001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import static org.junit.Assert.assertNotNull;
021import static org.junit.Assert.assertTrue;
022import static org.junit.Assert.fail;
023
024import java.security.Key;
025import java.security.KeyException;
026import javax.crypto.spec.SecretKeySpec;
027import org.apache.hadoop.conf.Configuration;
028import org.apache.hadoop.hbase.HBaseClassTestRule;
029import org.apache.hadoop.hbase.HConstants;
030import org.apache.hadoop.hbase.io.crypto.Encryption;
031import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
032import org.apache.hadoop.hbase.io.crypto.aes.AES;
033import org.apache.hadoop.hbase.testclassification.ClientTests;
034import org.apache.hadoop.hbase.testclassification.SmallTests;
035import org.apache.hadoop.hbase.util.Bytes;
036import org.junit.ClassRule;
037import org.junit.Test;
038import org.junit.experimental.categories.Category;
039
040@Category({ ClientTests.class, SmallTests.class })
041public class TestEncryptionUtil {
042
043  private static final String INVALID_HASH_ALG = "this-hash-algorithm-not-exists hopefully... :)";
044  private static final String DEFAULT_HASH_ALGORITHM = "use-default";
045
046  @ClassRule
047  public static final HBaseClassTestRule CLASS_RULE =
048    HBaseClassTestRule.forClass(TestEncryptionUtil.class);
049
050  // There does not seem to be a ready way to test either getKeyFromBytesOrMasterKey
051  // or createEncryptionContext, and the existing code under MobUtils appeared to be
052  // untested. Not ideal!
053
054  @Test
055  public void testKeyWrappingUsingHashAlgDefault() throws Exception {
056    testKeyWrapping(DEFAULT_HASH_ALGORITHM);
057  }
058
059  @Test
060  public void testKeyWrappingUsingHashAlgMD5() throws Exception {
061    testKeyWrapping("MD5");
062  }
063
064  @Test
065  public void testKeyWrappingUsingHashAlgSHA256() throws Exception {
066    testKeyWrapping("SHA-256");
067  }
068
069  @Test
070  public void testKeyWrappingUsingHashAlgSHA384() throws Exception {
071    testKeyWrapping("SHA-384");
072  }
073
074  @Test(expected = RuntimeException.class)
075  public void testKeyWrappingWithInvalidHashAlg() throws Exception {
076    testKeyWrapping(INVALID_HASH_ALG);
077  }
078
079  @Test
080  public void testWALKeyWrappingUsingHashAlgDefault() throws Exception {
081    testWALKeyWrapping(DEFAULT_HASH_ALGORITHM);
082  }
083
084  @Test
085  public void testWALKeyWrappingUsingHashAlgMD5() throws Exception {
086    testWALKeyWrapping("MD5");
087  }
088
089  @Test
090  public void testWALKeyWrappingUsingHashAlgSHA256() throws Exception {
091    testWALKeyWrapping("SHA-256");
092  }
093
094  @Test
095  public void testWALKeyWrappingUsingHashAlgSHA384() throws Exception {
096    testWALKeyWrapping("SHA-384");
097  }
098
099  @Test(expected = RuntimeException.class)
100  public void testWALKeyWrappingWithInvalidHashAlg() throws Exception {
101    testWALKeyWrapping(INVALID_HASH_ALG);
102  }
103
104  @Test(expected = KeyException.class)
105  public void testWALKeyWrappingWithIncorrectKey() throws Exception {
106    // set up the key provider for testing to resolve a key for our test subject
107    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
108    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
109
110    // generate a test key
111    byte[] keyBytes = new byte[AES.KEY_LENGTH];
112    Bytes.secureRandom(keyBytes);
113    String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
114    Key key = new SecretKeySpec(keyBytes, algorithm);
115
116    // wrap the test key
117    byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
118    assertNotNull(wrappedKeyBytes);
119
120    // unwrap with an incorrect key
121    EncryptionUtil.unwrapWALKey(conf, "other", wrappedKeyBytes);
122  }
123
124  @Test(expected = KeyException.class)
125  public void testHashAlgorithmMismatchWhenFailExpected() throws Exception {
126    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
127    conf.setBoolean(Encryption.CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY, true);
128    testKeyWrappingWithMismatchingAlgorithms(conf);
129  }
130
131  @Test
132  public void testHashAlgorithmMismatchWhenFailNotExpected() throws Exception {
133    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
134    conf.setBoolean(Encryption.CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY, false);
