Mercurial > hg > orthanc-object-storage
annotate Common/EncryptionHelpers.cpp @ 102:56556fffa405
updated Google plugin for latest SDK
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Thu, 20 Jul 2023 16:15:17 +0200 |
| parents | ac596874d997 |
| children | 3c7e0374f28e |
| rev | line source |
|---|---|
| 1 | 1 /** |
| 2 * Cloud storage plugins for Orthanc | |
|
37
f55b2afdf53d
upgrade to year 2021
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
30
diff
changeset
|
3 * Copyright (C) 2020-2021 Osimis S.A., Belgium |
| 1 | 4 * |
| 5 * This program is free software: you can redistribute it and/or | |
| 6 * modify it under the terms of the GNU Affero General Public License | |
| 7 * as published by the Free Software Foundation, either version 3 of | |
| 8 * the License, or (at your option) any later version. | |
| 9 * | |
| 10 * This program is distributed in the hope that it will be useful, but | |
| 11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 13 * Affero General Public License for more details. | |
| 14 * | |
| 15 * You should have received a copy of the GNU Affero General Public License | |
| 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 17 **/ | |
| 18 | |
|
56
b922ae86bbe1
full static linking against AWS SDK
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
37
diff
changeset
|
19 |
| 1 | 20 #include "EncryptionHelpers.h" |
| 21 #include <assert.h> | |
| 22 | |
| 23 #include <boost/lexical_cast.hpp> | |
| 24 #include <iostream> | |
|
30
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
25 |
|
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
26 #include <cryptopp/cryptlib.h> |
|
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
27 #include <cryptopp/modes.h> |
|
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
28 #include <cryptopp/hex.h> |
| 75 | 29 #include <cryptopp/base64.h> |
|
30
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
30 #include <cryptopp/gcm.h> |
|
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
31 #include <cryptopp/files.h> |
|
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
32 #include <cryptopp/filters.h> |
| 1 | 33 |
| 34 const std::string EncryptionHelpers::HEADER_VERSION = "A1"; | |
| 35 | |
| 36 using namespace CryptoPP; | |
| 37 | |
|
30
662b9d3f217d
fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
38 std::string EncryptionHelpers::ToHexString(const void* block, size_t size) |
| 1 | 39 { |
| 40 std::string blockAsString = std::string(reinterpret_cast<const char*>(block), size); | |
| 41 | |
| 42 return ToHexString(blockAsString); | |
| 43 } | |
| 44 | |
| 45 std::string EncryptionHelpers::ToHexString(const std::string& block) | |
| 46 { | |
| 47 std::string hexString; | |
| 48 StringSource ss(block, true, | |
| 49 new HexEncoder( | |
| 50 new StringSink(hexString) | |
| 51 ) // StreamTransformationFilter | |
| 52 ); // StringSource | |
| 53 | |
| 54 return hexString; | |
| 55 } | |
| 56 | |
| 57 std::string EncryptionHelpers::ToHexString(const SecByteBlock& block) | |
| 58 { | |
| 59 return ToHexString(ToString(block)); | |
| 60 } | |
| 61 | |
| 62 std::string EncryptionHelpers::ToString(const CryptoPP::SecByteBlock& block) | |
| 63 { | |
| 64 return std::string(reinterpret_cast<const char*>(block.data()), block.size()); | |
| 65 } | |
| 66 | |
| 67 std::string EncryptionHelpers::ToString(uint32_t value) | |
| 68 { | |
| 69 return std::string(reinterpret_cast<const char*>(&value), 4); | |
| 70 } | |
| 71 | |
| 72 void EncryptionHelpers::ReadKey(CryptoPP::SecByteBlock& key, const std::string& path) | |
| 73 { | |
| 74 try | |
| 75 { | |
| 76 FileSource fs(path.c_str(), true, | |
| 75 | 77 new Base64Decoder( |
| 1 | 78 new ArraySink(key.begin(), key.size()) |
| 79 ) | |
| 80 ); | |
| 75 | 81 |
| 82 // std::cout << "ReadKey " << ToHexString(key) << std::endl; | |
| 1 | 83 } |
| 84 catch (CryptoPP::Exception& ex) | |
| 85 { | |
