ceph/src/s3select/include/internal_file_decryptor.h

   1 // Licensed to the Apache Software Foundation (ASF) under one
   2 // or more contributor license agreements.  See the NOTICE file
   3 // distributed with this work for additional information
   4 // regarding copyright ownership.  The ASF licenses this file
   5 // to you under the Apache License, Version 2.0 (the
   6 // "License"); you may not use this file except in compliance
   7 // with the License.  You may obtain a copy of the License at
   8 //
   9 //   http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing,
  12 // software distributed under the License is distributed on an
  13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  14 // KIND, either express or implied.  See the License for the
  15 // specific language governing permissions and limitations
  16 // under the License.
  17
  18 #pragma once
  19
  20 #include <map>
  21 #include <memory>
  22 #include <string>
  23 #include <vector>
  24
  25 #include "parquet/schema.h"
  26
  27 namespace parquet {
  28
  29 namespace encryption {
  30 class AesDecryptor;
  31 class AesEncryptor;
  32 }  // namespace encryption
  33
  34 class FileDecryptionProperties;
  35
  36 class PARQUET_EXPORT Decryptor {
  37  public:
  38   Decryptor(encryption::AesDecryptor* decryptor, const std::string& key,
  39             const std::string& file_aad, const std::string& aad,
  40             ::arrow::MemoryPool* pool);
  41
  42   const std::string& file_aad() const { return file_aad_; }
  43   void UpdateAad(const std::string& aad) { aad_ = aad; }
  44   ::arrow::MemoryPool* pool() { return pool_; }
  45
  46   int CiphertextSizeDelta();
  47   int Decrypt(const uint8_t* ciphertext, int ciphertext_len, uint8_t* plaintext);
  48
  49  private:
  50   encryption::AesDecryptor* aes_decryptor_;
  51   std::string key_;
  52   std::string file_aad_;
  53   std::string aad_;
  54   ::arrow::MemoryPool* pool_;
  55 };
  56
  57 class InternalFileDecryptor {
  58  public:
  59   explicit InternalFileDecryptor(FileDecryptionProperties* properties,
  60                                  const std::string& file_aad,
  61                                  ParquetCipher::type algorithm,
  62                                  const std::string& footer_key_metadata,
  63                                  ::arrow::MemoryPool* pool);
  64
  65   std::string& file_aad() { return file_aad_; }
  66
  67   std::string GetFooterKey();
  68
  69   ParquetCipher::type algorithm() { return algorithm_; }
  70
  71   std::string& footer_key_metadata() { return footer_key_metadata_; }
  72
  73   FileDecryptionProperties* properties() { return properties_; }
  74
  75   void WipeOutDecryptionKeys();
  76
  77   ::arrow::MemoryPool* pool() { return pool_; }
  78
  79   std::shared_ptr<Decryptor> GetFooterDecryptor();
  80   std::shared_ptr<Decryptor> GetFooterDecryptorForColumnMeta(const std::string& aad = "");
  81   std::shared_ptr<Decryptor> GetFooterDecryptorForColumnData(const std::string& aad = "");
  82   std::shared_ptr<Decryptor> GetColumnMetaDecryptor(
  83       const std::string& column_path, const std::string& column_key_metadata,
  84       const std::string& aad = "");
  85   std::shared_ptr<Decryptor> GetColumnDataDecryptor(
  86       const std::string& column_path, const std::string& column_key_metadata,
  87       const std::string& aad = "");
  88
  89  private:
  90   FileDecryptionProperties* properties_;
  91   // Concatenation of aad_prefix (if exists) and aad_file_unique
  92   std::string file_aad_;
  93   std::map<std::string, std::shared_ptr<Decryptor>> column_data_map_;
  94   std::map<std::string, std::shared_ptr<Decryptor>> column_metadata_map_;
  95
  96   std::shared_ptr<Decryptor> footer_metadata_decryptor_;
  97   std::shared_ptr<Decryptor> footer_data_decryptor_;
  98   ParquetCipher::type algorithm_;
  99   std::string footer_key_metadata_;
 100   std::vector<encryption::AesDecryptor*> all_decryptors_;
 101
 102   /// Key must be 16, 24 or 32 bytes in length. Thus there could be up to three
 103   // types of meta_decryptors and data_decryptors.
 104   std::unique_ptr<encryption::AesDecryptor> meta_decryptor_[3];
 105   std::unique_ptr<encryption::AesDecryptor> data_decryptor_[3];
 106
 107   ::arrow::MemoryPool* pool_;
 108
 109   std::shared_ptr<Decryptor> GetFooterDecryptor(const std::string& aad, bool metadata);
 110   std::shared_ptr<Decryptor> GetColumnDecryptor(const std::string& column_path,
 111                                                 const std::string& column_key_metadata,
 112                                                 const std::string& aad,
 113                                                 bool metadata = false);
 114
 115   encryption::AesDecryptor* GetMetaAesDecryptor(size_t key_size);
 116   encryption::AesDecryptor* GetDataAesDecryptor(size_t key_size);
 117
 118   int MapKeyLenToDecryptorArrayIndex(int key_len);
 119 };
 120
 121 }  // namespace parquet