xanderbailey commented on code in PR #2584:
URL: https://github.com/apache/iceberg-rust/pull/2584#discussion_r3577048877


##########
crates/iceberg/src/encryption/key_metadata.rs:
##########
@@ -97,7 +97,17 @@ impl StandardKeyMetadata {
 
     /// Decodes from Java-compatible format.
     pub fn decode(bytes: &[u8]) -> Result<Self> {
-        _serde::StandardKeyMetadataV1::decode(bytes).map(Self::from)
+        let metadata = 
_serde::StandardKeyMetadataV1::decode(bytes).map(Self::from)?;
+        // Validate the DEK is a usable AES key (16/24/32 bytes) up front, so a
+        // malformed key surfaces a clear error.
+        SecureKey::new(metadata.encryption_key.as_bytes()).map_err(|e| {

Review Comment:
   I think it's okay since `decode` is the trust boundary where an "attacker" 
would try and use incorrect standard metadata. I'm happy to add it to `new` and 
`From` but I don't think it's required. I can create an issue to do it as a 
follow-up but it would require returning `Result` which is a break and a small 
refactor. WDYT?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to