You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Steve Weis (Jira)" <ji...@apache.org> on 2023/04/26 04:31:00 UTC
[jira] [Created] (SPARK-43290) Support IV and AAD optional parameters for aes_encrypt
Steve Weis created SPARK-43290:
----------------------------------
Summary: Support IV and AAD optional parameters for aes_encrypt
Key: SPARK-43290
URL: https://issues.apache.org/jira/browse/SPARK-43290
Project: Spark
Issue Type: Improvement
Components: SQL
Affects Versions: 3.5.0
Reporter: Steve Weis
There are some use cases where callers to aes_encrypt may want to provide initialization vectors (IVs) or additional authenticated data (AAD). The most common cases will be:
1. Ensuring that ciphertext matches values that have been encrypted by external tools. In those cases, the caller will need to provide an identical IV value.
2. For AES-CBC mode, there are some cases where callers want to generate deterministic encrypted output.
3. For AES-GCM mode, providing AAD fields allows callers to bind additional data to an encrypted ciphertext so that it can only be decrypted by a caller providing the same value. This is often used to enforce some context.
The proposed new API is the following:
* aes_encrypt(expr, key [, mode [, padding [, iv [, aad]]]])
* aes_decrypt(expr, key [, mode [, padding [, aad]]])
These fields are only supported for specific modes:
* ECB: Does not support either IV or AAD and will return an error if either are provided.
* CBC: Only supports an IV and will return an error if an AAD is provided
* GCM: Supports either IV, AAD, or both.
If a caller is only providing an AAD to GCM mode, they would need to pass a null value in the IV field.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org