2.0.0-rc (#9)
Some checks failed
BlockStorage/repertory_osx/pipeline/head This commit looks good
BlockStorage/repertory_windows/pipeline/head This commit looks good
BlockStorage/repertory/pipeline/head There was a failure building this commit
BlockStorage/repertory_linux_builds/pipeline/head This commit looks good
BlockStorage/repertory_osx_builds/pipeline/head There was a failure building this commit
Some checks failed
BlockStorage/repertory_osx/pipeline/head This commit looks good
BlockStorage/repertory_windows/pipeline/head This commit looks good
BlockStorage/repertory/pipeline/head There was a failure building this commit
BlockStorage/repertory_linux_builds/pipeline/head This commit looks good
BlockStorage/repertory_osx_builds/pipeline/head There was a failure building this commit
### Issues
* \#1 \[bug\] Unable to mount S3 due to 'item_not_found' exception
* \#2 Require bucket name for S3 mounts
* \#3 \[bug\] File size is not being updated in S3 mount
* \#4 Upgrade to libfuse-3.x.x
* \#5 Switch to renterd for Sia support
* \#6 Switch to cpp-httplib to further reduce dependencies
* \#7 Remove global_data and calculate used disk space per provider
* \#8 Switch to libcurl for S3 mount support
### Changes from v1.x.x
* Added read-only encrypt provider
* Pass-through mount point that transparently encrypts source data using `XChaCha20-Poly1305`
* Added S3 encryption support via `XChaCha20-Poly1305`
* Added replay protection to remote mounts
* Added support base64 writes in remote FUSE
* Created static linked Linux binaries for `amd64` and `aarch64` using `musl-libc`
* Removed legacy Sia renter support
* Removed Skynet support
* Fixed multiple remote mount WinFSP API issues on \*NIX servers
* Implemented chunked read and write
* Writes for non-cached files are performed in chunks of 8Mib
* Removed `repertory-ui` support
* Removed `FreeBSD` support
* Switched to `libsodium` over `CryptoPP`
* Switched to `XChaCha20-Poly1305` for remote mounts
* Updated `GoogleTest` to v1.14.0
* Updated `JSON for Modern C++` to v3.11.2
* Updated `OpenSSL` to v1.1.1w
* Updated `RocksDB` to v8.5.3
* Updated `WinFSP` to 2023
* Updated `boost` to v1.78.0
* Updated `cURL` to v8.3.0
* Updated `zlib` to v1.3
* Use `upload_manager` for all providers
* Adds a delay to uploads to prevent excessive API calls
* Supports re-upload after mount restart for incomplete uploads
* NOTE: Uploads for all providers are full file (no resume support)
* Multipart upload support is planned for S3
Reviewed-on: #9
This commit is contained in:
@ -1,122 +1,157 @@
|
||||
/*
|
||||
Copyright <2018-2022> <scott.e.graves@protonmail.com>
|
||||
Copyright <2018-2023> <scott.e.graves@protonmail.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
|
||||
associated documentation files (the "Software"), to deal in the Software without restriction,
|
||||
including without limitation the rights to use, copy, modify, merge, publish, distribute,
|
||||
sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or
|
||||
substantial portions of the Software.