135    testKeyWrappingWithMismatchingAlgorithms(conf);
136  }
137
138  @Test
139  public void testHashAlgorithmMismatchShouldNotFailWithDefaultConfig() throws Exception {
140    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
141    testKeyWrappingWithMismatchingAlgorithms(conf);
142  }
143
144  private void testKeyWrapping(String hashAlgorithm) throws Exception {
145    // set up the key provider for testing to resolve a key for our test subject
146    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
147    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
148    if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) {
149      conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, hashAlgorithm);
150    }
151
152    // generate a test key
153    byte[] keyBytes = new byte[AES.KEY_LENGTH];
154    Bytes.secureRandom(keyBytes);
155    String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
156    Key key = new SecretKeySpec(keyBytes, algorithm);
157
158    // wrap the test key
159    byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
160    assertNotNull(wrappedKeyBytes);
161
162    // unwrap
163    Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
164    assertNotNull(unwrappedKey);
165    // only secretkeyspec supported for now
166    assertTrue(unwrappedKey instanceof SecretKeySpec);
167    // did we get back what we wrapped?
168    assertTrue("Unwrapped key bytes do not match original",
169      Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
170
171    // unwrap with an incorrect key
172    try {
173      EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);
174      fail("Unwrap with incorrect key did not throw KeyException");
175    } catch (KeyException e) {
176      // expected
177    }
178  }
179
180  private void testWALKeyWrapping(String hashAlgorithm) throws Exception {
181    // set up the key provider for testing to resolve a key for our test subject
182    Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this
183    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
184    if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) {
185      conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, hashAlgorithm);
186    }
187
188    // generate a test key
189    byte[] keyBytes = new byte[AES.KEY_LENGTH];
190    Bytes.secureRandom(keyBytes);
191    String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
192    Key key = new SecretKeySpec(keyBytes, algorithm);
193
194    // wrap the test key
195    byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
196    assertNotNull(wrappedKeyBytes);
197
198    // unwrap
199    Key unwrappedKey = EncryptionUtil.unwrapWALKey(conf, "hbase", wrappedKeyBytes);
200    assertNotNull(unwrappedKey);
201    // only secretkeyspec supported for now
202    assertTrue(unwrappedKey instanceof SecretKeySpec);
203    // did we get back what we wrapped?
204    assertTrue("Unwrapped key bytes do not match original",
205      Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
206  }
207
208  private void testKeyWrappingWithMismatchingAlgorithms(Configuration conf) throws Exception {
209    // we use MD5 to hash the encryption key during wrapping
210    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
211    conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, "MD5");
212
213    // generate a test key
214    byte[] keyBytes = new byte[AES.KEY_LENGTH];
215    Bytes.secureRandom(keyBytes);
216    String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
217    Key key = new SecretKeySpec(keyBytes, algorithm);
218
219    // wrap the test key
220    byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
221    assertNotNull(wrappedKeyBytes);
222
223    // we set the default hash algorithm to SHA-384 during unwrapping
224    conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, "SHA-384");
225
226    // unwrap
227    // we expect to fail, if CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY == true
228    // otherwise we will use the algorithm written during wrapping
229    Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
230    assertNotNull(unwrappedKey);
231
232    // did we get back what we wrapped?
233    assertTrue("Unwrapped key bytes do not match original",
234      Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
235  }
236
237}