[SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs #40969
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sweisdb
force-pushed
the
SPARK-43286
branch
2 times, most recently
from
d224b9b
to
9075e57
Compare
MaxGekk
requested changes
May 2, 2023
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java
Show resolved
Hide resolved
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java
Outdated
Show resolved
Hide resolved
...core/src/test/scala/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtilsSuite.scala
Outdated
Show resolved
Hide resolved
Updated to address this. |
|
@sweisdb Could you re-trigger GitHub actions, please. Highly likely the failure of the test org.apache.spark.storage.BlockManagerBasicStrategyReplicationSuite is not related to your changes but just in case let's re-run all tests. |
|
@MaxGekk Sure, that worked and it's all green now. |
|
+1, LGTM. Merging to master. |
|
@sweisdb Congratulations with your first contribution to Apache Spark! |
LuciferYang
pushed a commit
to LuciferYang/spark
that referenced
this pull request
May 10, 2023
### What changes were proposed in this pull request? The current implementation of AES-CBC mode called via `aes_encrypt` and `aes_decrypt` uses a key derivation function (KDF) based on OpenSSL's [EVP_BytesToKey](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html). This is intended for generating keys based on passwords and OpenSSL's documents discourage its use: "Newer applications should use a more modern algorithm". `aes_encrypt` and `aes_decrypt` should use the key directly in CBC mode, as it does for both GCM and ECB mode. The output should then be the initialization vector (IV) prepended to the ciphertext – as is done with GCM mode: `[16-byte randomly generated IV | AES-CBC encrypted ciphertext]` ### Why are the changes needed? We want to have the ciphertext output similar across different modes. OpenSSL's EVP_BytesToKey is effectively deprecated and their own documentation says not to use it. Instead, CBC mode will generate a random vector. ### Does this PR introduce _any_ user-facing change? AES-CBC output generated by the previous format will be incompatible with this change. That change was recently landed and we want to land this before CBC mode is used in practice. ### How was this patch tested? A new unit test in `DataFrameFunctionsSuite` was added to test both GCM and CBC modes. Also, a new standalone unit test suite was added in `ExpressionImplUtilsSuite` to test all the modes and various key lengths. ``` build/sbt "sql/test:testOnly org.apache.spark.sql.DataFrameFunctionsSuite" build/sbt "sql/test:testOnly org.apache.spark.sql.catalyst.expressions.ExpressionImplUtilsSuite" ``` CBC values can be verified with `openssl enc` using the following command: ``` echo -n "[INPUT]" | openssl enc -a -e -aes-256-cbc -iv [HEX IV] -K [HEX KEY] echo -n "Spark" | openssl enc -a -e -aes-256-cbc -iv f8c832cc9c61bac6151960a58e4edf86 -K 6162636465666768696a6b6c6d6e6f7031323334353637384142434445464748 ``` Closes apache#40969 from sweisdb/SPARK-43286. Authored-by: Steve Weis <steve.weis@databricks.com> Signed-off-by: Max Gekk <max.gekk@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
The current implementation of AES-CBC mode called via
aes_encryptandaes_decryptuses a key derivation function (KDF) based on OpenSSL's EVP_BytesToKey. This is intended for generating keys based on passwords and OpenSSL's documents discourage its use: "Newer applications should use a more modern algorithm".aes_encryptandaes_decryptshould use the key directly in CBC mode, as it does for both GCM and ECB mode. The output should then be the initialization vector (IV) prepended to the ciphertext – as is done with GCM mode:[16-byte randomly generated IV | AES-CBC encrypted ciphertext]Why are the changes needed?
We want to have the ciphertext output similar across different modes. OpenSSL's EVP_BytesToKey is effectively deprecated and their own documentation says not to use it. Instead, CBC mode will generate a random vector.
Does this PR introduce any user-facing change?
AES-CBC output generated by the previous format will be incompatible with this change. That change was recently landed and we want to land this before CBC mode is used in practice.
How was this patch tested?
A new unit test in
DataFrameFunctionsSuitewas added to test both GCM and CBC modes. Also, a new standalone unit test suite was added inExpressionImplUtilsSuiteto test all the modes and various key lengths.CBC values can be verified with
openssl encusing the following command: