orthanc-object-storage: Common/EncryptionHelpers.h annotate

annotate Common/EncryptionHelpers.h @ 210:408c90c9027f default tip

todo: google soft delete

author	Alain Mazy <am@orthanc.team>
date	Wed, 09 Oct 2024 11:48:14 +0200
parents	6dd8bb916573
children

rev	line source
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	1 /**
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	2 * Cloud storage plugins for Orthanc
145 3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis Sebastien Jodogne <s.jodogne@gmail.com> parents: 56 diff changeset	3 * Copyright (C) 2020-2023 Osimis S.A., Belgium
3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis Sebastien Jodogne <s.jodogne@gmail.com> parents: 56 diff changeset	4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium
3c7e0374f28e updated copyright, as Orthanc Team now replaces Osimis Sebastien Jodogne <s.jodogne@gmail.com> parents: 56 diff changeset	5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	6 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	7 * This program is free software: you can redistribute it and/or
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	8 * modify it under the terms of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	9 * as published by the Free Software Foundation, either version 3 of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	10 * the License, or (at your option) any later version.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	11 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	12 * This program is distributed in the hope that it will be useful, but
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	13 * WITHOUT ANY WARRANTY; without even the implied warranty of
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	15 * Affero General Public License for more details.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	16 *
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	17 * You should have received a copy of the GNU Affero General Public License
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	19 **/
56 b922ae86bbe1 full static linking against AWS SDK Sebastien Jodogne <s.jodogne@gmail.com> parents: 37 diff changeset	20
b922ae86bbe1 full static linking against AWS SDK Sebastien Jodogne <s.jodogne@gmail.com> parents: 37 diff changeset	21
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	22 #pragma once
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	23
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	24 #include <memory.h>
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	25 #include <cryptopp/secblock.h>
30 662b9d3f217d fix missing definition of "byte" from CryptoPP Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	26 #include <cryptopp/osrng.h>
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	27 #include <boost/thread/mutex.hpp>
15 2a02b21f0a19 migration + storage structure Alain Mazy parents: 1 diff changeset	28 #include <MultiThreading/Semaphore.h>
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	29
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	30 class EncryptionException : public std::runtime_error
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	31 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	32 public:
153 6dd8bb916573 cppcheck Sebastien Jodogne <s.jodogne@gmail.com> parents: 145 diff changeset	33 explicit EncryptionException(const std::string& what)
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	34 : std::runtime_error(what)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	35 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	36 }
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	37 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	38
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	39 class EncryptionHelpers
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	40 {
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	41 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	42 static const size_t HEADER_VERSION_SIZE = 2;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	43 static const size_t MASTER_KEY_ID_SIZE = 4;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	44 static const size_t AES_KEY_SIZE = 32; // length of AES keys (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	45 static const size_t IV_SIZE = 32; // length of IVs (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	46 static const size_t INTEGRITY_CHECK_TAG_SIZE = 16; // length of the TAG that is used to check the integrity of data (in bytes)
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	47
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	48 static const size_t OVERHEAD_SIZE = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + AES_KEY_SIZE + IV_SIZE + INTEGRITY_CHECK_TAG_SIZE;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	49
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	50
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	51 static const std::string HEADER_VERSION;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	52
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	53 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	54 Orthanc::Semaphore concurrentInputSizeSemaphore_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	55 size_t maxConcurrentInputSize_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	56
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	57 CryptoPP::AutoSeededRandomPool randomGenerator_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	58
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	59 CryptoPP::SecByteBlock encryptionMasterKey_; // at a given time, there's only one master key that is used for encryption
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	60 std::string encryptionMasterKeyId_;
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	61
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	62 std::map<std::string, CryptoPP::SecByteBlock> previousMasterKeys_; // for decryption, we might use older master keys too
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	63
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	64 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	65
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	66 // since the memory used during encryption/decryption can grow up to a bit more than 2 times the input,
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	67 // we want to limit the number of threads doing concurrent processing according to the available memory
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	68 // instead of the number of concurrent threads
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	69 EncryptionHelpers(size_t maxConcurrentInputSize = 102410241024);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	70
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	71 void SetCurrentMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	72
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	73 void SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	74
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	75 void AddPreviousMasterKey(uint32_t id, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	76
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	77 void AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	78
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	79 // input: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	80 // output: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	81 void Encrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	82 void Encrypt(std::string& output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	83
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	84 // input: prefix/encrypted data/integrity check tag
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	85 // output: plain text data
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	86 void Decrypt(std::string& output, const std::string& input);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	87 void Decrypt(char* output, const char* data, size_t size);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	88
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	89 static void GenerateKey(CryptoPP::SecByteBlock& key);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	90
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	91 private:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	92
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	93 void EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	94
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	95 void DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	96
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	97 void EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	98
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	99 void DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	100
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	101 std::string GetMasterKeyIdentifier(const CryptoPP::SecByteBlock& masterKey);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	102
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	103 const CryptoPP::SecByteBlock& GetMasterKey(const std::string& keyId);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	104
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	105 public:
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	106
30 662b9d3f217d fix missing definition of "byte" from CryptoPP Sebastien Jodogne <s.jodogne@gmail.com> parents: 22 diff changeset	107 static std::string ToHexString(const void* block, size_t size);
1 fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	108 static std::string ToHexString(const std::string& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	109 static std::string ToHexString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	110 static std::string ToString(const CryptoPP::SecByteBlock& block);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	111 static std::string ToString(uint32_t value);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	112
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	113 static void ReadKey(CryptoPP::SecByteBlock& key, const std::string& path);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	114 //static void EncryptionHelpers::Encrypt(std::string& output, const std::string& input, const std::string& key, const std::string& iv);
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	115 };
fc26a8fc54d5 initial release Alain Mazy <alain@mazy.be> parents: diff changeset	116

Mercurial > hg > orthanc-object-storage

annotate Common/EncryptionHelpers.h @ 210:408c90c9027f default tip