From 76906b04ee118ddda4503d253edfdc8e598ff08a Mon Sep 17 00:00:00 2001 From: "Scott E. Graves" Date: Sat, 30 Aug 2025 14:59:39 -0500 Subject: [PATCH] Implement secure key via KDF for transparent data encryption/decryption #60 --- .../src/providers/s3/s3_provider.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/repertory/librepertory/src/providers/s3/s3_provider.cpp b/repertory/librepertory/src/providers/s3/s3_provider.cpp index c0ce0263..45b2c2dc 100644 --- a/repertory/librepertory/src/providers/s3/s3_provider.cpp +++ b/repertory/librepertory/src/providers/s3/s3_provider.cpp @@ -1359,6 +1359,8 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size, return ret; } + auto total_size{utils::string::to_uint64(size_str)}; + utils::hash::hash_256_t data_key; if (legacy_bucket_) { data_key = utils::encryption::generate_key( @@ -1366,6 +1368,21 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size, } else { utils::encryption::kdf_config data_cfg; ret = get_kdf_config_from_meta(api_path, data_cfg); + if (ret == api_error::item_not_found) { + data_buffer header_buffer; + ret = read_bytes(utils::encryption::kdf_config::size(), 0U, + header_buffer); + if (ret == api_error::success) { + if (utils::encryption::kdf_config::from_header(header_buffer, + data_cfg)) { + ret = set_item_meta(api_path, META_KDF, + nlohmann::json(data_cfg).dump()); + } else { + ret = api_error::decryption_error; + } + } + } + if (ret != api_error::success) { return ret; } @@ -1374,7 +1391,6 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size, master_key_); } - auto total_size{utils::string::to_uint64(size_str)}; return utils::encryption::read_encrypted_range( { .begin = offset,