
+ String ch = "Hello world";
+ byte[] challenge = ch.getBytes();
+ byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge);
+
+ // receiver decrypts the message using the sender's public key
+ byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge);
+
+ // now send a response
+ String response = "Hello yourself!";
+ byte[] responseBytes = response.getBytes();
+ byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes);
+
+ // receiver decodes the response
+ byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse);
+
+ Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
+
+ Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
+
+ Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
+
+ Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
+ }
+
+
+ @Test
+ public void testDHAlgo() throws Exception {
+
+ DHParameterSpec dhSkipParamSpec;
+
+ System.out.println("Using SKIP Diffie-Hellman parameters");
+ dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
+
+ // Alice creates her own DH key pair
+ System.out.println("ALICE: Generate DH keypair ...");
+ KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
+ aliceKpairGen.initialize(dhSkipParamSpec);
+ KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
+
+ // Bob creates his own DH key pair
+ System.out.println("BOB: Generate DH keypair ...");
+ KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
+ bobKpairGen.initialize(dhSkipParamSpec);
+ KeyPair bobKpair = bobKpairGen.generateKeyPair();
+
+ // Carol creates her own DH key pair
+ System.out.println("CAROL: Generate DH keypair ...");
+ KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
+ carolKpairGen.initialize(dhSkipParamSpec);
+ KeyPair carolKpair = carolKpairGen.generateKeyPair();
+
+
+ // Alice initialize
+ System.out.println("ALICE: Initialize ...");
+ KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
+ aliceKeyAgree.init(aliceKpair.getPrivate());
+
+ // Bob initialize
+ System.out.println("BOB: Initialize ...");
+ KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
+ bobKeyAgree.init(bobKpair.getPrivate());
+
+ // Carol initialize
+ System.out.println("CAROL: Initialize ...");
+ KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
+ carolKeyAgree.init(carolKpair.getPrivate());
+
+
+ // Alice uses Carol's public key
+ Key ac = aliceKeyAgree.doPhase(carolKpair.getPublic(), false);
+
+ // Bob uses Alice's public key
+ Key ba = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
+
+ // Carol uses Bob's public key
+ Key cb = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
+
+
+ // Alice uses Carol's result from above
+ aliceKeyAgree.doPhase(cb, true);
+
+ // Bob uses Alice's result from above
+ bobKeyAgree.doPhase(ac, true);
+
+ // Carol uses Bob's result from above
+ carolKeyAgree.doPhase(ba, true);
+
+
+ // Alice, Bob and Carol compute their secrets
+ byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
+ System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
+
+ byte[] bobSharedSecret = bobKeyAgree.generateSecret();
+ System.out.println("Bob secret: " + toHexString(bobSharedSecret));
+
+ byte[] carolSharedSecret = carolKeyAgree.generateSecret();
+ System.out.println("Carol secret: " + toHexString(carolSharedSecret));
+
+
+ // Compare Alice and Bob
+ if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
+ throw new Exception("Alice and Bob differ");
+ System.out.println("Alice and Bob are the same");
+
+ // Compare Bob and Carol
+ if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
+ throw new Exception("Bob and Carol differ");
+ System.out.println("Bob and Carol are the same");
+ }
+
+ @Test
+ public void testDHAlgo2() throws Exception {
+
+ DHParameterSpec dhSkipParamSpec;
+
+ System.out.println("Using SKIP Diffie-Hellman parameters");
+ dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
+
+ // Alice creates her own DH key pair
+ System.out.println("ALICE: Generate DH keypair ...");
+ KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
+ aliceKpairGen.initialize(dhSkipParamSpec);
+ KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
+
+
+ // Bob creates his own DH key pair
+ System.out.println("BOB: Generate DH keypair ...");
+ KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
+ bobKpairGen.initialize(dhSkipParamSpec);
+ KeyPair bobKpair = bobKpairGen.generateKeyPair();
+
+
+ // Alice initialize
+ System.out.println("ALICE: Initialize ...");
+ KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
+ aliceKeyAgree.init(aliceKpair.getPrivate());
+
+ // Bob initialize
+ System.out.println("BOB : Initialize ...");
+ KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
+ bobKeyAgree.init(bobKpair.getPrivate());
+
+ // Alice uses Carol's public key
+ aliceKeyAgree.doPhase(bobKpair.getPublic(), true);
+
+ // Bob uses Alice's public key
+ bobKeyAgree.doPhase(aliceKpair.getPublic(), true);
+
+ // Alice, Bob and Carol compute their secrets
+ byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
+ System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
+
+
+ byte[] bobSharedSecret = bobKeyAgree.generateSecret();
+ System.out.println("Bob secret: " + toHexString(bobSharedSecret));
+
+
+ // Compare Alice and Bob
+ if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
+ throw new Exception("Alice and Bob differ");
+ System.out.println("Alice and Bob are the same");
+
+ }
+
+ @Test
+ public void testDHAlgo3() throws Exception {
+
+ DHParameterSpec dhSkipParamSpec;
+
+ System.out.println("Using SKIP Diffie-Hellman parameters");
+ dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
+
+ // Alice creates her own DH key pair
+ System.out.println("ALICE: Generate DH keypair ...");
+ KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
+ aliceKpairGen.initialize(dhSkipParamSpec);
+ KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
+
+
+ // Bob creates his own DH key pair
+ System.out.println("BOB: Generate DH keypair ...");
+ KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
+ bobKpairGen.initialize(dhSkipParamSpec);
+ KeyPair bobKpair = bobKpairGen.generateKeyPair();
+
+
+ // Alice initialize
+ System.out.println("ALICE: Initialize ...");
+ KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
+ aliceKeyAgree.init(aliceKpair.getPrivate());
+
+ // Bob initialize
+ System.out.println("BOB : Initialize ...");
+ KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
+ bobKeyAgree.init(bobKpair.getPrivate());
+
+ // Alice uses Carol's public key
+ aliceKeyAgree.doPhase(bobKpair.getPublic(), true);
+
+ // Bob uses Alice's public key
+ bobKeyAgree.doPhase(aliceKpair.getPublic(), true);
+
+ String dhKalgo = "AES";
+ // Alice, Bob and Carol compute their secrets
+ SecretKey aliceSharedSecret = aliceKeyAgree.generateSecret(dhKalgo);
+ System.out.println("Alice secret: " + toHexString(aliceSharedSecret.getEncoded()));
+
+
+
+ SecretKey bobSharedSecret = bobKeyAgree.generateSecret(dhKalgo);
+ System.out.println("Bob secret: " + toHexString(bobSharedSecret.getEncoded()));
+
- applyMAC(aliceSharedSecret);
- applyMAC(bobSharedSecret);
++ //applyMAC(aliceSharedSecret);
++ //applyMAC(bobSharedSecret);
+
+ // Compare Alice and Bob
+ if (!java.util.Arrays.equals(aliceSharedSecret.getEncoded(), bobSharedSecret.getEncoded()))
+ throw new Exception("Alice and Bob differ");
+ System.out.println("Alice and Bob are the same");
+ }
+
+ private void applyMAC(Key key) throws Exception {
+ SecretKey key2 = new SecretKey() {
+
+ @Override
+ public String getFormat() {
+ // TODO Auto-generated method stub
+ return key.getFormat();
+ }
+
+ @Override
+ public byte[] getEncoded() {
+ // TODO Auto-generated method stub
+ String hitesh = "This is from Hitesh";
+ byte[] secbytes = hitesh.getBytes();
+ byte[] origsecret = key.getEncoded();
+ byte[] ns = new byte[origsecret.length + secbytes.length];
+ System.arraycopy(origsecret, 0, ns, 0, origsecret.length);
+ System.arraycopy(secbytes, 0, ns, origsecret.length, secbytes.length);
+ return ns;
+ }
+
+ @Override
+ public String getAlgorithm() {
+ // TODO Auto-generated method stub
+ return key.getAlgorithm();
+ }
