orthanc-object-storage: Common/EncryptionHelpers.h annotate

annotate Common/EncryptionHelpers.h @ 15:2a02b21f0a19

migration + storage structure

author	Alain Mazy
date	Tue, 01 Sep 2020 13:08:49 +0200
parents	fc26a8fc54d5
children	319d41a22de4

rev	line source
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	1 /**
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	2 * Cloud storage plugins for Orthanc
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	3 * Copyright (C) 2017-2020 Osimis S.A., Belgium
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	4 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	5 * This program is free software: you can redistribute it and/or
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	6 * modify it under the terms of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	7 * as published by the Free Software Foundation, either version 3 of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	8 * the License, or (at your option) any later version.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	9 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	10 * This program is distributed in the hope that it will be useful, but
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	11 * WITHOUT ANY WARRANTY; without even the implied warranty of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	13 * Affero General Public License for more details.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	14 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	15 * You should have received a copy of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	17 **/
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	18 #pragma once
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	19
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	20 #include <memory.h>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	21 #include <cryptopp/secblock.h>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	22 #include "cryptopp/osrng.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	23 #include <boost/thread/mutex.hpp>
15 2a02b21f0a19 migration + storage structure Alain Mazy parents: 1 diff changeset	24 #include <MultiThreading/Semaphore.h>
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	25
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	26 class EncryptionException : public std::runtime_error
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	27 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	28 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	29 EncryptionException(const std::string& what)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	30 : std::runtime_error(what)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	31 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	32 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	33 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	34
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	35 class EncryptionHelpers
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	36 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	37 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	38 static const size_t HEADER_VERSION_SIZE = 2;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	39 static const size_t MASTER_KEY_ID_SIZE = 4;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	40 static const size_t AES_KEY_SIZE = 32; // length of AES keys (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	41 static const size_t IV_SIZE = 32; // length of IVs (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	42 static const size_t INTEGRITY_CHECK_TAG_SIZE = 16; // length of the TAG that is used to check the integrity of data (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	43
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	44 static const size_t OVERHEAD_SIZE = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + AES_KEY_SIZE + IV_SIZE + INTEGRITY_CHECK_TAG_SIZE;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	45
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	46
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	47 static const std::string HEADER_VERSION;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	48
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	49 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	50 Orthanc::Semaphore concurrentInputSizeSemaphore_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	51 size_t maxConcurrentInputSize_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	52
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	53 CryptoPP::AutoSeededRandomPool randomGenerator_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	54
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	55 CryptoPP::SecByteBlock encryptionMasterKey_; // at a given time, there's only one master key that is used for encryption
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	56 std::string encryptionMasterKeyId_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	57
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	58 std::map<std::string, CryptoPP::SecByteBlock> previousMasterKeys_; // for decryption, we might use older master keys too
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	59
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	60 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	61
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	62 // since the memory used during encryption/decryption can grow up to a bit more than 2 times the input,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	63 // we want to limit the number of threads doing concurrent processing according to the available memory
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	64 // instead of the number of concurrent threads
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	65 EncryptionHelpers(size_t maxConcurrentInputSize = 102410241024);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	66
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	67 void SetCurrentMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	68
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	69 void SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	70
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	71 void AddPreviousMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	72
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	73 void AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	74
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	75 // input: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	76 // output: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	77 void Encrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	78 void Encrypt(std::string& output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	79
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	80 // input: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	81 // output: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	82 void Decrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	83 void Decrypt(char* output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	84
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	85 static void GenerateKey(CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	86
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	87 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	88
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	89 void EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	90
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	91 void DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	92
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	93 void EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	94
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	95 void DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	96
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	97 std::string GetMasterKeyIdentifier(const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	98
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	99 const CryptoPP::SecByteBlock& GetMasterKey(const std::string& keyId);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	100
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	101 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	102
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	103 static std::string ToHexString(const CryptoPP::byte* block, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	104 static std::string ToHexString(const std::string& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	105 static std::string ToHexString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	106 static std::string ToString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	107 static std::string ToString(uint32_t value);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	108
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	109 static void ReadKey(CryptoPP::SecByteBlock& key, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	110 //static void EncryptionHelpers::Encrypt(std::string& output, const std::string& input, const std::string& key, const std::string& iv);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	111 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	112

Mercurial > hg > orthanc-object-storage

annotate Common/EncryptionHelpers.h @ 15:2a02b21f0a19