BlockStorage/repertory
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
Scott E. Graves
2025-08-30 14:59:39 -05:00
parent ee3fb40171
commit 76906b04ee
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
repertory/librepertory/src/providers/s3/s3_provider.cpp
View File

@@ -1359,6 +1359,8 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
return ret; return ret;
} }
auto total_size{utils::string::to_uint64(size_str)};
utils::hash::hash_256_t data_key; utils::hash::hash_256_t data_key;
if (legacy_bucket_) { if (legacy_bucket_) {
data_key = utils::encryption::generate_key<utils::hash::hash_256_t>( data_key = utils::encryption::generate_key<utils::hash::hash_256_t>(
@@ -1366,6 +1368,21 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
} else { } else {
utils::encryption::kdf_config data_cfg; utils::encryption::kdf_config data_cfg;
ret = get_kdf_config_from_meta(api_path, data_cfg); ret = get_kdf_config_from_meta(api_path, data_cfg);
if (ret == api_error::item_not_found) {
data_buffer header_buffer;
ret = read_bytes(utils::encryption::kdf_config::size(), 0U,
header_buffer);
if (ret == api_error::success) {
if (utils::encryption::kdf_config::from_header(header_buffer,
data_cfg)) {
ret = set_item_meta(api_path, META_KDF,
nlohmann::json(data_cfg).dump());
} else {
ret = api_error::decryption_error;
}
}
}
if (ret != api_error::success) { if (ret != api_error::success) {
return ret; return ret;
} }
@@ -1374,7 +1391,6 @@ auto s3_provider::read_file_bytes(const std::string &api_path, std::size_t size,
master_key_); master_key_);
} }
auto total_size{utils::string::to_uint64(size_str)};
return utils::encryption::read_encrypted_range( return utils::encryption::read_encrypted_range(
{ {
.begin = offset, .begin = offset,