Mercurial > hg > orthanc-object-storage

annotate Common/EncryptionHelpers.cpp @ 168:c291abffc65d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
integration 1.3.3: back to mainline
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 25 Jun 2024 12:06:34 +0200
parents 3c7e0374f28e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
1 /**
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
2 * Cloud storage plugins for Orthanc
145
3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 75
diff changeset
3 * Copyright (C) 2020-2023 Osimis S.A., Belgium
3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 75
diff changeset
4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium
3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 75
diff changeset
5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
6 *
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
7 * This program is free software: you can redistribute it and/or
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
8 * modify it under the terms of the GNU Affero General Public License
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
9 * as published by the Free Software Foundation, either version 3 of
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
10 * the License, or (at your option) any later version.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
11 *
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
12 * This program is distributed in the hope that it will be useful, but
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
15 * Affero General Public License for more details.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
16 *
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
17 * You should have received a copy of the GNU Affero General Public License
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
19 **/
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
20
56
b922ae86bbe1 full static linking against AWS SDK
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 37
diff changeset
21
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
22 #include "EncryptionHelpers.h"
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
23 #include <assert.h>
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
24
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
25 #include <boost/lexical_cast.hpp>
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
26 #include <iostream>
30
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
27
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
28 #include <cryptopp/cryptlib.h>
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
29 #include <cryptopp/modes.h>
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
30 #include <cryptopp/hex.h>
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
31 #include <cryptopp/base64.h>
30
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
32 #include <cryptopp/gcm.h>
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
33 #include <cryptopp/files.h>
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
34 #include <cryptopp/filters.h>
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
35
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
36 const std::string EncryptionHelpers::HEADER_VERSION = "A1";
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
37
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
38 using namespace CryptoPP;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
39
30
662b9d3f217d fix missing definition of "byte" from CryptoPP
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 25
diff changeset
40 std::string EncryptionHelpers::ToHexString(const void* block, size_t size)
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
41 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
42 std::string blockAsString = std::string(reinterpret_cast<const char*>(block), size);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
43
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
44 return ToHexString(blockAsString);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
45 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
46
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
47 std::string EncryptionHelpers::ToHexString(const std::string& block)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
48 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
49 std::string hexString;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
50 StringSource ss(block, true,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
51 new HexEncoder(
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
52 new StringSink(hexString)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
53 ) // StreamTransformationFilter
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
54 ); // StringSource
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
55
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
56 return hexString;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
57 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
58
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
59 std::string EncryptionHelpers::ToHexString(const SecByteBlock& block)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
60 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
61 return ToHexString(ToString(block));
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
62 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
63
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
64 std::string EncryptionHelpers::ToString(const CryptoPP::SecByteBlock& block)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
65 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
66 return std::string(reinterpret_cast<const char*>(block.data()), block.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
67 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
68
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
69 std::string EncryptionHelpers::ToString(uint32_t value)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
70 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
71 return std::string(reinterpret_cast<const char*>(&value), 4);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
72 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
73
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
74 void EncryptionHelpers::ReadKey(CryptoPP::SecByteBlock& key, const std::string& path)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
75 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
76 try
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
77 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
78 FileSource fs(path.c_str(), true,
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
79 new Base64Decoder(
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
80 new ArraySink(key.begin(), key.size())
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
81 )
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
82 );
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
83
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
84 // std::cout << "ReadKey " << ToHexString(key) << std::endl;
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
85 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
86 catch (CryptoPP::Exception& ex)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
87 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
88 throw EncryptionException("unabled to read key from file '" + path + "': " + ex.what());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
89 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
90 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
91
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
92 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const std::string& path)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
93 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
94 SecByteBlock key(AES_KEY_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
95
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
96 ReadKey(key, path);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
97 SetCurrentMasterKey(id, key);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
98 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
99
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
100 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const std::string& path)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
101 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
102 SecByteBlock key(AES_KEY_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
103
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
104 ReadKey(key, path);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
105 AddPreviousMasterKey(id, key);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
106 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
107
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
108 EncryptionHelpers::EncryptionHelpers(size_t maxConcurrentInputSize)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
109 : concurrentInputSizeSemaphore_(maxConcurrentInputSize),
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
110 maxConcurrentInputSize_(maxConcurrentInputSize)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
111 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
112 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
113
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
114 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
115 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
116 encryptionMasterKey_ = key;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
117 encryptionMasterKeyId_ = ToString(id);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
118 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
119
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
120 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
121 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
122 previousMasterKeys_[ToString(id)] = key;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
123 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
124
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
125 const CryptoPP::SecByteBlock& EncryptionHelpers::GetMasterKey(const std::string& keyId)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
126 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
127 if (encryptionMasterKeyId_ == keyId)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
128 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
129 return encryptionMasterKey_;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
130 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
131
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
132 if (previousMasterKeys_.find(keyId) == previousMasterKeys_.end())
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
133 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
