From 7cd30bc85cff3ad376d40f509673b3c0a73deaac Mon Sep 17 00:00:00 2001 From: Andrew Purtell Date: Mon, 30 Jun 2014 18:18:52 -0700 Subject: [PATCH] iHBASE-11446 Reduce the frequency of RNG calls in SecureWALCellCodec#EncryptedKvEncoder --- .../hbase/regionserver/wal/SecureWALCellCodec.java | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureWALCellCodec.java hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureWALCellCodec.java index 35b7193..fbfad76 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureWALCellCodec.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureWALCellCodec.java @@ -31,6 +31,7 @@ import org.apache.hadoop.hbase.Cell; import org.apache.hadoop.hbase.KeyValue; import org.apache.hadoop.hbase.codec.KeyValueCodec; import org.apache.hadoop.hbase.io.crypto.Decryptor; +import org.apache.hadoop.hbase.io.crypto.Encryption; import org.apache.hadoop.hbase.io.crypto.Encryptor; import org.apache.hadoop.hbase.io.util.StreamUtils; import org.apache.hadoop.hbase.util.Bytes; @@ -40,8 +41,6 @@ import org.apache.hadoop.hbase.util.Bytes; */ public class SecureWALCellCodec extends WALCellCodec { - private static final SecureRandom RNG = new SecureRandom(); - private Encryptor encryptor; private Decryptor decryptor; @@ -139,7 +138,21 @@ public class SecureWALCellCodec extends WALCellCodec { static class EncryptedKvEncoder extends KeyValueCodec.KeyValueEncoder { private Encryptor encryptor; - private byte[] iv; + private final ThreadLocal iv = new ThreadLocal() { + @Override + protected byte[] initialValue() { + byte[] iv = new byte[encryptor.getIvLength()]; + new SecureRandom().nextBytes(iv); + return iv; + } + }; + + protected byte[] nextIv() { + byte[] v = iv.get(), ret = new byte[v.length]; + Encryption.incrementIv(v); + System.arraycopy(v, 0, ret, 0, v.length); + return ret; + } public EncryptedKvEncoder(OutputStream os) { super(os); @@ -148,7 +161,6 @@ public class SecureWALCellCodec extends WALCellCodec { public EncryptedKvEncoder(OutputStream os, Encryptor encryptor) { super(os); this.encryptor = encryptor; - iv = new byte[encryptor.getIvLength()]; } @Override @@ -159,7 +171,7 @@ public class SecureWALCellCodec extends WALCellCodec { byte[] kvBuffer = kv.getBuffer(); int offset = kv.getOffset(); - RNG.nextBytes(iv); + byte[] iv = nextIv(); encryptor.setIv(iv); encryptor.reset(); -- 1.9.1