 |
Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
|
DEMO |
|
Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
|
DEMO |
Key material, encryption configuration, and TLV serialization for Parquet Modular Encryption (PME). More...
#include "signet/error.hpp"#include "signet/thrift/compact.hpp"#include <cstddef>#include <cstdint>#include <cstdio>#include <cstring>#include <memory>#include <stdexcept>#include <string>#include <unordered_map>#include <unordered_set>#include <vector>Go to the source code of this file.
Classes | |
| class | signet::forge::crypto::IKmsClient |
| Abstract KMS client interface for DEK/KEK key wrapping. More... | |
| struct | signet::forge::crypto::ColumnKeySpec |
| Specifies the encryption key for a single Parquet column. More... | |
| struct | signet::forge::crypto::EncryptionConfig |
| Top-level configuration structure that drives FileEncryptor / FileDecryptor. More... | |
| struct | signet::forge::crypto::detail::meta::TlvField |
| Parsed TLV (tag-length-value) field from serialized metadata. More... | |
| struct | signet::forge::crypto::EncryptionKeyMetadata |
| Per-key metadata stored alongside encrypted Parquet components. More... | |
| struct | signet::forge::crypto::FileEncryptionProperties |
| Stored in the Parquet FileMetaData.encryption_algorithm field. More... | |
| struct | signet::forge::crypto::AlgorithmPolicy |
| Algorithm deprecation entry. More... | |
| struct | signet::forge::crypto::KeyRotationRequest |
| Key rotation request describing old → new key transition. More... | |
| struct | signet::forge::crypto::KeyRotationResult |
| Key rotation result. More... | |
| class | signet::forge::crypto::CryptoShredder |
| Per-subject key store supporting cryptographic erasure. More... | |
Namespaces | |
| namespace | signet |
| namespace | signet::forge |
| namespace | signet::forge::crypto |
| namespace | signet::forge::crypto::detail |
| namespace | signet::forge::crypto::detail::meta |
| namespace | signet::forge::crypto::detail::thrift_crypto |
Enumerations | |
| enum class | signet::forge::crypto::KeyMode : int32_t { signet::forge::crypto::INTERNAL = 0 , signet::forge::crypto::EXTERNAL = 1 } |
| How the encryption key is stored or referenced. More... | |
| enum class | signet::forge::crypto::EncryptionAlgorithm : int32_t { signet::forge::crypto::AES_GCM_V1 = 0 , signet::forge::crypto::AES_GCM_CTR_V1 = 1 } |
| Encryption algorithm identifier. More... | |
| enum class | signet::forge::crypto::MetadataFormat : int32_t { signet::forge::crypto::TLV = 0 , signet::forge::crypto::THRIFT = 1 } |
| Wire format for key metadata serialization. More... | |
| enum class | signet::forge::crypto::AlgorithmStatus : int32_t { signet::forge::crypto::ACCEPTABLE = 0 , signet::forge::crypto::DEPRECATED = 1 , signet::forge::crypto::DISALLOWED = 2 , signet::forge::crypto::LEGACY = 3 } |
| Algorithm lifecycle status per NIST SP 800-131A. More... | |
Functions | |
| void | signet::forge::crypto::detail::meta::write_le32 (uint8_t *dst, uint32_t val) |
| Write a 4-byte little-endian uint32 to dst. | |
| uint32_t | signet::forge::crypto::detail::meta::read_le32 (const uint8_t *src) |
| Read a 4-byte little-endian uint32 from src. | |
| void | signet::forge::crypto::detail::meta::append_tlv (std::vector< uint8_t > &buf, uint32_t tag, const uint8_t *data, uint32_t len) |
| Append a TLV field: [4-byte LE tag] [4-byte LE length] [data]. | |
| void | signet::forge::crypto::detail::meta::append_tlv_i32 (std::vector< uint8_t > &buf, uint32_t tag, int32_t val) |
| Append a TLV field containing a single int32_t (little-endian). | |
| void | signet::forge::crypto::detail::meta::append_tlv_u8 (std::vector< uint8_t > &buf, uint32_t tag, uint8_t val) |
