adamreeve commented on code in PR #7459:
URL: https://github.com/apache/arrow-rs/pull/7459#discussion_r2074461287
##########
parquet/src/encryption/decrypt.rs:
##########
@@ -538,6 +555,28 @@ impl FileDecryptor {
Ok(self.footer_decryptor.clone())
}
+ /// Verify the signature of the footer
+ pub(crate) fn verify_plaintext_footer_signature(
+ &self,
+ plaintext_footer: &mut [u8],
+ ) -> Result<()> {
+ // Plaintext footer format is: [plaintext metadata, nonce,
authentication tag]
+ let tag = plaintext_footer[plaintext_footer.len() -
TAG_LEN..].to_vec();
Review Comment:
If `compute_plaintext_tag` takes a non-mutable slice then we should be able
to replace this `to_vec` with a slice reference.
##########
parquet/src/file/metadata/reader.rs:
##########
@@ -967,11 +966,15 @@ impl ParquetMetaDataReader {
file_decryption_properties,
) {
// File has a plaintext footer but encryption algorithm is set
- file_decryptor = Some(get_file_decryptor(
+ let file_decryptor_value = get_file_decryptor(
algo,
t_file_metadata.footer_signing_key_metadata.as_deref(),
file_decryption_properties,
- )?);
+ )?;
+ if file_decryption_properties.check_plaintext_footer_integrity()
&& !encrypted_footer {
+
file_decryptor_value.verify_plaintext_footer_signature(buf.to_vec().as_mut())?;
Review Comment:
I think it's a little unintuitive here that we need to provide a mutable
slice for the plaintext. It seems like an implementation detail that we need to
have a copy and encrypt it in place in order to compute the tag. Could this
method and `compute_plaintext_tag` be changed to take a non-mutable slice, and
then we do the `to_vec` inside `compute_plaintext_tag`?
##########
parquet/tests/encryption/encryption.rs:
##########
@@ -60,6 +60,44 @@ fn test_non_uniform_encryption_plaintext_footer() {
verify_encryption_test_file_read(file, decryption_properties);
}
+#[test]
+fn test_plaintext_footer_signature_verification() {
+ let test_data = arrow::util::test_util::parquet_test_data();
+ let path =
format!("{test_data}/encrypt_columns_plaintext_footer.parquet.encrypted");
+ let file = File::open(path.clone()).unwrap();
+
+ let footer_key = "0000000000000000".as_bytes(); // 128bit/16
+ let column_1_key = "1234567890123450".as_bytes();
+ let column_2_key = "1234567890123451".as_bytes();
+
+ let decryption_properties =
FileDecryptionProperties::builder(footer_key.to_vec())
+ .disable_footer_signature_verification()
+ .with_column_key("double_field", column_1_key.to_vec())
+ .with_column_key("float_field", column_2_key.to_vec())
+ .build()
+ .unwrap();
+
+ verify_encryption_test_file_read(file, decryption_properties);
+
+ let file = File::open(path.clone()).unwrap();
+
+ let decryption_properties =
FileDecryptionProperties::builder(footer_key.to_vec())
+ .with_column_key("double_field", column_1_key.to_vec())
+ .with_column_key("float_field", column_2_key.to_vec())
+ .build()
+ .unwrap();
+
+ let options = ArrowReaderOptions::default()
+ .with_file_decryption_properties(decryption_properties.clone());
+ let result = ArrowReaderMetadata::load(&file, options.clone());
+ assert!(result.is_err());
+ assert!(result
+ .unwrap_err()
+ .to_string()
+ .starts_with("Parquet error: Footer signature verification failed.
Computed: ["));
+ // verify_encryption_test_file_read(file, decryption_properties);
Review Comment:
```suggestion
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
