orthanc-object-storage: Common/EncryptionHelpers.cpp annotate

author	Alain Mazy <alain@mazy.be>
date	Fri, 03 Jul 2020 10:08:44 +0200
parents
children	b0b7eb7cff73

rev	line source
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	1 /**
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	2 * Cloud storage plugins for Orthanc
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	3 * Copyright (C) 2017-2020 Osimis S.A., Belgium
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	4 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	5 * This program is free software: you can redistribute it and/or
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	6 * modify it under the terms of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	7 * as published by the Free Software Foundation, either version 3 of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	8 * the License, or (at your option) any later version.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	9 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	10 * This program is distributed in the hope that it will be useful, but
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	11 * WITHOUT ANY WARRANTY; without even the implied warranty of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	13 * Affero General Public License for more details.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	14 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	15 * You should have received a copy of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	17 **/
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	18
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	19 #include "EncryptionHelpers.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	20 #include <assert.h>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	21
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	22 #include <boost/lexical_cast.hpp>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	23 #include <iostream>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	24 #include "cryptopp/cryptlib.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	25 #include "cryptopp/modes.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	26 #include "cryptopp/hex.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	27 #include "cryptopp/gcm.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	28 #include "cryptopp/files.h"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	29
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	30 const std::string EncryptionHelpers::HEADER_VERSION = "A1";
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	31
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	32 using namespace CryptoPP;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	33
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	34 std::string EncryptionHelpers::ToHexString(const byte* block, size_t size)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	35 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	36 std::string blockAsString = std::string(reinterpret_cast<const char*>(block), size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	37
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	38 return ToHexString(blockAsString);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	39 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	40
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	41 std::string EncryptionHelpers::ToHexString(const std::string& block)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	42 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	43 std::string hexString;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	44 StringSource ss(block, true,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	45 new HexEncoder(
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	46 new StringSink(hexString)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	47 ) // StreamTransformationFilter
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	48 ); // StringSource
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	49
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	50 return hexString;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	51 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	52
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	53 std::string EncryptionHelpers::ToHexString(const SecByteBlock& block)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	54 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	55 return ToHexString(ToString(block));
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	56 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	57
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	58 std::string EncryptionHelpers::ToString(const CryptoPP::SecByteBlock& block)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	59 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	60 return std::string(reinterpret_cast<const char*>(block.data()), block.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	61 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	62
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	63 std::string EncryptionHelpers::ToString(uint32_t value)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	64 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	65 return std::string(reinterpret_cast<const char*>(&value), 4);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	66 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	67
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	68 void EncryptionHelpers::ReadKey(CryptoPP::SecByteBlock& key, const std::string& path)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	69 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	70 try
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	71 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	72 FileSource fs(path.c_str(), true,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	73 new HexDecoder(
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	74 new ArraySink(key.begin(), key.size())
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	75 )
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	76 );
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	77 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	78 catch (CryptoPP::Exception& ex)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	79 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	80 throw EncryptionException("unabled to read key from file '" + path + "': " + ex.what());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	81 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	82 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	83
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	84 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const std::string& path)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	85 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	86 SecByteBlock key(AES_KEY_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	87
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	88 ReadKey(key, path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	89 SetCurrentMasterKey(id, key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	90 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	91
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	92 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const std::string& path)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	93 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	94 SecByteBlock key(AES_KEY_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	95
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	96 ReadKey(key, path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	97 AddPreviousMasterKey(id, key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	98 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	99
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	100 EncryptionHelpers::EncryptionHelpers(size_t maxConcurrentInputSize)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	101 : concurrentInputSizeSemaphore_(maxConcurrentInputSize),
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	102 maxConcurrentInputSize_(maxConcurrentInputSize)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	103 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	104 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	105
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	106 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	107 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	108 encryptionMasterKey_ = key;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	109 encryptionMasterKeyId_ = ToString(id);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	110 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	111
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	112 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	113 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	114 previousMasterKeys_[ToString(id)] = key;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	115 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	116
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	117 const CryptoPP::SecByteBlock& EncryptionHelpers::GetMasterKey(const std::string& keyId)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	118 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	119 if (encryptionMasterKeyId_ == keyId)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	120 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	121 return encryptionMasterKey_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	122 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	123
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	124 if (previousMasterKeys_.find(keyId) == previousMasterKeys_.end())
