HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey performance. (hitliuyi via tucu)
Conflicts: hadoop-common-project/hadoop-common/CHANGES.txt git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619551 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
4dea3e8192
commit
c065137496
|
@ -300,6 +300,9 @@ Release 2.6.0 - UNRELEASED
|
||||||
HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
|
HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
|
||||||
(asuresh via tucu)
|
(asuresh via tucu)
|
||||||
|
|
||||||
|
HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey
|
||||||
|
performance. (hitliuyi via tucu)
|
||||||
|
|
||||||
Release 2.5.0 - 2014-08-11
|
Release 2.5.0 - 2014-08-11
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -219,6 +219,13 @@ public class KeyProviderCryptoExtension extends
|
||||||
private static class DefaultCryptoExtension implements CryptoExtension {
|
private static class DefaultCryptoExtension implements CryptoExtension {
|
||||||
|
|
||||||
private final KeyProvider keyProvider;
|
private final KeyProvider keyProvider;
|
||||||
|
private static final ThreadLocal<SecureRandom> RANDOM =
|
||||||
|
new ThreadLocal<SecureRandom>() {
|
||||||
|
@Override
|
||||||
|
protected SecureRandom initialValue() {
|
||||||
|
return new SecureRandom();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
private DefaultCryptoExtension(KeyProvider keyProvider) {
|
private DefaultCryptoExtension(KeyProvider keyProvider) {
|
||||||
this.keyProvider = keyProvider;
|
this.keyProvider = keyProvider;
|
||||||
|
@ -233,10 +240,10 @@ public class KeyProviderCryptoExtension extends
|
||||||
"No KeyVersion exists for key '%s' ", encryptionKeyName);
|
"No KeyVersion exists for key '%s' ", encryptionKeyName);
|
||||||
// Generate random bytes for new key and IV
|
// Generate random bytes for new key and IV
|
||||||
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
|
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
|
||||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
|
||||||
final byte[] newKey = new byte[encryptionKey.getMaterial().length];
|
final byte[] newKey = new byte[encryptionKey.getMaterial().length];
|
||||||
random.nextBytes(newKey);
|
RANDOM.get().nextBytes(newKey);
|
||||||
final byte[] iv = random.generateSeed(cipher.getBlockSize());
|
final byte[] iv = new byte[cipher.getBlockSize()];
|
||||||
|
RANDOM.get().nextBytes(iv);
|
||||||
// Encryption key IV is derived from new key's IV
|
// Encryption key IV is derived from new key's IV
|
||||||
final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
|
final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
|
||||||
// Encrypt the new key
|
// Encrypt the new key
|
||||||
|
|
Loading…
Reference in New Issue