Attila Bukor has uploaded this change for review. ( http://gerrit.cloudera.org:8080/18025
Change subject: [encryption] KUDU-3316 Add encrypted file keys to files ...................................................................... [encryption] KUDU-3316 Add encrypted file keys to files The previous patches in the data at rest encryption saga add the ability to encrypt data at rest, but files were encrypted using the same hard-coded key. This patch adds an extra header to encrypted files to store the encryption algorithm used and the encrypted file key. For now, the file keys are encrypted with the same dummy encryption key. The header is a bit different from the one described in the design doc, because the writes don't have to be aligned to the block size after all, so I saw no reason to pad to 64 bytes, so the header is now only 40 bytes. The encryption algorithm and key length was also changed to be stored in 1 byte instead of 2 for easier handling. The magic string is "kuduenc" instead of "kuduen". This patch also introduces a new flag which is hidden for now: --encryption_key_length. This can be set to any valid AES key length as per its specification (128, 192, or 256 bits), as only AES encryption is supported for now, and there are no plans to support anything else in the foreseeable future. File sizes as returned by *File APIs are logical, so on disk they're 40 bytes larger. The GetFileSize() can return both the logical and the physical file size, but GetFileSizeOnDisk() actually uses block count and must be physical. Some of the tests rely on this and make assumptions based on the numbers reported here, these tests are not run with encryption enabled. Change-Id: Idb1282c117271fda63a8cc54c00add7cc96dcffd --- M src/kudu/consensus/log-test-base.h M src/kudu/fs/dir_util.cc M src/kudu/fs/log_block_manager-test.cc M src/kudu/fs/log_block_manager.cc M src/kudu/tserver/tablet_copy_source_session-test.cc M src/kudu/util/env-test.cc M src/kudu/util/env.cc M src/kudu/util/env.h M src/kudu/util/env_posix.cc M src/kudu/util/env_util.cc M src/kudu/util/pb_util-test.cc 11 files changed, 364 insertions(+), 86 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/25/18025/1 -- To view, visit http://gerrit.cloudera.org:8080/18025 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Idb1282c117271fda63a8cc54c00add7cc96dcffd Gerrit-Change-Number: 18025 Gerrit-PatchSet: 1 Gerrit-Owner: Attila Bukor <[email protected]>
