DataFed icon indicating copy to clipboard operation
DataFed copied to clipboard
verified publisher icon ORNL

[DAPS-1575] - feature (core) add cipher engine

Open JoshuaSBrown opened this issue 3 months ago • 1 comments

Ticket

Description

How Has This Been Tested?

Artifacts (if appropriate):

Tasks

  • [ ] - A description of the PR has been provided, and a diagram included if it is a new feature.
  • [ ] - Formatter has been run
  • [ ] - CHANGELOG comment has been added
  • [ ] - Labels have been assigned to the pr
  • [ ] - A reviwer has been added
  • [ ] - A user has been assigned to work on the pr
  • [ ] - If new feature a unit test has been added

Summary by Sourcery

Introduce a symmetric encryption feature via CipherEngine in the common module, including file-based key loading, OpenSSL integration, and comprehensive unit tests.

New Features:

  • Add CipherEngine class for AES-256-CBC encryption and decryption with Base64 encoding support
  • Add readFile utility function for loading binary key files

Enhancements:

  • Integrate OpenSSL headers and link SSL/CRYPTO libraries in common and core/server modules

Build:

  • Update CMakeLists across common, tests, and core/server to link OpenSSL libraries

Tests:

  • Add unit tests for key generation, encryption/decryption flows, IV generation, and JSON integration

JoshuaSBrown avatar Oct 07 '25 19:10 JoshuaSBrown

Reviewer's Guide

This PR introduces a new symmetric cipher engine in the common library, leveraging OpenSSL for AES-256-CBC encryption/decryption and Base64 encoding/decoding, integrates the necessary OpenSSL dependencies into the build system, extends utility functions to support reading binary keys, and adds comprehensive unit tests.

Class diagram for the new CipherEngine class

classDiagram
class SDMS::CipherEngine {
  +static int BASE64_ENCODED_BLOCK_SIZE
  +static int BASE64_INPUT_BLOCK_SIZE
  +static int NULL_TERMINATOR_SIZE
  +static int IV_LENGTH
  +static int KEY_LENGTH
  +static int MAX_MSG_LENGTH
  +static int ENCODED_IV_LENGTH
  +static int ENCODED_MSG_LENGTH
  +CipherEngine(const unsigned char* inputKey)
  +CipherEngine()
  +static void generateEncryptionKey(unsigned char token_key[KEY_LENGTH])
  +static void generateIV(unsigned char iv[IV_LENGTH])
  +CipherBytes encryptAlgorithm(unsigned char* iv, const std::string& msg, LogContext log_context)
  +CipherString encodeBytes(CipherBytes unencoded_bytes, LogContext log_context)
  +CipherString encrypt(unsigned char *iv, const std::string& msg, LogContext log_context)
  +CipherString encrypt(const std::string& msg, LogContext log_context)
  +std::string decrypt(const CipherString& encrypted_string, LogContext log_context)
  +static bool tokenNeedsUpdate(const libjson::Value::Object &obj)
  -std::unique_ptr<char[]> encode64(const unsigned char* input, const int length, LogContext log_context) const
  -std::unique_ptr<unsigned char[]> decode64(const char* input, const int length, LogContext log_context) const
  -unsigned char key[KEY_LENGTH]
  -static void handleErrors(void)
}
class SDMS::CipherEngine::CipherBytes {
  +unsigned char encrypted_msg[ENCODED_MSG_LENGTH]
  +unsigned char iv[IV_LENGTH]
  +int encrypted_msg_len
}
class SDMS::CipherEngine::CipherString {
  +std::unique_ptr<char[]> encrypted_msg
  +std::unique_ptr<char[]> iv
  +int encrypted_msg_len
}
SDMS::CipherEngine "1" *-- "1" SDMS::CipherEngine::CipherBytes
SDMS::CipherEngine "1" *-- "1" SDMS::CipherEngine::CipherString

Class diagram for the new readFile utility function

classDiagram
class Util {
  +void readFile(const std::string &fileName, const int arraySize, unsigned char* array)
}

File-Level Changes

Change Details Files
Add readFile utility for binary key loading
  • Implemented readFile in Util.cpp with ifstream and memcpy
  • Declared readFile in Util.hpp and removed commented legacy code
  • Included and in Util.cpp
 common/source/Util.cpp
common/include/common/Util.hpp
Integrate OpenSSL dependencies into CMake builds
  • Linked OPENSSL_SSL_LIBRARY and OPENSSL_CRYPTO_LIBRARY in common and server targets
  • Updated common/tests/unit CMakeLists to link OpenSSL for unit tests
  • Cleaned up file glob formatting in common/CMakeLists
 common/CMakeLists.txt
common/tests/unit/CMakeLists.txt
core/server/CMakeLists.txt
Add CipherEngine class with full OpenSSL-based implementation
  • Defined CipherEngine API in CipherEngine.hpp with key/IV generation and encrypt/decrypt methods
  • Implemented AES-256-CBC encryption, Base64 encode/decode, and error handling in CipherEngine.cpp
  • Included libjson integration for tokenNeedsUpdate logic
 common/include/common/CipherEngine.hpp
common/source/CipherEngine.cpp
Add unit tests covering key generation and encryption/decryption
  • Created test_CipherEngine.cpp with cases for key gen, encrypt/decrypt with and without provided IV
  • Added JSON-based decryption test using libjson Value object
  • Updated unit CMakeLists to include the new test and link OpenSSL
 common/tests/unit/test_CipherEngine.cpp
common/tests/unit/CMakeLists.txt

Possibly linked issues

  • #1575: The PR adds the CipherEngine class, its implementation, and unit tests, fulfilling the feature request in the issue.
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an issue from a review comment by replying to it. You can also reply to a review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull request title to generate a title at any time. You can also comment @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in the pull request body to generate a PR summary at any time exactly where you want it. You can also comment @sourcery-ai summary on the pull request to (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the pull request to resolve all Sourcery comments. Useful if you've already addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull request to dismiss all existing Sourcery reviews. Especially useful if you want to start fresh with a new review - don't forget to comment @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

  • Contact our support team for questions or feedback.
  • Visit our documentation for detailed guides and information.
  • Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai[bot] avatar Oct 07 '25 19:10 sourcery-ai[bot]