You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@parquet.apache.org by ga...@apache.org on 2019/03/21 15:31:10 UTC

[parquet-format] branch encryption updated: PARQUET-1477: Thrift crypto updates (#124)

This is an automated email from the ASF dual-hosted git repository.

gabor pushed a commit to branch encryption
in repository https://gitbox.apache.org/repos/asf/parquet-format.git


The following commit(s) were added to refs/heads/encryption by this push:
     new f3527ef  PARQUET-1477: Thrift crypto updates (#124)
f3527ef is described below

commit f3527eff9dae08eb8d9c7a384dc36d9928247530
Author: ggershinsky <gg...@users.noreply.github.com>
AuthorDate: Thu Mar 21 17:31:05 2019 +0200

    PARQUET-1477: Thrift crypto updates (#124)
---
 src/main/thrift/parquet.thrift | 59 ++++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 23 deletions(-)

diff --git a/src/main/thrift/parquet.thrift b/src/main/thrift/parquet.thrift
index 9d67a54..8a9d248 100644
--- a/src/main/thrift/parquet.thrift
+++ b/src/main/thrift/parquet.thrift
@@ -670,8 +670,8 @@ struct EncryptionWithColumnKey {
   /** Column path in schema **/
   1: required list<string> path_in_schema
   
-  /** Retrieval metadata of the column-specific key **/
-  2: optional binary column_key_metadata
+  /** Retrieval metadata of column encryption key **/
+  2: optional binary key_metadata
 }
 
 union ColumnCryptoMetaData {
@@ -707,7 +707,10 @@ struct ColumnChunk {
   7: optional i32 column_index_length
   
   /** Crypto metadata of encrypted columns **/
-  8: optional ColumnCryptoMetaData crypto_meta_data
+  8: optional ColumnCryptoMetaData crypto_metadata
+  
+  /** Encrypted column metadata for this chunk **/
+  9: optional binary encrypted_column_metadata
 }
 
 struct RowGroup {
@@ -734,6 +737,9 @@ struct RowGroup {
   /** Total byte size of all compressed (and potentially encrypted) column data 
    *  in this row group **/
   6: optional i64 total_compressed_size
+  
+  /** Row group ordinal in the file **/
+  7: optional i16 ordinal
 }
 
 /** Empty struct to signal the order defined by the physical or logical type */
@@ -863,23 +869,27 @@ struct ColumnIndex {
 }
 
 struct AesGcmV1 {
-  /** Retrieval metadata of AAD used for encryption of pages and structures **/
-  1: optional binary aad_metadata
+  /** AAD prefix **/
+  1: optional binary aad_prefix
 
-  /** If file IVs are comprised of a fixed part, and variable parts
-   *  (e.g. counter), keep the fixed part here **/
-  2: optional binary iv_prefix
+  /** Unique file identifier part of AAD suffix **/
+  2: optional binary aad_file_unique
+  
+  /** In files encrypted with AAD prefix without storing it,
+   * readers must supply the prefix **/
+  3: optional bool supply_aad_prefix
 }
 
 struct AesGcmCtrV1 {
-  /** Retrieval metadata of AAD used for encryption of structures **/
-  1: optional binary aad_metadata
-
-  /** If file IVs are comprised of a fixed part, and variable parts
-   *  (e.g. counter), keep the fixed part here **/
-  2: optional binary gcm_iv_prefix
+  /** AAD prefix **/
+  1: optional binary aad_prefix
 
-  3: optional binary ctr_iv_prefix
+  /** Unique file identifier part of AAD suffix **/
+  2: optional binary aad_file_unique
+  
+  /** In files encrypted with AAD prefix without storing it,
+   * readers must supply the prefix **/
+  3: optional bool supply_aad_prefix
 }
 
 union EncryptionAlgorithm {
@@ -932,27 +942,30 @@ struct FileMetaData {
   7: optional list<ColumnOrder> column_orders
   
   /** 
-   * Encryption algorithm. Note that this field is only used for files
-   * with plaintext footer. Files with encrypted footer store the algorithm id
+   * Encryption algorithm. This field is set only in encrypted files
+   * with plaintext footer. Files with encrypted footer store algorithm id
    * in FileCryptoMetaData structure.
    */
   8: optional EncryptionAlgorithm encryption_algorithm
+
+  /** 
+   * Retrieval metadata of key used for signing the footer. 
+   * Used only in encrypted files with plaintext footer. 
+   */ 
+  9: optional binary footer_signing_key_metadata
 }
 
 /** Crypto metadata for files with encrypted footer **/
 struct FileCryptoMetaData {
   /** 
-   * Encryption algorithm. Note that this field is only used for files
-   * with encrypted footer. Files with plaintext footer store the algorithm id
+   * Encryption algorithm. This field is only used for files
+   * with encrypted footer. Files with plaintext footer store algorithm id
    * inside footer (FileMetaData structure).
    */
   1: required EncryptionAlgorithm encryption_algorithm
     
   /** Retrieval metadata of key used for encryption of footer, 
    *  and (possibly) columns **/
-  2: optional binary footer_key_metadata
-
-  /** Offset of encrypted Parquet footer **/
-  3: required i64 footer_offset
+  2: optional binary key_metadata
 }