Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.0
    • Component/s: security
    • Labels:
      None

      Description

      This JIRA task provides three crypto codec implementations based on the Hadoop crypto codec framework. They are:
      1. Simple AES Codec. AES codec implementation based on AES-NI. (Not splittable)
      2. AES Codec. AES codec implementation based on AES-NI in splittable format.

      1. HADOOP-9332.patch
        204 kB
        Yi Liu
      2. HADOOP-9332.patch
        227 kB
        Yi Liu

        Issue Links

          Activity

          Hide
          Yi Liu added a comment -

          Yi, Andrew Purtell and Xiang did this patch.

          Show
          Yi Liu added a comment - Yi, Andrew Purtell and Xiang did this patch.
          Hide
          Yi Liu added a comment -

          The patch has been attached.

          Show
          Yi Liu added a comment - The patch has been attached.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12570713/HADOOP-9332.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 18 new or modified test files.

          -1 one of tests included doesn't have a timeout.

          -1 javac. The patch appears to cause the build to fail.

          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/2226//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12570713/HADOOP-9332.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 18 new or modified test files. -1 one of tests included doesn't have a timeout. -1 javac . The patch appears to cause the build to fail. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/2226//console This message is automatically generated.
          Hide
          Yi Liu added a comment -

          Cancel patch for building failure which was caused by dependency.

          Show
          Yi Liu added a comment - Cancel patch for building failure which was caused by dependency.
          Hide
          Yi Liu added a comment -

          Update patch to fix test warning.

          Show
          Yi Liu added a comment - Update patch to fix test warning.
          Hide
          Luke Lu added a comment -

          Preliminary comments:

          • I had to dig to find out that both SimpleAESCodec and AESCodec are using CTR mode, which is fine. I was thrown off by the comment in the beginning of the SimpleAESCodec, as we know AES in the default ECB mode is pretty much worthless. Suggest rename the codec to AESCTRCodec, unless you're going to support other modes (CBC etc.), which requires an explicit comment.
          • There is much code duplication between SimpleAESCodec (without compressor option) and AESCodec (with compressor option). Suggest consolidate code in one codec.
          Show
          Luke Lu added a comment - Preliminary comments: I had to dig to find out that both SimpleAESCodec and AESCodec are using CTR mode, which is fine. I was thrown off by the comment in the beginning of the SimpleAESCodec, as we know AES in the default ECB mode is pretty much worthless. Suggest rename the codec to AESCTRCodec, unless you're going to support other modes (CBC etc.), which requires an explicit comment. There is much code duplication between SimpleAESCodec (without compressor option) and AESCodec (with compressor option). Suggest consolidate code in one codec.
          Hide
          Yi Liu added a comment -

          Thanks Luke for your comments. Actually SimpleAESCodec and AESCodec were using CBC mode, please refer to NativeOpensslAESCipher.c. For the secondary comment, we could refine SimpleAESCodec and AESCodec which is splittable.

          Show
          Yi Liu added a comment - Thanks Luke for your comments. Actually SimpleAESCodec and AESCodec were using CBC mode, please refer to NativeOpensslAESCipher.c. For the secondary comment, we could refine SimpleAESCodec and AESCodec which is splittable.
          Hide
          Yi Liu added a comment -

          We will not use this approach any more, instead, we use the approach in HADOOP-10150, so mark this JIRA as duplicate.

          Show
          Yi Liu added a comment - We will not use this approach any more, instead, we use the approach in HADOOP-10150 , so mark this JIRA as duplicate.

            People

            • Assignee:
              Yi Liu
              Reporter:
              Yi Liu
            • Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development