/// <summary>Negotiate a cipher option which server supports.</summary> /// <param name="conf">the configuration</param> /// <param name="options">the cipher options which client supports</param> /// <returns>CipherOption negotiated cipher option</returns> /// <exception cref="System.IO.IOException"/> public static CipherOption NegotiateCipherOption(Configuration conf, IList <CipherOption > options) { // Negotiate cipher suites if configured. Currently, the only supported // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple // values for future expansion. string cipherSuites = conf.Get(DFSConfigKeys.DfsEncryptDataTransferCipherSuitesKey ); if (cipherSuites == null || cipherSuites.IsEmpty()) { return(null); } if (!cipherSuites.Equals(CipherSuite.AesCtrNopadding.GetName())) { throw new IOException(string.Format("Invalid cipher suite, %s=%s", DFSConfigKeys. DfsEncryptDataTransferCipherSuitesKey, cipherSuites)); } if (options != null) { foreach (CipherOption option in options) { CipherSuite suite = option.GetCipherSuite(); if (suite == CipherSuite.AesCtrNopadding) { int keyLen = conf.GetInt(DFSConfigKeys.DfsEncryptDataTransferCipherKeyBitlengthKey , DFSConfigKeys.DfsEncryptDataTransferCipherKeyBitlengthDefault) / 8; CryptoCodec codec = CryptoCodec.GetInstance(conf, suite); byte[] inKey = new byte[keyLen]; byte[] inIv = new byte[suite.GetAlgorithmBlockSize()]; byte[] outKey = new byte[keyLen]; byte[] outIv = new byte[suite.GetAlgorithmBlockSize()]; codec.GenerateSecureRandom(inKey); codec.GenerateSecureRandom(inIv); codec.GenerateSecureRandom(outKey); codec.GenerateSecureRandom(outIv); return(new CipherOption(suite, inKey, inIv, outKey, outIv)); } } } return(null); }
/// <summary>Create a FileEncryptionInfo.</summary> /// <param name="suite">CipherSuite used to encrypt the file</param> /// <param name="edek">encrypted data encryption key (EDEK) of the file</param> /// <param name="iv">initialization vector (IV) used to encrypt the file</param> /// <param name="keyName">name of the key used for the encryption zone</param> /// <param name="ezKeyVersionName"> /// name of the KeyVersion used to encrypt the /// encrypted data encryption key. /// </param> public FileEncryptionInfo(CipherSuite suite, CryptoProtocolVersion version, byte[] edek, byte[] iv, string keyName, string ezKeyVersionName) { Preconditions.CheckNotNull(suite); Preconditions.CheckNotNull(version); Preconditions.CheckNotNull(edek); Preconditions.CheckNotNull(iv); Preconditions.CheckNotNull(keyName); Preconditions.CheckNotNull(ezKeyVersionName); Preconditions.CheckArgument(iv.Length == suite.GetAlgorithmBlockSize(), "Unexpected IV length" ); this.cipherSuite = suite; this.version = version; this.edek = edek; this.iv = iv; this.keyName = keyName; this.ezKeyVersionName = ezKeyVersionName; }