Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-6134 Transparent data at rest encryption
  3. HDFS-6737

DFSClient should use IV generated based on the configured CipherSuite with codecs used

    Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: fs-encryption (HADOOP-10150 and HDFS-6134)
    • Fix Version/s: None
    • Component/s: hdfs-client
    • Labels:
      None

      Description

      Seems like we are using IV as like Encrypted data encryption key iv. But the underlying Codec's cipher suite may expect different iv length. So, we should generate IV from the Coec's cipher suite configured.

       final CryptoInputStream cryptoIn =
                new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf, 
                    feInfo.getCipherSuite()), feInfo.getEncryptedDataEncryptionKey(),
                    feInfo.getIV());
      

      So, instead of using feinfo.getIV(), we should generate like

      byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()]; 
      codec.generateSecureRandom(iv);
      
      1. HDFS-6737.patch
        0.9 kB
        Uma Maheswara Rao G

        Activity

        Uma Maheswara Rao G created issue -
        Uma Maheswara Rao G made changes -
        Field Original Value New Value
        Attachment HDFS-6737.patch [ 12657364 ]
        Andrew Wang made changes -
        Summary DFSClinet should use IV generated beased on the configured CipherSuite with codecs used DFSClient should use IV generated based on the configured CipherSuite with codecs used
        Uma Maheswara Rao G made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]

          People

          • Assignee:
            Uma Maheswara Rao G
            Reporter:
            Uma Maheswara Rao G
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development