Return-Path: 
 <derby-dev-return-789-apmail-db-derby-dev-archive=db.apache.org@db.apache.org>
Delivered-To: apmail-db-derby-dev-archive@www.apache.org
Received: (qmail 63822 invoked from network); 21 Oct 2004 16:50:36 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 21 Oct 2004 16:50:36 -0000
Received: (qmail 6716 invoked by uid 500); 21 Oct 2004 16:50:35 -0000
Delivered-To: apmail-db-derby-dev-archive@db.apache.org
Received: (qmail 6679 invoked by uid 500); 21 Oct 2004 16:50:35 -0000
Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:derby-dev-help@db.apache.org>
list-unsubscribe: <mailto:derby-dev-unsubscribe@db.apache.org>
list-post: <mailto:derby-dev@db.apache.org>
List-Id: <derby-dev.db.apache.org>
Reply-To: "Derby Development" <derby-dev@db.apache.org>
Delivered-To: mailing list derby-dev@db.apache.org
Received: (qmail 6661 invoked by uid 99); 21 Oct 2004 16:50:34 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from [204.146.167.214] (HELO Boron.MeepZor.Com) (204.146.167.214)
  by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 21 Oct 2004 09:50:34 -0700
Received: from [9.30.145.15] (dmz-firewall [206.199.198.4])
	by Boron.MeepZor.Com (8.11.6/8.11.6) with ESMTP id i9LGoXv15245
	for <derby-dev@db.apache.org>; Thu, 21 Oct 2004 12:50:33 -0400
Message-ID: <4177E8DF.6040001@Yngvi.Org>
Date: Thu, 21 Oct 2004 09:50:39 -0700
From: Sunitha Kambhampati <skambha@Yngvi.Org>
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Derby Development <derby-dev@db.apache.org>
Subject: Re: Regarding Derby42 : Do not store the encryption key length and
 the encryption block size in service.properties:
References: <41744550.7010902@Yngvi.Org> <41754C1C.1010707@debrunners.com>
 <41756035.5070607@Yngvi.Org> <41756E08.9070703@debrunners.com>
In-Reply-To: <41756E08.9070703@debrunners.com>
Content-Type: multipart/mixed;
 boundary="------------050305030300040204060200"
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

This is a multi-part message in MIME format.
--------------050305030300040204060200
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


> block size is an inherent value of the
>algorithm, thus if that is true, Derby does not need to store the block
>size at all. Just fetch it each time from the Cipher.getBlockSize() method.
>  
>
Thanks Jan and Dan for your input on encryption block size.

This fix  for Derby46  removes code to store encryption block size in 
service.properties and instead obtains the encryption block size from 
Cipher.getBlockSize() for padding purposes.

Although with this fix, there are no upgrade issues;  there is a problem 
with downgrade of a database created with version that has this fix.

If we take this fix, what this means is-
1) No upgrade problems, so a database *created* with previous versions ( 
ie before this fix) will work OK with this fix.

2) Downgrade problem:  Create a database with version that has this fix 
and the encryption block size will not be stored in service.properties. 
But a previous engine expects to  read the encryption block size from 
the service.properties and if it doesnt find the encryption block size 
property, defaults to 8 bytes and uses this to do appropriate padding. 
Thus a database created with this fix will not necessarily work with 
previous engines.

Sunitha.


--------------050305030300040204060200
Content-Type: text/plain;
 name="fixDerby46.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="fixDerby46.txt"

Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
===================================================================
--- java/engine/org/apache/derby/impl/store/raw/RawStore.java	(revision 55205)
+++ java/engine/org/apache/derby/impl/store/raw/RawStore.java	(working copy)
@@ -213,29 +213,13 @@
 					encryptionEngine = cipherFactory.
 						createNewCipher(CipherFactory.ENCRYPT);
 
-	                                // At creation time of an encrypted database, store the encryption block size
-					// for the algorithm. Store this value as property given by  
-	                                // RawStoreFactory.ENCRYPTION_BLOCKSIZE. This value
-	                                // is made persistent by storing it in service.properties
-	                                // To connect to an existing database, retrieve the value and use it for
-	                                // appropriate padding.
 	                                // The  default value of encryption block size is 8,
 					// to allow for downgrade issues
 					// Before support for AES (beetle6023), default encryption block size supported
 					// was 8
+					// get the encryption block size obtained from the Cipher api
 
-					if(create)
-					{
-						encryptionBlockSize = encryptionEngine.getEncryptionBlockSize();
-						properties.put(RawStoreFactory.ENCRYPTION_BLOCKSIZE,
-								String.valueOf(encryptionBlockSize));
-					}
-					else
-					{
-						if(properties.getProperty(RawStoreFactory.ENCRYPTION_BLOCKSIZE) != null)
-						    encryptionBlockSize = Integer.parseInt(properties.getProperty
-										(RawStoreFactory.ENCRYPTION_BLOCKSIZE));
-					}
+					encryptionBlockSize = encryptionEngine.getEncryptionBlockSize();
 
 					decryptionEngine = cipherFactory.
 						createNewCipher(CipherFactory.DECRYPT);


--------------050305030300040204060200--