]>
Commit | Line | Data |
---|---|---|
1d09f67e TL |
1 | // Licensed to the Apache Software Foundation (ASF) under one |
2 | // or more contributor license agreements. See the NOTICE file | |
3 | // distributed with this work for additional information | |
4 | // regarding copyright ownership. The ASF licenses this file | |
5 | // to you under the Apache License, Version 2.0 (the | |
6 | // "License"); you may not use this file except in compliance | |
7 | // with the License. You may obtain a copy of the License at | |
8 | // | |
9 | // http://www.apache.org/licenses/LICENSE-2.0 | |
10 | // | |
11 | // Unless required by applicable law or agreed to in writing, | |
12 | // software distributed under the License is distributed on an | |
13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
14 | // KIND, either express or implied. See the License for the | |
15 | // specific language governing permissions and limitations | |
16 | // under the License. | |
17 | ||
18 | #pragma once | |
19 | ||
20 | #include <map> | |
21 | #include <memory> | |
22 | #include <string> | |
23 | #include <vector> | |
24 | ||
25 | #include "parquet/encryption/encryption.h" | |
26 | #include "parquet/schema.h" | |
27 | ||
28 | namespace parquet { | |
29 | ||
30 | namespace encryption { | |
31 | class AesEncryptor; | |
32 | } // namespace encryption | |
33 | ||
34 | class FileEncryptionProperties; | |
35 | class ColumnEncryptionProperties; | |
36 | ||
37 | class PARQUET_EXPORT Encryptor { | |
38 | public: | |
39 | Encryptor(encryption::AesEncryptor* aes_encryptor, const std::string& key, | |
40 | const std::string& file_aad, const std::string& aad, | |
41 | ::arrow::MemoryPool* pool); | |
42 | const std::string& file_aad() { return file_aad_; } | |
43 | void UpdateAad(const std::string& aad) { aad_ = aad; } | |
44 | ::arrow::MemoryPool* pool() { return pool_; } | |
45 | ||
46 | int CiphertextSizeDelta(); | |
47 | int Encrypt(const uint8_t* plaintext, int plaintext_len, uint8_t* ciphertext); | |
48 | ||
49 | bool EncryptColumnMetaData( | |
50 | bool encrypted_footer, | |
51 | const std::shared_ptr<ColumnEncryptionProperties>& column_encryption_properties) { | |
52 | // if column is not encrypted then do not encrypt the column metadata | |
53 | if (!column_encryption_properties || !column_encryption_properties->is_encrypted()) | |
54 | return false; | |
55 | // if plaintext footer then encrypt the column metadata | |
56 | if (!encrypted_footer) return true; | |
57 | // if column is not encrypted with footer key then encrypt the column metadata | |
58 | return !column_encryption_properties->is_encrypted_with_footer_key(); | |
59 | } | |
60 | ||
61 | private: | |
62 | encryption::AesEncryptor* aes_encryptor_; | |
63 | std::string key_; | |
64 | std::string file_aad_; | |
65 | std::string aad_; | |
66 | ::arrow::MemoryPool* pool_; | |
67 | }; | |
68 | ||
69 | class InternalFileEncryptor { | |
70 | public: | |
71 | explicit InternalFileEncryptor(FileEncryptionProperties* properties, | |
72 | ::arrow::MemoryPool* pool); | |
73 | ||
74 | std::shared_ptr<Encryptor> GetFooterEncryptor(); | |
75 | std::shared_ptr<Encryptor> GetFooterSigningEncryptor(); | |
76 | std::shared_ptr<Encryptor> GetColumnMetaEncryptor(const std::string& column_path); | |
77 | std::shared_ptr<Encryptor> GetColumnDataEncryptor(const std::string& column_path); | |
78 | void WipeOutEncryptionKeys(); | |
79 | ||
80 | private: | |
81 | FileEncryptionProperties* properties_; | |
82 | ||
83 | std::map<std::string, std::shared_ptr<Encryptor>> column_data_map_; | |
84 | std::map<std::string, std::shared_ptr<Encryptor>> column_metadata_map_; | |
85 | ||
86 | std::shared_ptr<Encryptor> footer_signing_encryptor_; | |
87 | std::shared_ptr<Encryptor> footer_encryptor_; | |
88 | ||
89 | std::vector<encryption::AesEncryptor*> all_encryptors_; | |
90 | ||
91 | // Key must be 16, 24 or 32 bytes in length. Thus there could be up to three | |
92 | // types of meta_encryptors and data_encryptors. | |
93 | std::unique_ptr<encryption::AesEncryptor> meta_encryptor_[3]; | |
94 | std::unique_ptr<encryption::AesEncryptor> data_encryptor_[3]; | |
95 | ||
96 | ::arrow::MemoryPool* pool_; | |
97 | ||
98 | std::shared_ptr<Encryptor> GetColumnEncryptor(const std::string& column_path, | |
99 | bool metadata); | |
100 | ||
101 | encryption::AesEncryptor* GetMetaAesEncryptor(ParquetCipher::type algorithm, | |
102 | size_t key_len); | |
103 | encryption::AesEncryptor* GetDataAesEncryptor(ParquetCipher::type algorithm, | |
104 | size_t key_len); | |
105 | ||
106 | int MapKeyLenToEncryptorArrayIndex(int key_len); | |
107 | }; | |
108 | ||
109 | } // namespace parquet |