projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 1d09f67e TL |
1 | // Licensed to the Apache Software Foundation (ASF) under one |
| 2 | // or more contributor license agreements. See the NOTICE file | |
| 3 | // distributed with this work for additional information | |
| 4 | // regarding copyright ownership. The ASF licenses this file | |
| 5 | // to you under the Apache License, Version 2.0 (the | |
| 6 | // "License"); you may not use this file except in compliance | |
| 7 | // with the License. You may obtain a copy of the License at | |
| 8 | // | |
| 9 | // http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 | // | |
| 11 | // Unless required by applicable law or agreed to in writing, | |
| 12 | // software distributed under the License is distributed on an | |
| 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| 14 | // KIND, either express or implied. See the License for the | |
| 15 | // specific language governing permissions and limitations | |
| 16 | // under the License. | |
| 17 | ||
| 18 | #pragma once | |
| 19 | ||
| 20 | #include <map> | |
| 21 | #include <memory> | |
| 22 | #include <string> | |
| 23 | #include <vector> | |
| 24 | ||
| 25 | #include "parquet/schema.h" | |
| 26 | ||
| 27 | namespace parquet { | |
| 28 | ||
| 29 | namespace encryption { | |
| 30 | class AesDecryptor; | |
| 31 | class AesEncryptor; | |
| 32 | } // namespace encryption | |
| 33 | ||
| 34 | class FileDecryptionProperties; | |
| 35 | ||
| 36 | class PARQUET_EXPORT Decryptor { | |
| 37 | public: | |
| 38 | Decryptor(encryption::AesDecryptor* decryptor, const std::string& key, | |
| 39 | const std::string& file_aad, const std::string& aad, | |
| 40 | ::arrow::MemoryPool* pool); | |
| 41 | ||
| 42 | const std::string& file_aad() const { return file_aad_; } | |
| 43 | void UpdateAad(const std::string& aad) { aad_ = aad; } | |
| 44 | ::arrow::MemoryPool* pool() { return pool_; } | |
| 45 | ||
| 46 | int CiphertextSizeDelta(); | |
| 47 | int Decrypt(const uint8_t* ciphertext, int ciphertext_len, uint8_t* plaintext); | |
| 48 | ||
| 49 | private: | |
| 50 | encryption::AesDecryptor* aes_decryptor_; | |
| 51 | std::string key_; | |
| 52 | std::string file_aad_; | |
| 53 | std::string aad_; | |
| 54 | ::arrow::MemoryPool* pool_; | |
| 55 | }; | |
| 56 | ||
| 57 | class InternalFileDecryptor { | |
| 58 | public: | |
| 59 | explicit InternalFileDecryptor(FileDecryptionProperties* properties, | |
| 60 | const std::string& file_aad, | |
| 61 | ParquetCipher::type algorithm, | |
| 62 | const std::string& footer_key_metadata, | |
| 63 | ::arrow::MemoryPool* pool); | |
| 64 | ||
| 65 | std::string& file_aad() { return file_aad_; } | |
| 66 | ||
| 67 | std::string GetFooterKey(); | |
| 68 | ||
| 69 | ParquetCipher::type algorithm() { return algorithm_; } | |
| 70 | ||
| 71 | std::string& footer_key_metadata() { return footer_key_metadata_; } | |
| 72 | ||
| 73 | FileDecryptionProperties* properties() { return properties_; } | |
| 74 | ||
| 75 | void WipeOutDecryptionKeys(); | |
| 76 | ||
| 77 | ::arrow::MemoryPool* pool() { return pool_; } | |
| 78 | ||
| 79 | std::shared_ptr<Decryptor> GetFooterDecryptor(); | |
| 80 | std::shared_ptr<Decryptor> GetFooterDecryptorForColumnMeta(const std::string& aad = ""); | |
| 81 | std::shared_ptr<Decryptor> GetFooterDecryptorForColumnData(const std::string& aad = ""); | |
| 82 | std::shared_ptr<Decryptor> GetColumnMetaDecryptor( | |
| 83 | const std::string& column_path, const std::string& column_key_metadata, | |
| 84 | const std::string& aad = ""); | |
| 85 | std::shared_ptr<Decryptor> GetColumnDataDecryptor( | |
| 86 | const std::string& column_path, const std::string& column_key_metadata, | |
| 87 | const std::string& aad = ""); | |
| 88 | ||
| 89 | private: | |
| 90 | FileDecryptionProperties* properties_; | |
| 91 | // Concatenation of aad_prefix (if exists) and aad_file_unique | |
| 92 | std::string file_aad_; | |
| 93 | std::map<std::string, std::shared_ptr<Decryptor>> column_data_map_; | |
| 94 | std::map<std::string, std::shared_ptr<Decryptor>> column_metadata_map_; | |
| 95 | ||
| 96 | std::shared_ptr<Decryptor> footer_metadata_decryptor_; | |
| 97 | std::shared_ptr<Decryptor> footer_data_decryptor_; | |
| 98 | ParquetCipher::type algorithm_; | |
| 99 | std::string footer_key_metadata_; | |
| 100 | std::vector<encryption::AesDecryptor*> all_decryptors_; | |
| 101 | ||
| 102 | /// Key must be 16, 24 or 32 bytes in length. Thus there could be up to three | |
| 103 | // types of meta_decryptors and data_decryptors. | |
| 104 | std::unique_ptr<encryption::AesDecryptor> meta_decryptor_[3]; | |
| 105 | std::unique_ptr<encryption::AesDecryptor> data_decryptor_[3]; | |
| 106 | ||
| 107 | ::arrow::MemoryPool* pool_; | |
| 108 | ||
| 109 | std::shared_ptr<Decryptor> GetFooterDecryptor(const std::string& aad, bool metadata); | |
| 110 | std::shared_ptr<Decryptor> GetColumnDecryptor(const std::string& column_path, | |
| 111 | const std::string& column_key_metadata, | |
| 112 | const std::string& aad, | |
| 113 | bool metadata = false); | |
| 114 | ||
| 115 | encryption::AesDecryptor* GetMetaAesDecryptor(size_t key_size); | |
| 116 | encryption::AesDecryptor* GetDataAesDecryptor(size_t key_size); | |
| 117 | ||
| 118 | int MapKeyLenToDecryptorArrayIndex(int key_len); | |
| 119 | }; | |
| 120 | ||
| 121 | } // namespace parquet |