Encryption feature

[apavlenko]

Brief

Users should be able to protected privacy of their metadata.

Requirements

• The following encryption levels needs to be implemented:
  1. the specified field value of the specified metadata record
  2. the entire specified metadata record (except frame/time info)
  3. the specified field values of all the specified metadata channel
  4. the specified metadata channel
  5. the specified metadata schema
  6. the whole metadata
• built-in encryption algo-s based on some popular open-source lib(s) (crypto, crypto++, nettle)
• possibility to use user-provided algo-s

  Notes

• Tests, docs and sample(s) is a part of the task
• Java bindings will need to be extended as the feature is done in C++ (will be submitted as a separate task)

[savuor]

User Interface Proposal

1. There should be an interface class called Encryptor having 2 methods:

   vmf_rawbuffer encrypt(const vmf_string&) = 0;
   vmf_string decrypt(const vmf_rawbuffer&) = 0;

   All encryption algorithms should inherit this class and implement these methods. Algorithm-specific data like a key, algorithm parameters, etc. should be kept as the members of each class.

   Note. Now we assume that each encryption/decryption procedure is performed independently and starts from the same state that is not stored between calls.

2. Since we should be able to encrypt different amount of information (from only one field in one record to the whole metadata) the following constructors should be changed in the following way:

   FieldValue(const std::string& name, vmf::Variant variant, bool isEncrypted = false);
   Metadata(const std::shared_ptr< MetadataDesc >& spDescription, bool isEncrypted = false);

   Setting the argument isEncrypted to true means that when saving the stream to file or serializing it to XML/JSON/etc. the field value or the whole metadata record should be encrypted using provided encryption algorithm.

   FieldDesc(const std::string& sName = "", Variant::Type eType = Variant::type_string, bool isOptional = false, bool isEncrypted = false);
   MetadataDesc(const std::string& sMetadataName, const std::vector< FieldDesc >& vFields, const std::vector<std::shared_ptr<ReferenceDesc>>& vRefs, bool isEncrypted = false);
   MetadataSchema( const std::string& sName, const std::string& sAuthor = "", bool isEncrypted = false);
   MetadataSchema( const std::string& sName, bool isEncrypted);

   The same is about descriptions: setting isEncrypted to true means that all fields or metadata records corresponding to some field description, channel description or schema will be encrypted. For all mentioned classes we should create the field isEncrypted and allow user to access it somehow.

3. The following methods of MetadataStream should be changed or added:

   bool open( const std::string& sFilePath, OpenMode eMode = ReadOnly, std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>() );
   bool reopen( OpenMode eMode = ReadOnly, std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>() );
   bool save( const vmf_string& compressorId = vmf_string(), std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>(), bool isWholeEncrypted = false );
   bool save( std::shared_ptr<Encryptor> encryptor, bool isWholeEncrypted = false );
   bool saveTo(const std::string& sFilePath, const vmf_string& compressorId = vmf_string(), std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>(), bool isWholeEncrypted = false );
   bool saveTo(const std::string& sFilePath, std::shared_ptr<Encryptor> encryptor, bool isWholeEncrypted = false );

   Again, the argument isWholeEncrypted defines should we encrypt all the metadata or just selected descriptions/records (or disable encryption if nothing is selected). Also, the flag IgnoreUnknownEncryptor = 8 should be added to MetadataStream::OpenModeFlags enum to avoid exceptions and represent encrypted data as they are when the algorithm is unknown.

4. Serialization should be implemented in the way similar to the way it's done in compressed data serialization. There should be successors of IReader or IWriter interfaces taking an instance of Encryptor and an instance of IReader or IWriter like the following:

   ReaderEncrypted(std::shared_ptr<IReader> _reader, std::shared_ptr<Encryptor> _encryptor, bool _ignoreUnknownEncryptor = false);
   WriterEncrypted(std::shared_ptr<IWriter> _writer, std::shared_ptr<Encryptor> _encryptor, bool _isWholeEncrypted = false);

   Again, the argument _isWholeEncrypted defines should we encrypt all the metadata or just selected descriptions/records.

[apavlenko]

Comments

1. the Encryptor interface needs to be extended with one more method: std::string& hint() const = 0; that provides user-readable message that is stored as an optional stream attribute if encryption was used
2. consider renaming of isEncrypted param for metadata items to useEncryption
3. also consider get/changing encryption status via set/get-UseEncription();
4. also consider adding set/get-UseEncription(); method to stream instead of isWholeEncrypted (for uniformity)
5. instead of adding extra param (std::shared_ptr<Encryptor> encryptor = nullptr) to many saving methods consider stream::set/get/Encryptor(std::shared_ptr<Encryptor> encryptor = nullptr) API
6. consider renaming: WriterEncrypted(std::shared_ptr<IWriter> _writer, std::shared_ptr<Encryptor> _encryptor, bool encryptAll = false);

[savuor]

1. The function added: virtual vmf_string getHint() = 0;
2. Done.
3. Done.
4. Done.
5. Done.
6. Done.

Changes are in branch rv/encryption_prototype PR #42 added.