Return-Path: 
 <dev-return-41898-apmail-hbase-dev-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-dev-archive@www.apache.org
Delivered-To: apmail-hbase-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BC50B1084E
	for <apmail-hbase-dev-archive@www.apache.org>;
 Mon,  2 Dec 2013 07:43:48 +0000 (UTC)
Received: (qmail 911 invoked by uid 500); 2 Dec 2013 07:43:46 -0000
Delivered-To: apmail-hbase-dev-archive@hbase.apache.org
Received: (qmail 519 invoked by uid 500); 2 Dec 2013 07:43:38 -0000
Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hbase.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hbase.apache.org>
List-Post: <mailto:dev@hbase.apache.org>
List-Id: <dev.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list dev@hbase.apache.org
Received: (qmail 461 invoked by uid 99); 2 Dec 2013 07:43:36 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Dec 2013 07:43:36 +0000
Date: Mon, 2 Dec 2013 07:43:35 +0000 (UTC)
From: "Andrew Purtell (JIRA)" <jira@apache.org>
To: dev@hbase.apache.org
Message-ID: <JIRA.12682073.1385970126973.52955.1385970215988@arcas>
In-Reply-To: <JIRA.12682073.1385970126973@arcas>
References: <JIRA.12682073.1385970126973@arcas>
Subject: [jira] [Created] (HBASE-10062) Store the encrypted data length in
 the block encryption header instead of plaintext length
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Andrew Purtell created HBASE-10062:
--------------------------------------

             Summary: Store the encrypted data length in the block encryption header instead of plaintext length
                 Key: HBASE-10062
                 URL: https://issues.apache.org/jira/browse/HBASE-10062
             Project: HBase
          Issue Type: Improvement
            Reporter: Andrew Purtell
            Assignee: Andrew Purtell
            Priority: Minor
             Fix For: 0.98.0


After HBASE-7544, if an HFile belongs to an encrypted family, it is encrypted on a per block basis. The encrypted blocks include the following header:
{noformat}
      // +--------------------------+
      // | vint plaintext length    |
      // +--------------------------+
      // | vint iv length           |
      // +--------------------------+
      // | iv data ...              |
      // +--------------------------+
      // | encrypted block data ... |
      // +--------------------------+
{noformat}

The reason for storing the plaintext length is so we can create an encryption stream over the encrypted block data and, no matter the internal details of the crypto algorithm (whether it adds padding, etc.) after reading the expected plaintext bytes we know the reader is finished. However my colleague Jerry Chen pointed out today this construction mandates the block be processed exactly that way. Storing and using the encrypted data length instead could provide more implementation flexibility down the road.



--
This message was sent by Atlassian JIRA
(v6.1#6144)