/// <exception cref="System.IO.IOException"/> /// <exception cref="GeneralSecurityException"/> public virtual KeyProviderCryptoExtension.EncryptedKeyVersion GenerateEncryptedKey (string encryptionKeyName) { // Fetch the encryption key KeyProvider.KeyVersion encryptionKey = keyProvider.GetCurrentKey(encryptionKeyName ); Preconditions.CheckNotNull(encryptionKey, "No KeyVersion exists for key '%s' ", encryptionKeyName ); // Generate random bytes for new key and IV CryptoCodec cc = CryptoCodec.GetInstance(keyProvider.GetConf()); byte[] newKey = new byte[encryptionKey.GetMaterial().Length]; cc.GenerateSecureRandom(newKey); byte[] iv = new byte[cc.GetCipherSuite().GetAlgorithmBlockSize()]; cc.GenerateSecureRandom(iv); // Encryption key IV is derived from new key's IV byte[] encryptionIV = KeyProviderCryptoExtension.EncryptedKeyVersion.DeriveIV(iv); Encryptor encryptor = cc.CreateEncryptor(); encryptor.Init(encryptionKey.GetMaterial(), encryptionIV); int keyLen = newKey.Length; ByteBuffer bbIn = ByteBuffer.AllocateDirect(keyLen); ByteBuffer bbOut = ByteBuffer.AllocateDirect(keyLen); bbIn.Put(newKey); bbIn.Flip(); encryptor.Encrypt(bbIn, bbOut); bbOut.Flip(); byte[] encryptedKey = new byte[keyLen]; bbOut.Get(encryptedKey); return(new KeyProviderCryptoExtension.EncryptedKeyVersion(encryptionKeyName, encryptionKey .GetVersionName(), iv, new KeyProvider.KeyVersion(encryptionKey.GetName(), Eek, encryptedKey))); }
/// <summary>Negotiate a cipher option which server supports.</summary> /// <param name="conf">the configuration</param> /// <param name="options">the cipher options which client supports</param> /// <returns>CipherOption negotiated cipher option</returns> /// <exception cref="System.IO.IOException"/> public static CipherOption NegotiateCipherOption(Configuration conf, IList <CipherOption > options) { // Negotiate cipher suites if configured. Currently, the only supported // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple // values for future expansion. string cipherSuites = conf.Get(DFSConfigKeys.DfsEncryptDataTransferCipherSuitesKey ); if (cipherSuites == null || cipherSuites.IsEmpty()) { return(null); } if (!cipherSuites.Equals(CipherSuite.AesCtrNopadding.GetName())) { throw new IOException(string.Format("Invalid cipher suite, %s=%s", DFSConfigKeys. DfsEncryptDataTransferCipherSuitesKey, cipherSuites)); } if (options != null) { foreach (CipherOption option in options) { CipherSuite suite = option.GetCipherSuite(); if (suite == CipherSuite.AesCtrNopadding) { int keyLen = conf.GetInt(DFSConfigKeys.DfsEncryptDataTransferCipherKeyBitlengthKey , DFSConfigKeys.DfsEncryptDataTransferCipherKeyBitlengthDefault) / 8; CryptoCodec codec = CryptoCodec.GetInstance(conf, suite); byte[] inKey = new byte[keyLen]; byte[] inIv = new byte[suite.GetAlgorithmBlockSize()]; byte[] outKey = new byte[keyLen]; byte[] outIv = new byte[suite.GetAlgorithmBlockSize()]; codec.GenerateSecureRandom(inKey); codec.GenerateSecureRandom(inIv); codec.GenerateSecureRandom(outKey); codec.GenerateSecureRandom(outIv); return(new CipherOption(suite, inKey, inIv, outKey, outIv)); } } } return(null); }
/// <summary>This method creates and initializes an IV (Initialization Vector)</summary> /// <param name="conf"/> /// <returns>byte[]</returns> /// <exception cref="System.IO.IOException"/> public static byte[] CreateIV(Configuration conf) { CryptoCodec cryptoCodec = CryptoCodec.GetInstance(conf); if (IsEncryptedSpillEnabled(conf)) { byte[] iv = new byte[cryptoCodec.GetCipherSuite().GetAlgorithmBlockSize()]; cryptoCodec.GenerateSecureRandom(iv); return(iv); } else { return(null); } }