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	125 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	126 throw EncryptionException("The master key whose id is '" + ToHexString(keyId) + "' could not be found. Unable to decrypt file");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	127 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	128
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	129 return previousMasterKeys_.at(keyId);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	130 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	131
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	132 void EncryptionHelpers::GenerateKey(CryptoPP::SecByteBlock& key)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	133 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	134 AutoSeededRandomPool prng;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	135
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	136 SecByteBlock tempKey(AES_KEY_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	137 prng.GenerateBlock( tempKey, tempKey.size() );
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	138 key = tempKey;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	139 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	140
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	141 void EncryptionHelpers::Encrypt(std::string &output, const std::string &input)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	142 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	143 Encrypt(output, input.data(), input.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	144 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	145
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	146 void EncryptionHelpers::Encrypt(std::string &output, const char* data, size_t size)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	147 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	148 if (size > maxConcurrentInputSize_)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	149 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	150 throw EncryptionException("The file is too large to encrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	151 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	152
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	153 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	154
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	155 EncryptInternal(output, data, size, encryptionMasterKey_);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	156 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	157
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	158 void EncryptionHelpers::Decrypt(std::string &output, const std::string &input)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	159 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	160 output.resize(input.size() - OVERHEAD_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	161 Decrypt(const_cast<char*>(output.data()), input.data(), input.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	162 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	163
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	164 void EncryptionHelpers::Decrypt(char* output, const char* data, size_t size)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	165 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	166 if (size > maxConcurrentInputSize_)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	167 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	168 throw EncryptionException("The file is too large to decrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	169 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	170
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	171 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	172
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	173 if (size < HEADER_VERSION_SIZE)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	174 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	175 throw EncryptionException("Unable to decrypt data, no header found");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	176 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	177
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	178 std::string version = std::string(data, HEADER_VERSION_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	179
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	180 if (version != "A1")
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	181 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	182 throw EncryptionException("Unable to decrypt data, version '" + version + "' is not supported");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	183 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	184
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	185 if (size < (HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE))
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	186 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	187 throw EncryptionException("Unable to decrypt data, no master key id found");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	188 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	189
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	190 std::string decryptionMasterKeyId = std::string(data + HEADER_VERSION_SIZE, MASTER_KEY_ID_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	191
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	192 const SecByteBlock& decryptionMasterKey = GetMasterKey(decryptionMasterKeyId);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	193 DecryptInternal(output, data, size, decryptionMasterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	194 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	195
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	196 void EncryptionHelpers::EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	197 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	198 try
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	199 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	200 SecByteBlock iv(16);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	201 memset(iv.data(), 0, iv.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	202
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	203 CTR_Mode<AES>::Encryption e;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	204 e.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	205
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	206 std::string inputString = ToString(input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	207
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	208 // The StreamTransformationFilter adds padding
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	209 // as required. ECB and CBC Mode must be padded
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	210 // to the block size of the cipher.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	211 StringSource ss(inputString, true,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	212 new StreamTransformationFilter(e,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	213 new StringSink(output)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	214 ) // StreamTransformationFilter
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	215 ); // StringSource
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	216 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	217 catch (CryptoPP::Exception& e)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	218 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	219 throw EncryptionException(e.what());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	220 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	221
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	222 assert(output.size() == input.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	223 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	224
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	225 void EncryptionHelpers::DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	226 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	227 try
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	228 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	229 SecByteBlock iv(16);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	230 memset(iv.data(), 0, iv.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	231
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	232 CTR_Mode<AES>::Decryption d;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	233 d.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	234
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	235 std::string outputString;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	236
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	237 // The StreamTransformationFilter adds padding
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	238 // as required. ECB and CBC Mode must be padded
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	239 // to the block size of the cipher.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	240 StringSource ss(input, true,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	241 new StreamTransformationFilter(d,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	242 new StringSink(outputString)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	243 ) // StreamTransformationFilter
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	244 ); // StringSource
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	245
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	246 output.Assign((const byte*)outputString.data(), outputString.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	247 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	248 catch (CryptoPP::Exception& e)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	249 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	250 throw EncryptionException(e.what());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	251 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	252
