You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/12/13 01:51:59 UTC
[GitHub] [spark] sarutak commented on a change in pull request #34852: [SPARK-37591][SQL] Support the GCM mode by `aes_encrypt()`/`aes_decrypt()`
sarutak commented on a change in pull request #34852:
URL: https://github.com/apache/spark/pull/34852#discussion_r767366523
##########
File path: sql/core/src/test/scala/org/apache/spark/sql/MiscFunctionsSuite.scala
##########
@@ -56,6 +57,23 @@ class MiscFunctionsSuite extends QueryTest with SharedSparkSession {
assert(e.getMessage.contains("current_user"))
}
}
+
+ test("SPARK-37591: AES functions - GCM mode") {
+ Seq(
+ ("abcdefghijklmnop", ""),
+ ("abcdefghijklmnop", "abcdefghijklmnop"),
+ ("abcdefghijklmnop12345678", "Spark"),
+ ("abcdefghijklmnop12345678ABCDEFGH", "GCM mode")
+ ).foreach { case (key, input) =>
+ val df = Seq((key, input)).toDF("key", "input")
+ val encrypted = df.selectExpr("aes_encrypt(input, key, 'GCM', 'NONE') AS enc", "input", "key")
+ assert(encrypted.schema("enc").dataType === BinaryType)
+ assert(encrypted.filter($"enc" === $"input").isEmpty)
+ val result = encrypted.selectExpr(
+ "CAST(aes_decrypt(enc, key, 'GCM', 'NONE') AS STRING) AS res", "input")
+ assert(!result.filter($"res" === $"input").isEmpty)
Review comment:
To test all the records are decrypted correctly, should we do `assert(result.filter($"res" !== $"input").isEmpty)` ?
##########
File path: sql/catalyst/src/main/scala/org/apache/spark/sql/catalyst/expressions/misc.scala
##########
@@ -314,16 +314,16 @@ case class CurrentUser() extends LeafExpression with Unevaluable {
@ExpressionDescription(
usage = """
_FUNC_(expr, key[, mode[, padding]]) - Returns an encrypted value of `expr` using AES in given `mode` with the specified `padding`.
- Key lengths of 16, 24 and 32 bits are supported.
+ Key lengths of 16, 24 and 32 bits are supported. Supported combinations of (`mode`, `padding`) are ('ECB', 'PKCS') and ('GCM', 'NONE').
""",
arguments = """
Arguments:
* expr - The binary value to encrypt.
* key - The passphrase to use to encrypt the data.
* mode - Specifies which block cipher mode should be used to encrypt messages.
- Supported modes: ECB.
+ Supported modes: ECB, GCM.
Review comment:
nit: Should we consistently use `Supported` or `Valid`?
##########
File path: sql/core/src/test/scala/org/apache/spark/sql/MiscFunctionsSuite.scala
##########
@@ -56,6 +57,23 @@ class MiscFunctionsSuite extends QueryTest with SharedSparkSession {
assert(e.getMessage.contains("current_user"))
}
}
+
+ test("SPARK-37591: AES functions - GCM mode") {
+ Seq(
+ ("abcdefghijklmnop", ""),
+ ("abcdefghijklmnop", "abcdefghijklmnop"),
+ ("abcdefghijklmnop12345678", "Spark"),
+ ("abcdefghijklmnop12345678ABCDEFGH", "GCM mode")
+ ).foreach { case (key, input) =>
+ val df = Seq((key, input)).toDF("key", "input")
+ val encrypted = df.selectExpr("aes_encrypt(input, key, 'GCM', 'NONE') AS enc", "input", "key")
+ assert(encrypted.schema("enc").dataType === BinaryType)
+ assert(encrypted.filter($"enc" === $"input").isEmpty)
+ val result = encrypted.selectExpr(
+ "CAST(aes_decrypt(enc, key, 'GCM', 'NONE') AS STRING) AS res", "input")
+ assert(!result.filter($"res" === $"input").isEmpty)
Review comment:
Other AES tests are in `DataFrameFunctionsSuite`, so should we move this test to the same place?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org