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
|
||||
NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
||||
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT
|
||||
OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
*/
|
||||
#ifndef INCLUDE_UTILS_ENCRYPTION_HPP_
|
||||
#define INCLUDE_UTILS_ENCRYPTION_HPP_
|
||||
|
||||
#include "common.hpp"
|
||||
#include "types/repertory.hpp"
|
||||
#include "utils/encrypting_reader.hpp"
|
||||
|
||||
namespace repertory::utils::encryption {
|
||||
// Prototypes
|
||||
api_error decrypt_file_name(const std::string &encryption_token, std::string &file_name);
|
||||
[[nodiscard]] auto decrypt_file_path(const std::string &encryption_token,
|
||||
std::string &file_path) -> api_error;
|
||||
|
||||
CryptoPP::SecByteBlock generate_key(const std::string &encryption_token);
|
||||
[[nodiscard]] auto decrypt_file_name(const std::string &encryption_token,
|
||||
std::string &file_name) -> api_error;
|
||||
|
||||
api_error read_encrypted_range(
|
||||
const http_range &range, const CryptoPP::SecByteBlock &key,
|
||||
const std::function<api_error(std::vector<char> &ct, const std::uint64_t &start_offset,
|
||||
const std::uint64_t &end_offset)> &reader,
|
||||
const std::uint64_t &total_size, std::vector<char> &data);
|
||||
[[nodiscard]] auto generate_key(const std::string &encryption_token)
|
||||
-> key_type;
|
||||
|
||||
[[nodiscard]] auto read_encrypted_range(
|
||||
const http_range &range, const key_type &key,
|
||||
const std::function<api_error(data_buffer &ct, std::uint64_t start_offset,
|
||||
std::uint64_t end_offset)> &reader,
|
||||
std::uint64_t total_size, data_buffer &data) -> api_error;
|
||||
|
||||
// Implementations
|
||||
template <typename result>
|
||||
static bool decrypt_data(const CryptoPP::SecByteBlock &key, const char *buffer,
|
||||
const std::size_t &buffer_size, result &res) {
|
||||
[[nodiscard]] inline auto decrypt_data(const key_type &key, const char *buffer,
|
||||
std::size_t buffer_size, result &res)
|
||||
-> bool {
|
||||
const auto header_size =
|
||||
static_cast<std::uint32_t>(encrypting_reader::get_header_size());
|
||||
if (buffer_size > header_size) {
|
||||
CryptoPP::XChaCha20Poly1305::Decryption decryption;
|
||||
CryptoPP::SecByteBlock iv(decryption.IVSize());
|
||||
std::memcpy(&iv[0u], &buffer[0u], iv.size());
|
||||
|
||||
CryptoPP::SecByteBlock mac(decryption.DigestSize());
|
||||
std::memcpy(&mac[0u], &buffer[iv.size()], mac.size());
|
||||
decryption.SetKeyWithIV(key, key.size(), iv, iv.size());
|
||||
|
||||
const std::uint32_t size =
|
||||
boost::endian::native_to_big(static_cast<std::uint32_t>(buffer_size));
|
||||
res.resize(buffer_size - header_size);
|
||||
return decryption.DecryptAndVerify(
|
||||
reinterpret_cast<CryptoPP::byte *>(&res[0u]), &mac[0u], mac.size(), &iv[0u],
|
||||
static_cast<int>(iv.size()), reinterpret_cast<const CryptoPP::byte *>(&size), sizeof(size),
|
||||
reinterpret_cast<const CryptoPP::byte *>(&buffer[header_size]), res.size());
|
||||
return crypto_aead_xchacha20poly1305_ietf_decrypt_detached(
|
||||
reinterpret_cast<unsigned char *>(&res[0u]), nullptr,
|
||||
reinterpret_cast<const unsigned char *>(&buffer[header_size]),
|
||||
res.size(),
|
||||
reinterpret_cast<const unsigned char *>(
|
||||
&buffer[crypto_aead_xchacha20poly1305_IETF_NPUBBYTES]),
|
||||
reinterpret_cast<const unsigned char *>(&size), sizeof(size),
|
||||
reinterpret_cast<const unsigned char *>(buffer),
|
||||
key.data()) == 0;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
static bool decrypt_data(const CryptoPP::SecByteBlock &key, const buffer &buf, result &res) {
|
||||
[[nodiscard]] inline auto decrypt_data(const key_type &key, const buffer &buf,
|
||||
result &res) -> bool {
|
||||
return decrypt_data<result>(key, &buf[0u], buf.size(), res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
static bool decrypt_data(const std::string &encryption_token, const buffer &buf, result &res) {
|
||||
[[nodiscard]] inline auto decrypt_data(const std::string &encryption_token,
|
||||
const buffer &buf, result &res) -> bool {
|
||||
return decrypt_data<buffer, result>(generate_key(encryption_token), buf, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
static bool decrypt_data(const std::string &encryption_token, const char *buffer,
|
||||
const std::size_t &buffer_size, result &res) {
|
||||
return decrypt_data<result>(generate_key(encryption_token), buffer, buffer_size, res);
|
||||
