Implement secure key via KDF for transparent data encryption/decryption #60

2025-08-30 19:13:54 -05:00
parent 40e30defb3
commit edc4465d15
6 changed files with 666 additions and 122 deletions
--- a/repertory/librepertory/src/providers/s3/s3_provider.cpp
+++ b/repertory/librepertory/src/providers/s3/s3_provider.cpp
@@ -32,6 +32,7 @@
 #include "file_manager/i_file_manager.hpp"
 #include "types/repertory.hpp"
 #include "types/s3.hpp"
+#include "utils/base64.hpp"
 #include "utils/collection.hpp"
 #include "utils/common.hpp"
 #include "utils/config.hpp"
@@ -1055,13 +1056,13 @@ auto s3_provider::search_keys_for_master_kdf(
      continue;
    }

-    data_buffer buffer;
-    if (not utils::collection::from_hex_string(object_name, buffer)) {
-      continue;
-    }
-
-    if (not utils::encryption::kdf_config::from_header(buffer,
-                                                       master_kdf_cfg_)) {
+    try {
+      auto buffer = macaron::Base64::Decode(object_name);
+      if (not utils::encryption::kdf_config::from_header(buffer,
+                                                         master_kdf_cfg_)) {
+        continue;
+      }
+    } catch (...) {
      continue;
    }

@@ -1127,11 +1128,13 @@ auto s3_provider::set_meta_key(const std::string &api_path, api_meta_map &meta)
    result.insert(result.begin(), hdr.begin(), hdr.end());
  }

-  meta[META_KEY] = utils::path::create_api_path(
-      utils::path::combine(utils::path::create_api_path(encrypted_parent_path),
-                           {
-                               utils::collection::to_hex_string(result),
-                           }));
+  meta[META_KEY] = utils::path::create_api_path(utils::path::combine(
+      utils::path::create_api_path(encrypted_parent_path),
+      {
+          legacy_bucket_
+              ? utils::collection::to_hex_string(result)
+              : macaron::Base64::EncodeUrlSafe(result.data(), result.size()),
+      }));
  return api_error::success;
 }