[ceph.git] / ceph / src / arrow / cpp / src / parquet / encryption / internal_file_encryptor.h

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

#pragma once

#include <map>
#include <memory>
#include <string>
#include <vector>

#include "parquet/encryption/encryption.h"
#include "parquet/schema.h"

namespace parquet {

namespace encryption {
class AesEncryptor;
}  // namespace encryption

class FileEncryptionProperties;
class ColumnEncryptionProperties;

class PARQUET_EXPORT Encryptor {
 public:
  Encryptor(encryption::AesEncryptor* aes_encryptor, const std::string& key,
            const std::string& file_aad, const std::string& aad,
            ::arrow::MemoryPool* pool);
  const std::string& file_aad() { return file_aad_; }
  void UpdateAad(const std::string& aad) { aad_ = aad; }
  ::arrow::MemoryPool* pool() { return pool_; }

  int CiphertextSizeDelta();
  int Encrypt(const uint8_t* plaintext, int plaintext_len, uint8_t* ciphertext);

  bool EncryptColumnMetaData(
      bool encrypted_footer,
      const std::shared_ptr<ColumnEncryptionProperties>& column_encryption_properties) {
    // if column is not encrypted then do not encrypt the column metadata
    if (!column_encryption_properties || !column_encryption_properties->is_encrypted())
      return false;
    // if plaintext footer then encrypt the column metadata
    if (!encrypted_footer) return true;
    // if column is not encrypted with footer key then encrypt the column metadata
    return !column_encryption_properties->is_encrypted_with_footer_key();
  }

 private:
  encryption::AesEncryptor* aes_encryptor_;
  std::string key_;
  std::string file_aad_;
  std::string aad_;
  ::arrow::MemoryPool* pool_;
};

class InternalFileEncryptor {
 public:
  explicit InternalFileEncryptor(FileEncryptionProperties* properties,
                                 ::arrow::MemoryPool* pool);

  std::shared_ptr<Encryptor> GetFooterEncryptor();
  std::shared_ptr<Encryptor> GetFooterSigningEncryptor();
  std::shared_ptr<Encryptor> GetColumnMetaEncryptor(const std::string& column_path);
  std::shared_ptr<Encryptor> GetColumnDataEncryptor(const std::string& column_path);
  void WipeOutEncryptionKeys();

 private:
  FileEncryptionProperties* properties_;

  std::map<std::string, std::shared_ptr<Encryptor>> column_data_map_;
  std::map<std::string, std::shared_ptr<Encryptor>> column_metadata_map_;

  std::shared_ptr<Encryptor> footer_signing_encryptor_;
  std::shared_ptr<Encryptor> footer_encryptor_;

  std::vector<encryption::AesEncryptor*> all_encryptors_;

  // Key must be 16, 24 or 32 bytes in length. Thus there could be up to three
  // types of meta_encryptors and data_encryptors.
  std::unique_ptr<encryption::AesEncryptor> meta_encryptor_[3];
  std::unique_ptr<encryption::AesEncryptor> data_encryptor_[3];

  ::arrow::MemoryPool* pool_;

  std::shared_ptr<Encryptor> GetColumnEncryptor(const std::string& column_path,
                                                bool metadata);

  encryption::AesEncryptor* GetMetaAesEncryptor(ParquetCipher::type algorithm,
                                                size_t key_len);
  encryption::AesEncryptor* GetDataAesEncryptor(ParquetCipher::type algorithm,
                                                size_t key_len);

  int MapKeyLenToEncryptorArrayIndex(int key_len);
};

