[ 
https://issues.apache.org/jira/browse/HDFS-6737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Uma Maheswara Rao G resolved HDFS-6737.
---------------------------------------

    Resolution: Won't Fix

> DFSClient should use IV generated based on the configured CipherSuite with 
> codecs used
> --------------------------------------------------------------------------------------
>
>                 Key: HDFS-6737
>                 URL: https://issues.apache.org/jira/browse/HDFS-6737
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: hdfs-client
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Uma Maheswara Rao G
>            Assignee: Uma Maheswara Rao G
>         Attachments: HDFS-6737.patch
>
>
> Seems like we are using IV as like Encrypted data encryption key iv. But the 
> underlying Codec's cipher suite may expect different iv length. So, we should 
> generate IV from the Coec's cipher suite configured.
> {code}
>  final CryptoInputStream cryptoIn =
>           new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf, 
>               feInfo.getCipherSuite()), 
> feInfo.getEncryptedDataEncryptionKey(),
>               feInfo.getIV());
> {code}
> So, instead of using feinfo.getIV(), we should generate like
> {code}
> byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()]; 
> codec.generateSecureRandom(iv);
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to