134 throw EncryptionException("The master key whose id is '" + ToHexString(keyId) + "' could not be found. Unable to decrypt file");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
135 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
136
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
137 return previousMasterKeys_.at(keyId);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
138 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
139
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
140 void EncryptionHelpers::GenerateKey(CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
141 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
142 AutoSeededRandomPool prng;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
143
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
144 SecByteBlock tempKey(AES_KEY_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
145 prng.GenerateBlock( tempKey, tempKey.size() );
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
146 key = tempKey;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
147 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
148
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
149 void EncryptionHelpers::Encrypt(std::string &output, const std::string &input)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
150 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
151 Encrypt(output, input.data(), input.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
152 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
153
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
154 void EncryptionHelpers::Encrypt(std::string &output, const char* data, size_t size)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
155 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
156 if (size > maxConcurrentInputSize_)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
157 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
158 throw EncryptionException("The file is too large to encrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
159 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
160
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
161 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
162
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
163 EncryptInternal(output, data, size, encryptionMasterKey_);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
164 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
165
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
166 void EncryptionHelpers::Decrypt(std::string &output, const std::string &input)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
167 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
168 output.resize(input.size() - OVERHEAD_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
169 Decrypt(const_cast<char*>(output.data()), input.data(), input.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
170 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
171
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
172 void EncryptionHelpers::Decrypt(char* output, const char* data, size_t size)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
173 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
174 if (size > maxConcurrentInputSize_)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
175 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
176 throw EncryptionException("The file is too large to decrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
177 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
178
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
179 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
180
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
181 if (size < HEADER_VERSION_SIZE)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
182 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
183 throw EncryptionException("Unable to decrypt data, no header found");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
184 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
185
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
186 std::string version = std::string(data, HEADER_VERSION_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
187
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
188 if (version != "A1")
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
189 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
190 throw EncryptionException("Unable to decrypt data, version '" + version + "' is not supported");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
191 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
192
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
193 if (size < (HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE))
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
194 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
195 throw EncryptionException("Unable to decrypt data, no master key id found");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
196 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
197
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
198 std::string decryptionMasterKeyId = std::string(data + HEADER_VERSION_SIZE, MASTER_KEY_ID_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
199
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
200 const SecByteBlock& decryptionMasterKey = GetMasterKey(decryptionMasterKeyId);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
201 DecryptInternal(output, data, size, decryptionMasterKey);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
202 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
203
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
204 void EncryptionHelpers::EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
205 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
206 try
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
207 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
208 SecByteBlock iv(16);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
209 memset(iv.data(), 0, iv.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
210
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
211 CTR_Mode<AES>::Encryption e;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
212 e.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
213
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
214 std::string inputString = ToString(input);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
215
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
216 // The StreamTransformationFilter adds padding
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
217 // as required. ECB and CBC Mode must be padded
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
218 // to the block size of the cipher.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
219 StringSource ss(inputString, true,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
220 new StreamTransformationFilter(e,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
221 new StringSink(output)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
222 ) // StreamTransformationFilter
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
223 ); // StringSource
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
224 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
225 catch (CryptoPP::Exception& e)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
226 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
227 throw EncryptionException(e.what());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
228 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
229
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
230 assert(output.size() == input.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
231 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
232
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
233 void EncryptionHelpers::DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
234 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
235 try
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
236 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
237 SecByteBlock iv(16);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
238 memset(iv.data(), 0, iv.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
239
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
240 CTR_Mode<AES>::Decryption d;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
241 d.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
242
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
243 std::string outputString;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
244
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
245 // The StreamTransformationFilter adds padding
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
246 // as required. ECB and CBC Mode must be padded
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
247 // to the block size of the cipher.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
248 StringSource ss(input, true,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
249 new StreamTransformationFilter(d,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
250 new StringSink(outputString)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
251 ) // StreamTransformationFilter
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
252 ); // StringSource
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
253
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
254 output.Assign((const byte*)outputString.data(), outputString.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
255 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
256 catch (CryptoPP::Exception& e)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
257 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
258 throw EncryptionException(e.what());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
259 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
260
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
261 assert(output.size() == input.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
262 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
263
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
264
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
265 void EncryptionHelpers::EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
266 {
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
267 // std::cout << "EncryptInternal" << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
268 // std::cout << "masterKey " << ToHexString(masterKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
269
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
270 SecByteBlock iv(IV_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
271 randomGenerator_.GenerateBlock(iv, iv.size()); // with GCM, the iv is supposed to be a nonce (not a random number). However, since each dataKey is used only once, we consider a random number is fine.
