Implement secure key via KDF for transparent data encryption/decryption #60
This commit is contained in:
@@ -375,9 +375,11 @@ auto s3_provider::get_directory_items_impl(const std::string &api_path,
|
||||
} else {
|
||||
auto size{node.select_node("Size").node().text().as_ullong()};
|
||||
|
||||
dir_item.size = is_encrypted ? utils::encryption::encrypting_reader::
|
||||
calculate_decrypted_size(size, false)
|
||||
: size;
|
||||
dir_item.size =
|
||||
is_encrypted
|
||||
? utils::encryption::encrypting_reader::
|
||||
calculate_decrypted_size(size, not legacy_bucket_)
|
||||
: size;
|
||||
}
|
||||
|
||||
res = get_item_meta(dir_item.api_path, dir_item.meta);
|
||||
@@ -538,7 +540,7 @@ auto s3_provider::get_file(const std::string &api_path, api_file &file) const
|
||||
file.file_size =
|
||||
is_encrypted
|
||||
? utils::encryption::encrypting_reader::calculate_decrypted_size(
|
||||
result.content_length, false)
|
||||
result.content_length, not legacy_bucket_)
|
||||
: result.content_length;
|
||||
}
|
||||
|
||||
@@ -622,7 +624,7 @@ auto s3_provider::get_file_list(api_file_list &list, std::string &marker) const
|
||||
file.file_size =
|
||||
is_encrypted
|
||||
? utils::encryption::encrypting_reader::calculate_decrypted_size(
|
||||
size, false)
|
||||
size, not legacy_bucket_)
|
||||
: size;
|
||||
file.key = is_encrypted ? utils::path::create_api_path(object_name) : "";
|
||||
auto res{add_if_not_found(file, file.key)};
|
||||
@@ -1216,7 +1218,7 @@ auto s3_provider::upload_file_impl(const std::string &api_path,
|
||||
res = set_item_meta(
|
||||
api_path, META_KDF,
|
||||
nlohmann::json(*put_file.reader->get_kdf_config_for_data()).dump());
|
||||
if (res == api_error::success) {
|
||||
if (res != api_error::success) {
|
||||
return res;
|
||||
}
|
||||
}
|
||||
@@ -1263,12 +1265,12 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
|
||||
&stop_requested](std::size_t read_size, std::size_t read_offset,
|
||||
data_buffer &read_buffer) -> api_error {
|
||||
auto res{api_error::error};
|
||||
for (std::uint32_t idx{0U};
|
||||
for (std::uint32_t retry{0U};
|
||||
not(stop_requested || app_config::get_stop_requested()) &&
|
||||
res != api_error::success &&
|
||||
idx < get_config().get_retry_read_count() + 1U;
|
||||
++idx) {
|
||||
if (idx > 0U) {
|
||||
retry < get_config().get_retry_read_count() + 1U;
|
||||
++retry) {
|
||||
if (retry > 0U) {
|
||||
read_buffer.clear();
|
||||
|
||||
std::this_thread::sleep_for(1s);
|
||||
@@ -1291,11 +1293,11 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
|
||||
return res;
|
||||
}
|
||||
|
||||
const auto notify_retry = [=](long response_code) {
|
||||
auto msg =
|
||||
fmt::format("read file bytes failed|offset|{}|size|{}|retry|{}",
|
||||
std::to_string(read_offset),
|
||||
std::to_string(read_size), std::to_string(idx + 1U));
|
||||
const auto notify_retry = [&](long response_code) {
|
||||
auto msg = fmt::format(
|
||||
"read file bytes failed|offset|{}|size|{}|retry|{}",
|
||||
std::to_string(read_offset), std::to_string(read_size),
|
||||
std::to_string(retry + 1U));
|
||||
if (response_code == 0) {
|
||||
utils::error::raise_api_path_error(function_name, api_path,
|
||||
api_error::comm_error, msg);
|
||||
|
||||
@@ -546,14 +546,13 @@ auto encrypting_reader::reader_function(char *buffer, size_t size,
|
||||
size_t nitems) -> size_t {
|
||||
REPERTORY_USES_FUNCTION_NAME();
|
||||
|
||||
std::span<char> dest(buffer, size);
|
||||
|
||||
auto read_size =
|
||||
static_cast<std::uint64_t>(size) * static_cast<std::uint64_t>(nitems);
|
||||
if (read_size == 0U) {
|
||||
return 0U;
|
||||
}
|
||||
|
||||
std::span<char> dest(buffer, read_size);
|
||||
auto read_offset{read_offset_};
|
||||
std::size_t total_read{};
|
||||
auto total_size{total_size_};
|
||||
|
||||
Reference in New Issue
Block a user