if (params.getAlgorithmName().equals("NullCipher")) { params.setEncryptedOutputStream(params.getPlaintextOutputStream()); return params; params.getRandomNumberGenerator(), params.getRandomNumberGeneratorProvider()); if (params.getPlaintextKey() == null) { byte[] randomKey = new byte[params.getKeyLength() / 8]; secureRandom.nextBytes(randomKey); params.setPlaintextKey(randomKey); .getSecretKeyEncryptionStrategy(params.getKeyEncryptionStrategyClass()); params = keyEncryptionStrategy.encryptSecretKey(params); if (!params.getCloseUnderylingStreamAfterCryptoStreamClose()) { params.setPlaintextOutputStream( new DiscardCloseOutputStream(params.getPlaintextOutputStream())); Cipher cipher = params.getCipher(); if (cipher == null) { initializeCipher(params); cipher = params.getCipher(); params.getPlaintextOutputStream(), cipher); BlockedOutputStream blockedOutputStream = new BlockedOutputStream(cipherOutputStream, cipher.getBlockSize(), params.getBlockStreamSize()); params.setEncryptedOutputStream(blockedOutputStream);
public static CryptoModuleParameters createParamsObjectFromAccumuloConfiguration( AccumuloConfiguration conf) { CryptoModuleParameters params = new CryptoModuleParameters(); return fillParamsObjectFromConfiguration(params, conf); }
private String getCipherTransformation(CryptoModuleParameters params) { String cipherSuite = params.getAlgorithmName() + "/" + params.getEncryptionMode() + "/" + params.getPadding(); return cipherSuite; }
"Using cipher suite \"%s\" with key length %d with" + " RNG \"%s\" and RNG provider \"%s\" and key encryption strategy" + " \"%s\"", cipherTransformation, params.getKeyLength(), params.getRandomNumberGenerator(), params.getRandomNumberGeneratorProvider(), params.getKeyEncryptionStrategyClass())); if (params.getSecureRandom() == null) { SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom( params.getRandomNumberGenerator(), params.getRandomNumberGeneratorProvider()); params.setSecureRandom(secureRandom); if (params.getInitializationVector() == null) { try { cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()), params.getSecureRandom()); } catch (InvalidKeyException e) { log.error("Accumulo encountered an unknown error in generating the" params.setInitializationVector(cipher.getIV()); new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()), new IvParameterSpec(params.getInitializationVector())); } catch (InvalidKeyException e) { log.error("Accumulo encountered an unknown error in generating the" params.setCipher(cipher);
if (params.getRecordParametersToStream()) { DataInputStream dataIn = new DataInputStream(params.getEncryptedInputStream()); log.trace("About to read encryption parameters from underlying stream"); String algorithmNameFromFile = dataIn.readUTF(); String[] cipherSuiteParts = parseCipherSuite(cipherSuiteFromFile); params.setAlgorithmName(algorithmNameFromFile); params.setEncryptionMode(cipherSuiteParts[1]); params.setPadding(cipherSuiteParts[2]); params.setInitializationVector(initVector); params.setOpaqueKeyEncryptionKeyID(opaqueId); params.setEncryptedKey(encryptedSecretKey); if (params.getOverrideStreamsSecretKeyEncryptionStrategy()) { params.getAllOptions().put(name, paramsFromFile.get(name)); params.setKeyEncryptionStrategyClass(params.getAllOptions() .get(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey())); } else { .getSecretKeyEncryptionStrategy(params.getKeyEncryptionStrategyClass()); params.setBlockStreamSize(dataIn.readInt()); else params.setBlockStreamSize(0);
allIsWell = validateNotEmpty(params.getAlgorithmName(), allIsWell, errorBuf, "No algorithm name was specified."); if (allIsWell && params.getAlgorithmName().equals("NullCipher")) { return true; allIsWell = validateNotEmpty(params.getPadding(), allIsWell, errorBuf, "No padding was specified."); allIsWell = validateNotZero(params.getKeyLength(), allIsWell, errorBuf, "No key length was specified."); allIsWell = validateNotEmpty(params.getEncryptionMode(), allIsWell, errorBuf, "No encryption mode was specified."); allIsWell = validateNotEmpty(params.getRandomNumberGenerator(), allIsWell, errorBuf, "No random number generator was specified."); allIsWell = validateNotEmpty(params.getRandomNumberGeneratorProvider(), allIsWell, errorBuf, "No random number generate provider was specified."); allIsWell = validateNotNull(params.getPlaintextOutputStream(), allIsWell, errorBuf, "No plaintext output stream was specified."); allIsWell = validateNotEmpty(params.getPadding(), allIsWell, errorBuf, "No padding was specified."); allIsWell = validateNotZero(params.getKeyLength(), allIsWell, errorBuf, "No key length was specified."); allIsWell = validateNotEmpty(params.getEncryptionMode(), allIsWell, errorBuf, "No encryption mode was specified."); allIsWell = validateNotEmpty(params.getRandomNumberGenerator(), allIsWell, errorBuf, "No random number generator was specified."); allIsWell = validateNotEmpty(params.getRandomNumberGeneratorProvider(), allIsWell, errorBuf, "No random number generate provider was specified.");
