Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E7E0411BD5 for ; Wed, 2 Jul 2014 23:08:52 +0000 (UTC) Received: (qmail 56626 invoked by uid 500); 2 Jul 2014 23:08:52 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 56559 invoked by uid 500); 2 Jul 2014 23:08:52 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 56550 invoked by uid 99); 2 Jul 2014 23:08:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jul 2014 23:08:52 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jul 2014 23:08:50 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id A1FA323889E1; Wed, 2 Jul 2014 23:08:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1607499 - in /hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop: crypto/ fs/ Date: Wed, 02 Jul 2014 23:08:30 -0000 To: common-commits@hadoop.apache.org From: wang@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140702230830.A1FA323889E1@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: wang Date: Wed Jul 2 23:08:29 2014 New Revision: 1607499 URL: http://svn.apache.org/r1607499 Log: HDFS-6605.Client server negotiation of cipher suite. (wang) Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/AESCTRCryptoCodec.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoInputStream.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoOutputStream.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoStreamUtils.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JCEAESCTRCryptoCodec.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/AESCTRCryptoCodec.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/AESCTRCryptoCodec.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/AESCTRCryptoCodec.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/AESCTRCryptoCodec.java Wed Jul 2 23:08:29 2014 @@ -25,16 +25,19 @@ import com.google.common.base.Preconditi @InterfaceAudience.Private @InterfaceStability.Evolving public abstract class AESCTRCryptoCodec extends CryptoCodec { + + protected static final CipherSuite SUITE = CipherSuite.AES_CTR_NOPADDING; + /** * For AES, the algorithm block is fixed size of 128 bits. * @see http://en.wikipedia.org/wiki/Advanced_Encryption_Standard */ - private static final int AES_BLOCK_SIZE = 16; + private static final int AES_BLOCK_SIZE = SUITE.getAlgorithmBlockSize(); private static final int CTR_OFFSET = 8; @Override - public int getAlgorithmBlockSize() { - return AES_BLOCK_SIZE; + public CipherSuite getCipherSuite() { + return SUITE; } /** Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java Wed Jul 2 23:08:29 2014 @@ -19,7 +19,6 @@ package org.apache.hadoop.crypto; import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.classification.InterfaceStability; /** * Defines properties of a CipherSuite. Modeled after the ciphers in @@ -27,14 +26,25 @@ import org.apache.hadoop.classification. */ @InterfaceAudience.Private public enum CipherSuite { - AES_CTR_NOPADDING("AES/CTR/NoPadding", 128); + UNKNOWN("Unknown", 0), + AES_CTR_NOPADDING("AES/CTR/NoPadding", 16); private final String name; - private final int blockBits; + private final int algoBlockSize; - CipherSuite(String name, int blockBits) { + private Integer unknownValue = null; + + CipherSuite(String name, int algoBlockSize) { this.name = name; - this.blockBits = blockBits; + this.algoBlockSize = algoBlockSize; + } + + public void setUnknownValue(int unknown) { + this.unknownValue = unknown; + } + + public int getUnknownValue() { + return unknownValue; } /** @@ -45,17 +55,20 @@ public enum CipherSuite { } /** - * @return size of an algorithm block in bits + * @return size of an algorithm block in bytes */ - public int getNumberBlockBits() { - return blockBits; + public int getAlgorithmBlockSize() { + return algoBlockSize; } @Override public String toString() { StringBuilder builder = new StringBuilder("{"); - builder.append("name: " + getName() + ", "); - builder.append("numBlockBits: " + getNumberBlockBits()); + builder.append("name: " + name); + builder.append(", algorithmBlockSize: " + algoBlockSize); + if (unknownValue != null) { + builder.append(", unknownValue: " + unknownValue); + } builder.append("}"); return builder.toString(); } Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java Wed Jul 2 23:08:29 2014 @@ -39,13 +39,11 @@ public abstract class CryptoCodec implem CryptoCodec.class); return ReflectionUtils.newInstance(klass, conf); } - + /** - * Get the block size of a block cipher. - * For different algorithms, the block size may be different. - * @return int the block size + * @return the CipherSuite for this codec. */ - public abstract int getAlgorithmBlockSize(); + public abstract CipherSuite getCipherSuite(); /** * Create a {@link org.apache.hadoop.crypto.Encryptor}. Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoInputStream.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoInputStream.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoInputStream.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoInputStream.java Wed Jul 2 23:08:29 2014 @@ -265,11 +265,11 @@ public class CryptoInputStream extends F } private long getCounter(long position) { - return position / codec.getAlgorithmBlockSize(); + return position / codec.getCipherSuite().getAlgorithmBlockSize(); } private byte getPadding(long position) { - return (byte)(position % codec.getAlgorithmBlockSize()); + return (byte)(position % codec.getCipherSuite().getAlgorithmBlockSize()); } /** Calculate the counter and iv, update the decryptor. */ Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoOutputStream.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoOutputStream.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoOutputStream.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoOutputStream.java Wed Jul 2 23:08:29 2014 @@ -194,8 +194,10 @@ public class CryptoOutputStream extends /** Update the {@link #encryptor}: calculate counter and {@link #padding}. */ private void updateEncryptor() throws IOException { - final long counter = streamOffset / codec.getAlgorithmBlockSize(); - padding = (byte)(streamOffset % codec.getAlgorithmBlockSize()); + final long counter = + streamOffset / codec.getCipherSuite().getAlgorithmBlockSize(); + padding = + (byte)(streamOffset % codec.getCipherSuite().getAlgorithmBlockSize()); inBuffer.position(padding); // Set proper position for input data. codec.calculateIV(initIV, counter, iv); encryptor.init(key, iv); Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoStreamUtils.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoStreamUtils.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoStreamUtils.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoStreamUtils.java Wed Jul 2 23:08:29 2014 @@ -53,7 +53,8 @@ public class CryptoStreamUtils { public static int checkBufferSize(CryptoCodec codec, int bufferSize) { Preconditions.checkArgument(bufferSize >= MIN_BUFFER_SIZE, "Minimum value of buffer size is " + MIN_BUFFER_SIZE + "."); - return bufferSize - bufferSize % codec.getAlgorithmBlockSize(); + return bufferSize - bufferSize % codec.getCipherSuite() + .getAlgorithmBlockSize(); } /** Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JCEAESCTRCryptoCodec.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JCEAESCTRCryptoCodec.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JCEAESCTRCryptoCodec.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/JCEAESCTRCryptoCodec.java Wed Jul 2 23:08:29 2014 @@ -92,9 +92,9 @@ public class JCEAESCTRCryptoCodec extend throws GeneralSecurityException { this.mode = mode; if (provider == null || provider.isEmpty()) { - cipher = Cipher.getInstance("AES/CTR/NoPadding"); + cipher = Cipher.getInstance(SUITE.getName()); } else { - cipher = Cipher.getInstance("AES/CTR/NoPadding", provider); + cipher = Cipher.getInstance(SUITE.getName(), provider); } } Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java?rev=1607499&r1=1607498&r2=1607499&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java Wed Jul 2 23:08:29 2014 @@ -19,7 +19,6 @@ package org.apache.hadoop.fs; import org.apache.commons.codec.binary.Hex; import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.crypto.CipherSuite; import static com.google.common.base.Preconditions.checkArgument; @@ -40,9 +39,9 @@ public class FileEncryptionInfo { checkNotNull(suite); checkNotNull(key); checkNotNull(iv); - checkArgument(key.length == suite.getNumberBlockBits() / 8, + checkArgument(key.length == suite.getAlgorithmBlockSize(), "Unexpected key length"); - checkArgument(iv.length == suite.getNumberBlockBits() / 8, + checkArgument(iv.length == suite.getAlgorithmBlockSize(), "Unexpected IV length"); this.cipherSuite = suite; this.key = key;