[jira] [Commented] (HBASE-10062) Reconsider storing plaintext length in the encrypted block header

Tue, 03 Dec 2013 08:27:53 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-10062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837855#comment-13837855
 ] 

Hudson commented on HBASE-10062:
--------------------------------

SUCCESS: Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #861 (See 
[https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/861/])
HBASE-10062. Reconsider storing plaintext length in the encrypted block header 
(apurtell: rev 1547373)
* 
/hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/encoding/HFileBlockDefaultDecodingContext.java
* 
/hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/encoding/HFileBlockDefaultEncodingContext.java
* 
/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java


> Reconsider storing plaintext length in the encrypted block header
> -----------------------------------------------------------------
>
>                 Key: HBASE-10062
>                 URL: https://issues.apache.org/jira/browse/HBASE-10062
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Minor
>             Fix For: 0.98.0
>
>         Attachments: 10062.patch
>
>
> After HBASE-7544, if an HFile belongs to an encrypted family, it is encrypted 
> on a per block basis. The encrypted blocks include the following header:
> {noformat}
>       // +--------------------------+
>       // | vint plaintext length    |
>       // +--------------------------+
>       // | vint iv length           |
>       // +--------------------------+
>       // | iv data ...              |
>       // +--------------------------+
>       // | encrypted block data ... |
>       // +--------------------------+
> {noformat}
> The reason for storing the plaintext length is so we can create an decryption 
> stream over the encrypted block data and, no matter the internal details of 
> the crypto algorithm (whether it adds padding, etc.) after reading the 
> expected plaintext bytes we know the reader is finished. However my colleague 
> Jerry Chen pointed out today this construction mandates the block be 
> processed exactly that way. Storing and using the encrypted data length 
> instead could provide more implementation flexibility down the road.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to