Mercurial > hg > orthanc-object-storage

comparison Common/EncryptionHelpers.cpp @ 1:fc26a8fc54d5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial release
author Alain Mazy <alain@mazy.be>
date Fri, 03 Jul 2020 10:08:44 +0200
parents
children b0b7eb7cff73
comparison
equal deleted inserted replaced
0:d7198e8f0d47 1:fc26a8fc54d5
1 /**
2 * Cloud storage plugins for Orthanc
3 * Copyright (C) 2017-2020 Osimis S.A., Belgium
4 *
5 * This program is free software: you can redistribute it and/or
6 * modify it under the terms of the GNU Affero General Public License
7 * as published by the Free Software Foundation, either version 3 of
8 * the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Affero General Public License for more details.
14 *
15 * You should have received a copy of the GNU Affero General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 **/
18
19 #include "EncryptionHelpers.h"
20 #include <assert.h>
21
22 #include <boost/lexical_cast.hpp>
23 #include <iostream>
24 #include "cryptopp/cryptlib.h"
25 #include "cryptopp/modes.h"
26 #include "cryptopp/hex.h"
27 #include "cryptopp/gcm.h"
28 #include "cryptopp/files.h"
29
30 const std::string EncryptionHelpers::HEADER_VERSION = "A1";
31
32 using namespace CryptoPP;
33
34 std::string EncryptionHelpers::ToHexString(const byte* block, size_t size)
35 {
36 std::string blockAsString = std::string(reinterpret_cast<const char*>(block), size);
37
38 return ToHexString(blockAsString);
39 }
40
41 std::string EncryptionHelpers::ToHexString(const std::string& block)
42 {
43 std::string hexString;
44 StringSource ss(block, true,
45 new HexEncoder(
46 new StringSink(hexString)
47 ) // StreamTransformationFilter
48 ); // StringSource
49
50 return hexString;
51 }
52
53 std::string EncryptionHelpers::ToHexString(const SecByteBlock& block)
54 {
55 return ToHexString(ToString(block));
56 }
57
58 std::string EncryptionHelpers::ToString(const CryptoPP::SecByteBlock& block)
59 {
60 return std::string(reinterpret_cast<const char*>(block.data()), block.size());
61 }
62
63 std::string EncryptionHelpers::ToString(uint32_t value)
64 {
65 return std::string(reinterpret_cast<const char*>(&value), 4);
66 }
67
68 void EncryptionHelpers::ReadKey(CryptoPP::SecByteBlock& key, const std::string& path)
69 {
70 try
71 {
72 FileSource fs(path.c_str(), true,
73 new HexDecoder(
74 new ArraySink(key.begin(), key.size())
75 )
76 );
77 }
78 catch (CryptoPP::Exception& ex)
79 {
80 throw EncryptionException("unabled to read key from file '" + path + "': " + ex.what());
81 }
82 }
83
84 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const std::string& path)
85 {
86 SecByteBlock key(AES_KEY_SIZE);
87
88 ReadKey(key, path);
89 SetCurrentMasterKey(id, key);
90 }
91
92 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const std::string& path)
93 {
94 SecByteBlock key(AES_KEY_SIZE);
95
96 ReadKey(key, path);
97 AddPreviousMasterKey(id, key);
98 }
99
100 EncryptionHelpers::EncryptionHelpers(size_t maxConcurrentInputSize)
101 : concurrentInputSizeSemaphore_(maxConcurrentInputSize),
102 maxConcurrentInputSize_(maxConcurrentInputSize)
103 {
104 }
105
106 void EncryptionHelpers::SetCurrentMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
107 {
108 encryptionMasterKey_ = key;
109 encryptionMasterKeyId_ = ToString(id);
110 }
111
112 void EncryptionHelpers::AddPreviousMasterKey(uint32_t id, const CryptoPP::SecByteBlock& key)
113 {
114 previousMasterKeys_[ToString(id)] = key;
115 }
116
117 const CryptoPP::SecByteBlock& EncryptionHelpers::GetMasterKey(const std::string& keyId)
118 {
119 if (encryptionMasterKeyId_ == keyId)
120 {
121 return encryptionMasterKey_;
122 }
123
124 if (previousMasterKeys_.find(keyId) == previousMasterKeys_.end())
125 {
126 throw EncryptionException("The master key whose id is '" + ToHexString(keyId) + "' could not be found. Unable to decrypt file");
127 }
128
129 return previousMasterKeys_.at(keyId);
130 }
131
132 void EncryptionHelpers::GenerateKey(CryptoPP::SecByteBlock& key)
133 {
134 AutoSeededRandomPool prng;
135
136 SecByteBlock tempKey(AES_KEY_SIZE);
137 prng.GenerateBlock( tempKey, tempKey.size() );
138 key = tempKey;
139 }
140
141 void EncryptionHelpers::Encrypt(std::string &output, const std::string &input)
142 {
143 Encrypt(output, input.data(), input.size());
144 }
145
146 void EncryptionHelpers::Encrypt(std::string &output, const char* data, size_t size)
147 {
148 if (size > maxConcurrentInputSize_)
149 {
150 throw EncryptionException("The file is too large to encrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
151 }
152
153 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
154
155 EncryptInternal(output, data, size, encryptionMasterKey_);
156 }
157
158 void EncryptionHelpers::Decrypt(std::string &output, const std::string &input)
159 {
160 output.resize(input.size() - OVERHEAD_SIZE);
161 Decrypt(const_cast<char*>(output.data()), input.data(), input.size());
162 }
163
164 void EncryptionHelpers::Decrypt(char* output, const char* data, size_t size)
165 {
166 if (size > maxConcurrentInputSize_)
167 {
168 throw EncryptionException("The file is too large to decrypt: " + boost::lexical_cast<std::string>(size) + " bytes. Try increasing the MaxConcurrentInputSize");
169 }
170
171 Orthanc::Semaphore::Locker lock(concurrentInputSizeSemaphore_, size);
172
173 if (size < HEADER_VERSION_SIZE)
174 {
175 throw EncryptionException("Unable to decrypt data, no header found");
176 }
177
178 std::string version = std::string(data, HEADER_VERSION_SIZE);
179
180 if (version != "A1")
181 {
182 throw EncryptionException("Unable to decrypt data, version '" + version + "' is not supported");
183 }
184
185 if (size < (HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE))
186 {
187 throw EncryptionException("Unable to decrypt data, no master key id found");
188 }
189
190 std::string decryptionMasterKeyId = std::string(data + HEADER_VERSION_SIZE, MASTER_KEY_ID_SIZE);
191
192 const SecByteBlock& decryptionMasterKey = GetMasterKey(decryptionMasterKeyId);
193 DecryptInternal(output, data, size, decryptionMasterKey);
194 }
195
196 void EncryptionHelpers::EncryptPrefixSecBlock(std::string& output, const CryptoPP::SecByteBlock& input, const CryptoPP::SecByteBlock& masterKey)
197 {
198 try
199 {
200 SecByteBlock iv(16);
201 memset(iv.data(), 0, iv.size());
202
203 CTR_Mode<AES>::Encryption e;
204 e.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
205
206 std::string inputString = ToString(input);
207
208 // The StreamTransformationFilter adds padding
209 // as required. ECB and CBC Mode must be padded
210 // to the block size of the cipher.
211 StringSource ss(inputString, true,
212 new StreamTransformationFilter(e,
213 new StringSink(output)
214 ) // StreamTransformationFilter
215 ); // StringSource
216 }
217 catch (CryptoPP::Exception& e)
218 {
219 throw EncryptionException(e.what());
220 }
221
222 assert(output.size() == input.size());
223 }
224
225 void EncryptionHelpers::DecryptPrefixSecBlock(CryptoPP::SecByteBlock& output, const std::string& input, const CryptoPP::SecByteBlock& masterKey)
226 {
227 try
228 {
229 SecByteBlock iv(16);
230 memset(iv.data(), 0, iv.size());
231
232 CTR_Mode<AES>::Decryption d;
233 d.SetKeyWithIV(masterKey, masterKey.size(), iv.data(), iv.size());
234
235 std::string outputString;
236
237 // The StreamTransformationFilter adds padding
238 // as required. ECB and CBC Mode must be padded
239 // to the block size of the cipher.
240 StringSource ss(input, true,
241 new StreamTransformationFilter(d,
242 new StringSink(outputString)
243 ) // StreamTransformationFilter
244 ); // StringSource
245
246 output.Assign((const byte*)outputString.data(), outputString.size());
247 }
248 catch (CryptoPP::Exception& e)
249 {
250 throw EncryptionException(e.what());
251 }
252
253 assert(output.size() == input.size());
254 }
255
256
257 void EncryptionHelpers::EncryptInternal(std::string& output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
258 {
259 SecByteBlock iv(IV_SIZE);
260 randomGenerator_.GenerateBlock(iv, iv.size()); // with GCM, the iv is supposed to be a nonce (not a random number). However, since each dataKey is used only once, we consider a random number is fine.