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	253 assert(output.size() == input.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	254 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	255
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	256
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	257 void EncryptionHelpers::EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	258 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	259 SecByteBlock iv(IV_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	260 randomGenerator_.GenerateBlock(iv, iv.size()); // with GCM, the iv is supposed to be a nonce (not a random number). However, since each dataKey is used only once, we consider a random number is fine.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	261
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	262 SecByteBlock dataKey;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	263 GenerateKey(dataKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	264
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	265 // std::cout << ToHexString(dataKey) << std::endl;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	266 // std::cout << ToHexString(iv) << std::endl;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	267 std::string encryptedDataKey;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	268 std::string encryptedIv;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	269
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	270 EncryptPrefixSecBlock(encryptedIv, iv, masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	271 EncryptPrefixSecBlock(encryptedDataKey, dataKey, masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	272
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	273 std::string prefix = HEADER_VERSION + encryptionMasterKeyId_ + encryptedIv + encryptedDataKey;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	274
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	275 try
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	276 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	277 GCM<AES>::Encryption e;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	278 e.SetKeyWithIV(dataKey, dataKey.size(), iv, sizeof(iv));
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	279
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	280 // the output text starts with the unencrypted prefix
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	281 output = prefix;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	282
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	283 AuthenticatedEncryptionFilter ef(e,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	284 new StringSink(output), false, INTEGRITY_CHECK_TAG_SIZE
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	285 );
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	286
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	287
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	288 // AuthenticatedEncryptionFilter::ChannelPut
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	289 // defines two channels: "" (empty) and "AAD"
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	290 // channel "" is encrypted and authenticated
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	291 // channel "AAD" is authenticated
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	292 ef.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	293 ef.ChannelMessageEnd("AAD");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	294
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	295 // Authenticated data must be pushed before
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	296 // Confidential/Authenticated data. Otherwise
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	297 // we must catch the BadState exception
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	298 ef.ChannelPut("", (const byte*)data, size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	299 ef.ChannelMessageEnd("");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	300 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	301 catch(CryptoPP::Exception& e)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	302 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	303 throw EncryptionException(e.what());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	304 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	305 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	306
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	307 void EncryptionHelpers::DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	308 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	309 size_t prefixSize = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE + AES_KEY_SIZE;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	310
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	311 std::string prefix = std::string(data, prefixSize);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	312 std::string mac = std::string(data + size - INTEGRITY_CHECK_TAG_SIZE, INTEGRITY_CHECK_TAG_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	313
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	314 std::string encryptedIv = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE, IV_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	315 std::string encryptedDataKey = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE, AES_KEY_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	316
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	317 SecByteBlock dataKey;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	318 SecByteBlock iv;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	319
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	320 DecryptPrefixSecBlock(iv, encryptedIv, masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	321 DecryptPrefixSecBlock(dataKey, encryptedDataKey, masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	322 // std::cout << ToHexString(dataKey) << std::endl;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	323 // std::cout << ToHexString(iv) << std::endl;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	324
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	325 GCM<AES>::Decryption d;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	326 d.SetKeyWithIV(dataKey, sizeof(dataKey), iv, sizeof(iv));
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	327
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	328 try {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	329 AuthenticatedDecryptionFilter df(d, NULL,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	330 AuthenticatedDecryptionFilter::MAC_AT_BEGIN \|
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	331 AuthenticatedDecryptionFilter::THROW_EXCEPTION, INTEGRITY_CHECK_TAG_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	332
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	333 // The order of the following calls are important
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	334 df.ChannelPut("", (const byte*)mac.data(), mac.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	335 df.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	336 df.ChannelPut("", (const byte*)(data) + prefixSize, size - INTEGRITY_CHECK_TAG_SIZE - prefixSize);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	337
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	338 // If the object throws, it will most likely occur
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	339 // during ChannelMessageEnd()
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	340 df.ChannelMessageEnd("AAD");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	341 df.ChannelMessageEnd("");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	342
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	343 // If the object does not throw, here's the only
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	344 // opportunity to check the data's integrity
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	345 if (!df.GetLastResult())
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	346 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	347 throw EncryptionException("The decryption filter failed for some unknown reason. Integrity check failed ?");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	348 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	349
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	350 // Remove data from channel
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	351 size_t n = (size_t)-1;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	352
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	353 // Recover plain text
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	354 df.SetRetrievalChannel("");
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	355 n = (size_t)df.MaxRetrievable();
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	356
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	357 if(n > 0)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	358 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	359 assert(n == size - OVERHEAD_SIZE);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	360
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	361 df.Get((byte*)output, n);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	362 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	363 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	364 catch (CryptoPP::Exception& ex)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	365 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	366 throw EncryptionException(ex.what());
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	367 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	368 }

