Hello Tidy Bot, [email protected], Alexey Serbin, Kudu Jenkins, Andrew Wong,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/18025
to look at the new patch set (#2).
Change subject: [encryption] KUDU-3316 Add encrypted file keys to files
......................................................................
[encryption] KUDU-3316 Add encrypted file keys to files
The previous patches in the data at rest encryption saga add the ability
to encrypt data at rest, but files were encrypted using the same hard-coded
key.
This patch adds an extra header to encrypted files to store the
encryption algorithm used and the encrypted file key. For now, the file
keys are encrypted with the same dummy encryption key.
The header is a bit different from the one described in the design doc,
because the writes don't have to be aligned to the block size after all,
so I saw no reason to pad to 64 bytes, so the header is now only 40
bytes. The encryption algorithm and key length was also changed to be
stored in 1 byte instead of 2 for easier handling. The magic string is
"kuduenc" instead of "kuduen".
This patch also introduces a new flag which is hidden for now:
--encryption_key_length. This can be set to any valid AES key length as
per its specification (128, 192, or 256 bits), as only AES encryption is
supported for now, and there are no plans to support anything else in
the foreseeable future.
File sizes as returned by *File APIs are logical, so on disk they're 40
bytes larger. The GetFileSize() can return both the logical and the
physical file size, but GetFileSizeOnDisk() actually uses block count
and must be physical. Some of the tests rely on this and make
assumptions based on the numbers reported here, these tests are not run
with encryption enabled.
Change-Id: Idb1282c117271fda63a8cc54c00add7cc96dcffd
---
M src/kudu/consensus/consensus_meta.cc
M src/kudu/consensus/log-test-base.h
M src/kudu/fs/dir_util.cc
M src/kudu/fs/log_block_manager-test-util.cc
M src/kudu/fs/log_block_manager-test.cc
M src/kudu/fs/log_block_manager.cc
M src/kudu/tablet/tablet_metadata.cc
M src/kudu/tserver/tablet_copy_source_session-test.cc
M src/kudu/util/env-test.cc
M src/kudu/util/env.cc
M src/kudu/util/env.h
M src/kudu/util/env_posix.cc
M src/kudu/util/env_util.cc
M src/kudu/util/pb_util-test.cc
M src/kudu/util/rolling_log-test.cc
15 files changed, 367 insertions(+), 99 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/25/18025/2
--
To view, visit http://gerrit.cloudera.org:8080/18025
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idb1282c117271fda63a8cc54c00add7cc96dcffd
Gerrit-Change-Number: 18025
Gerrit-PatchSet: 2
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Anonymous Coward <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