261
262 SecByteBlock dataKey;
263 GenerateKey(dataKey);
264
265 // std::cout << ToHexString(dataKey) << std::endl;
266 // std::cout << ToHexString(iv) << std::endl;
267 std::string encryptedDataKey;
268 std::string encryptedIv;
269
270 EncryptPrefixSecBlock(encryptedIv, iv, masterKey);
271 EncryptPrefixSecBlock(encryptedDataKey, dataKey, masterKey);
272
273 std::string prefix = HEADER_VERSION + encryptionMasterKeyId_ + encryptedIv + encryptedDataKey;
274
275 try
276 {
277 GCM<AES>::Encryption e;
278 e.SetKeyWithIV(dataKey, dataKey.size(), iv, sizeof(iv));
279
280 // the output text starts with the unencrypted prefix
281 output = prefix;
282
283 AuthenticatedEncryptionFilter ef(e,
284 new StringSink(output), false, INTEGRITY_CHECK_TAG_SIZE
285 );
286
287
288 // AuthenticatedEncryptionFilter::ChannelPut
289 // defines two channels: "" (empty) and "AAD"
290 // channel "" is encrypted and authenticated
291 // channel "AAD" is authenticated
292 ef.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
293 ef.ChannelMessageEnd("AAD");
294
295 // Authenticated data *must* be pushed before
296 // Confidential/Authenticated data. Otherwise
297 // we must catch the BadState exception
298 ef.ChannelPut("", (const byte*)data, size);
299 ef.ChannelMessageEnd("");
300 }
301 catch(CryptoPP::Exception& e)
302 {
303 throw EncryptionException(e.what());
304 }
305 }
306
307 void EncryptionHelpers::DecryptInternal(char* output, const char* data, size_t size, const CryptoPP::SecByteBlock& masterKey)
308 {
309 size_t prefixSize = HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE + AES_KEY_SIZE;
310
311 std::string prefix = std::string(data, prefixSize);
312 std::string mac = std::string(data + size - INTEGRITY_CHECK_TAG_SIZE, INTEGRITY_CHECK_TAG_SIZE);
313
314 std::string encryptedIv = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE, IV_SIZE);
315 std::string encryptedDataKey = prefix.substr(HEADER_VERSION_SIZE + MASTER_KEY_ID_SIZE + IV_SIZE, AES_KEY_SIZE);
316
317 SecByteBlock dataKey;
318 SecByteBlock iv;
319
320 DecryptPrefixSecBlock(iv, encryptedIv, masterKey);
321 DecryptPrefixSecBlock(dataKey, encryptedDataKey, masterKey);
322 // std::cout << ToHexString(dataKey) << std::endl;
323 // std::cout << ToHexString(iv) << std::endl;
324
325 GCM<AES>::Decryption d;
326 d.SetKeyWithIV(dataKey, sizeof(dataKey), iv, sizeof(iv));
327
328 try {
329 AuthenticatedDecryptionFilter df(d, NULL,
330 AuthenticatedDecryptionFilter::MAC_AT_BEGIN |
331 AuthenticatedDecryptionFilter::THROW_EXCEPTION, INTEGRITY_CHECK_TAG_SIZE);
332
333 // The order of the following calls are important
334 df.ChannelPut("", (const byte*)mac.data(), mac.size());
335 df.ChannelPut("AAD", (const byte*)prefix.data(), prefix.size());
336 df.ChannelPut("", (const byte*)(data) + prefixSize, size - INTEGRITY_CHECK_TAG_SIZE - prefixSize);
337
338 // If the object throws, it will most likely occur
339 // during ChannelMessageEnd()
340 df.ChannelMessageEnd("AAD");
341 df.ChannelMessageEnd("");
342
343 // If the object does not throw, here's the only
344 // opportunity to check the data's integrity
345 if (!df.GetLastResult())
346 {
347 throw EncryptionException("The decryption filter failed for some unknown reason. Integrity check failed ?");
348 }
349
350 // Remove data from channel
351 size_t n = (size_t)-1;
352
353 // Recover plain text
354 df.SetRetrievalChannel("");
355 n = (size_t)df.MaxRetrievable();
356
357 if(n > 0)
358 {
359 assert(n == size - OVERHEAD_SIZE);
360
361 df.Get((byte*)output, n);
362 }
363 }
364 catch (CryptoPP::Exception& ex)
365 {
366 throw EncryptionException(ex.what());
367 }
368 }