Closed apavlenko closed 8 years ago
There should be an interface class called Encryptor
having 2 methods:
vmf_rawbuffer encrypt(const vmf_string&) = 0;
vmf_string decrypt(const vmf_rawbuffer&) = 0;
All encryption algorithms should inherit this class and implement these methods. Algorithm-specific data like a key, algorithm parameters, etc. should be kept as the members of each class.
Note. Now we assume that each encryption/decryption procedure is performed independently and starts from the same state that is not stored between calls.
Since we should be able to encrypt different amount of information (from only one field in one record to the whole metadata) the following constructors should be changed in the following way:
FieldValue(const std::string& name, vmf::Variant variant, bool isEncrypted = false);
Metadata(const std::shared_ptr< MetadataDesc >& spDescription, bool isEncrypted = false);
Setting the argument isEncrypted
to true means that when saving the stream to file or serializing it to XML/JSON/etc. the field value or the whole metadata record should be encrypted using provided encryption algorithm.
FieldDesc(const std::string& sName = "", Variant::Type eType = Variant::type_string, bool isOptional = false, bool isEncrypted = false);
MetadataDesc(const std::string& sMetadataName, const std::vector< FieldDesc >& vFields, const std::vector<std::shared_ptr<ReferenceDesc>>& vRefs, bool isEncrypted = false);
MetadataSchema( const std::string& sName, const std::string& sAuthor = "", bool isEncrypted = false);
MetadataSchema( const std::string& sName, bool isEncrypted);
The same is about descriptions: setting isEncrypted
to true means that all fields or metadata records corresponding to some field description, channel description or schema will be encrypted.
For all mentioned classes we should create the field isEncrypted
and allow user to access it somehow.
The following methods of MetadataStream
should be changed or added:
bool open( const std::string& sFilePath, OpenMode eMode = ReadOnly, std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>() );
bool reopen( OpenMode eMode = ReadOnly, std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>() );
bool save( const vmf_string& compressorId = vmf_string(), std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>(), bool isWholeEncrypted = false );
bool save( std::shared_ptr<Encryptor> encryptor, bool isWholeEncrypted = false );
bool saveTo(const std::string& sFilePath, const vmf_string& compressorId = vmf_string(), std::shared_ptr<Encryptor> encryptor = std::shared_ptr<Encryptor>(), bool isWholeEncrypted = false );
bool saveTo(const std::string& sFilePath, std::shared_ptr<Encryptor> encryptor, bool isWholeEncrypted = false );
Again, the argument isWholeEncrypted
defines should we encrypt all the metadata or just selected descriptions/records (or disable encryption if nothing is selected).
Also, the flag IgnoreUnknownEncryptor = 8
should be added to MetadataStream::OpenModeFlags
enum to avoid exceptions and represent encrypted data as they are when the algorithm is unknown.
Serialization should be implemented in the way similar to the way it's done in compressed data serialization. There should be successors of IReader
or IWriter
interfaces taking an instance of Encryptor
and an instance of IReader
or IWriter
like the following:
ReaderEncrypted(std::shared_ptr<IReader> _reader, std::shared_ptr<Encryptor> _encryptor, bool _ignoreUnknownEncryptor = false);
WriterEncrypted(std::shared_ptr<IWriter> _writer, std::shared_ptr<Encryptor> _encryptor, bool _isWholeEncrypted = false);
Again, the argument _isWholeEncrypted
defines should we encrypt all the metadata or just selected descriptions/records.
Encryptor
interface needs to be extended with one more method: std::string& hint() const = 0;
that provides user-readable message that is stored as an optional stream attribute if encryption was usedisEncrypted
param for metadata items to useEncryption
set/get-UseEncription();
set/get-UseEncription();
method to stream instead of isWholeEncrypted
(for uniformity)std::shared_ptr<Encryptor> encryptor = nullptr
) to many saving methods consider stream::set/get/Encryptor(std::shared_ptr<Encryptor> encryptor = nullptr)
APIWriterEncrypted(std::shared_ptr<IWriter> _writer, std::shared_ptr<Encryptor> _encryptor, bool encryptAll = false);
virtual vmf_string getHint() = 0;
Changes are in branch rv/encryption_prototype PR #42 added.
Brief
Users should be able to protected privacy of their metadata.
Requirements
Notes