1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
25 #include "parquet/encryption/encryption.h"
26 #include "parquet/schema.h"
30 namespace encryption
{
32 } // namespace encryption
34 class FileEncryptionProperties
;
35 class ColumnEncryptionProperties
;
37 class PARQUET_EXPORT Encryptor
{
39 Encryptor(encryption::AesEncryptor
* aes_encryptor
, const std::string
& key
,
40 const std::string
& file_aad
, const std::string
& aad
,
41 ::arrow::MemoryPool
* pool
);
42 const std::string
& file_aad() { return file_aad_
; }
43 void UpdateAad(const std::string
& aad
) { aad_
= aad
; }
44 ::arrow::MemoryPool
* pool() { return pool_
; }
46 int CiphertextSizeDelta();
47 int Encrypt(const uint8_t* plaintext
, int plaintext_len
, uint8_t* ciphertext
);
49 bool EncryptColumnMetaData(
50 bool encrypted_footer
,
51 const std::shared_ptr
<ColumnEncryptionProperties
>& column_encryption_properties
) {
52 // if column is not encrypted then do not encrypt the column metadata
53 if (!column_encryption_properties
|| !column_encryption_properties
->is_encrypted())
55 // if plaintext footer then encrypt the column metadata
56 if (!encrypted_footer
) return true;
57 // if column is not encrypted with footer key then encrypt the column metadata
58 return !column_encryption_properties
->is_encrypted_with_footer_key();
62 encryption::AesEncryptor
* aes_encryptor_
;
64 std::string file_aad_
;
66 ::arrow::MemoryPool
* pool_
;
69 class InternalFileEncryptor
{
71 explicit InternalFileEncryptor(FileEncryptionProperties
* properties
,
72 ::arrow::MemoryPool
* pool
);
74 std::shared_ptr
<Encryptor
> GetFooterEncryptor();
75 std::shared_ptr
<Encryptor
> GetFooterSigningEncryptor();
76 std::shared_ptr
<Encryptor
> GetColumnMetaEncryptor(const std::string
& column_path
);
77 std::shared_ptr
<Encryptor
> GetColumnDataEncryptor(const std::string
& column_path
);
78 void WipeOutEncryptionKeys();
81 FileEncryptionProperties
* properties_
;
83 std::map
<std::string
, std::shared_ptr
<Encryptor
>> column_data_map_
;
84 std::map
<std::string
, std::shared_ptr
<Encryptor
>> column_metadata_map_
;
86 std::shared_ptr
<Encryptor
> footer_signing_encryptor_
;
87 std::shared_ptr
<Encryptor
> footer_encryptor_
;
89 std::vector
<encryption::AesEncryptor
*> all_encryptors_
;
91 // Key must be 16, 24 or 32 bytes in length. Thus there could be up to three
92 // types of meta_encryptors and data_encryptors.
93 std::unique_ptr
<encryption::AesEncryptor
> meta_encryptor_
[3];
94 std::unique_ptr
<encryption::AesEncryptor
> data_encryptor_
[3];
96 ::arrow::MemoryPool
* pool_
;
98 std::shared_ptr
<Encryptor
> GetColumnEncryptor(const std::string
& column_path
,
101 encryption::AesEncryptor
* GetMetaAesEncryptor(ParquetCipher::type algorithm
,
103 encryption::AesEncryptor
* GetDataAesEncryptor(ParquetCipher::type algorithm
,
106 int MapKeyLenToEncryptorArrayIndex(int key_len
);
109 } // namespace parquet