[HDFS-6737] DFSClient should use IV generated based on the configured CipherSuite with codecs used - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)
Fix Version/s: None
Component/s: hdfs-client
Labels:
None

Description

Seems like we are using IV as like Encrypted data encryption key iv. But the underlying Codec's cipher suite may expect different iv length. So, we should generate IV from the Coec's cipher suite configured.

 final CryptoInputStream cryptoIn =
          new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf, 
              feInfo.getCipherSuite()), feInfo.getEncryptedDataEncryptionKey(),
              feInfo.getIV());

So, instead of using feinfo.getIV(), we should generate like

byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()]; 
codec.generateSecureRandom(iv);

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-6737.patch
23/Jul/14 15:28
0.9 kB
Uma Maheswara Rao G

Activity

People

Assignee:: Uma Maheswara Rao G

Reporter:: Uma Maheswara Rao G

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Jul/14 06:31

Updated:: 01/Aug/14 17:24

Resolved:: 01/Aug/14 17:24