You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by yl...@apache.org on 2014/07/10 08:27:53 UTC
svn commit: r1609403 - in
/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common:
./ src/main/java/org/apache/hadoop/crypto/
src/test/java/org/apache/hadoop/crypto/
Author: yliu
Date: Thu Jul 10 06:27:52 2014
New Revision: 1609403
URL: http://svn.apache.org/r1609403
Log:
HADOOP-10803. Update OpensslCipher#getInstance to accept CipherSuite#name format. (yliu)
Modified:
hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt
hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java
hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java
hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java
Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt?rev=1609403&r1=1609402&r2=1609403&view=diff
==============================================================================
--- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt (original)
+++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt Thu Jul 10 06:27:52 2014
@@ -28,6 +28,12 @@ fs-encryption (Unreleased)
HADOOP-10713. Refactor CryptoCodec#generateSecureRandom to take a byte[].
(wang via yliu)
+ HADOOP-10693. Implementation of AES-CTR CryptoCodec using JNI to OpenSSL.
+ (Yi Liu via cmccabe)
+
+ HADOOP-10803. Update OpensslCipher#getInstance to accept CipherSuite#name
+ format. (Yi Liu)
+
OPTIMIZATIONS
BUG FIXES
Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java?rev=1609403&r1=1609402&r2=1609403&view=diff
==============================================================================
--- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java (original)
+++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java Thu Jul 10 06:27:52 2014
@@ -70,8 +70,7 @@ public class OpensslAesCtrCryptoCodec ex
public OpensslAesCtrCipher(int mode) throws GeneralSecurityException {
this.mode = mode;
- cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR,
- OpensslCipher.PADDING_NOPADDING);
+ cipher = OpensslCipher.getInstance(SUITE.getName());
}
@Override
Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java?rev=1609403&r1=1609402&r2=1609403&view=diff
==============================================================================
--- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java (original)
+++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java Thu Jul 10 06:27:52 2014
@@ -19,6 +19,7 @@ package org.apache.hadoop.crypto;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
+import java.util.StringTokenizer;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
@@ -45,11 +46,34 @@ public final class OpensslCipher {
public static final int DECRYPT_MODE = 0;
/** Currently only support AES/CTR/NoPadding. */
- public static final int AES_CTR = 0;
- public static final int PADDING_NOPADDING = 0;
+ private static enum AlgMode {
+ AES_CTR;
+
+ static int get(String algorithm, String mode)
+ throws NoSuchAlgorithmException {
+ try {
+ return AlgMode.valueOf(algorithm + "_" + mode).ordinal();
+ } catch (Exception e) {
+ throw new NoSuchAlgorithmException("Doesn't support algorithm: " +
+ algorithm + " and mode: " + mode);
+ }
+ }
+ }
+
+ private static enum Padding {
+ NoPadding;
+
+ static int get(String padding) throws NoSuchPaddingException {
+ try {
+ return Padding.valueOf(padding).ordinal();
+ } catch (Exception e) {
+ throw new NoSuchPaddingException("Doesn't support padding: " + padding);
+ }
+ }
+ }
private long context = 0;
- private final int algorithm;
+ private final int alg;
private final int padding;
private static boolean nativeCipherLoaded = false;
@@ -69,26 +93,71 @@ public final class OpensslCipher {
return nativeCipherLoaded;
}
- private OpensslCipher(long context, int algorithm, int padding) {
+ private OpensslCipher(long context, int alg, int padding) {
this.context = context;
- this.algorithm = algorithm;
+ this.alg = alg;
this.padding = padding;
}
/**
* Return an <code>OpensslCipher<code> object that implements the specified
- * algorithm.
+ * transformation.
*
- * @param algorithm currently only supports {@link #AES_CTR}
- * @param padding currently only supports {@link #PADDING_NOPADDING}
- * @return OpensslCipher an <code>OpensslCipher<code> object
- * @throws NoSuchAlgorithmException
- * @throws NoSuchPaddingException
+ * @param transformation the name of the transformation, e.g.,
+ * AES/CTR/NoPadding.
+ * @return OpensslCipher an <code>OpensslCipher<code> object
+ * @throws NoSuchAlgorithmException if <code>transformation</code> is null,
+ * empty, in an invalid format, or if Openssl doesn't implement the
+ * specified algorithm.
