HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey performance. (hitliuyi via tucu)

Conflicts:
	hadoop-common-project/hadoop-common/CHANGES.txt

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619551 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-08-21 19:00:03 +00:00
parent 4dea3e8192
commit c065137496
2 changed files with 13 additions and 3 deletions

View File

@ -300,6 +300,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10862. Miscellaneous trivial corrections to KMS classes. HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
(asuresh via tucu) (asuresh via tucu)
HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey
performance. (hitliuyi via tucu)
Release 2.5.0 - 2014-08-11 Release 2.5.0 - 2014-08-11
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -219,6 +219,13 @@ public class KeyProviderCryptoExtension extends
private static class DefaultCryptoExtension implements CryptoExtension { private static class DefaultCryptoExtension implements CryptoExtension {
private final KeyProvider keyProvider; private final KeyProvider keyProvider;
private static final ThreadLocal<SecureRandom> RANDOM =
new ThreadLocal<SecureRandom>() {
@Override
protected SecureRandom initialValue() {
return new SecureRandom();
}
};
private DefaultCryptoExtension(KeyProvider keyProvider) { private DefaultCryptoExtension(KeyProvider keyProvider) {
this.keyProvider = keyProvider; this.keyProvider = keyProvider;
@ -233,10 +240,10 @@ public class KeyProviderCryptoExtension extends
"No KeyVersion exists for key '%s' ", encryptionKeyName); "No KeyVersion exists for key '%s' ", encryptionKeyName);
// Generate random bytes for new key and IV // Generate random bytes for new key and IV
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
final byte[] newKey = new byte[encryptionKey.getMaterial().length]; final byte[] newKey = new byte[encryptionKey.getMaterial().length];
random.nextBytes(newKey); RANDOM.get().nextBytes(newKey);
final byte[] iv = random.generateSeed(cipher.getBlockSize()); final byte[] iv = new byte[cipher.getBlockSize()];
RANDOM.get().nextBytes(iv);
// Encryption key IV is derived from new key's IV // Encryption key IV is derived from new key's IV
final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv); final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
// Encrypt the new key // Encrypt the new key