rdblue commented on code in PR #3231:
URL: https://github.com/apache/iceberg/pull/3231#discussion_r1278601932
##########
core/src/main/java/org/apache/iceberg/encryption/Ciphers.java:
##########
@@ -101,37 +117,52 @@ public AesGcmDecryptor(byte[] keyBytes) {
}
public byte[] decrypt(byte[] ciphertext, byte[] aad) {
- int plainTextLength = ciphertext.length - GCM_TAG_LENGTH - NONCE_LENGTH;
+ return decrypt(ciphertext, 0, ciphertext.length, aad);
+ }
+
+ public byte[] decrypt(
Review Comment:
I think that `TestCiphers` needs to have tests validating failure modes:
* If the supplied AAD is incorrect, decryption fails
* If the ciphertext is modified, decryption fails
Right now, only the happy path is tested, which doesn't validate the
intended authentication behavior using the tag.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
