Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C5DB311908 for ; Thu, 10 Jul 2014 06:28:18 +0000 (UTC) Received: (qmail 81900 invoked by uid 500); 10 Jul 2014 06:28:18 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 81830 invoked by uid 500); 10 Jul 2014 06:28:18 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 81821 invoked by uid 99); 10 Jul 2014 06:28:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jul 2014 06:28:18 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jul 2014 06:28:18 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5F47D23888D2; Thu, 10 Jul 2014 06:27:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1609403 - in /hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common: ./ src/main/java/org/apache/hadoop/crypto/ src/test/java/org/apache/hadoop/crypto/ Date: Thu, 10 Jul 2014 06:27:53 -0000 To: common-commits@hadoop.apache.org From: yliu@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140710062753.5F47D23888D2@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: yliu Date: Thu Jul 10 06:27:52 2014 New Revision: 1609403 URL: http://svn.apache.org/r1609403 Log: HADOOP-10803. Update OpensslCipher#getInstance to accept CipherSuite#name format. (yliu) Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt?rev=1609403&r1=1609402&r2=1609403&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt Thu Jul 10 06:27:52 2014 @@ -28,6 +28,12 @@ fs-encryption (Unreleased) HADOOP-10713. Refactor CryptoCodec#generateSecureRandom to take a byte[]. (wang via yliu) + HADOOP-10693. Implementation of AES-CTR CryptoCodec using JNI to OpenSSL. + (Yi Liu via cmccabe) + + HADOOP-10803. Update OpensslCipher#getInstance to accept CipherSuite#name + format. (Yi Liu) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java?rev=1609403&r1=1609402&r2=1609403&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslAesCtrCryptoCodec.java Thu Jul 10 06:27:52 2014 @@ -70,8 +70,7 @@ public class OpensslAesCtrCryptoCodec ex public OpensslAesCtrCipher(int mode) throws GeneralSecurityException { this.mode = mode; - cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR, - OpensslCipher.PADDING_NOPADDING); + cipher = OpensslCipher.getInstance(SUITE.getName()); } @Override Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java?rev=1609403&r1=1609402&r2=1609403&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/OpensslCipher.java Thu Jul 10 06:27:52 2014 @@ -19,6 +19,7 @@ package org.apache.hadoop.crypto; import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; +import java.util.StringTokenizer; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; @@ -45,11 +46,34 @@ public final class OpensslCipher { public static final int DECRYPT_MODE = 0; /** Currently only support AES/CTR/NoPadding. */ - public static final int AES_CTR = 0; - public static final int PADDING_NOPADDING = 0; + private static enum AlgMode { + AES_CTR; + + static int get(String algorithm, String mode) + throws NoSuchAlgorithmException { + try { + return AlgMode.valueOf(algorithm + "_" + mode).ordinal(); + } catch (Exception e) { + throw new NoSuchAlgorithmException("Doesn't support algorithm: " + + algorithm + " and mode: " + mode); + } + } + } + + private static enum Padding { + NoPadding; + + static int get(String padding) throws NoSuchPaddingException { + try { + return Padding.valueOf(padding).ordinal(); + } catch (Exception e) { + throw new NoSuchPaddingException("Doesn't support padding: " + padding); + } + } + } private long context = 0; - private final int algorithm; + private final int alg; private final int padding; private static boolean nativeCipherLoaded = false; @@ -69,26 +93,71 @@ public final class OpensslCipher { return nativeCipherLoaded; } - private OpensslCipher(long context, int algorithm, int padding) { + private OpensslCipher(long context, int alg, int padding) { this.context = context; - this.algorithm = algorithm; + this.alg = alg; this.padding = padding; } /** * Return an OpensslCipher object that implements the specified - * algorithm. + * transformation. * - * @param algorithm currently only supports {@link #AES_CTR} - * @param padding currently only supports {@link #PADDING_NOPADDING} - * @return OpensslCipher an OpensslCipher object - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException + * @param transformation the name