HBase
  1. HBase
  2. HBASE-10062

Reconsider storing plaintext length in the encrypted block header

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.98.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      After HBASE-7544, if an HFile belongs to an encrypted family, it is encrypted on a per block basis. The encrypted blocks include the following header:

            // +--------------------------+
            // | vint plaintext length    |
            // +--------------------------+
            // | vint iv length           |
            // +--------------------------+
            // | iv data ...              |
            // +--------------------------+
            // | encrypted block data ... |
            // +--------------------------+
      

      The reason for storing the plaintext length is so we can create an decryption stream over the encrypted block data and, no matter the internal details of the crypto algorithm (whether it adds padding, etc.) after reading the expected plaintext bytes we know the reader is finished. However my colleague Jerry Chen pointed out today this construction mandates the block be processed exactly that way. Storing and using the encrypted data length instead could provide more implementation flexibility down the road.

      1. 10062.patch
        6 kB
        Andrew Purtell

        Issue Links

          Activity

            People

            • Assignee:
              Andrew Purtell
              Reporter:
              Andrew Purtell
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development