]>
Commit | Line | Data |
---|---|---|
1d09f67e TL |
1 | // Licensed to the Apache Software Foundation (ASF) under one |
2 | // or more contributor license agreements. See the NOTICE file | |
3 | // distributed with this work for additional information | |
4 | // regarding copyright ownership. The ASF licenses this file | |
5 | // to you under the Apache License, Version 2.0 (the | |
6 | // "License"); you may not use this file except in compliance | |
7 | // with the License. You may obtain a copy of the License at | |
8 | // | |
9 | // http://www.apache.org/licenses/LICENSE-2.0 | |
10 | // | |
11 | // Unless required by applicable law or agreed to in writing, | |
12 | // software distributed under the License is distributed on an | |
13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
14 | // KIND, either express or implied. See the License for the | |
15 | // specific language governing permissions and limitations | |
16 | // under the License. | |
17 | ||
18 | #pragma once | |
19 | ||
20 | #include <map> | |
21 | #include <memory> | |
22 | #include <string> | |
23 | #include <vector> | |
24 | ||
25 | #include "parquet/schema.h" | |
26 | ||
27 | namespace parquet { | |
28 | ||
29 | namespace encryption { | |
30 | class AesDecryptor; | |
31 | class AesEncryptor; | |
32 | } // namespace encryption | |
33 | ||
34 | class FileDecryptionProperties; | |
35 | ||
36 | class PARQUET_EXPORT Decryptor { | |
37 | public: | |
38 | Decryptor(encryption::AesDecryptor* decryptor, const std::string& key, | |
39 | const std::string& file_aad, const std::string& aad, | |
40 | ::arrow::MemoryPool* pool); | |
41 | ||
42 | const std::string& file_aad() const { return file_aad_; } | |
43 | void UpdateAad(const std::string& aad) { aad_ = aad; } | |
44 | ::arrow::MemoryPool* pool() { return pool_; } | |
45 | ||
46 | int CiphertextSizeDelta(); | |
47 | int Decrypt(const uint8_t* ciphertext, int ciphertext_len, uint8_t* plaintext); | |
48 | ||
49 | private: | |
50 | encryption::AesDecryptor* aes_decryptor_; | |
51 | std::string key_; | |
52 | std::string file_aad_; | |
53 | std::string aad_; | |
54 | ::arrow::MemoryPool* pool_; | |
55 | }; | |
56 | ||
57 | class InternalFileDecryptor { | |
58 | public: | |
59 | explicit InternalFileDecryptor(FileDecryptionProperties* properties, | |
60 | const std::string& file_aad, | |
61 | ParquetCipher::type algorithm, | |
62 | const std::string& footer_key_metadata, | |
63 | ::arrow::MemoryPool* pool); | |
64 | ||
65 | std::string& file_aad() { return file_aad_; } | |
66 | ||
67 | std::string GetFooterKey(); | |
68 | ||
69 | ParquetCipher::type algorithm() { return algorithm_; } | |
70 | ||
71 | std::string& footer_key_metadata() { return footer_key_metadata_; } | |
72 | ||
73 | FileDecryptionProperties* properties() { return properties_; } | |
74 | ||
75 | void WipeOutDecryptionKeys(); | |
76 | ||
77 | ::arrow::MemoryPool* pool() { return pool_; } | |
78 | ||
79 | std::shared_ptr<Decryptor> GetFooterDecryptor(); | |
80 | std::shared_ptr<Decryptor> GetFooterDecryptorForColumnMeta(const std::string& aad = ""); | |
81 | std::shared_ptr<Decryptor> GetFooterDecryptorForColumnData(const std::string& aad = ""); | |
82 | std::shared_ptr<Decryptor> GetColumnMetaDecryptor( | |
83 | const std::string& column_path, const std::string& column_key_metadata, | |
84 | const std::string& aad = ""); | |
85 | std::shared_ptr<Decryptor> GetColumnDataDecryptor( | |
86 | const std::string& column_path, const std::string& column_key_metadata, | |
87 | const std::string& aad = ""); | |
88 | ||
89 | private: | |
90 | FileDecryptionProperties* properties_; | |
91 | // Concatenation of aad_prefix (if exists) and aad_file_unique | |
92 | std::string file_aad_; | |
93 | std::map<std::string, std::shared_ptr<Decryptor>> column_data_map_; | |
94 | std::map<std::string, std::shared_ptr<Decryptor>> column_metadata_map_; | |
95 | ||
96 | std::shared_ptr<Decryptor> footer_metadata_decryptor_; | |
97 | std::shared_ptr<Decryptor> footer_data_decryptor_; | |
98 | ParquetCipher::type algorithm_; | |
99 | std::string footer_key_metadata_; | |
100 | std::vector<encryption::AesDecryptor*> all_decryptors_; | |
101 | ||
102 | /// Key must be 16, 24 or 32 bytes in length. Thus there could be up to three | |
103 | // types of meta_decryptors and data_decryptors. | |
104 | std::unique_ptr<encryption::AesDecryptor> meta_decryptor_[3]; | |
105 | std::unique_ptr<encryption::AesDecryptor> data_decryptor_[3]; | |
106 | ||
107 | ::arrow::MemoryPool* pool_; | |
108 | ||
109 | std::shared_ptr<Decryptor> GetFooterDecryptor(const std::string& aad, bool metadata); | |
110 | std::shared_ptr<Decryptor> GetColumnDecryptor(const std::string& column_path, | |
111 | const std::string& column_key_metadata, | |
112 | const std::string& aad, | |
113 | bool metadata = false); | |
114 | ||
115 | encryption::AesDecryptor* GetMetaAesDecryptor(size_t key_size); | |
116 | encryption::AesDecryptor* GetDataAesDecryptor(size_t key_size); | |
117 | ||
118 | int MapKeyLenToDecryptorArrayIndex(int key_len); | |
119 | }; | |
120 | ||
121 | } // namespace parquet |