BlockStorage/repertory
1
0
Fork 0
Code Issues 3 Pull Requests Releases 9 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
sgraves76
2025-08-30 15:43:01 -05:00
parent ff3b2314bf
commit c00d5e8894
1 changed files with 0 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
repertory/librepertory/src/providers/s3/s3_provider.cpp
View File

@@ -780,12 +780,8 @@ auto s3_provider::initialize_crypto(const s3_config &cfg) -> bool {
switch (res) { switch (res) {
case api_error::item_not_found: { case api_error::item_not_found: {
try { try {
event_system::instance().raise<debug_log>(
function_name, "searching for master kdf config");
if (not search_keys_for_master_kdf(cfg.encryption_token)) { if (not search_keys_for_master_kdf(cfg.encryption_token)) {
if (get_directory_item_count("/") == 0U) { if (get_directory_item_count("/") == 0U) {
event_system::instance().raise<debug_log>(
function_name, "creating master kdf config for empty bucket");
legacy_bucket_ = false; legacy_bucket_ = false;
master_kdf_cfg_.seal(); master_kdf_cfg_.seal();
master_key_ = master_key_ =
@@ -794,10 +790,6 @@ auto s3_provider::initialize_crypto(const s3_config &cfg) -> bool {
res = set_item_meta("/", META_KDF, res = set_item_meta("/", META_KDF,
nlohmann::json(master_kdf_cfg_).dump()); nlohmann::json(master_kdf_cfg_).dump());
event_system::instance().raise<debug_log>(
function_name,
fmt::format("master_kdf|{}",
nlohmann::json(master_kdf_cfg_).dump(2)));
if (res != api_error::success) { if (res != api_error::success) {
utils::error::raise_api_path_error(function_name, "/", res, utils::error::raise_api_path_error(function_name, "/", res,
"set kdf config in meta failed"); "set kdf config in meta failed");
@@ -812,9 +804,6 @@ auto s3_provider::initialize_crypto(const s3_config &cfg) -> bool {
} break; } break;
case api_error::success: { case api_error::success: {
event_system::instance().raise<debug_log>(
function_name, "recreating master kdf config for existing bucket");
legacy_bucket_ = false; legacy_bucket_ = false;
if (not utils::encryption::recreate_key_argon2id( if (not utils::encryption::recreate_key_argon2id(
cfg.encryption_token, master_kdf_cfg_, master_key_)) { cfg.encryption_token, master_kdf_cfg_, master_key_)) {
@@ -1077,13 +1066,8 @@ auto s3_provider::search_keys_for_master_kdf(
auto res = auto res =
set_item_meta("/", META_KDF, nlohmann::json(master_kdf_cfg_).dump()); set_item_meta("/", META_KDF, nlohmann::json(master_kdf_cfg_).dump());
event_system::instance().raise<debug_log>(
function_name,
fmt::format("master_kdf|{}", nlohmann::json(master_kdf_cfg_).dump(2)));
if (res == api_error::success) { if (res == api_error::success) {
legacy_bucket_ = false; legacy_bucket_ = false;
event_system::instance().raise<debug_log>(function_name,
"found master kdf config");
return true; return true;
} }
@@ -1235,12 +1219,6 @@ auto s3_provider::upload_file_impl(const std::string &api_path,
res = set_item_meta( res = set_item_meta(
api_path, META_KDF, api_path, META_KDF,
nlohmann::json(*put_file.reader->get_kdf_config_for_data()).dump()); nlohmann::json(*put_file.reader->get_kdf_config_for_data()).dump());
event_system::instance().raise<debug_log>(
function_name,
fmt::format(
"file_kdf|{}",
nlohmann::json(*put_file.reader->get_kdf_config_for_data())
.dump(2)));
if (res != api_error::success) { if (res != api_error::success) {
return res; return res;
} }