1

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

1 /**

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

2 * Cloud storage plugins for Orthanc

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

4 *

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

5 * This program is free software: you can redistribute it and/or

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

6 * modify it under the terms of the GNU Affero General Public License

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

7 * as published by the Free Software Foundation, either version 3 of

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

8 * the License, or (at your option) any later version.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

9 *

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

10 * This program is distributed in the hope that it will be useful, but

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

11 * WITHOUT ANY WARRANTY; without even the implied warranty of

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

13 * Affero General Public License for more details.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

14 *

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

15 * You should have received a copy of the GNU Affero General Public License

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

16 * along with this program. If not, see <http://www.gnu.org/licenses/>.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

17 **/

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

18

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

19 #include "EncryptionHelpers.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

20 #include <assert.h>

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

21

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

22 #include <boost/lexical_cast.hpp>

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

23 #include <iostream>

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

24 #include "cryptopp/cryptlib.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

25 #include "cryptopp/modes.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

26 #include "cryptopp/hex.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

27 #include "cryptopp/gcm.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

28 #include "cryptopp/files.h"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

29

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

30 const std::string EncryptionHelpers::HEADER_VERSION = "A1";

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

31

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

32 using namespace CryptoPP;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

33

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

34 std::string EncryptionHelpers::ToHexString(const byte* block, size_t size)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

35 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

36 std::string blockAsString = std::string(reinterpret_cast<const char*>(block), size);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

37

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

38 return ToHexString(blockAsString);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

39 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

40

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

41 std::string EncryptionHelpers::ToHexString(const std::string& block)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

42 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

43 std::string hexString;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

44 StringSource ss(block, true,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

45 new HexEncoder(

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

46 new StringSink(hexString)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

47 ) // StreamTransformationFilter

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

48 ); // StringSource

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

49

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

50 return hexString;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

51 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

52

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

53 std::string EncryptionHelpers::ToHexString(const SecByteBlock& block)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

54 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

55 return ToHexString(ToString(block));

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

56 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

57

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

58 std::string EncryptionHelpers::ToString(const CryptoPP::SecByteBlock& block)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

59 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

60 return std::string(reinterpret_cast<const char*>(block.data()), block.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

61 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

62

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

63 std::string EncryptionHelpers::ToString(uint32_t value)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

64 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

65 return std::string(reinterpret_cast<const char*>(&value), 4);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

66 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

67

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

68 void EncryptionHelpers::ReadKey(CryptoPP::SecByteBlock& key, const std::string& path)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

69 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

70 try

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

71 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

72 FileSource fs(path.c_str(), true,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

73 new HexDecoder(

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

74 new ArraySink(key.begin(), key.size())

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

75 )

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

76 );

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

77 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

78 catch (CryptoPP::Exception& ex)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

79 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

80 throw EncryptionException("unabled to read key from file '" + path + "': " + ex.what());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

81 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

82 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

83

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

84 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const std::string& path)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

85 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

86 SecByteBlock key(AES_KEY_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

87

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

88 ReadKey(key, path);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

89 SetCurrentMasterKey(id, key);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

90 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

91

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

92 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const std::string& path)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

93 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

94 SecByteBlock key(AES_KEY_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

95

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

96 ReadKey(key, path);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

97 AddPreviousMasterKey(id, key);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

98 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

99

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

100 EncryptionHelpers::EncryptionHelpers(size_t maxConcurrentInputSize)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

101 : concurrentInputSizeSemaphore_(maxConcurrentInputSize),

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

102 maxConcurrentInputSize_(maxConcurrentInputSize)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

103 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

104 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

105

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

106 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

107 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

108 encryptionMasterKey_ = key;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

109 encryptionMasterKeyId_ = ToString(id);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

110 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

111

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

112 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

113 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

114 previousMasterKeys_[ToString(id)] = key;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

115 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

116

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

117 const CryptoPP::SecByteBlock& EncryptionHelpers::GetMasterKey(const std::string& keyId)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

118 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

119 if (encryptionMasterKeyId_ == keyId)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

120 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

121 return encryptionMasterKey_;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

122 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

123

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

124 if (previousMasterKeys_.find(keyId) == previousMasterKeys_.end())

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

125 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

126 throw EncryptionException("The master key whose id is '" + ToHexString(keyId) + "' could not be found. Unable to decrypt file");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

127 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

128

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

129 return previousMasterKeys_.at(keyId);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

130 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

131

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

132 void EncryptionHelpers::GenerateKey(CryptoPP::SecByteBlock& key)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