params.getRandomNumberGenerator(), params.getRandomNumberGeneratorProvider()); int keyLength = params.getKeyLength(); byte[] newRandomKeyEncryptionKey = new byte[keyLength / 8]; random.nextBytes(newRandomKeyEncryptionKey); params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey())); try { cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, params.getAlgorithmName())); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(), Cipher.SECRET_KEY); params.setPlaintextKey(plaintextKey.getEncoded()); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()); try { byte[] encryptedSecretKey = cipher.wrap(plaintextKey); params.setEncryptedKey(encryptedSecretKey); params.setOpaqueKeyEncryptionKeyID(pathToKeyName); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e);
cryptoParams.setCloseUnderylingStreamAfterCryptoStreamClose(false); cryptoParams.setRecordParametersToStream(false); cryptoParams.setInitializationVector(null); if (cryptoParams.getInitializationVector() != null) { tempDataOutputStream.writeInt(cryptoParams.getInitializationVector().length); tempDataOutputStream.write(cryptoParams.getInitializationVector()); } else { cryptoParams.setPlaintextOutputStream(tempDataOutputStream); cryptoParams = cryptoModule.getEncryptingOutputStream(cryptoParams); if (cryptoParams.getEncryptedOutputStream() == tempDataOutputStream) { this.cipherOut = fsBufferedOutput; } else { this.cipherOut = cryptoParams.getEncryptedOutputStream();
private void doKeyEncryptionOperation(int encryptionMode, CryptoModuleParameters params) throws IOException { Cipher cipher = DefaultCryptoModuleUtils.getCipher( params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey())); new SecretKeySpec(secretKeyCache.getKeyEncryptionKey(), params.getAlgorithmName())); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(), Cipher.SECRET_KEY); params.setPlaintextKey(plaintextKey.getEncoded()); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()); try { byte[] encryptedSecretKey = cipher.wrap(plaintextKey); params.setEncryptedKey(encryptedSecretKey); params.setOpaqueKeyEncryptionKeyID(secretKeyCache.getPathToKeyName()); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e);
tempDataInputStream.readFully(initVector); cryptoParams.setInitializationVector(initVector); cryptoParams.setEncryptedInputStream(boundedRangeFileInputStream); cryptoParams.setCloseUnderylingStreamAfterCryptoStreamClose(false); cryptoParams.setRecordParametersToStream(false); inputStreamToBeCompressed = cryptoParams.getPlaintextInputStream();
params.setEncryptedInputStream(input); if (params.getPlaintextInputStream() instanceof DataInputStream) { decryptingInput = (DataInputStream) params.getPlaintextInputStream(); } else { decryptingInput = new DataInputStream(params.getPlaintextInputStream()); params.setEncryptedInputStream(input); if (params.getPlaintextInputStream() instanceof DataInputStream) { decryptingInput = (DataInputStream) params.getPlaintextInputStream(); } else { decryptingInput = new DataInputStream(params.getPlaintextInputStream());
params.setPlaintextOutputStream(nfos); OutputStream encipheringOutputStream = params.getEncryptedOutputStream();
@SuppressWarnings("deprecation") private String getFullPathToKey(CryptoModuleParameters params) { String pathToKeyName = params.getAllOptions() .get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey()); String instanceDirectory = params.getAllOptions().get(Property.INSTANCE_DFS_DIR.getKey()); if (pathToKeyName == null) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } if (instanceDirectory == null) { instanceDirectory = Property.INSTANCE_DFS_DIR.getDefaultValue(); } if (!pathToKeyName.startsWith("/")) { pathToKeyName = "/" + pathToKeyName; } String fullPath = instanceDirectory + pathToKeyName; return fullPath; }
@SuppressWarnings("deprecation") private String getFullPathToKey(CryptoModuleParameters params) { String pathToKeyName = params.getAllOptions() .get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey()); String instanceDirectory = params.getAllOptions().get(Property.INSTANCE_DFS_DIR.getKey()); if (pathToKeyName == null) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } if (instanceDirectory == null) { instanceDirectory = Property.INSTANCE_DFS_DIR.getDefaultValue(); } if (!pathToKeyName.startsWith("/")) { pathToKeyName = "/" + pathToKeyName; } String fullPath = instanceDirectory + pathToKeyName; return fullPath; }
@SuppressWarnings("deprecation") @Override public CryptoModuleParameters decryptSecretKey(CryptoModuleParameters params) { String hdfsURI = params.getAllOptions().get(Property.INSTANCE_DFS_URI.getKey()); if (hdfsURI == null) { hdfsURI = Property.INSTANCE_DFS_URI.getDefaultValue(); } String pathToKeyName = getFullPathToKey(params); Path pathToKey = new Path(pathToKeyName); try { // TODO ACCUMULO-2530 Ensure volumes a properly supported FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); doKeyEncryptionOperation(Cipher.UNWRAP_MODE, params, pathToKeyName, pathToKey, fs); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return params; }
@SuppressWarnings("deprecation") @Override public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters params) { String hdfsURI = params.getAllOptions().get(Property.INSTANCE_DFS_URI.getKey()); if (hdfsURI == null) { hdfsURI = Property.INSTANCE_DFS_URI.getDefaultValue(); } String fullPath = getFullPathToKey(params); Path pathToKey = new Path(fullPath); try { // TODO ACCUMULO-2530 Ensure volumes a properly supported FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); doKeyEncryptionOperation(Cipher.WRAP_MODE, params, fullPath, pathToKey, fs); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return params; }