Modifying XOR encryptor so that key_id hash is computed only once

argmarco-tkd · argmarco-tkd · commit eba9446da9d3 · 2026-03-10T18:50:05.000-06:00
diff --git a/src/processing/encryptors/basic_xor_encryptor.cpp b/src/processing/encryptors/basic_xor_encryptor.cpp
@@ -20,7 +20,6 @@
 #include "../../common/exceptions.h"
 #include "../../common/enum_utils.h"
 #include <cstring>
-#include <functional>
 #include <iostream>
 #include <type_traits>
 
@@ -31,37 +30,32 @@ using namespace dbps::external;
 // Functions for encrypting and decrypting byte arrays.
 // ---------------------------------------------------------------------------
 
-std::vector<uint8_t> BasicXorEncryptor::XorEncrypt(tcb::span<const uint8_t> data, const std::string& key_id) {
+std::vector<uint8_t> BasicXorEncryptor::XorEncrypt(tcb::span<const uint8_t> data, size_t key_hash) {
     if (data.empty()) {
         return {};
     }
-    if (key_id.empty()) {
-        throw std::invalid_argument("XorEncrypt: key must not be empty for non-empty data");
-    }
     std::vector<uint8_t> out(data.size());
-    std::hash<std::string> hasher;
-    size_t key_hash = hasher(key_id);
     for (size_t i = 0; i < data.size(); ++i) {
         out[i] = data[i] ^ (key_hash & 0xFF);
         key_hash = (key_hash << 1) | (key_hash >> 31);
     }
     return out;
 }
 
-std::vector<uint8_t> BasicXorEncryptor::XorDecrypt(tcb::span<const uint8_t> data, const std::string& key_id) {
-    return XorEncrypt(data, key_id);
+std::vector<uint8_t> BasicXorEncryptor::XorDecrypt(tcb::span<const uint8_t> data, size_t key_hash) {
+    return XorEncrypt(data, key_hash);
 }
 
 // ---------------------------------------------------------------------------
 // Block encryption
 // ---------------------------------------------------------------------------
 
 std::vector<uint8_t> BasicXorEncryptor::EncryptBlock(tcb::span<const uint8_t> data) {
-    return XorEncrypt(data, key_id_);
+    return XorEncrypt(data, key_id_hash_);
 }
 
 std::vector<uint8_t> BasicXorEncryptor::DecryptBlock(tcb::span<const uint8_t> data) {
-    return XorDecrypt(data, key_id_);
+    return XorDecrypt(data, key_id_hash_);
 }
 
 // ---------------------------------------------------------------------------
@@ -95,7 +89,7 @@ std::vector<uint8_t> BasicXorEncryptor::DecryptBlock(tcb::span<const uint8_t> da
 
 template <typename TypedBuffer>
 std::vector<uint8_t> BasicXorEncryptor::EncryptTypedElements(
-    const TypedBuffer& input_buffer, const std::string& key_id) {
+    const TypedBuffer& input_buffer, size_t key_hash) {
     constexpr bool is_fixed = TypedBuffer::is_fixed_sized;
     constexpr size_t prefix_length = is_fixed ? kFixedHeaderLength : kVariableHeaderLength;
     const size_t num_elements = input_buffer.GetNumElements();
@@ -122,7 +116,7 @@ std::vector<uint8_t> BasicXorEncryptor::EncryptTypedElements(
             num_elements, prefix_length, RawBytesFixedSizedCodec{element_size}};
         size_t output_index = 0;
         for (const auto raw_bytes : input_buffer.raw_elements()) {
-            auto encrypted = XorEncrypt(raw_bytes, key_id);
+            auto encrypted = XorEncrypt(raw_bytes, key_hash);
             output_buffer.SetElement(output_index, tcb::span<const uint8_t>(encrypted));
             output_index++;
         }
@@ -136,7 +130,7 @@ std::vector<uint8_t> BasicXorEncryptor::EncryptTypedElements(
             num_elements, reserved_bytes_hint, true, prefix_length};
         size_t output_index = 0;
         for (const auto raw_bytes : input_buffer.raw_elements()) {
-            auto encrypted = XorEncrypt(raw_bytes, key_id);
+            auto encrypted = XorEncrypt(raw_bytes, key_hash);
             output_buffer.SetElement(output_index, tcb::span<const uint8_t>(encrypted));
             output_index++;
         }
@@ -167,7 +161,7 @@ std::vector<uint8_t> BasicXorEncryptor::EncryptValueList(
     // std::visit extracts the concrete buffer type from the TypedValuesBuffer variant
     // and forwards it to EncryptTypedElements, which handles all buffer types generically.
     return std::visit([&](const auto& input_buffer) {
-        return EncryptTypedElements(input_buffer, key_id_);
+        return EncryptTypedElements(input_buffer, key_id_hash_);
     }, typed_buffer);
 }
 