133 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

134 AutoSeededRandomPool prng;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

135

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

136 SecByteBlock tempKey(AES_KEY_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

137 prng.GenerateBlock( tempKey, tempKey.size() );

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

138 key = tempKey;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

139 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

140

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

141 void EncryptionHelpers::Encrypt(std::string &output, const std::string &input)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

142 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

143 Encrypt(output, input.data(), input.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

144 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

145

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

146 void EncryptionHelpers::Encrypt(std::string &output, const char* data, size_t size)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

147 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

148 if (size > maxConcurrentInputSize_)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

149 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

150 throw EncryptionException("The file is too large to encrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

151 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

152

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

153 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

154

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

155 EncryptInternal(output, data, size, encryptionMasterKey_);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

156 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

157

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

158 void EncryptionHelpers::Decrypt(std::string &output, const std::string &input)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

159 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

160 output.resize(input.size() - OVERHEAD_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

161 Decrypt(const_cast<char*>(output.data()), input.data(), input.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

162 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

163

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

164 void EncryptionHelpers::Decrypt(char* output, const char* data, size_t size)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

165 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

166 if (size > maxConcurrentInputSize_)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

167 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

168 throw EncryptionException("The file is too large to decrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

169 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

170

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

171 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

172

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

173 if (size < HEADER_VERSION_SIZE)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

174 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

175 throw EncryptionException("Unable to decrypt data, no header found");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

176 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

177

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

178 std::string version = std::string(data, HEADER_VERSION_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

179

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

180 if (version != "A1")

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

181 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

182 throw EncryptionException("Unable to decrypt data, version '" + version + "' is not supported");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

183 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

184

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

185 if (size < (HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE))

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

186 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

187 throw EncryptionException("Unable to decrypt data, no master key id found");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

188 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

189

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

190 std::string decryptionMasterKeyId = std::string(data + HEADER_VERSION_SIZE, MASTER_KEY_ID_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

191

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

192 const SecByteBlock& decryptionMasterKey = GetMasterKey(decryptionMasterKeyId);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

193 DecryptInternal(output, data, size, decryptionMasterKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

194 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

195

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

196 void EncryptionHelpers::EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

197 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

198 try

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

199 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

200 SecByteBlock iv(16);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

201 memset(iv.data(), 0, iv.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

202

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

203 CTR_Mode<AES>::Encryption e;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

204 e.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

205

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

206 std::string inputString = ToString(input);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

207

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

208 // The StreamTransformationFilter adds padding

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

209 // as required. ECB and CBC Mode must be padded

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

210 // to the block size of the cipher.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

211 StringSource ss(inputString, true,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

212 new StreamTransformationFilter(e,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

213 new StringSink(output)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

214 ) // StreamTransformationFilter

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

215 ); // StringSource

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

216 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

217 catch (CryptoPP::Exception& e)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

218 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

219 throw EncryptionException(e.what());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

220 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

221

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

222 assert(output.size() == input.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

223 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

224

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

225 void EncryptionHelpers::DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

226 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

227 try

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

228 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

229 SecByteBlock iv(16);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

230 memset(iv.data(), 0, iv.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

231

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

232 CTR_Mode<AES>::Decryption d;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

233 d.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

234

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

235 std::string outputString;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

236

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

237 // The StreamTransformationFilter adds padding

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

238 // as required. ECB and CBC Mode must be padded

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

239 // to the block size of the cipher.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

240 StringSource ss(input, true,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

241 new StreamTransformationFilter(d,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

242 new StringSink(outputString)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

243 ) // StreamTransformationFilter

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

244 ); // StringSource

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

245

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

246 output.Assign((const byte*)outputString.data(), outputString.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

247 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

248 catch (CryptoPP::Exception& e)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

249 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

250 throw EncryptionException(e.what());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

251 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

252

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

253 assert(output.size() == input.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

254 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

255

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

256

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

257 void EncryptionHelpers::EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

258 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

259 SecByteBlock iv(IV_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

260 randomGenerator_.GenerateBlock(iv, iv.size()); // with GCM, the iv is supposed to be a nonce (not a random number). However, since each dataKey is used only once, we consider a random number is fine.

