BlockStorage/repertory
1
0
Fork 0
Code Issues 3 Pull Requests Releases 9 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60
All checks were successful
BlockStorage/repertory/pipeline/head This commit looks good
Details

Browse Source
This commit is contained in:
sgraves76
2025-08-31 20:00:59 -05:00
parent e680ec8664
commit 9656828700
5 changed files with 99 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
repertory/librepertory/src/providers/encrypt/encrypt_provider.cpp
View File

@@ -740,9 +740,13 @@ auto encrypt_provider::process_directory_entry(
utils::path::get_relative_path(dir_entry.get_path(), cfg.path),
};
i_file_db::file_data file_data{};
auto file_res{file_db_->get_file_data(api_path, file_data)};
if (file_res != api_error::success) {
auto file_res{
file_db_->get_file_api_path(dir_entry.get_path(), api_path)};
if (file_res == api_error::success) {
return true;
}
if (file_res != api_error::item_not_found) {
// TODO raise error
return false;
}
@@ -763,38 +767,34 @@ auto encrypt_provider::process_directory_entry(
do_add_directory(utils::path::get_parent_path(relative_path));
}
if (file_res == api_error::item_not_found) {
utils::encryption::encrypting_reader reader(
utils::path::strip_to_file_name(relative_path),
dir_entry.get_path(),
[]() -> bool { return app_config::get_stop_requested(); },
master_key_, file_data.kdf_configs,
utils::path::get_parent_path(relative_path));
api_path = utils::path::create_api_path(
api_parent + "/" + reader.get_encrypted_file_name());
utils::encryption::encrypting_reader reader(
utils::path::strip_to_file_name(relative_path), dir_entry.get_path(),
[]() -> bool { return app_config::get_stop_requested(); },
master_key_, get_encrypt_config().kdf_cfg, std::nullopt);
api_path = utils::path::create_api_path(api_parent + "/" +
reader.get_encrypted_file_name());
file_res = file_db_->add_or_update_file(i_file_db::file_data{
.api_path = api_path,
.file_size = dynamic_cast<const utils::file::i_file *>(&dir_entry)
->size()
.value_or(0U),
.iv_list = reader.get_iv_list(),
.kdf_configs =
{
*reader.get_kdf_config_for_data(),
*reader.get_kdf_config_for_path(),
},
.source_path = dir_entry.get_path(),
});
if (file_res != api_error::success) {
// TODO raise error
return false;
}
event_system::instance().raise<filesystem_item_added>(
api_parent, api_path, false, function_name);
file_res = file_db_->add_or_update_file(i_file_db::file_data{
.api_path = api_path,
.file_size = dynamic_cast<const utils::file::i_file *>(&dir_entry)
->size()
.value_or(0U),
.iv_list = reader.get_iv_list(),
.kdf_configs =
{
*reader.get_kdf_config_for_data(),
*reader.get_kdf_config_for_path(),
},
.source_path = dir_entry.get_path(),
});
if (file_res != api_error::success) {
// TODO raise error
return false;
}
event_system::instance().raise<filesystem_item_added>(
api_parent, api_path, false, function_name);
return true;
}
} catch (const std::exception &ex) {
@@ -966,12 +966,25 @@ auto encrypt_provider::start(api_item_added_callback /*api_item_added*/,
if (encrypt_config_.kdf_cfg.checksum == 0U) {
i_file_db::directory_data data{};
if (file_db_->get_directory_data("/", data) == api_error::success) {
encrypt_config_.kdf_cfg = data.kdf_configs.first;
if (data.kdf_configs.first.checksum == 0U) {
encrypt_config_.kdf_cfg.seal();
} else {
encrypt_config_.kdf_cfg = data.kdf_configs.first;
}
} else {
encrypt_config_.kdf_cfg.seal();
}
config_.set_encrypt_config(encrypt_config_);
data.kdf_configs = {
encrypt_config_.kdf_cfg,
encrypt_config_.kdf_cfg,
};
auto res = file_db_->add_or_update_directory(data);
if (res != api_error::success) {
throw startup_exception(fmt::format("failed to update existing kdf|{}",
api_error_to_string(res)));
}
}
if (encrypt_config_.kdf_cfg.checksum !=