@@ -181,10 +175,10 @@ std::vector<uint8_t> BasicXorEncryptor::EncryptValueList(
 // Helper function to decrypt fixed-size elements into the output TypedBuffer type.
 template <typename TypedBuffer>
 TypedBuffer BasicXorEncryptor::DecryptFixedSizedElementsIntoTypedBuffer(
-    const TypedBufferRawBytesFixedSized& encrypted_buffer, const std::string& key_id, TypedBuffer output_buffer) {
+    const TypedBufferRawBytesFixedSized& encrypted_buffer, size_t key_hash, TypedBuffer output_buffer) {
     size_t output_index = 0;
     for (const auto raw_bytes : encrypted_buffer.raw_elements()) {
-        auto decrypted_bytes = XorDecrypt(raw_bytes, key_id);
+        auto decrypted_bytes = XorDecrypt(raw_bytes, key_hash);
         output_buffer.SetRawElement(output_index, tcb::span<const uint8_t>(decrypted_bytes));
         output_index++;
     }
@@ -208,22 +202,22 @@ TypedValuesBuffer BasicXorEncryptor::DecryptValueList(
         switch (datatype_) {
             case Type::INT32:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_, TypedBufferI32{num_elements});
+                    encrypted_buffer, key_id_hash_, TypedBufferI32{num_elements});
             case Type::INT64:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_, TypedBufferI64{num_elements});
+                    encrypted_buffer, key_id_hash_, TypedBufferI64{num_elements});
             case Type::INT96:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_, TypedBufferInt96{num_elements});
+                    encrypted_buffer, key_id_hash_, TypedBufferInt96{num_elements});
             case Type::FLOAT:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_, TypedBufferFloat{num_elements});
+                    encrypted_buffer, key_id_hash_, TypedBufferFloat{num_elements});
             case Type::DOUBLE:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_, TypedBufferDouble{num_elements});
+                    encrypted_buffer, key_id_hash_, TypedBufferDouble{num_elements});
             case Type::FIXED_LEN_BYTE_ARRAY:
                 return DecryptFixedSizedElementsIntoTypedBuffer(
-                    encrypted_buffer, key_id_,
+                    encrypted_buffer, key_id_hash_,
                     TypedBufferRawBytesFixedSized{num_elements, 0, RawBytesFixedSizedCodec{header.element_size}});
             default:
                 throw InvalidInputException(
@@ -244,7 +238,7 @@ TypedValuesBuffer BasicXorEncryptor::DecryptValueList(
                 TypedBufferRawBytesVariableSized output_buffer{num_elements, reserved_bytes_hint, true};
                 size_t output_index = 0;
                 for (const auto element : encrypted_buffer) {
-                    auto decrypted_bytes = XorDecrypt(element, key_id_);
+                    auto decrypted_bytes = XorDecrypt(element, key_id_hash_);
                     output_buffer.SetElement(output_index, tcb::span<const uint8_t>(decrypted_bytes));
                     output_index++;
                 }
diff --git a/src/processing/encryptors/basic_xor_encryptor.h b/src/processing/encryptors/basic_xor_encryptor.h
@@ -48,7 +48,8 @@ class DBPS_EXPORT BasicXorEncryptor : public DBPSEncryptor {
         const std::string& user_id,
         const std::string& application_context,
         dbps::external::Type::type datatype)
-        : DBPSEncryptor(key_id, column_name, user_id, application_context, datatype) {}
+        : DBPSEncryptor(key_id, column_name, user_id, application_context, datatype),
+          key_id_hash_(std::hash<std::string>{}(key_id)) {}
 
     ~BasicXorEncryptor() override = default;
 
@@ -63,16 +64,18 @@ class DBPS_EXPORT BasicXorEncryptor : public DBPSEncryptor {
     TypedValuesBuffer DecryptValueList(tcb::span<const uint8_t> encrypted_bytes) override;
 
 private:
-    static std::vector<uint8_t> XorEncrypt(tcb::span<const uint8_t> data, const std::string& key_id);
-    static std::vector<uint8_t> XorDecrypt(tcb::span<const uint8_t> data, const std::string& key_id);
+    const size_t key_id_hash_;
+
+    static std::vector<uint8_t> XorEncrypt(tcb::span<const uint8_t> data, size_t key_hash);
+    static std::vector<uint8_t> XorDecrypt(tcb::span<const uint8_t> data, size_t key_hash);
 
     template <typename InputBuffer>
     static std::vector<uint8_t> EncryptTypedElements(
-        const InputBuffer& input_buffer, const std::string& key_id);
+        const InputBuffer& input_buffer, size_t key_hash);
 
     template <typename TypedBuffer>
     static TypedBuffer DecryptFixedSizedElementsIntoTypedBuffer(
         const TypedBufferRawBytesFixedSized& encrypted_buffer,
-        const std::string& key_id, TypedBuffer output_buffer);
+        size_t key_hash, TypedBuffer output_buffer);
 };
 
