[jira] [Commented] (HADOOP-14705) Add batched reencryptEncryptedKey interface to KMS

[Wei-Chiu Chuang (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-14705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16131776#comment-16131776
 ] 

Wei-Chiu Chuang commented on HADOOP-14705:
------------------------------------------

KMSUtil:

The following method does not need to suppress warning if the json object is 
declared with generics type.
{code}
public static Map toJSON(KeyProvider.KeyVersion keyVersion) {
    Map<String,String> json = new HashMap<String,String>();
    if (keyVersion != null) {
      json.put(KMSRESTConstants.NAME_FIELD,
          keyVersion.getName());
      json.put(KMSRESTConstants.VERSION_NAME_FIELD,
          keyVersion.getVersionName());
      json.put(KMSRESTConstants.MATERIAL_FIELD,
          Base64.encodeBase64URLSafeString(
              keyVersion.getMaterial()));
    }
    return json;
  }
{code}

Without any additional change, these methods do not need to suppress warning
{code}
public static Map toJSON(EncryptedKeyVersion encryptedKeyVersion) {
    Map json = new HashMap();
    if (encryptedKeyVersion != null) {
      json.put(KMSRESTConstants.VERSION_NAME_FIELD,
          encryptedKeyVersion.getEncryptionKeyVersionName());
      json.put(KMSRESTConstants.IV_FIELD, Base64
          .encodeBase64URLSafeString(encryptedKeyVersion.getEncryptedKeyIv()));
      json.put(KMSRESTConstants.ENCRYPTED_KEY_VERSION_FIELD,
          toJSON(encryptedKeyVersion.getEncryptedKeyVersion()));
    }
    return json;
  }

public static List<EncryptedKeyVersion>
      parseJSONEncKeyVersions(String keyName, List valueList) {
    checkNotNull(valueList, "valueList");
    List<EncryptedKeyVersion> ekvs = new ArrayList<>(valueList.size());
    if (!valueList.isEmpty()) {
      for (Object values : valueList) {
        Map valueMap = (Map) values;
        ekvs.add(parseJSONEncKeyVersion(keyName, valueMap));
      }
    }
    return ekvs;
  }

  public static EncryptedKeyVersion parseJSONEncKeyVersion(String keyName,
      Map valueMap) {
    checkNotNull(valueMap, "valueMap");
    String versionName = checkNotNull(
        (String) valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD),
        KMSRESTConstants.VERSION_NAME_FIELD);

    byte[] iv = Base64.decodeBase64(checkNotNull(
        (String) valueMap.get(KMSRESTConstants.IV_FIELD),
        KMSRESTConstants.IV_FIELD));

    Map encValueMap = checkNotNull((Map)
            valueMap.get(KMSRESTConstants.ENCRYPTED_KEY_VERSION_FIELD),
        KMSRESTConstants.ENCRYPTED_KEY_VERSION_FIELD);

    String encVersionName = checkNotNull((String)
            encValueMap.get(KMSRESTConstants.VERSION_NAME_FIELD),
        KMSRESTConstants.VERSION_NAME_FIELD);

    byte[] encKeyMaterial = Base64.decodeBase64(checkNotNull((String)
            encValueMap.get(KMSRESTConstants.MATERIAL_FIELD),
        KMSRESTConstants.MATERIAL_FIELD));

    return new KMSClientProvider.KMSEncryptedKeyVersion(keyName, versionName,
        iv, encVersionName, encKeyMaterial);
  }

  public static KeyProvider.KeyVersion parseJSONKeyVersion(Map valueMap) {
    checkNotNull(valueMap, "valueMap");
    KeyProvider.KeyVersion keyVersion = null;
    if (!valueMap.isEmpty()) {
      byte[] material =
          (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD)) ?
              Base64.decodeBase64(
                  (String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD)) :
              null;
      String versionName =
          (String) valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD);
      String keyName = (String) valueMap.get(KMSRESTConstants.NAME_FIELD);
      keyVersion =
          new KMSClientProvider.KMSKeyVersion(keyName, versionName, material);
    }
    return keyVersion;
  }
{code}

On another jira, [~shahrs87] mentioned a possibility to reuse CryptoCodec 
(making it a member variable of DefaultCryptoExtension). Is there any security 
concerns? If it is reused, and if CryptoCodec uses {{SecureRandom}}, the random 
numbers generated in {{DefaultCryptoExtension#generateEncryptedKey}} may become 
predictable. I don't come with a security background, but I am thinking it 
could be exploitable.

> Add batched reencryptEncryptedKey interface to KMS
> --------------------------------------------------
>
>                 Key: HADOOP-14705
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14705
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-14705.01.patch, HADOOP-14705.02.patch, 
> HADOOP-14705.03.patch, HADOOP-14705.04.patch, HADOOP-14705.05.patch, 
> HADOOP-14705.06.patch, HADOOP-14705.07.patch, HADOOP-14705.08.patch
>
>
> HADOOP-13827 already enabled the KMS to re-encrypt a {{EncryptedKeyVersion}}.
> As the performance results of HDFS-10899 turns out, communication overhead 
> with the KMS occupies the majority of the time. So this jira proposes to add 
> a batched interface to re-encrypt multiple EDEKs in 1 call.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org