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

261

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

262 SecByteBlock dataKey;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

263 GenerateKey(dataKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

264

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

265 // std::cout << ToHexString(dataKey) << std::endl;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

266 // std::cout << ToHexString(iv) << std::endl;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

267 std::string encryptedDataKey;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

268 std::string encryptedIv;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

269

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

270 EncryptPrefixSecBlock(encryptedIv, iv, masterKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

271 EncryptPrefixSecBlock(encryptedDataKey, dataKey, masterKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

272

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

273 std::string prefix = HEADER_VERSION + encryptionMasterKeyId_ + encryptedIv + encryptedDataKey;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

274

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

275 try

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

276 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

277 GCM<AES>::Encryption e;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

278 e.SetKeyWithIV(dataKey, dataKey.size(), iv, sizeof(iv));

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

279

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

280 // the output text starts with the unencrypted prefix

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

281 output = prefix;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

282

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

283 AuthenticatedEncryptionFilter ef(e,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

284 new StringSink(output), false, INTEGRITY_CHECK_TAG_SIZE

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

285 );

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

286

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

287

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

288 // AuthenticatedEncryptionFilter::ChannelPut

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

289 // defines two channels: "" (empty) and "AAD"

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

290 // channel "" is encrypted and authenticated

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

291 // channel "AAD" is authenticated

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

292 ef.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

293 ef.ChannelMessageEnd("AAD");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

294

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

295 // Authenticated data *must* be pushed before

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

296 // Confidential/Authenticated data. Otherwise

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

297 // we must catch the BadState exception

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

298 ef.ChannelPut("", (const byte*)data, size);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

299 ef.ChannelMessageEnd("");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

300 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

301 catch(CryptoPP::Exception& e)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

302 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

303 throw EncryptionException(e.what());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

304 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

305 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

306

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

307 void EncryptionHelpers::DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

308 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

309 size_t prefixSize = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE + AES_KEY_SIZE;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

310

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

311 std::string prefix = std::string(data, prefixSize);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

312 std::string mac = std::string(data + size - INTEGRITY_CHECK_TAG_SIZE, INTEGRITY_CHECK_TAG_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

313

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

314 std::string encryptedIv = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE, IV_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

315 std::string encryptedDataKey = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE, AES_KEY_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

316

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

317 SecByteBlock dataKey;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

318 SecByteBlock iv;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

319

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

320 DecryptPrefixSecBlock(iv, encryptedIv, masterKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

321 DecryptPrefixSecBlock(dataKey, encryptedDataKey, masterKey);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

322 // std::cout << ToHexString(dataKey) << std::endl;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

323 // std::cout << ToHexString(iv) << std::endl;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

324

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

325 GCM<AES>::Decryption d;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

326 d.SetKeyWithIV(dataKey, sizeof(dataKey), iv, sizeof(iv));

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

327

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

328 try {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

329 AuthenticatedDecryptionFilter df(d, NULL,

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

330 AuthenticatedDecryptionFilter::MAC_AT_BEGIN |

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

331 AuthenticatedDecryptionFilter::THROW_EXCEPTION, INTEGRITY_CHECK_TAG_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

332

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

333 // The order of the following calls are important

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

334 df.ChannelPut("", (const byte*)mac.data(), mac.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

335 df.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

336 df.ChannelPut("", (const byte*)(data) + prefixSize, size - INTEGRITY_CHECK_TAG_SIZE - prefixSize);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

337

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

338 // If the object throws, it will most likely occur

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

339 // during ChannelMessageEnd()

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

340 df.ChannelMessageEnd("AAD");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

341 df.ChannelMessageEnd("");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

342

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

343 // If the object does not throw, here's the only

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

344 // opportunity to check the data's integrity

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

345 if (!df.GetLastResult())

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

346 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

347 throw EncryptionException("The decryption filter failed for some unknown reason. Integrity check failed ?");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

348 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

349

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

350 // Remove data from channel

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

351 size_t n = (size_t)-1;

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

352

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

353 // Recover plain text

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

354 df.SetRetrievalChannel("");

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

355 n = (size_t)df.MaxRetrievable();

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

356

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

357 if(n > 0)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

358 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

359 assert(n == size - OVERHEAD_SIZE);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

360

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

361 df.Get((byte*)output, n);

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

362 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

363 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

364 catch (CryptoPP::Exception& ex)

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

365 {

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

366 throw EncryptionException(ex.what());

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

367 }

fc26a8fc54d5 initial release

Alain Mazy <alain@mazy.be>

parents:

diff changeset

368 }

Mercurial > hg > orthanc-object-storage

annotate Common/EncryptionHelpers.cpp @ 1:fc26a8fc54d5