+ * @throws NoSuchPaddingException if <code>transformation</code> contains
+ * a padding scheme that is not available.
*/
- public static final OpensslCipher getInstance(int algorithm,
- int padding) throws NoSuchAlgorithmException, NoSuchPaddingException {
- long context = initContext(algorithm, padding);
- return new OpensslCipher(context, algorithm, padding);
+ public static final OpensslCipher getInstance(String transformation)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ Transform transform = tokenizeTransformation(transformation);
+ int algMode = AlgMode.get(transform.alg, transform.mode);
+ int padding = Padding.get(transform.padding);
+ long context = initContext(algMode, padding);
+ return new OpensslCipher(context, algMode, padding);
+ }
+
+ /** Nested class for algorithm, mode and padding. */
+ private static class Transform {
+ final String alg;
+ final String mode;
+ final String padding;
+
+ public Transform(String alg, String mode, String padding) {
+ this.alg = alg;
+ this.mode = mode;
+ this.padding = padding;
+ }
+ }
+
+ private static Transform tokenizeTransformation(String transformation)
+ throws NoSuchAlgorithmException {
+ if (transformation == null) {
+ throw new NoSuchAlgorithmException("No transformation given.");
+ }
+
+ /*
+ * Array containing the components of a Cipher transformation:
+ *
+ * index 0: algorithm (e.g., AES)
+ * index 1: mode (e.g., CTR)
+ * index 2: padding (e.g., NoPadding)
+ */
+ String[] parts = new String[3];
+ int count = 0;
+ StringTokenizer parser = new StringTokenizer(transformation, "/");
+ while (parser.hasMoreTokens() && count < 3) {
+ parts[count++] = parser.nextToken().trim();
+ }
+ if (count != 3 || parser.hasMoreTokens()) {
+ throw new NoSuchAlgorithmException("Invalid transformation format: " +
+ transformation);
+ }
+ return new Transform(parts[0], parts[1], parts[2]);
}
/**
@@ -99,7 +168,7 @@ public final class OpensslCipher {
* @param iv crypto iv
*/
public void init(int mode, byte[] key, byte[] iv) {
- context = init(context, mode, algorithm, padding, key, iv);
+ context = init(context, mode, alg, padding, key, iv);
}
/**
Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java?rev=1609403&r1=1609402&r2=1609403&view=diff
==============================================================================
--- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java (original)
+++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java Thu Jul 10 06:27:52 2014
@@ -38,21 +38,18 @@ public class TestOpensslCipher {
if (!OpensslCipher.isNativeCodeLoaded()) {
return;
}
- OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR,
- OpensslCipher.PADDING_NOPADDING);
+ OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding");
Assert.assertTrue(cipher != null);
try {
- cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR + 100,
- OpensslCipher.PADDING_NOPADDING);
+ cipher = OpensslCipher.getInstance("AES2/CTR/NoPadding");
Assert.fail("Should specify correct algorithm.");
} catch (NoSuchAlgorithmException e) {
// Expect NoSuchAlgorithmException
}
try {
- cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR,
- OpensslCipher.PADDING_NOPADDING + 100);
+ cipher = OpensslCipher.getInstance("AES/CTR/NoPadding2");
Assert.fail("Should specify correct padding.");
} catch (NoSuchPaddingException e) {
// Expect NoSuchPaddingException
@@ -64,8 +61,7 @@ public class TestOpensslCipher {
if (!OpensslCipher.isNativeCodeLoaded()) {
return;
}
- OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR,
- OpensslCipher.PADDING_NOPADDING);
+ OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding");
Assert.assertTrue(cipher != null);
cipher.init(OpensslCipher.ENCRYPT_MODE, key, iv);
@@ -100,8 +96,7 @@ public class TestOpensslCipher {
if (!OpensslCipher.isNativeCodeLoaded()) {
return;
}
- OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR,
- OpensslCipher.PADDING_NOPADDING);
+ OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding");
Assert.assertTrue(cipher != null);
cipher.init(OpensslCipher.ENCRYPT_MODE, key, iv);