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
272
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
273 SecByteBlock dataKey;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
274 GenerateKey(dataKey);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
275
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
276 // std::cout << "dataKey " << ToHexString(dataKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
277 // std::cout << "iv " << ToHexString(iv) << std::endl;
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
278 std::string encryptedDataKey;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
279 std::string encryptedIv;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
280
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
281 EncryptPrefixSecBlock(encryptedIv, iv, masterKey);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
282 EncryptPrefixSecBlock(encryptedDataKey, dataKey, masterKey);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
283
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
284 // std::cout << "encryptedIv " << ToHexString(encryptedIv) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
285 // std::cout << "encryptedDataKey " << ToHexString(encryptedDataKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
286
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
287 std::string prefix = HEADER_VERSION + encryptionMasterKeyId_ + encryptedIv + encryptedDataKey;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
288
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
289 try
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
290 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
291 GCM<AES>::Encryption e;
25
b0b7eb7cff73 fix encryption
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 1
diff changeset
292 e.SetKeyWithIV(dataKey, dataKey.size(), iv, iv.size());
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
293
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
294 // the output text starts with the unencrypted prefix
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
295 output = prefix;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
296
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
297 AuthenticatedEncryptionFilter ef(e,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
298 new StringSink(output), false, INTEGRITY_CHECK_TAG_SIZE
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
299 );
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
300
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
301
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
302 // AuthenticatedEncryptionFilter::ChannelPut
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
303 // defines two channels: "" (empty) and "AAD"
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
304 // channel "" is encrypted and authenticated
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
305 // channel "AAD" is authenticated
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
306 ef.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
307 ef.ChannelMessageEnd("AAD");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
308
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
309 // Authenticated data *must* be pushed before
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
310 // Confidential/Authenticated data. Otherwise
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
311 // we must catch the BadState exception
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
312 ef.ChannelPut("", (const byte*)data, size);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
313 ef.ChannelMessageEnd("");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
314 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
315 catch(CryptoPP::Exception& e)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
316 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
317 throw EncryptionException(e.what());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
318 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
319 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
320
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
321 void EncryptionHelpers::DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
322 {
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
323 // std::cout << "DecryptInternal" << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
324 // std::cout << "masterKey " << ToHexString(masterKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
325
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
326 size_t prefixSize = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE + AES_KEY_SIZE;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
327
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
328 std::string prefix = std::string(data, prefixSize);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
329 std::string mac = std::string(data + size - INTEGRITY_CHECK_TAG_SIZE, INTEGRITY_CHECK_TAG_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
330
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
331 // std::cout << "prefix " << ToHexString(prefix) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
332 // std::cout << "mac " << ToHexString(mac) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
333
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
334 std::string encryptedIv = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE, IV_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
335 std::string encryptedDataKey = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE, AES_KEY_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
336
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
337 // std::cout << "encryptedIv " << ToHexString(encryptedIv) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
338 // std::cout << "encryptedDataKey " << ToHexString(encryptedDataKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
339
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
340 SecByteBlock dataKey;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
341 SecByteBlock iv;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
342
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
343 DecryptPrefixSecBlock(iv, encryptedIv, masterKey);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
344 DecryptPrefixSecBlock(dataKey, encryptedDataKey, masterKey);
75
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
345 // std::cout << "dataKey " << ToHexString(dataKey) << std::endl;
ac596874d997 fix client side encryption
Alain Mazy <am@osimis.io>
parents: 56
diff changeset
346 // std::cout << "iv " << ToHexString(iv) << std::endl;
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
347
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
348 GCM<AES>::Decryption d;
25
b0b7eb7cff73 fix encryption
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 1
diff changeset
349 d.SetKeyWithIV(dataKey, dataKey.size(), iv, iv.size());
1
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
350
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
351 try {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
352 AuthenticatedDecryptionFilter df(d, NULL,
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
353 AuthenticatedDecryptionFilter::MAC_AT_BEGIN |
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
354 AuthenticatedDecryptionFilter::THROW_EXCEPTION, INTEGRITY_CHECK_TAG_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
355
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
356 // The order of the following calls are important
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
357 df.ChannelPut("", (const byte*)mac.data(), mac.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
358 df.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
359 df.ChannelPut("", (const byte*)(data) + prefixSize, size - INTEGRITY_CHECK_TAG_SIZE - prefixSize);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
360
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
361 // If the object throws, it will most likely occur
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
362 // during ChannelMessageEnd()
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
363 df.ChannelMessageEnd("AAD");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
364 df.ChannelMessageEnd("");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
365
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
366 // If the object does not throw, here's the only
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
367 // opportunity to check the data's integrity
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
368 if (!df.GetLastResult())
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
369 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
370 throw EncryptionException("The decryption filter failed for some unknown reason. Integrity check failed ?");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
371 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
372
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
373 // Remove data from channel
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
374 size_t n = (size_t)-1;
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
375
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
376 // Recover plain text
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
377 df.SetRetrievalChannel("");
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
378 n = (size_t)df.MaxRetrievable();
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
379
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
380 if(n > 0)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
381 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
382 assert(n == size - OVERHEAD_SIZE);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
383
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
384 df.Get((byte*)output, n);
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
385 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
386 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
387 catch (CryptoPP::Exception& ex)
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
388 {
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
389 throw EncryptionException(ex.what());
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
390 }
fc26a8fc54d5 initial release
Alain Mazy <alain@mazy.be>
parents:
diff changeset
391 }