accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ctubbsii commented on a change in pull request #322: ACCUMULO-4740 Enable GCM mode for crypto
Date Thu, 01 Jan 1970 00:00:00 GMT
ctubbsii commented on a change in pull request #322: ACCUMULO-4740 Enable GCM mode for crypto
URL: https://github.com/apache/accumulo/pull/322#discussion_r151218364
 
 

 ##########
 File path: core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
 ##########
 @@ -570,6 +570,52 @@ public void setBlockStreamSize(int blockStreamSize) {
   }
 
   /**
+   * Returns the mode from the cipher suite. Assumes the suite is in the form of algorithm/mode/padding,
returns null if the cipher suite is malformed or
+   * NullCipher.
+   *
+   * @return the encryption mode from the cipher suite
+   */
+  public String getCipherSuiteEncryptionMode() {
+    String[] parts = this.cipherSuite.split("/");
+    if (parts.length == 3) {
+      return parts[1];
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Updates the initialization vector for use when the encryption mode is GCM. If the IV
is not currently null, and the encryption mode is GCM, it will
+   * increment the IV instead of letting the CryptoModule decide what to do.
+   */
+  public void updateInitializationVector() {
+    if (this.initializationVector != null && getCipherSuiteEncryptionMode().equals(DefaultCryptoModule.ALGORITHM_PARAMETER_SPEC_GCM))
{
+      incrementIV(this.initializationVector, this.initializationVector.length - 1);
 
 Review comment:
   Are there other modes where it makes sense to increment the IV instead of deferring to
the CryptoModule? Can we move all the logic around IV decisions to one place (either here,
or the CryptoModule)?
   
   (Keep in mind, the crypto package where the CryptoModule and DefaultCryptoModule are located
is not public API; it's intended to only be used internally, so it can be changed based on
our needs.)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message