[[nodiscard]] inline auto decrypt_data(const std::string &encryption_token,
|
||||
const char *buffer,
|
||||
std::size_t buffer_size, result &res)
|
||||
-> bool {
|
||||
return decrypt_data<result>(generate_key(encryption_token), buffer,
|
||||
buffer_size, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
static void encrypt_data(const CryptoPP::SecByteBlock &key, const char *buffer,
|
||||
const std::size_t &buffer_size, result &res) {
|
||||
CryptoPP::XChaCha20Poly1305::Encryption encryption;
|
||||
inline void
|
||||
encrypt_data(const std::array<unsigned char,
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> &iv,
|
||||
const key_type &key, const char *buffer, std::size_t buffer_size,
|
||||
result &res) {
|
||||
std::array<unsigned char, crypto_aead_xchacha20poly1305_IETF_ABYTES> mac{};
|
||||
|
||||
CryptoPP::SecByteBlock iv(encryption.IVSize());
|
||||
CryptoPP::OS_GenerateRandomBlock(false, iv, iv.size());
|
||||
|
||||
CryptoPP::SecByteBlock mac(encryption.DigestSize());
|
||||
const std::uint32_t header_size =
|
||||
const auto header_size =
|
||||
static_cast<std::uint32_t>(encrypting_reader::get_header_size());
|
||||
const std::uint32_t size =
|
||||
boost::endian::native_to_big(static_cast<std::uint32_t>(buffer_size + header_size));
|
||||
|
||||
encryption.SetKeyWithIV(key, key.size(), iv, iv.size());
|
||||
const std::uint32_t size = boost::endian::native_to_big(
|
||||
static_cast<std::uint32_t>(buffer_size + header_size));
|
||||
|
||||
res.resize(buffer_size + header_size);
|
||||
encryption.EncryptAndAuthenticate(reinterpret_cast<CryptoPP::byte *>(&res[header_size]), &mac[0u],
|
||||
mac.size(), &iv[0u], static_cast<int>(iv.size()),
|
||||
reinterpret_cast<const CryptoPP::byte *>(&size), sizeof(size),
|
||||
reinterpret_cast<const CryptoPP::byte *>(buffer), buffer_size);
|
||||
|
||||
unsigned long long mac_length{};
|
||||
if (crypto_aead_xchacha20poly1305_ietf_encrypt_detached(
|
||||
reinterpret_cast<unsigned char *>(&res[header_size]), mac.data(),
|
||||
&mac_length, reinterpret_cast<const unsigned char *>(buffer),
|
||||
buffer_size, reinterpret_cast<const unsigned char *>(&size),
|
||||
sizeof(size), nullptr, iv.data(), key.data()) != 0) {
|
||||
throw std::runtime_error("encryption failed");
|
||||
}
|
||||
|
||||
std::memcpy(&res[0u], &iv[0u], iv.size());
|
||||
std::memcpy(&res[iv.size()], &mac[0u], mac.size());
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
static void encrypt_data(const std::string &encryption_token, const char *buffer,
|
||||
const std::size_t &buffer_size, result &res) {
|
||||
return encrypt_data<result>(generate_key(encryption_token), buffer, buffer_size, res);
|
||||
inline void encrypt_data(const key_type &key, const char *buffer,
|
||||
std::size_t buffer_size, result &res) {
|
||||
std::array<unsigned char, crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> iv{};
|
||||
randombytes_buf(iv.data(), iv.size());
|
||||
|
||||
encrypt_data<result>(iv, key, buffer, buffer_size, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
inline void encrypt_data(const std::string &encryption_token,
|
||||
const char *buffer, std::size_t buffer_size,
|
||||
result &res) {
|
||||
encrypt_data<result>(generate_key(encryption_token), buffer, buffer_size,
|
||||
res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
static void encrypt_data(const std::string &encryption_token, const buffer &buf, result &res) {
|
||||
return encrypt_data<result>(generate_key(encryption_token), &buf[0u], buf.size(), res);
|
||||
inline void encrypt_data(const std::string &encryption_token, const buffer &buf,
|
||||
result &res) {
|
||||
encrypt_data<result>(generate_key(encryption_token), &buf[0u], buf.size(),
|
||||
res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
static void encrypt_data(const CryptoPP::SecByteBlock &key, const buffer &buf, result &res) {
|
||||
return encrypt_data<result>(key, &buf[0u], buf.size(), res);
|
||||
inline void encrypt_data(const key_type &key, const buffer &buf, result &res) {
|
||||
encrypt_data<result>(key, &buf[0u], buf.size(), res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
inline void
|
||||
encrypt_data(const std::array<unsigned char,
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> &iv,
|
||||
const key_type &key, const buffer &buf, result &res) {
|
||||
encrypt_data<result>(iv, key, &buf[0u], buf.size(), res);
|
||||
}
|
||||
} // namespace repertory::utils::encryption
|
||||
|
||||
|
||||
Reference in New Issue
Block a user