| 86 throw EncryptionException("unabled to read key from file '" + path + "': " + ex.what()); | |
| 87 } | |
| 88 } | |
| 89 | |
| 90 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const std::string& path) | |
| 91 { | |
| 92 SecByteBlock key(AES_KEY_SIZE); | |
| 93 | |
| 94 ReadKey(key, path); | |
| 95 SetCurrentMasterKey(id, key); | |
| 96 } | |
| 97 | |
| 98 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const std::string& path) | |
| 99 { | |
| 100 SecByteBlock key(AES_KEY_SIZE); | |
| 101 | |
| 102 ReadKey(key, path); | |
| 103 AddPreviousMasterKey(id, key); | |
| 104 } | |
| 105 | |
| 106 EncryptionHelpers::EncryptionHelpers(size_t maxConcurrentInputSize) | |
| 107 : concurrentInputSizeSemaphore_(maxConcurrentInputSize), | |
| 108 maxConcurrentInputSize_(maxConcurrentInputSize) | |
| 109 { | |
| 110 } | |
| 111 | |
| 112 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key) | |
| 113 { | |
| 114 encryptionMasterKey_ = key; | |
| 115 encryptionMasterKeyId_ = ToString(id); | |
| 116 } | |
| 117 | |
| 118 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key) | |
| 119 { | |
| 120 previousMasterKeys_[ToString(id)] = key; | |
| 121 } | |
| 122 | |
| 123 const CryptoPP::SecByteBlock& EncryptionHelpers::GetMasterKey(const std::string& keyId) | |
| 124 { | |
| 125 if (encryptionMasterKeyId_ == keyId) | |
| 126 { | |
| 127 return encryptionMasterKey_; | |
| 128 } | |
| 129 | |
| 130 if (previousMasterKeys_.find(keyId) == previousMasterKeys_.end()) | |
| 131 { | |
| 132 throw EncryptionException("The master key whose id is '" + ToHexString(keyId) + "' could not be found. Unable to decrypt file"); | |
| 133 } | |
| 134 | |
| 135 return previousMasterKeys_.at(keyId); | |
| 136 } | |
| 137 | |
| 138 void EncryptionHelpers::GenerateKey(CryptoPP::SecByteBlock& key) | |
| 139 { | |
| 140 AutoSeededRandomPool prng; | |
| 141 | |
| 142 SecByteBlock tempKey(AES_KEY_SIZE); | |
| 143 prng.GenerateBlock( tempKey, tempKey.size() ); | |
| 144 key = tempKey; | |
| 145 } | |
| 146 | |
| 147 void EncryptionHelpers::Encrypt(std::string &output, const std::string &input) | |
| 148 { | |
| 149 Encrypt(output, input.data(), input.size()); | |
| 150 } | |
| 151 | |
| 152 void EncryptionHelpers::Encrypt(std::string &output, const char* data, size_t size) | |
| 153 { | |
| 154 if (size > maxConcurrentInputSize_) | |
| 155 { | |
| 156 throw EncryptionException("The file is too large to encrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize"); | |
| 157 } | |
| 158 | |
| 159 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size); | |
| 160 | |
| 161 EncryptInternal(output, data, size, encryptionMasterKey_); | |
| 162 } | |
| 163 | |
| 164 void EncryptionHelpers::Decrypt(std::string &output, const std::string &input) | |
| 165 { | |
| 166 output.resize(input.size() - OVERHEAD_SIZE); | |
| 167 Decrypt(const_cast<char*>(output.data()), input.data(), input.size()); | |
| 168 } | |
| 169 | |
| 170 void EncryptionHelpers::Decrypt(char* output, const char* data, size_t size) | |
| 171 { | |
| 172 if (size > maxConcurrentInputSize_) | |
| 173 { | |
| 174 throw EncryptionException("The file is too large to decrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize"); | |
| 175 } | |
| 176 | |
| 177 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size); | |
| 178 | |
| 179 if (size < HEADER_VERSION_SIZE) | |
| 180 { | |
| 181 throw EncryptionException("Unable to decrypt data, no header found"); | |
| 182 } | |
| 183 | |
| 184 std::string version = std::string(data, HEADER_VERSION_SIZE); | |
| 185 | |
| 186 if (version != "A1") | |
| 187 { | |
| 188 throw EncryptionException("Unable to decrypt data, version '" + version + "' is not supported"); | |
| 189 } | |
| 190 | |
| 191 if (size < (HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE)) | |
| 192 { | |
| 193 throw EncryptionException("Unable to decrypt data, no master key id found"); | |
