[GitHub] [accumulo] dlmarion commented on a diff in pull request #2197: Per table crypto + other crypto improvements

Thu, 07 Apr 2022 05:00:25 -0700 


dlmarion commented on code in PR #2197:
URL: https://github.com/apache/accumulo/pull/2197#discussion_r845048841


##########
core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java:
##########
@@ -132,11 +134,11 @@ public FileEncrypter getFileEncrypter(CryptoEnvironment 
environment) {
   @Override
   public FileDecrypter getFileDecrypter(CryptoEnvironment environment) {
     CryptoModule cm;
-    byte[] decryptionParams = environment.getDecryptionParams();
-    if (decryptionParams == null || checkNoCrypto(decryptionParams))
+    var decryptionParams = environment.getDecryptionParams();
+    if (decryptionParams.isEmpty() || checkNoCrypto(decryptionParams.get()))
       return new NoFileDecrypter();
 
-    ParsedCryptoParameters parsed = parseCryptoParameters(decryptionParams);
+    ParsedCryptoParameters parsed = 
parseCryptoParameters(decryptionParams.get());
     Key kek = loadDecryptionKek(parsed);
     Key fek = unwrapKey(parsed.getEncFek(), kek);

Review Comment:
   I take that back, it looks like it might be used for the entire file and a 
new IV is generated for each block. I do have a concern though that we are 
leaving unencrypted secret keys (fek) in the heap after using them. Reference 
[here](https://github.com/apache/accumulo/blob/d454afd39c91ee0a1ab267e0caafc52254d209b0/core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java#L316),
 
[here](https://github.com/apache/accumulo/blob/d454afd39c91ee0a1ab267e0caafc52254d209b0/core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java#L449)
 and 
[here](https://github.com/apache/accumulo/blob/d454afd39c91ee0a1ab267e0caafc52254d209b0/core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java#L141).
 I believe, looking at the class javadoc for 
[SecretKey](https://github.com/openjdk/jdk/blob/jdk-11%2B27/src/java.base/share/classes/javax/crypto/SecretKey.java),
 we should be calling `destroy()` when we are done with it. I'm not sure we are 
doing t
 hat.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@accumulo.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to