Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
fs-encryption (HADOOP-10150 and HDFS-6134)
-
None
-
None
Description
Seems like we are using IV as like Encrypted data encryption key iv. But the underlying Codec's cipher suite may expect different iv length. So, we should generate IV from the Coec's cipher suite configured.
final CryptoInputStream cryptoIn = new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf, feInfo.getCipherSuite()), feInfo.getEncryptedDataEncryptionKey(), feInfo.getIV());
So, instead of using feinfo.getIV(), we should generate like
byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()]; codec.generateSecureRandom(iv);