[
https://issues.apache.org/jira/browse/IMPALA-13039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17921559#comment-17921559
]
ASF subversion and git services commented on IMPALA-13039:
----------------------------------------------------------
Commit a61b90f86091ed9f190fd3a23d64ae99f887e411 in impala's branch
refs/heads/master from pranavyl
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=a61b90f86 ]
IMPALA-13039: AES Encryption/ Decryption Support in Impala
AES (Advanced Encryption Standard) crypto functions are
widely recognized and respected encryption algorithm used to protect
sensitive data which operate by transforming plaintext data into
ciphertext using a symmetric key, ensuring confidentiality and
integrity. This standard speciļ¬es the Rijndael algorithm, a symmetric
block cipher that can process data blocks of 128 bits, using cipher
keys with lengths of 128 and 256 bits. The patch makes use of the
EVP_*() algorithms from the OpenSSL library.
The patch includes:
1. AES-GCM, AES-CTR, and AES-CFB encryption functionalities and
AES-GCM, AES-ECB, AES-CTR, and AES-CFB decryption functionalities.
2. Support for both 128-bit and 256-bit key sizes for GCM and ECB modes.
3. Enhancements to EncryptionKey class to accommodate various AES modes.
The aes_encrypt() and aes_decrypt() functions serve as entry
points for encryption and decryption operations, handling
encryption and decryption based on user-provided keys, AES modes,
and initialization vectors (IVs). The implementation includes key
length validation and IV vector size checks to ensure data
integrity and confidentiality.
Multiple AES modes: GCM, CFB, CTR for encryption, and GCM, CFB, CTR
and ECB for decryption are supported to provide flexibility and
compatibility with various use cases and OpenSSL features. AES-GCM
is set as the default mode due to its strong security properties.
AES-CTR and AES-CFB are provided as fallbacks for environments where
AES-GCM may not be supported. Note that AES-GCM is not available in
OpenSSL versions prior to 1.0.1, so having multiple methods ensures
broader compatibility.
Testing: The patch is thouroughly tested and the tests are included in
exprs.test.
Change-Id: I3902f2b1d95da4d06995cbd687e79c48e16190c9
Reviewed-on: http://gerrit.cloudera.org:8080/20447
Reviewed-by: Daniel Becker <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> AES Encryption/ Decryption Support in Impala
> --------------------------------------------
>
> Key: IMPALA-13039
> URL: https://issues.apache.org/jira/browse/IMPALA-13039
> Project: IMPALA
> Issue Type: Epic
> Reporter: Pranav Yogi Lodha
> Assignee: Pranav Yogi Lodha
> Priority: Major
>
> To include the most secure and reliable AES encryption modes making impala
> compatible with other systems. GCM is used as the default mode and other
> modes like CTR, CFB and ECB are supported for specific uses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
