[
https://issues.apache.org/jira/browse/HBASE-27094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bryan Beaudreault resolved HBASE-27094.
---------------------------------------
Resolution: Duplicate
> Encryption data contains checksum
> ---------------------------------
>
> Key: HBASE-27094
> URL: https://issues.apache.org/jira/browse/HBASE-27094
> Project: HBase
> Issue Type: Bug
> Reporter: wenweijian
> Priority: Minor
>
> in HFileBlockDefaultDecodingContext.prepareDecofing, we decoding data from
> onDiskBlock.
> The onDiskBlock contains byte iv length, iv data and encrypted block data if
> cryptoContext is not null.
> The encrypted block data contains two part, first part is the real encrypted
> block data, the second part is checksum.
> when we the decrypt method(BlockIOUtils.readFullyWithHeapBuffer),the checkSum
> will be put into the decryptionStream. if we use others padding mode which
> likes pkcs5padding, the decrytion will throw an error "Input Length must be a
> multiple of 16 when decrypting with a padded cipher", because of the checkSum
> is not a multiple of 16.
> so we need to remove the checksum when we doing decrytion.
> why we will not get error when we use AES/CTR/NOPPDING, because CTR is not
> sensitive about the block size. but the other alg such as CBC or ECB, they
> are sensitive about block size.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
