szaszm commented on a change in pull request #1090:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1090#discussion_r664027439
##########
File path: extensions/rocksdb-repos/FlowFileRepository.cpp
##########
@@ -220,17 +231,24 @@ void FlowFileRepository::initialize_repository() {
logger_->log_trace("Do not need checkpoint");
return;
}
- rocksdb::Checkpoint *checkpoint;
// delete any previous copy
- if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0 &&
opendb->NewCheckpoint(&checkpoint).ok()) {
- if (checkpoint->CreateCheckpoint(checkpoint_dir_).ok()) {
- checkpoint_ = std::unique_ptr<rocksdb::Checkpoint>(checkpoint);
- logger_->log_trace("Created checkpoint directory");
- } else {
- logger_->log_trace("Could not create checkpoint. Corrupt?");
- }
- } else
- logger_->log_trace("Could not create checkpoint directory. Not properly
deleted?");
+ if (utils::file::FileUtils::delete_dir(checkpoint_dir_) < 0) {
+ logger_->log_error("Could not delete existing checkpoint directory '%s'",
checkpoint_dir_);
+ return;
+ }
+ rocksdb::Checkpoint* checkpoint = nullptr;
+ rocksdb::Status checkpoint_status = opendb->NewCheckpoint(&checkpoint);
+ if (!checkpoint_status.ok()) {
+ logger_->log_error("Could not create checkpoint object: %s",
checkpoint_status.ToString());
+ return;
+ }
+ checkpoint_status = checkpoint->CreateCheckpoint(checkpoint_dir_);
+ if (!checkpoint_status.ok()) {
+ logger_->log_error("Could not initialize checkpoint: %s",
checkpoint_status.ToString());
+ return;
+ }
Review comment:
Shouldn't we `delete checkpoint;` if this fails? Or put it in a
`unique_ptr` if `NewCheckpoint` was successful.
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
+}
+
+void Aes256EcbCipher::encrypt(unsigned char *data) const {
+ EVP_CIPHER_CTX_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx) {
+ handleError("Could not create cipher context");
+ }
+
+ if (1 != EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_ecb(), nullptr,
encryption_key_.data(), nullptr)) {
Review comment:
We should use a random initialization vector. It prevents the same
plaintext from becoming the same ciphertext when encrypted with the same key.
It can be stored as plaintext next to the ciphertext.
https://stackoverflow.com/a/8041580
##########
File path: libminifi/include/utils/crypto/ciphers/Aes256Ecb.h
##########
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <memory>
+#include <utility>
+
+#include "utils/crypto/EncryptionUtils.h"
+#include "Exception.h"
+#include "core/logging/Logger.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+class CipherError : public Exception {
+ public:
+ explicit CipherError(const std::string& error_msg) :
Exception(ExceptionType::GENERAL_EXCEPTION, error_msg) {}
+};
+
+class Aes256EcbCipher {
+ static std::shared_ptr<core::logging::Logger> logger_;
+ public:
+ static constexpr size_t BLOCK_SIZE = 16;
+ static constexpr size_t KEY_SIZE = 32;
+
+ explicit Aes256EcbCipher(Bytes encryption_key);
+ void encrypt(unsigned char* data) const;
+ void decrypt(unsigned char* data) const;
Review comment:
I would change the signatures here to take [`gsl::span<unsigned char /*,
BLOCK_SIZE*/>`](https://github.com/gsl-lite/gsl-lite/blob/master/include/gsl/gsl-lite.hpp#L3935)
(gsl::span doesn't support static extents) and later `std::span<std::byte,
BLOCK_SIZE>` for documentation.