| 194 } | |
| 195 | |
| 196 std::string decryptionMasterKeyId = std::string(data + HEADER_VERSION_SIZE, MASTER_KEY_ID_SIZE); | |
| 197 | |
| 198 const SecByteBlock& decryptionMasterKey = GetMasterKey(decryptionMasterKeyId); | |
| 199 DecryptInternal(output, data, size, decryptionMasterKey); | |
| 200 } | |
| 201 | |
| 202 void EncryptionHelpers::EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey) | |
| 203 { | |
| 204 try | |
| 205 { | |
| 206 SecByteBlock iv(16); | |
| 207 memset(iv.data(), 0, iv.size()); | |
| 208 | |
| 209 CTR_Mode<AES>::Encryption e; | |
| 210 e.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size()); | |
| 211 | |
| 212 std::string inputString = ToString(input); | |
| 213 | |
| 214 // The StreamTransformationFilter adds padding | |
| 215 // as required. ECB and CBC Mode must be padded | |
| 216 // to the block size of the cipher. | |
| 217 StringSource ss(inputString, true, | |
| 218 new StreamTransformationFilter(e, | |
| 219 new StringSink(output) | |
| 220 ) // StreamTransformationFilter | |
| 221 ); // StringSource | |
| 222 } | |
| 223 catch (CryptoPP::Exception& e) | |
| 224 { | |
| 225 throw EncryptionException(e.what()); | |
| 226 } | |
| 227 | |
| 228 assert(output.size() == input.size()); | |
| 229 } | |
| 230 | |
| 231 void EncryptionHelpers::DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey) | |
| 232 { | |
| 233 try | |
| 234 { | |
| 235 SecByteBlock iv(16); | |
| 236 memset(iv.data(), 0, iv.size()); | |
| 237 | |
| 238 CTR_Mode<AES>::Decryption d; | |
| 239 d.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size()); | |
| 240 | |
| 241 std::string outputString; | |
| 242 | |
| 243 // The StreamTransformationFilter adds padding | |
| 244 // as required. ECB and CBC Mode must be padded | |
| 245 // to the block size of the cipher. | |
| 246 StringSource ss(input, true, | |
| 247 new StreamTransformationFilter(d, | |
| 248 new StringSink(outputString) | |
| 249 ) // StreamTransformationFilter | |
| 250 ); // StringSource | |
| 251 | |
| 252 output.Assign((const byte*)outputString.data(), outputString.size()); | |
| 253 } | |
| 254 catch (CryptoPP::Exception& e) | |
| 255 { | |
| 256 throw EncryptionException(e.what()); | |
| 257 } | |
| 258 | |
| 259 assert(output.size() == input.size()); | |
| 260 } | |
| 261 | |
| 262 | |
| 263 void EncryptionHelpers::EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey) | |
| 264 { | |
| 75 | 265 // std::cout << "EncryptInternal" << std::endl; |
| 266 // std::cout << "masterKey " << ToHexString(masterKey) << std::endl; | |
| 267 | |
| 1 | 268 SecByteBlock iv(IV_SIZE); |
| 269 randomGenerator_.GenerateBlock(iv, iv.size()); // with GCM, the iv is supposed to be a nonce (not a random number). However, since each dataKey is used only once, we consider a random number is fine. | |
| 270 | |
| 271 SecByteBlock dataKey; | |
| 272 GenerateKey(dataKey); | |
| 273 | |
| 75 | 274 // std::cout << "dataKey " << ToHexString(dataKey) << std::endl; |
| 275 // std::cout << "iv " << ToHexString(iv) << std::endl; | |
| 1 | 276 std::string encryptedDataKey; |
| 277 std::string encryptedIv; | |
| 278 | |
| 279 EncryptPrefixSecBlock(encryptedIv, iv, masterKey); | |
| 280 EncryptPrefixSecBlock(encryptedDataKey, dataKey, masterKey); | |
| 281 | |
| 75 | 282 // std::cout << "encryptedIv " << ToHexString(encryptedIv) << std::endl; |
| 283 // std::cout << "encryptedDataKey " << ToHexString(encryptedDataKey) << std::endl; | |
| 284 | |
| 1 | 285 std::string prefix = HEADER_VERSION + encryptionMasterKeyId_ + encryptedIv + encryptedDataKey; |
| 286 | |
| 287 try | |
| 288 { | |
| 289 GCM<AES>::Encryption e; | |
| 25 | 290 e.SetKeyWithIV(dataKey, dataKey.size(), iv, iv.size()); |
| 1 | 291 |
| 292 // the output text starts with the unencrypted prefix | |
| 293 output = prefix; | |
| 294 | |
| 295 AuthenticatedEncryptionFilter ef(e, | |
