sweisdb opened a new pull request, #41488: URL: https://github.com/apache/spark/pull/41488
### What changes were proposed in this pull request? This change adds support for user-provided initialization vectors (IVs) or authenticated additional data (AAD) to `aes_encrypt` / `aes_decrypt`. 12-byte IVs may optionally be passed if the mode is "GCM" and 16-byte IVs may be passed if the mode is "CBC". An arbitrary binary value may be passed as additional authenticated data only if "GCM" mode is used. ### Why are the changes needed? Callers may wish to provide their own IV values so that the output ciphertext matches a ciphertext generated outside of Spark. AAD is used to bind some input to a ciphertext and ensure that it is presented during decryption -- often used to scope an operation to a specific context. ### Does this PR introduce _any_ user-facing change? Yes, this change introduces two optional parameters to `aes_encrypt` and one optional parameter to `aes_decrypt`: ``` aes_encrypt(expr, key[, mode[, padding[, iv[, aad]]]]) aes_decrypt(expr, key[, mode[, padding[, iv]]]) ``` ### How was this patch tested? ``` build/sbt "sql/test:testOnly org.apache.spark.sql.DataFrameFunctionsSuite -- -z aes" ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org