}  // namespace parquet
Commit	Line	Data
1d09f67e TL	1	// Licensed to the Apache Software Foundation (ASF) under one
	2	// or more contributor license agreements. See the NOTICE file
	3	// distributed with this work for additional information
	4	// regarding copyright ownership. The ASF licenses this file
	5	// to you under the Apache License, Version 2.0 (the
	6	// "License"); you may not use this file except in compliance
	7	// with the License. You may obtain a copy of the License at
	8	//
	9	// http://www.apache.org/licenses/LICENSE-2.0
	10	//
	11	// Unless required by applicable law or agreed to in writing,
	12	// software distributed under the License is distributed on an
	13	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	14	// KIND, either express or implied. See the License for the
	15	// specific language governing permissions and limitations
	16	// under the License.
	17
	18	#pragma once
	19
	20	#include <map>
	21	#include <memory>
	22	#include <string>
	23	#include <vector>
	24
	25	#include "parquet/encryption/encryption.h"
	26	#include "parquet/schema.h"
	27
	28	namespace parquet {
	29
	30	namespace encryption {
	31	class AesEncryptor;
	32	} // namespace encryption
	33
	34	class FileEncryptionProperties;
	35	class ColumnEncryptionProperties;
	36
	37	class PARQUET_EXPORT Encryptor {
	38	public:
	39	Encryptor(encryption::AesEncryptor* aes_encryptor, const std::string& key,
	40	const std::string& file_aad, const std::string& aad,
	41	::arrow::MemoryPool* pool);
	42	const std::string& file_aad() { return file_aad_; }
	43	void UpdateAad(const std::string& aad) { aad_ = aad; }
	44	::arrow::MemoryPool* pool() { return pool_; }
	45
	46	int CiphertextSizeDelta();
	47	int Encrypt(const uint8_t* plaintext, int plaintext_len, uint8_t* ciphertext);
	48
	49	bool EncryptColumnMetaData(
	50	bool encrypted_footer,
	51	const std::shared_ptr<ColumnEncryptionProperties>& column_encryption_properties) {
	52	// if column is not encrypted then do not encrypt the column metadata
	53	if (!column_encryption_properties \|\| !column_encryption_properties->is_encrypted())
	54	return false;
	55	// if plaintext footer then encrypt the column metadata
	56	if (!encrypted_footer) return true;
	57	// if column is not encrypted with footer key then encrypt the column metadata
	58	return !column_encryption_properties->is_encrypted_with_footer_key();
	59	}
	60
	61	private:
	62	encryption::AesEncryptor* aes_encryptor_;
	63	std::string key_;
	64	std::string file_aad_;
65	std::string aad_;
66	::arrow::MemoryPool* pool_;
67	};
68
69	class InternalFileEncryptor {
70	public:
71	explicit InternalFileEncryptor(FileEncryptionProperties* properties,
72	::arrow::MemoryPool* pool);
73
74	std::shared_ptr<Encryptor> GetFooterEncryptor();
75	std::shared_ptr<Encryptor> GetFooterSigningEncryptor();
76	std::shared_ptr<Encryptor> GetColumnMetaEncryptor(const std::string& column_path);
77	std::shared_ptr<Encryptor> GetColumnDataEncryptor(const std::string& column_path);
78	void WipeOutEncryptionKeys();
79
80	private:
81	FileEncryptionProperties* properties_;
82
83	std::map<std::string, std::shared_ptr<Encryptor>> column_data_map_;
84	std::map<std::string, std::shared_ptr<Encryptor>> column_metadata_map_;
85
86	std::shared_ptr<Encryptor> footer_signing_encryptor_;
87	std::shared_ptr<Encryptor> footer_encryptor_;
88
89	std::vector<encryption::AesEncryptor*> all_encryptors_;
90
91	// Key must be 16, 24 or 32 bytes in length. Thus there could be up to three
92	// types of meta_encryptors and data_encryptors.
93	std::unique_ptr<encryption::AesEncryptor> meta_encryptor_[3];
94	std::unique_ptr<encryption::AesEncryptor> data_encryptor_[3];
95
96	::arrow::MemoryPool* pool_;
97
98	std::shared_ptr<Encryptor> GetColumnEncryptor(const std::string& column_path,
99	bool metadata);
100
101	encryption::AesEncryptor* GetMetaAesEncryptor(ParquetCipher::type algorithm,
102	size_t key_len);
103	encryption::AesEncryptor* GetDataAesEncryptor(ParquetCipher::type algorithm,
104	size_t key_len);
105
106	int MapKeyLenToEncryptorArrayIndex(int key_len);
107	};
108
109	} // namespace parquet