of the transformation, e.g., + * AES/CTR/NoPadding. + * @return OpensslCipher an OpensslCipher object + * @throws NoSuchAlgorithmException if transformation is null, + * empty, in an invalid format, or if Openssl doesn't implement the + * specified algorithm. + * @throws NoSuchPaddingException if transformation contains + * a padding scheme that is not available. */ - public static final OpensslCipher getInstance(int algorithm, - int padding) throws NoSuchAlgorithmException, NoSuchPaddingException { - long context = initContext(algorithm, padding); - return new OpensslCipher(context, algorithm, padding); + public static final OpensslCipher getInstance(String transformation) + throws NoSuchAlgorithmException, NoSuchPaddingException { + Transform transform = tokenizeTransformation(transformation); + int algMode = AlgMode.get(transform.alg, transform.mode); + int padding = Padding.get(transform.padding); + long context = initContext(algMode, padding); + return new OpensslCipher(context, algMode, padding); + } + + /** Nested class for algorithm, mode and padding. */ + private static class Transform { + final String alg; + final String mode; + final String padding; + + public Transform(String alg, String mode, String padding) { + this.alg = alg; + this.mode = mode; + this.padding = padding; + } + } + + private static Transform tokenizeTransformation(String transformation) + throws NoSuchAlgorithmException { + if (transformation == null) { + throw new NoSuchAlgorithmException("No transformation given."); + } + + /* + * Array containing the components of a Cipher transformation: + * + * index 0: algorithm (e.g., AES) + * index 1: mode (e.g., CTR) + * index 2: padding (e.g., NoPadding) + */ + String[] parts = new String[3]; + int count = 0; + StringTokenizer parser = new StringTokenizer(transformation, "/"); + while (parser.hasMoreTokens() && count < 3) { + parts[count++] = parser.nextToken().trim(); + } + if (count != 3 || parser.hasMoreTokens()) { + throw new NoSuchAlgorithmException("Invalid transformation format: " + + transformation); + } + return new Transform(parts[0], parts[1], parts[2]); } /** @@ -99,7 +168,7 @@ public final class OpensslCipher { * @param iv crypto iv */ public void init(int mode, byte[] key, byte[] iv) { - context = init(context, mode, algorithm, padding, key, iv); + context = init(context, mode, alg, padding, key, iv); } /** Modified: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java?rev=1609403&r1=1609402&r2=1609403&view=diff ============================================================================== --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java (original) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java Thu Jul 10 06:27:52 2014 @@ -38,21 +38,18 @@ public class TestOpensslCipher { if (!OpensslCipher.isNativeCodeLoaded()) { return; } - OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR, - OpensslCipher.PADDING_NOPADDING); + OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding"); Assert.assertTrue(cipher != null); try { - cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR + 100, - OpensslCipher.PADDING_NOPADDING); + cipher = OpensslCipher.getInstance("AES2/CTR/NoPadding"); Assert.fail("Should specify correct algorithm."); } catch (NoSuchAlgorithmException e) { // Expect NoSuchAlgorithmException } try { - cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR, - OpensslCipher.PADDING_NOPADDING + 100); + cipher = OpensslCipher.getInstance("AES/CTR/NoPadding2"); Assert.fail("Should specify correct padding."); } catch (NoSuchPaddingException e) { // Expect NoSuchPaddingException @@ -64,8 +61,7 @@ public class TestOpensslCipher { if (!OpensslCipher.isNativeCodeLoaded()) { return; } - OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR, - OpensslCipher.PADDING_NOPADDING); + OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding"); Assert.assertTrue(cipher != null); cipher.init(OpensslCipher.ENCRYPT_MODE, key, iv); @@ -100,8 +96,7 @@ public class TestOpensslCipher { if (!OpensslCipher.isNativeCodeLoaded()) { return; } - OpensslCipher cipher = OpensslCipher.getInstance(OpensslCipher.AES_CTR, - OpensslCipher.PADDING_NOPADDING); + OpensslCipher cipher = OpensslCipher.getInstance("AES/CTR/NoPadding"); Assert.assertTrue(cipher != null); cipher.init(OpensslCipher.ENCRYPT_MODE, key, iv);