BlockStorage/repertory
1
0
Fork 0
Code Issues 3 Pull Requests Releases 9 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
sgraves76
2025-08-30 14:10:06 -05:00
parent 5a033e7f12
commit 55b7afc023
2 changed files with 18 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
repertory/librepertory/src/providers/s3/s3_provider.cpp
View File

@@ -375,9 +375,11 @@ auto s3_provider::get_directory_items_impl(const std::string &api_path,
} else { } else {
auto size{node.select_node("Size").node().text().as_ullong()}; auto size{node.select_node("Size").node().text().as_ullong()};
dir_item.size = is_encrypted ? utils::encryption::encrypting_reader:: dir_item.size =
calculate_decrypted_size(size, false) is_encrypted
: size; ? utils::encryption::encrypting_reader::
calculate_decrypted_size(size, not legacy_bucket_)
: size;
} }
res = get_item_meta(dir_item.api_path, dir_item.meta); res = get_item_meta(dir_item.api_path, dir_item.meta);
@@ -538,7 +540,7 @@ auto s3_provider::get_file(const std::string &api_path, api_file &file) const
file.file_size = file.file_size =
is_encrypted is_encrypted
? utils::encryption::encrypting_reader::calculate_decrypted_size( ? utils::encryption::encrypting_reader::calculate_decrypted_size(
result.content_length, false) result.content_length, not legacy_bucket_)
: result.content_length; : result.content_length;
} }
@@ -622,7 +624,7 @@ auto s3_provider::get_file_list(api_file_list &list, std::string &marker) const
file.file_size = file.file_size =
is_encrypted is_encrypted
? utils::encryption::encrypting_reader::calculate_decrypted_size( ? utils::encryption::encrypting_reader::calculate_decrypted_size(
size, false) size, not legacy_bucket_)
: size; : size;
file.key = is_encrypted ? utils::path::create_api_path(object_name) : ""; file.key = is_encrypted ? utils::path::create_api_path(object_name) : "";
auto res{add_if_not_found(file, file.key)}; auto res{add_if_not_found(file, file.key)};
@@ -1216,7 +1218,7 @@ auto s3_provider::upload_file_impl(const std::string &api_path,
res = set_item_meta( res = set_item_meta(
api_path, META_KDF, api_path, META_KDF,
nlohmann::json(*put_file.reader->get_kdf_config_for_data()).dump()); nlohmann::json(*put_file.reader->get_kdf_config_for_data()).dump());
if (res == api_error::success) { if (res != api_error::success) {
return res; return res;
} }
} }
@@ -1263,12 +1265,12 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
&stop_requested](std::size_t read_size, std::size_t read_offset, &stop_requested](std::size_t read_size, std::size_t read_offset,
data_buffer &read_buffer) -> api_error { data_buffer &read_buffer) -> api_error {
auto res{api_error::error}; auto res{api_error::error};
for (std::uint32_t idx{0U}; for (std::uint32_t retry{0U};
not(stop_requested || app_config::get_stop_requested()) && not(stop_requested || app_config::get_stop_requested()) &&
res != api_error::success && res != api_error::success &&
idx < get_config().get_retry_read_count() + 1U; retry < get_config().get_retry_read_count() + 1U;
++idx) { ++retry) {
if (idx > 0U) { if (retry > 0U) {
read_buffer.clear(); read_buffer.clear();
std::this_thread::sleep_for(1s); std::this_thread::sleep_for(1s);
@@ -1291,11 +1293,11 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
return res; return res;
} }
const auto notify_retry = [=](long response_code) { const auto notify_retry = [&](long response_code) {
auto msg = auto msg = fmt::format(
fmt::format("read file bytes failed|offset|{}|size|{}|retry|{}", "read file bytes failed|offset|{}|size|{}|retry|{}",
std::to_string(read_offset), std::to_string(read_offset), std::to_string(read_size),
std::to_string(read_size), std::to_string(idx + 1U)); std::to_string(retry + 1U));
if (response_code == 0) { if (response_code == 0) {
utils::error::raise_api_path_error(function_name, api_path, utils::error::raise_api_path_error(function_name, api_path,
api_error::comm_error, msg); api_error::comm_error, msg);

3
support/src/utils/encrypting_reader.cpp
View File

@@ -546,14 +546,13 @@ auto encrypting_reader::reader_function(char *buffer, size_t size,
size_t nitems) -> size_t { size_t nitems) -> size_t {
REPERTORY_USES_FUNCTION_NAME(); REPERTORY_USES_FUNCTION_NAME();
std::span<char> dest(buffer, size);
auto read_size = auto read_size =
static_cast<std::uint64_t>(size) * static_cast<std::uint64_t>(nitems); static_cast<std::uint64_t>(size) * static_cast<std::uint64_t>(nitems);
if (read_size == 0U) { if (read_size == 0U) {
return 0U; return 0U;
} }
std::span<char> dest(buffer, read_size);
auto read_offset{read_offset_}; auto read_offset{read_offset_};
std::size_t total_read{}; std::size_t total_read{};
auto total_size{total_size_}; auto total_size{total_size_};