[jira] [Reopened] (SPARK-43290) Support IV and AAD optional parameters for ExpressionImplUtil

Wed, 24 May 2023 15:08:03 -0700 


     [ 
https://issues.apache.org/jira/browse/SPARK-43290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steve Weis reopened SPARK-43290:
--------------------------------

I'm reopening this because we landed the first half of changes and still need 
to link them up to `aes_encrypt` and `aes_decrypt`

> Support IV and AAD optional parameters for ExpressionImplUtil
> -------------------------------------------------------------
>
>                 Key: SPARK-43290
>                 URL: https://issues.apache.org/jira/browse/SPARK-43290
>             Project: Spark
>          Issue Type: Improvement
>          Components: SQL
>    Affects Versions: 3.5.0
>            Reporter: Steve Weis
>            Assignee: Steve Weis
>            Priority: Minor
>             Fix For: 3.5.0
>
>
> There are some use cases where callers to aes_encrypt may want to provide 
> initialization vectors (IVs) or additional authenticated data (AAD). The most 
> common cases will be:
> 1. Ensuring that ciphertext matches values that have been encrypted by 
> external tools. In those cases, the caller will need to provide an identical 
> IV value.
> 2. For AES-CBC mode, there are some cases where callers want to generate 
> deterministic encrypted output.
> 3. For AES-GCM mode, providing AAD fields allows callers to bind additional 
> data to an encrypted ciphertext so that it can only be decrypted by a caller 
> providing the same value. This is often used to enforce some context.
> The proposed new API is the following:
>  * aes_encrypt(expr, key [, mode [, padding [, iv [, aad]]]])
>  * aes_decrypt(expr, key [, mode [, padding [, aad]]])
> These fields are only supported for specific modes:
>  * ECB: Does not support either IV or AAD and will return an error if either 
> are provided.
>  * CBC: Only supports an IV and will return an error if an AAD is provided
>  * GCM: Supports either IV, AAD, or both.
> If a caller is only providing an AAD to GCM mode, they would need to pass a 
> null value in the IV field.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to