pitrou commented on code in PR #48859:
URL: https://github.com/apache/arrow/pull/48859#discussion_r2707688661
##########
cpp/src/parquet/metadata.cc:
##########
@@ -834,6 +834,43 @@ class FileMetaData::FileMetaDataImpl {
tag, encryption::kGcmTagLength);
}
+ bool VerifySignature(std::span<const uint8_t> serialized_metadata,
+ std::span<const uint8_t> signature) {
+ // Verify decryption properties are set
+ if (file_decryptor_ == nullptr) {
+ throw ParquetException("Decryption not set properly. cannot verify
signature");
+ }
+
+ if (signature.size() != encryption::kGcmTagLength +
encryption::kNonceLength) {
+ throw ParquetInvalidOrCorruptedFileException(
+ "Invalid footer encryption signature (expected ",
+ encryption::kGcmTagLength + encryption::kNonceLength, " bytes, got ",
+ signature.size(), ")");
+ }
+
+ // Encrypt plaintext serialized metadata so as to compute its signature
+ auto nonce = signature.subspan(0, encryption::kNonceLength);
+ auto tag = signature.subspan(encryption::kNonceLength);
+ const SecureString& key = file_decryptor_->GetFooterKey();
+ const std::string& aad =
encryption::CreateFooterAad(file_decryptor_->file_aad());
+
+ auto aes_encryptor =
encryption::AesEncryptor::Make(file_decryptor_->algorithm(),
+
static_cast<int>(key.size()),
+ true, false
/*write_length*/);
+
+ std::shared_ptr<Buffer> encrypted_buffer =
+ AllocateBuffer(file_decryptor_->pool(),
+
aes_encryptor->CiphertextLength(serialized_metadata.size()));
+ int32_t encrypted_len = aes_encryptor->SignedFooterEncrypt(
Review Comment:
In this context, the footer (i.e. the serialized metadata) is stored in
plaintext, not encrypted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