| Append a TLV field containing a single byte. | |
| void | signet::forge::crypto::detail::meta::append_tlv_str (std::vector< uint8_t > &buf, uint32_t tag, const std::string &s) |
| Append a TLV field containing a string. | |
| void | signet::forge::crypto::detail::meta::append_tlv_blob (std::vector< uint8_t > &buf, uint32_t tag, const std::vector< uint8_t > &blob) |
| Append a TLV field containing a blob. | |
| bool | signet::forge::crypto::detail::meta::read_tlv (const uint8_t *buf, size_t buf_size, size_t &offset, TlvField &field) |
| Parse the next TLV field from a buffer. | |
| bool | signet::forge::crypto::detail::meta::tlv_to_i32 (const TlvField &field, int32_t &out) |
| Read an int32 from a TLV field's data (must be exactly 4 bytes). | |
| bool | signet::forge::crypto::detail::meta::tlv_to_u8 (const TlvField &field, uint8_t &out) |
| Read a uint8 from a TLV field's data (must be exactly 1 byte). | |
| std::string | signet::forge::crypto::detail::meta::tlv_to_str (const TlvField &field) |
| Read a string from a TLV field's data. | |
| std::vector< uint8_t > | signet::forge::crypto::detail::meta::tlv_to_blob (const TlvField &field) |
| Read a blob from a TLV field's data. | |
| std::vector< uint8_t > | signet::forge::crypto::detail::thrift_crypto::serialize_key_metadata (const EncryptionKeyMetadata &meta, EncryptionAlgorithm algo=EncryptionAlgorithm::AES_GCM_CTR_V1, const std::string &aad_prefix="") |
| Serialize EncryptionKeyMetadata to Thrift Compact Protocol. | |
| expected< EncryptionKeyMetadata > | signet::forge::crypto::detail::thrift_crypto::deserialize_key_metadata (const uint8_t *data, size_t size) |
| Deserialize EncryptionKeyMetadata from Thrift Compact Protocol. | |
| std::vector< uint8_t > | signet::forge::crypto::detail::thrift_crypto::serialize_file_properties (const FileEncryptionProperties &props) |
| Serialize FileEncryptionProperties to Thrift Compact Protocol. | |
| expected< FileEncryptionProperties > | signet::forge::crypto::detail::thrift_crypto::deserialize_file_properties (const uint8_t *data, size_t size) |
| Deserialize FileEncryptionProperties from Thrift Compact Protocol. | |
| expected< void > | signet::forge::crypto::validate_key_mode_for_production (KeyMode mode) |
| Check if INTERNAL key mode is allowed in the current build. | |
Variables | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::MAX_TLV_LENGTH = 64u * 1024u * 1024u |
| Maximum TLV field length (64 MB cap to prevent memory exhaustion from malformed data). | |
| constexpr size_t | signet::forge::crypto::detail::meta::MAX_METADATA_SIZE = 1024 * 1024 |
| Maximum total metadata size (1 MB cap to prevent memory exhaustion from crafted payloads, CWE-770). | |
TLV tag constants for key metadata serialization. | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_KEY_MODE = 0x0001 |
| Tag: key mode (4 bytes, int32_t LE). | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_KEY_MATERIAL = 0x0002 |
| Tag: raw key material (variable blob). | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_KEY_ID = 0x0003 |
| Tag: KMS key identifier (variable UTF-8). | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_ALGORITHM = 0x0010 |
| Tag: encryption algorithm (4 bytes, int32_t LE). | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_FOOTER_ENCRYPTED = 0x0011 |
| Tag: footer-encrypted flag (1 byte, 0/1). | |
| constexpr uint32_t | signet::forge::crypto::detail::meta::TAG_AAD_PREFIX = 0x0012 |
| Tag: AAD prefix string (variable UTF-8). | |
Key material, encryption configuration, and TLV serialization for Parquet Modular Encryption (PME).
Definition in file key_metadata.hpp.
1.9.8