Skip to content

HIVE-29392: Add Support for CTR and GCM cipher transformations in AES… #6257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tanishq-chugh wants to merge 2 commits into
base: master
Choose a base branch
from
Open

HIVE-29392: Add Support for CTR and GCM cipher transformations in AES… #6257

tanishq-chugh wants to merge 2 commits into from

Conversation

@tanishq-chugh
Copy link
Contributor

@tanishq-chugh tanishq-chugh commented Jan 5, 2026

… UDFs

What changes were proposed in this pull request?

Extend support for cipher transformations in AES UDFs with Counter (CTR) & Galois/Counter Mode (GCM) modes that provide stronger security as they use Initialization Vector.

Why are the changes needed?

Currently, The AES UDFs only support one cipher transformation - AES/ECB/PKCS5Padding, which is inherently weak, as it produces the same ciphertext for identical blocks of plain text.

Does this PR introduce any user-facing change?

No

How was this patch tested?

Manually Tested

ayushtkn
ayushtkn reviewed Jan 6, 2026
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A fundamental question: If I create a table using this UDF with say X as the session config in HIVE_UDF_AES_CIPHER_TRANSFORMATION and some Y in another session while reading. The data gets corrupted?

  • How do I figure it out once write what was the value of the config while writing?
  • If I wrote a column with say X as the value of the UDF and another existing column with Y as the value, how do I read both the columns in one query

@tanishq-chugh
Copy link
Contributor Author

tanishq-chugh commented Jan 6, 2026
edited
Loading

Thanks for checking this @ayushtkn , and the concern is absolutely valid. As of now, there's no way to figure out the value once write is done and also, using different values at time of write/read will lead to data corruption.

I am considering two options moving ahead.

  1. Going ahead with modifying the UDF definition of it allowing a maximum of 3 arguments instead of session level config.
    3rd argument being optional for this transformation value, with default to the current value. This is needed for backward compatibility.
    Figuring out the transformation value at the time of read, would still remain the user responsibility. (Query History could be of help here).

  2. In addition to modifying the UDF definition, Figuring out the mode at time of decryption could be automated if we have only GCM & AES (default mode) options, as falling back to legacy mode could be an option when decryption runs into AEADBadTagException.

Let me know your thoughts on this.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 7, 2026

Quality Gate Passed Quality Gate passed

Issues
10 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayushtkn ayushtkn ayushtkn left review comments

Assignees

No one assigned

Labels

tests passed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tanishq-chugh @ayushtkn @asf-ci-hive