[
https://issues.apache.org/jira/browse/HDFS-6737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HDFS-6737:
------------------------------
Summary: DFSClient should use IV generated based on the configured
CipherSuite with codecs used (was: DFSClinet should use IV generated beased on
the configured CipherSuite with codecs used)
> DFSClient should use IV generated based on the configured CipherSuite with
> codecs used
> --------------------------------------------------------------------------------------
>
> Key: HDFS-6737
> URL: https://issues.apache.org/jira/browse/HDFS-6737
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: hdfs-client
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Uma Maheswara Rao G
> Assignee: Uma Maheswara Rao G
> Attachments: HDFS-6737.patch
>
>
> Seems like we are using IV as like Encrypted data encryption key iv. But the
> underlying Codec's cipher suite may expect different iv length. So, we should
> generate IV from the Coec's cipher suite configured.
> {code}
> final CryptoInputStream cryptoIn =
> new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf,
> feInfo.getCipherSuite()),
> feInfo.getEncryptedDataEncryptionKey(),
> feInfo.getIV());
> {code}
> So, instead of using feinfo.getIV(), we should generate like
> {code}
> byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()];
> codec.generateSecureRandom(iv);
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