+ };
+ // Generate secret key for HMAC-MD5
+ //KeyGenerator kg = KeyGenerator.getInstance("HmacMD5");
+ //SecretKey sk = kg.generateKey();
+
+ // Get instance of Mac object implementing HMAC-MD5, and
+ // initialize it with the above secret key
+
+ System.out.println("Key2 secret " + toHexString(key2.getEncoded()));
+
+ Mac mac = Mac.getInstance("HmacMD5");
+ mac.init(key2);
+ byte[] result = mac.doFinal("Hi There".getBytes());
+
+
+ System.out.println("Message Authentication code length: " + mac.getMacLength());
+ System.out.println("Message Authentication code : " + toHexString(result));
+
+ verifyMacBody(mac, result);
+ }
+
+ private byte[] verifyMacBody(Mac hmac, byte[] encryptedAndMac) throws Exception {
+ byte[] encrypted = new byte[encryptedAndMac.length - hmac.getMacLength()];
+ System.arraycopy(encryptedAndMac, 0, encrypted, 0, encrypted.length);
+
+ byte[] remoteMac = new byte[hmac.getMacLength()];
+ System.arraycopy(encryptedAndMac, encryptedAndMac.length - remoteMac.length, remoteMac, 0, remoteMac.length);
+
+ byte[] localMac = hmac.doFinal(encrypted);
+
+ System.out.println("Message Authentication code remoteMac : " + toHexString(remoteMac));
+ System.out.println("Message Authentication code localMac : " + toHexString(localMac));
+ if (!Arrays.equals(remoteMac, localMac))
+ throw new Exception("MAC doesen't match.");
+
+ return encrypted;
+ }
+ // The 1024 bit Diffie-Hellman modulus values used by SKIP
+ private static final byte skip1024ModulusBytes[] = {
+ (byte)0xF4, (byte)0x88, (byte)0xFD, (byte)0x58,
+ (byte)0x4E, (byte)0x49, (byte)0xDB, (byte)0xCD,
+ (byte)0x20, (byte)0xB4, (byte)0x9D, (byte)0xE4,
+ (byte)0x91, (byte)0x07, (byte)0x36, (byte)0x6B,
+ (byte)0x33, (byte)0x6C, (byte)0x38, (byte)0x0D,
+ (byte)0x45, (byte)0x1D, (byte)0x0F, (byte)0x7C,
+ (byte)0x88, (byte)0xB3, (byte)0x1C, (byte)0x7C,
+ (byte)0x5B, (byte)0x2D, (byte)0x8E, (byte)0xF6,
+ (byte)0xF3, (byte)0xC9, (byte)0x23, (byte)0xC0,
+ (byte)0x43, (byte)0xF0, (byte)0xA5, (byte)0x5B,
+ (byte)0x18, (byte)0x8D, (byte)0x8E, (byte)0xBB,
+ (byte)0x55, (byte)0x8C, (byte)0xB8, (byte)0x5D,
+ (byte)0x38, (byte)0xD3, (byte)0x34, (byte)0xFD,
+ (byte)0x7C, (byte)0x17, (byte)0x57, (byte)0x43,
+ (byte)0xA3, (byte)0x1D, (byte)0x18, (byte)0x6C,
+ (byte)0xDE, (byte)0x33, (byte)0x21, (byte)0x2C,
+ (byte)0xB5, (byte)0x2A, (byte)0xFF, (byte)0x3C,
+ (byte)0xE1, (byte)0xB1, (byte)0x29, (byte)0x40,
+ (byte)0x18, (byte)0x11, (byte)0x8D, (byte)0x7C,
+ (byte)0x84, (byte)0xA7, (byte)0x0A, (byte)0x72,
+ (byte)0xD6, (byte)0x86, (byte)0xC4, (byte)0x03,
+ (byte)0x19, (byte)0xC8, (byte)0x07, (byte)0x29,
+ (byte)0x7A, (byte)0xCA, (byte)0x95, (byte)0x0C,
+ (byte)0xD9, (byte)0x96, (byte)0x9F, (byte)0xAB,
+ (byte)0xD0, (byte)0x0A, (byte)0x50, (byte)0x9B,
+ (byte)0x02, (byte)0x46, (byte)0xD3, (byte)0x08,
+ (byte)0x3D, (byte)0x66, (byte)0xA4, (byte)0x5D,
+ (byte)0x41, (byte)0x9F, (byte)0x9C, (byte)0x7C,
+ (byte)0xBD, (byte)0x89, (byte)0x4B, (byte)0x22,
+ (byte)0x19, (byte)0x26, (byte)0xBA, (byte)0xAB,
+ (byte)0xA2, (byte)0x5E, (byte)0xC3, (byte)0x55,
+ (byte)0xE9, (byte)0x2F, (byte)0x78, (byte)0xC7
+ };
+
+
+
+ // The SKIP 1024 bit modulus
+ private static final BigInteger skip1024Modulus
+ = new BigInteger(1, skip1024ModulusBytes);
+
+ // The base used with the SKIP 1024 bit modulus
+ private static final BigInteger skip1024Base = BigInteger.valueOf(2);
+
+ /*
+ * Converts a byte to hex digit and writes to the supplied buffer
+ */
+ private void byte2hex(byte b, StringBuffer buf) {
+ char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
+ '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+ int high = ((b & 0xf0) >> 4);
+ int low = (b & 0x0f);
+ buf.append(hexChars[high]);
+ buf.append(hexChars[low]);
+ }
+
+ /*
+ * Converts a byte array to hex string
+ */
+ private String toHexString(byte[] block) {
+ StringBuffer buf = new StringBuffer();
+
+ int len = block.length;
+
+ for (int i = 0; i < len; i++) {
+ byte2hex(block[i], buf);
+ if (i < len-1) {
+ buf.append(":");
+ }
+ }
+ return buf.toString();
+ }
}