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
+}
+
+void Aes256EcbCipher::encrypt(unsigned char *data) const {
+ EVP_CIPHER_CTX_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx) {
+ handleError("Could not create cipher context");
+ }
+
+ if (1 != EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_ecb(), nullptr,
encryption_key_.data(), nullptr)) {
+ handleError("Could not initialize encryption cipher context");
+ }
+
+ if (1 != EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) {
+ handleError("Could not disable padding for cipher");
+ }
Review comment:
Why do you want to disable padding? It pads so that the output is always
a multiple of the block size. In theory we should always get one BLOCK_SIZE
output for one BLOCK_SIZE input, so it shouldn't matter.
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,119 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
+ static std::shared_ptr<logging::Logger> logger_;
+ public:
+ AES256BlockCipher(std::string database, Aes256EcbCipher cipher_impl)
+ : database_(std::move(database)),
+ cipher_impl_(std::move(cipher_impl)) {}
+
+ const char *Name() const override {
+ return "AES256BlockCipher";
+ }
+
+ size_t BlockSize() override {
+ return Aes256EcbCipher::BLOCK_SIZE;
+ }
+
+ bool hasEqualKey(const AES256BlockCipher& other) const {
+ return cipher_impl_.hasEqualKey(other.cipher_impl_);
+ }
+
+ rocksdb::Status Encrypt(char *data) override;
+
+ rocksdb::Status Decrypt(char *data) override;
+
+ private:
+ const std::string database_;
+ const Aes256EcbCipher cipher_impl_;
+};
+
+class EncryptingEnv : public rocksdb::EnvWrapper {
+ public:
+ EncryptingEnv(Env* target, std::shared_ptr<AES256BlockCipher> cipher) :
EnvWrapper(target), env_(target), cipher_(std::move(cipher)) {}
+
+ bool hasEqualKey(const EncryptingEnv& other) const {
+ return cipher_->hasEqualKey(*other.cipher_);
+ }
+
+ private:
+ std::unique_ptr<Env> env_;
+ std::shared_ptr<AES256BlockCipher> cipher_;
+};
+
+std::shared_ptr<logging::Logger> AES256BlockCipher::logger_ =
logging::LoggerFactory<AES256BlockCipher>::getLogger();
+
+std::shared_ptr<rocksdb::Env> createEncryptingEnv(const
utils::crypto::EncryptionManager& manager, const DbEncryptionOptions& options) {
+ auto cipher_impl =
manager.createAes256EcbCipher(options.encryption_key_name);
Review comment:
Can you explain why you chose ECB encryption mode? According to
wikipedia, it's not recommended for for use in cryptographic protocols.
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)
Block cipher modes also don't ensure data integrity and I don't know whether
rocksdb has built-in data authentication mechanisms.
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
Review comment:
Not sure about the openssl version, but if 1.1.1+ (or libressl
equivalent),
[`RAND_priv_bytes`](https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html)
may be a better choice.
I would also forward the library error message to `handleError`.
```suggestion
unsigned char key[KEY_SIZE];
if (1 != RAND_priv_bytes(key, KEY_SIZE)) {
std::array<char, 128> errmsg = {0};
const auto errcode = ERR_get_error();
ERR_error_string_n(errcode, errmsg.data(), errmsg.size());
handleError("Couldn't generate key: %s", errmsg.data());
}
return Bytes(key, key + KEY_SIZE);
```
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
+ static std::shared_ptr<logging::Logger> logger_;
+ public:
+ AES256BlockCipher(std::string database, Aes256EcbCipher cipher_impl)
+ : database_(std::move(database)),
+ cipher_impl_(std::move(cipher_impl)) {}
+
+ const char *Name() const override {
+ return "AES256BlockCipher";
+ }
+
+ size_t BlockSize() override {
+ return Aes256EcbCipher::BLOCK_SIZE;
+ }
+
+ bool equals(const AES256BlockCipher& other) const {
+ return cipher_impl_.equals(other.cipher_impl_);
+ }
+
+ rocksdb::Status Encrypt(char *data) override;
+
+ rocksdb::Status Decrypt(char *data) override;
Review comment:
I failed to notice the `override` keyword, my fault. Nevermind then,
thanks for the clarification.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