| 296 new StringSink(output), false, INTEGRITY_CHECK_TAG_SIZE | |
| 297 ); | |
| 298 | |
| 299 | |
| 300 // AuthenticatedEncryptionFilter::ChannelPut | |
| 301 // defines two channels: "" (empty) and "AAD" | |
| 302 // channel "" is encrypted and authenticated | |
| 303 // channel "AAD" is authenticated | |
| 304 ef.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size()); | |
| 305 ef.ChannelMessageEnd("AAD"); | |
| 306 | |
| 307 // Authenticated data *must* be pushed before | |
| 308 // Confidential/Authenticated data. Otherwise | |
| 309 // we must catch the BadState exception | |
| 310 ef.ChannelPut("", (const byte*)data, size); | |
| 311 ef.ChannelMessageEnd(""); | |
| 312 } | |
| 313 catch(CryptoPP::Exception& e) | |
| 314 { | |
| 315 throw EncryptionException(e.what()); | |
| 316 } | |
| 317 } | |
| 318 | |
| 319 void EncryptionHelpers::DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey) | |
| 320 { | |
| 75 | 321 // std::cout << "DecryptInternal" << std::endl; |
| 322 // std::cout << "masterKey " << ToHexString(masterKey) << std::endl; | |
| 323 | |
| 1 | 324 size_t prefixSize = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE + AES_KEY_SIZE; |
| 325 | |
| 326 std::string prefix = std::string(data, prefixSize); | |
| 327 std::string mac = std::string(data + size - INTEGRITY_CHECK_TAG_SIZE, INTEGRITY_CHECK_TAG_SIZE); | |
| 328 | |
| 75 | 329 // std::cout << "prefix " << ToHexString(prefix) << std::endl; |
| 330 // std::cout << "mac " << ToHexString(mac) << std::endl; | |
| 331 | |
| 1 | 332 std::string encryptedIv = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE, IV_SIZE); |
| 333 std::string encryptedDataKey = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE, AES_KEY_SIZE); | |
| 334 | |
| 75 | 335 // std::cout << "encryptedIv " << ToHexString(encryptedIv) << std::endl; |
| 336 // std::cout << "encryptedDataKey " << ToHexString(encryptedDataKey) << std::endl; | |
| 337 | |
| 1 | 338 SecByteBlock dataKey; |
| 339 SecByteBlock iv; | |
| 340 | |
| 341 DecryptPrefixSecBlock(iv, encryptedIv, masterKey); | |
| 342 DecryptPrefixSecBlock(dataKey, encryptedDataKey, masterKey); | |
| 75 | 343 // std::cout << "dataKey " << ToHexString(dataKey) << std::endl; |
| 344 // std::cout << "iv " << ToHexString(iv) << std::endl; | |
| 1 | 345 |
| 346 GCM<AES>::Decryption d; | |
| 25 | 347 d.SetKeyWithIV(dataKey, dataKey.size(), iv, iv.size()); |
| 1 | 348 |
| 349 try { | |
| 350 AuthenticatedDecryptionFilter df(d, NULL, | |
| 351 AuthenticatedDecryptionFilter::MAC_AT_BEGIN | | |
| 352 AuthenticatedDecryptionFilter::THROW_EXCEPTION, INTEGRITY_CHECK_TAG_SIZE); | |
| 353 | |
| 354 // The order of the following calls are important | |
| 355 df.ChannelPut("", (const byte*)mac.data(), mac.size()); | |
| 356 df.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size()); | |
| 357 df.ChannelPut("", (const byte*)(data) + prefixSize, size - INTEGRITY_CHECK_TAG_SIZE - prefixSize); | |
| 358 | |
| 359 // If the object throws, it will most likely occur | |
| 360 // during ChannelMessageEnd() | |
| 361 df.ChannelMessageEnd("AAD"); | |
| 362 df.ChannelMessageEnd(""); | |
| 363 | |
| 364 // If the object does not throw, here's the only | |
| 365 // opportunity to check the data's integrity | |
| 366 if (!df.GetLastResult()) | |
| 367 { | |
| 368 throw EncryptionException("The decryption filter failed for some unknown reason. Integrity check failed ?"); | |
| 369 } | |
| 370 | |
| 371 // Remove data from channel | |
| 372 size_t n = (size_t)-1; | |
| 373 | |
| 374 // Recover plain text | |
| 375 df.SetRetrievalChannel(""); | |
| 376 n = (size_t)df.MaxRetrievable(); | |
| 377 | |
| 378 if(n > 0) | |
| 379 { | |
| 380 assert(n == size - OVERHEAD_SIZE); | |
| 381 | |
| 382 df.Get((byte*)output, n); | |
| 383 } | |
| 384 } | |
| 385 catch (CryptoPP::Exception& ex) | |
| 386 { | |
| 387 throw EncryptionException(ex.what()); | |
| 388 } | |
| 389 } |