Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-10842. CryptoExtension generateEncryptedKey method should receive the key name. (asuresh via tucu) 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619535 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-08-21 18:59:25 +00:00
parent 0197f57ff4
commit f21bd86958
3 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -148,6 +148,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10841. EncryptedKeyVersion should have a key name property. HADOOP-10841. EncryptedKeyVersion should have a key name property.
(asuresh via tucu) (asuresh via tucu)
HADOOP-10842. CryptoExtension generateEncryptedKey method should
receive the key name. (asuresh via tucu)
BUG FIXES BUG FIXES
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry

32
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
View File

@ -84,14 +84,13 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
/** /**
* Generates a key material and encrypts it using the given key version name * Generates a key material and encrypts it using the given key version name
* and initialization vector. The generated key material is of the same * and initialization vector. The generated key material is of the same
* length as the <code>KeyVersion</code> material and is encrypted using the * length as the <code>KeyVersion</code> material of the latest key version
* same cipher. * of the key and is encrypted using the same cipher.
* <p/> * <p/>
* NOTE: The generated key is not stored by the <code>KeyProvider</code> * NOTE: The generated key is not stored by the <code>KeyProvider</code>
* *
* @param encryptionKeyVersion * @param encryptionKeyName
* a KeyVersion object containing the keyVersion name and material * The latest KeyVersion of this key's material will be encrypted.
* to encrypt.
* @return EncryptedKeyVersion with the generated key material, the version * @return EncryptedKeyVersion with the generated key material, the version
* name is 'EEK' (for Encrypted Encryption Key) * name is 'EEK' (for Encrypted Encryption Key)
* @throws IOException * @throws IOException
@ -101,7 +100,7 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
* cryptographic issue. * cryptographic issue.
*/ */
public EncryptedKeyVersion generateEncryptedKey( public EncryptedKeyVersion generateEncryptedKey(
KeyVersion encryptionKeyVersion) throws IOException, String encryptionKeyName) throws IOException,
GeneralSecurityException; GeneralSecurityException;
/** /**
@ -146,12 +145,11 @@ private byte[] flipIV(byte[] iv) {
} }
@Override @Override
public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion) public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
throws IOException, GeneralSecurityException { throws IOException, GeneralSecurityException {
KeyVersion keyVer = KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName);
keyProvider.getKeyVersion(keyVersion.getVersionName()); Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ",
Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist", encryptionKeyName);
keyVersion.getVersionName());
byte[] newKey = new byte[keyVer.getMaterial().length]; byte[] newKey = new byte[keyVer.getMaterial().length];
SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey); SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
@ -159,8 +157,8 @@ public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(), cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(),
"AES"), new IvParameterSpec(flipIV(iv))); "AES"), new IvParameterSpec(flipIV(iv)));
byte[] ek = cipher.doFinal(newKey); byte[] ek = cipher.doFinal(newKey);
return new EncryptedKeyVersion(keyVersion.getName(), return new EncryptedKeyVersion(encryptionKeyName,
keyVersion.getVersionName(), iv, keyVer.getVersionName(), iv,
new KeyVersion(keyVer.getName(), EEK, ek)); new KeyVersion(keyVer.getName(), EEK, ek));
} }
@ -197,18 +195,18 @@ private KeyProviderCryptoExtension(KeyProvider keyProvider,
* <p/> * <p/>
* NOTE: The generated key is not stored by the <code>KeyProvider</code> * NOTE: The generated key is not stored by the <code>KeyProvider</code>
* *
* @param encryptionKey a KeyVersion object containing the keyVersion name and * @param encryptionKeyName The latest KeyVersion of this key's material will
* material to encrypt. * be encrypted.
* @return EncryptedKeyVersion with the generated key material, the version * @return EncryptedKeyVersion with the generated key material, the version
* name is 'EEK' (for Encrypted Encryption Key) * name is 'EEK' (for Encrypted Encryption Key)
* @throws IOException thrown if the key material could not be generated * @throws IOException thrown if the key material could not be generated
* @throws GeneralSecurityException thrown if the key material could not be * @throws GeneralSecurityException thrown if the key material could not be
* encrypted because of a cryptographic issue. * encrypted because of a cryptographic issue.
*/ */
public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey) public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
throws IOException, throws IOException,
GeneralSecurityException { GeneralSecurityException {
return getExtension().generateEncryptedKey(encryptionKey); return getExtension().generateEncryptedKey(encryptionKeyName);
} }
/** /**

4
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
View File

@ -42,7 +42,7 @@ public void testGenerateEncryptedKey() throws Exception {
KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);
KeyProviderCryptoExtension.EncryptedKeyVersion ek1 = KeyProviderCryptoExtension.EncryptedKeyVersion ek1 =
kpExt.generateEncryptedKey(kv); kpExt.generateEncryptedKey(kv.getName());
Assert.assertEquals(KeyProviderCryptoExtension.EEK, Assert.assertEquals(KeyProviderCryptoExtension.EEK,
ek1.getEncryptedKey().getVersionName()); ek1.getEncryptedKey().getVersionName());
Assert.assertEquals("foo", ek1.getKeyName()); Assert.assertEquals("foo", ek1.getKeyName());
@ -56,7 +56,7 @@ public void testGenerateEncryptedKey() throws Exception {
Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length); Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length);
KeyProviderCryptoExtension.EncryptedKeyVersion ek2 = KeyProviderCryptoExtension.EncryptedKeyVersion ek2 =
kpExt.generateEncryptedKey(kv); kpExt.generateEncryptedKey(kv.getName());
KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2); KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2);
boolean eq = true; boolean eq = true;
for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) { for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) {