/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hbase.io.crypto.aes;
import org.apache.commons.crypto.cipher.CryptoCipher;
import org.apache.commons.crypto.utils.Utils;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.classification.InterfaceStability;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Properties;
/**
* AES encryption and decryption.
*/
@InterfaceAudience.Private
@InterfaceStability.Evolving
public class CryptoAES {
private final CryptoCipher encryptor;
private final CryptoCipher decryptor;
private final Integrity integrity;
public CryptoAES(String transformation, Properties properties,
byte[] inKey, byte[] outKey, byte[] inIv, byte[] outIv) throws IOException {
checkTransformation(transformation);
// encryptor
encryptor = Utils.getCipherInstance(transformation, properties);
try {
SecretKeySpec outKEYSpec = new SecretKeySpec(outKey, "AES");
IvParameterSpec outIVSpec = new IvParameterSpec(outIv);
encryptor.init(Cipher.ENCRYPT_MODE, outKEYSpec, outIVSpec);
} catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
throw new IOException("Failed to initialize encryptor", e);
}
// decryptor
decryptor = Utils.getCipherInstance(transformation, properties);
try {
SecretKeySpec inKEYSpec = new SecretKeySpec(inKey, "AES");
IvParameterSpec inIVSpec = new IvParameterSpec(inIv);
decryptor.init(Cipher.DECRYPT_MODE, inKEYSpec, inIVSpec);
} catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
throw new IOException("Failed to initialize decryptor", e);
}
integrity = new Integrity(outKey, inKey);
}
/**
* Encrypts input data. The result composes of (msg, padding if needed, mac) and sequence num.
* @param data the input byte array
* @param offset the offset in input where the input starts
* @param len the input length
* @return the new encrypted byte array.
* @throws SaslException if error happens
*/
public byte[] wrap(byte[] data, int offset, int len) throws SaslException {
// mac
byte[] mac = integrity.getHMAC(data, offset, len);
integrity.incMySeqNum();
// encrypt
byte[] encrypted = new byte[len + 10];
try {
int n = encryptor.update(data, offset, len, encrypted, 0);
encryptor.update(mac, 0, 10, encrypted, n);
} catch (ShortBufferException sbe) {
// this should not happen
throw new SaslException("Error happens during encrypt data", sbe);
}
// append seqNum used for mac
byte[] wrapped = new byte[encrypted.length + 4];
System.arraycopy(encrypted, 0, wrapped, 0, encrypted.length);
System.arraycopy(integrity.getSeqNum(), 0, wrapped, encrypted.length, 4);
return wrapped;
}
/**
* Decrypts input data. The input composes of (msg, padding if needed, mac) and sequence num.
* The result is msg.
* @param data the input byte array
* @param offset the offset in input where the input starts
* @param len the input length
* @return the new decrypted byte array.
* @throws SaslException if error happens
*/
public byte[] unwrap(byte[] data, int offset, int len) throws SaslException {
// get plaintext and seqNum
byte[] decrypted = new byte[len - 4];
byte[] peerSeqNum = new byte[4];
try {
decryptor.update(data, offset, len - 4, decrypted, 0);
} catch (ShortBufferException sbe) {
// this should not happen
throw new SaslException("Error happens during decrypt data", sbe);
}
System.arraycopy(data, offset + decrypted.length, peerSeqNum, 0, 4);
// get msg and mac
byte[] msg = new byte[decrypted.length - 10];
byte[] mac = new byte[10];
System.arraycopy(decrypted, 0, msg, 0, msg.length);
System.arraycopy(decrypted, msg.length, mac, 0, 10);
// check mac integrity and msg sequence
if (!integrity.compareHMAC(mac, peerSeqNum, msg, 0, msg.length)) {
throw new SaslException("Unmatched MAC");
}
if (!integrity.comparePeerSeqNum(peerSeqNum)) {
throw new SaslException("Out of order sequencing of messages. Got: " + integrity.byteToInt
(peerSeqNum) + " Expected: " + integrity.peerSeqNum);
}
integrity.incPeerSeqNum();
return msg;
}
private void checkTransformation(String transformation) throws IOException {
if ("AES/CTR/NoPadding".equalsIgnoreCase(transformation)) {
return;
}
throw new IOException("AES cipher transformation is not supported: " + transformation);
}
/**
* Helper class for providing integrity protection.
*/
private static class Integrity {
private int mySeqNum = 0;
private int peerSeqNum = 0;
private byte[] seqNum = new byte[4];
private byte[] myKey;
private byte[] peerKey;
Integrity(byte[] outKey, byte[] inKey) throws IOException {
myKey = outKey;
peerKey = inKey;
}
byte[] getHMAC(byte[] msg, int start, int len) throws SaslException {
intToByte(mySeqNum);
return calculateHMAC(myKey, seqNum, msg, start, len);
}
boolean compareHMAC(byte[] expectedHMAC, byte[] peerSeqNum, byte[] msg, int start,
int len) throws SaslException {
byte[] mac = calculateHMAC(peerKey, peerSeqNum, msg, start, len);
return Arrays.equals(mac, expectedHMAC);
}
boolean comparePeerSeqNum(byte[] peerSeqNum) {
return this.peerSeqNum == byteToInt(peerSeqNum);
}
byte[] getSeqNum() {
return seqNum;
}
void incMySeqNum() {
mySeqNum ++;
}
void incPeerSeqNum() {
peerSeqNum ++;
}
private byte[] calculateHMAC(byte[] key, byte[] seqNum, byte[] msg, int start,
int len) throws SaslException {
byte[] seqAndMsg = new byte[4+len];
System.arraycopy(seqNum, 0, seqAndMsg, 0, 4);
System.arraycopy(msg, start, seqAndMsg, 4, len);
try {
SecretKey keyKi = new SecretKeySpec(key, "HmacMD5");
Mac m = Mac.getInstance("HmacMD5");
m.init(keyKi);
m.update(seqAndMsg);
byte[] hMAC_MD5 = m.doFinal();
/* First 10 bytes of HMAC_MD5 digest */
byte macBuffer[] = new byte[10];
System.arraycopy(hMAC_MD5, 0, macBuffer, 0, 10);
return macBuffer;
} catch (InvalidKeyException e) {
throw new SaslException("Invalid bytes used for key of HMAC-MD5 hash.", e);
} catch (NoSuchAlgorithmException e) {
throw new SaslException("Error creating instance of MD5 MAC algorithm", e);
}
}
private void intToByte(int num) {
for(int i = 3; i >= 0; i --) {
seqNum[i] = (byte)(num & 0xff);
num >>>= 8;
}
}
private int byteToInt(byte[] seqNum) {
int answer = 0;
for (int i = 0; i < 4; i ++) {
answer <<= 8;
answer |= ((int)seqNum[i] & 0xff);
}
return answer;
}
}
}