orthanc-object-storage: Common/EncryptionHelpers.h annotate

annotate Common/EncryptionHelpers.h @ 114:752ab0c59950 2.3.0

2.3.0

author	Alain Mazy <am@osimis.io>
date	Tue, 17 Oct 2023 13:09:35 +0200
parents	b922ae86bbe1
children	3c7e0374f28e

rev	line source
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	1 /**
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	2 * Cloud storage plugins for Orthanc
37 f55b2afdf53d upgrade to year 2021 Sebastien Jodogne <s.jodogne@gmail.com> parents: 30 diff changeset	3 * Copyright (C) 2020-2021 Osimis S.A., Belgium
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	4 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	5 * This program is free software: you can redistribute it and/or
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	6 * modify it under the terms of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	7 * as published by the Free Software Foundation, either version 3 of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	8 * the License, or (at your option) any later version.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	9 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	10 * This program is distributed in the hope that it will be useful, but
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	11 * WITHOUT ANY WARRANTY; without even the implied warranty of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	13 * Affero General Public License for more details.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	14 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	15 * You should have received a copy of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	17 **/
56 b922ae86bbe1 full static linking against AWS SDK Sebastien Jodogne <s.jodogne@gmail.com> parents: 37 diff changeset	18
b922ae86bbe1 full static linking against AWS SDK Sebastien Jodogne <s.jodogne@gmail.com> parents: 37 diff changeset	19
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	20 #pragma once
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	21
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	22 #include <memory.h>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	23 #include <cryptopp/secblock.h>
30 662b9d3f217d fix missing definition of "byte" from CryptoPP Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	24 #include <cryptopp/osrng.h>
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	25 #include <boost/thread/mutex.hpp>
15 2a02b21f0a19 migration + storage structure Alain Mazy parents: 1 diff changeset	26 #include <MultiThreading/Semaphore.h>
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	27
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	28 class EncryptionException : public std::runtime_error
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	29 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	30 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	31 EncryptionException(const std::string& what)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	32 : std::runtime_error(what)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	33 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	34 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	35 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	36
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	37 class EncryptionHelpers
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	38 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	39 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	40 static const size_t HEADER_VERSION_SIZE = 2;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	41 static const size_t MASTER_KEY_ID_SIZE = 4;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	42 static const size_t AES_KEY_SIZE = 32; // length of AES keys (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	43 static const size_t IV_SIZE = 32; // length of IVs (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	44 static const size_t INTEGRITY_CHECK_TAG_SIZE = 16; // length of the TAG that is used to check the integrity of data (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	45
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	46 static const size_t OVERHEAD_SIZE = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + AES_KEY_SIZE + IV_SIZE + INTEGRITY_CHECK_TAG_SIZE;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	47
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	48
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	49 static const std::string HEADER_VERSION;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	50
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	51 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	52 Orthanc::Semaphore concurrentInputSizeSemaphore_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	53 size_t maxConcurrentInputSize_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	54
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	55 CryptoPP::AutoSeededRandomPool randomGenerator_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	56
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	57 CryptoPP::SecByteBlock encryptionMasterKey_; // at a given time, there's only one master key that is used for encryption
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	58 std::string encryptionMasterKeyId_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	59
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	60 std::map<std::string, CryptoPP::SecByteBlock> previousMasterKeys_; // for decryption, we might use older master keys too
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	61
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	62 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	63
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	64 // since the memory used during encryption/decryption can grow up to a bit more than 2 times the input,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	65 // we want to limit the number of threads doing concurrent processing according to the available memory
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	66 // instead of the number of concurrent threads
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	67 EncryptionHelpers(size_t maxConcurrentInputSize = 102410241024);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	68
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	69 void SetCurrentMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	70
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	71 void SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	72
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	73 void AddPreviousMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	74
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	75 void AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	76
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	77 // input: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	78 // output: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	79 void Encrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	80 void Encrypt(std::string& output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	81
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	82 // input: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	83 // output: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	84 void Decrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	85 void Decrypt(char* output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	86
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	87 static void GenerateKey(CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	88
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	89 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	90
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	91 void EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	92
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	93 void DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	94
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	95 void EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	96
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	97 void DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	98
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	99 std::string GetMasterKeyIdentifier(const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	100
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	101 const CryptoPP::SecByteBlock& GetMasterKey(const std::string& keyId);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	102
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	103 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	104
30 662b9d3f217d fix missing definition of "byte" from CryptoPP Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	105 static std::string ToHexString(const void* block, size_t size);
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	106 static std::string ToHexString(const std::string& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	107 static std::string ToHexString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	108 static std::string ToString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	109 static std::string ToString(uint32_t value);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	110
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	111 static void ReadKey(CryptoPP::SecByteBlock& key, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	112 //static void EncryptionHelpers::Encrypt(std::string& output, const std::string& input, const std::string& key, const std::string& iv);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	113 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	114

Mercurial > hg > orthanc-object-storage

annotate Common/EncryptionHelpers.h @ 114:752ab0c59950 2.3.0