[GitHub] [hbase] symat commented on a change in pull request #2539: HBASE-25181 Configure hash algorithm in wrapped encryption keys

[GitBox]

symat commented on a change in pull request #2539:
URL: https://github.com/apache/hbase/pull/2539#discussion_r503852147



##########
File path: 
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
##########
@@ -127,96 +128,48 @@ public static Cipher getCipher(Configuration conf, String 
name) {
   }
 
   /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(String... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(byte[]... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (byte[] arg: args) {
-        md.update(arg);
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the Hash Algorithm defined in the crypto configuration.
    */
-  public static byte[] hash256(String... args) {
-    byte[] result = new byte[32];
-    try {
-      MessageDigest md = MessageDigest.getInstance("SHA-256");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
+  public static String getConfiguredHashAlgorithm(Configuration conf) {
+    return conf.get(HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY,
+                    HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT).trim();
   }
 
   /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the hash of the supplied argument, using the hash algorithm
+   * specified in the given config.
    */
-  public static byte[] hash256(byte[]... args) {
-    byte[] result = new byte[32];
+  public static byte[] computeHash(Configuration conf, byte[] arg) {

Review comment:
       nice catch, thank you! (I haven't noticed this)
   
   In the HBase code we never call these with more than one args (and we never 
even use `hash256`). But if these methods are exposed, then it is possible 
other projects are using these, so I'll add all back.
   
   I'm not sure about deprecation. If these are used outside of the scope of 
HFile / WALFile encryption by other projects, then we can even keep them in the 
long term.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org