001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.aes;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertTrue;
022import static org.junit.Assert.fail;
023
024import java.io.ByteArrayInputStream;
025import java.io.ByteArrayOutputStream;
026import java.io.OutputStream;
027import java.security.AccessController;
028import java.security.NoSuchAlgorithmException;
029import java.security.PrivilegedAction;
030import java.security.Provider;
031import java.security.SecureRandom;
032import java.security.SecureRandomSpi;
033import java.security.Security;
034import javax.crypto.spec.SecretKeySpec;
035import org.apache.commons.io.IOUtils;
036import org.apache.hadoop.conf.Configuration;
037import org.apache.hadoop.hbase.HBaseClassTestRule;
038import org.apache.hadoop.hbase.HBaseConfiguration;
039import org.apache.hadoop.hbase.io.crypto.Cipher;
040import org.apache.hadoop.hbase.io.crypto.DefaultCipherProvider;
041import org.apache.hadoop.hbase.io.crypto.Encryption;
042import org.apache.hadoop.hbase.io.crypto.Encryptor;
043import org.apache.hadoop.hbase.testclassification.MiscTests;
044import org.apache.hadoop.hbase.testclassification.SmallTests;
045import org.apache.hadoop.hbase.util.Bytes;
046import org.junit.ClassRule;
047import org.junit.Test;
048import org.junit.experimental.categories.Category;
049
050@Category({ MiscTests.class, SmallTests.class })
051public class TestCommonsAES {
052
053  @ClassRule
054  public static final HBaseClassTestRule CLASS_RULE =
055    HBaseClassTestRule.forClass(TestCommonsAES.class);
056
057  // Validation for AES in CTR mode with a 128 bit key
058  // From NIST Special Publication 800-38A
059  @Test
060  public void testAESAlgorithm() throws Exception {
061    Configuration conf = HBaseConfiguration.create();
062    Cipher aes = Encryption.getCipher(conf, "AES");
063    assertEquals(CommonsCryptoAES.KEY_LENGTH, aes.getKeyLength());
064    assertEquals(CommonsCryptoAES.IV_LENGTH, aes.getIvLength());
065    Encryptor e = aes.getEncryptor();
066    e.setKey(new SecretKeySpec(Bytes.fromHex("2b7e151628aed2a6abf7158809cf4f3c"), "AES"));
067    e.setIv(Bytes.fromHex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
068
069    ByteArrayOutputStream out = new ByteArrayOutputStream();
070    OutputStream cout = e.createEncryptionStream(out);
071    cout.write(Bytes.fromHex("6bc1bee22e409f96e93d7e117393172a"));
072    cout.write(Bytes.fromHex("ae2d8a571e03ac9c9eb76fac45af8e51"));
073    cout.write(Bytes.fromHex("30c81c46a35ce411e5fbc1191a0a52ef"));
074    cout.write(Bytes.fromHex("f69f2445df4f9b17ad2b417be66c3710"));
075    cout.close();
076
077    ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
078    byte[] b = new byte[16];
079    IOUtils.readFully(in, b);
080    assertTrue("Failed #1", Bytes.equals(b, Bytes.fromHex("874d6191b620e3261bef6864990db6ce")));
081    IOUtils.readFully(in, b);
082    assertTrue("Failed #2", Bytes.equals(b, Bytes.fromHex("9806f66b7970fdff8617187bb9fffdff")));
083    IOUtils.readFully(in, b);
084    assertTrue("Failed #3", Bytes.equals(b, Bytes.fromHex("5ae4df3edbd5d35e5b4f09020db03eab")));
085    IOUtils.readFully(in, b);
086    assertTrue("Failed #4", Bytes.equals(b, Bytes.fromHex("1e031dda2fbe03d1792170a0f3009cee")));
087  }
088
089  @Test
090  public void testAlternateRNG() throws Exception {
091    Security.addProvider(new TestProvider());
092
093    Configuration conf = new Configuration();
094    conf.set(AES.RNG_ALGORITHM_KEY, "TestRNG");
095    conf.set(AES.RNG_PROVIDER_KEY, "TEST");
096    DefaultCipherProvider.getInstance().setConf(conf);
097
098    AES aes = new AES(DefaultCipherProvider.getInstance());
099    assertEquals("AES did not find alternate RNG", "TestRNG", aes.getRNG().getAlgorithm());
100  }
101
102  static class TestProvider extends Provider {
103    private static final long serialVersionUID = 1L;
104
105    public TestProvider() {
106      super("TEST", 1.0, "Test provider");
107      AccessController.doPrivileged(new PrivilegedAction<Object>() {
108        @Override
109        public Object run() {
110          put("SecureRandom.TestRNG", TestCommonsAES.class.getName() + "$TestRNG");
111          return null;
112        }
113      });
114    }
115  }
116
117  // Must be public for instantiation by the SecureRandom SPI
118  public static class TestRNG extends SecureRandomSpi {
119    private static final long serialVersionUID = 1L;
120    private SecureRandom rng;
121
122    public TestRNG() {
123      try {
124        rng = SecureRandom.getInstance("SHA1PRNG");
125      } catch (NoSuchAlgorithmException e) {
126        fail("Unable to create SecureRandom instance");
127      }
128    }
129
130    @Override
131    protected void engineSetSeed(byte[] seed) {
132      rng.setSeed(seed);
133    }
134
135    @Override
136    protected void engineNextBytes(byte[] bytes) {
137      rng.nextBytes(bytes);
138    }
139
140    @Override
141    protected byte[] engineGenerateSeed(int numBytes) {
142      return rng.generateSeed(numBytes);
143    }
144  }
145
146}