]> git.proxmox.com Git - ceph.git/blob - ceph/src/arrow/cpp/src/parquet/encryption/key_encryption_key.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import quincy 17.2.0
[ceph.git] / ceph / src / arrow / cpp / src / parquet / encryption / key_encryption_key.h
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17
18 #pragma once
19
20 #include <cstdint>
21 #include <vector>
22
23 #include "arrow/util/base64.h"
24
25 namespace parquet {
26 namespace encryption {
27
28 // In the double wrapping mode, each "data encryption key" (DEK) is encrypted with a “key
29 // encryption key” (KEK), that in turn is encrypted with a "master encryption key" (MEK).
30 // In a writer process, a random KEK is generated for each MEK ID, and cached in a <MEK-ID
31 // : KEK> map. This allows to perform an interaction with a KMS server only once for each
32 // MEK, in order to wrap its KEK. "Data encryption key" (DEK) wrapping is performed
33 // locally, and does not involve an interaction with a KMS server.
34 class KeyEncryptionKey {
35 public:
36 KeyEncryptionKey(std::string kek_bytes, std::string kek_id,
37 std::string encoded_wrapped_kek)
38 : kek_bytes_(std::move(kek_bytes)),
39 kek_id_(std::move(kek_id)),
40 encoded_kek_id_(::arrow::util::base64_encode(kek_id_)),
41 encoded_wrapped_kek_(std::move(encoded_wrapped_kek)) {}
42
43 const std::string& kek_bytes() const { return kek_bytes_; }
44
45 const std::string& kek_id() const { return kek_id_; }
46
47 const std::string& encoded_kek_id() const { return encoded_kek_id_; }
48
49 const std::string& encoded_wrapped_kek() const { return encoded_wrapped_kek_; }
50
51 private:
52 std::string kek_bytes_;
53 std::string kek_id_;
54 std::string encoded_kek_id_;
55 std::string encoded_wrapped_kek_;
56 };
57
58 } // namespace encryption
59 } // namespace parquet
Ceph