1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
25 #include "parquet/schema.h"
29 namespace encryption
{
32 } // namespace encryption
34 class FileDecryptionProperties
;
36 class PARQUET_EXPORT Decryptor
{
38 Decryptor(encryption::AesDecryptor
* decryptor
, const std::string
& key
,
39 const std::string
& file_aad
, const std::string
& aad
,
40 ::arrow::MemoryPool
* pool
);
42 const std::string
& file_aad() const { return file_aad_
; }
43 void UpdateAad(const std::string
& aad
) { aad_
= aad
; }
44 ::arrow::MemoryPool
* pool() { return pool_
; }
46 int CiphertextSizeDelta();
47 int Decrypt(const uint8_t* ciphertext
, int ciphertext_len
, uint8_t* plaintext
);
50 encryption::AesDecryptor
* aes_decryptor_
;
52 std::string file_aad_
;
54 ::arrow::MemoryPool
* pool_
;
57 class InternalFileDecryptor
{
59 explicit InternalFileDecryptor(FileDecryptionProperties
* properties
,
60 const std::string
& file_aad
,
61 ParquetCipher::type algorithm
,
62 const std::string
& footer_key_metadata
,
63 ::arrow::MemoryPool
* pool
);
65 std::string
& file_aad() { return file_aad_
; }
67 std::string
GetFooterKey();
69 ParquetCipher::type
algorithm() { return algorithm_
; }
71 std::string
& footer_key_metadata() { return footer_key_metadata_
; }
73 FileDecryptionProperties
* properties() { return properties_
; }
75 void WipeOutDecryptionKeys();
77 ::arrow::MemoryPool
* pool() { return pool_
; }
79 std::shared_ptr
<Decryptor
> GetFooterDecryptor();
80 std::shared_ptr
<Decryptor
> GetFooterDecryptorForColumnMeta(const std::string
& aad
= "");
81 std::shared_ptr
<Decryptor
> GetFooterDecryptorForColumnData(const std::string
& aad
= "");
82 std::shared_ptr
<Decryptor
> GetColumnMetaDecryptor(
83 const std::string
& column_path
, const std::string
& column_key_metadata
,
84 const std::string
& aad
= "");
85 std::shared_ptr
<Decryptor
> GetColumnDataDecryptor(
86 const std::string
& column_path
, const std::string
& column_key_metadata
,
87 const std::string
& aad
= "");
90 FileDecryptionProperties
* properties_
;
91 // Concatenation of aad_prefix (if exists) and aad_file_unique
92 std::string file_aad_
;
93 std::map
<std::string
, std::shared_ptr
<Decryptor
>> column_data_map_
;
94 std::map
<std::string
, std::shared_ptr
<Decryptor
>> column_metadata_map_
;
96 std::shared_ptr
<Decryptor
> footer_metadata_decryptor_
;
97 std::shared_ptr
<Decryptor
> footer_data_decryptor_
;
98 ParquetCipher::type algorithm_
;
99 std::string footer_key_metadata_
;
100 std::vector
<encryption::AesDecryptor
*> all_decryptors_
;
102 /// Key must be 16, 24 or 32 bytes in length. Thus there could be up to three
103 // types of meta_decryptors and data_decryptors.
104 std::unique_ptr
<encryption::AesDecryptor
> meta_decryptor_
[3];
105 std::unique_ptr
<encryption::AesDecryptor
> data_decryptor_
[3];
107 ::arrow::MemoryPool
* pool_
;
109 std::shared_ptr
<Decryptor
> GetFooterDecryptor(const std::string
& aad
, bool metadata
);
110 std::shared_ptr
<Decryptor
> GetColumnDecryptor(const std::string
& column_path
,
111 const std::string
& column_key_metadata
,
112 const std::string
& aad
,
113 bool metadata
= false);
115 encryption::AesDecryptor
* GetMetaAesDecryptor(size_t key_size
);
116 encryption::AesDecryptor
* GetDataAesDecryptor(size_t key_size
);
118 int MapKeyLenToDecryptorArrayIndex(int key_len
);
121 } // namespace parquet