zzy34407230
/
mindspore2022
Not watched
1
0
Fork 0
Code
Releases 22 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
22898 Commits
18 Branches
584 MB
259 Download
Tree: 6fcd6cab68
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6fcd6cab68'
${ noResults }
mindspore2022/mindspore/ccsrc/crypto/crypto.cc

crypto.cc 11 kB
Raw Normal View History

Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
Fix load failed while loading oversize checkpoint file with encyption
5 years ago
Add encryption for ckpt file
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339 
  1. /**

  2.  * Copyright 2021 Huawei Technologies Co., Ltd

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  * http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. 

  17. #include "crypto/crypto.h"

  18. 

  19. namespace mindspore {

  20. namespace crypto {

  21. int64_t Min(int64_t a, int64_t b) { return a < b ? a : b; }

  22. 

  23. Byte *intToByte(const int32_t &n) {

  24.   Byte *byte = new Byte[4];

  25.   memset(byte, 0, sizeof(Byte) * 4);

  26.   byte[0] = (Byte)(0xFF & n);

  27.   byte[1] = (Byte)((0xFF00 & n) >> 8);

  28.   byte[2] = (Byte)((0xFF0000 & n) >> 16);

  29.   byte[3] = (Byte)((0xFF000000 & n) >> 24);

  30.   return byte;

  31. }

  32. 

  33. int32_t ByteToint(const Byte *byteArray) {

  34.   int32_t res = byteArray[0] & 0xFF;

  35.   res |= ((byteArray[1] << 8) & 0xFF00);

  36.   res |= ((byteArray[2] << 16) & 0xFF0000);

  37.   res += ((byteArray[3] << 24) & 0xFF000000);

  38.   return res;

  39. }

  40. 

  41. bool IsCipherFile(std::string file_path) {

  42.   char *int_buf = new char[4];

  43.   int flag = 0;

  44.   std::ifstream fid(file_path, std::ios::in | std::ios::binary);

  45.   if (!fid) {

  46.     MS_LOG(ERROR) << "Open file failed";

  47.     exit(-1);

  48.   }

  49.   fid.read(int_buf, sizeof(int32_t));

  50.   fid.close();

  51.   flag = ByteToint(reinterpret_cast<Byte *>(int_buf));

  52.   delete[] int_buf;

  53.   return flag == MAGIC_NUM;

  54. }

  55. #if defined(_WIN32)

  56. Byte *Encrypt(int64_t *encrypt_len, Byte *plain_data, const int64_t plain_len, Byte *key, const int32_t key_len,

  57.               const std::string &enc_mode) {

  58.   MS_EXCEPTION(NotSupportError) << "Unsupported feature in Windows platform.";

  59. }

  60. 

  61. Byte *Decrypt(int64_t *decrypt_len, const std::string &encrypt_data_path, Byte *key, const int32_t key_len,

  62.               const std::string &dec_mode) {

  63.   MS_EXCEPTION(NotSupportError) << "Unsupported feature in Windows platform.";

  64. }

  65. #else

  66. 

  67. bool ParseEncryptData(const Byte *encrypt_data, const int32_t encrypt_len, Byte **iv, int32_t *iv_len,

  68.                       Byte **cipher_data, int32_t *cipher_len) {

  69.   // encrypt_data is organized in order to iv_len, iv, cipher_len, cipher_data

  70.   Byte buf[4];

  71.   memcpy_s(buf, 4, encrypt_data, 4);

  72.   *iv_len = ByteToint(buf);

  73.   memcpy_s(buf, 4, encrypt_data + *iv_len + 4, 4);

  74.   *cipher_len = ByteToint(buf);

  75.   if (*iv_len <= 0 || *cipher_len <= 0 || *iv_len + *cipher_len + 8 != encrypt_len) {

  76.     MS_LOG(ERROR) << "Failed to parse encrypt data.";

  77.     return false;

  78.   }

  79.   *iv = new Byte[*iv_len];

  80.   memcpy_s(*iv, *iv_len, encrypt_data + 4, *iv_len);

  81.   *cipher_data = new Byte[*cipher_len];

  82.   memcpy_s(*cipher_data, *cipher_len, encrypt_data + *iv_len + 8, *cipher_len);

  83.   return true;

  84. }

  85. 

  86. bool ParseMode(std::string mode, std::string *alg_mode, std::string *work_mode) {

  87.   std::smatch results;

  88.   std::regex re("([A-Z]{3})-([A-Z]{3})");

  89.   if (!std::regex_match(mode.c_str(), re)) {

  90.     MS_LOG(ERROR) << "Mode " << mode << " is invalid.";

  91.     return false;

  92.   }

  93.   std::regex_search(mode, results, re);

  94.   *alg_mode = results[1];

  95.   *work_mode = results[2];

  96.   return true;

  97. }

  98. 

  99. EVP_CIPHER_CTX *GetEVP_CIPHER_CTX(const std::string &work_mode, const Byte *key, const int32_t key_len, const Byte *iv,

  100.                                   int flag) {

  101.   int ret = 0;

  102.   EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();

  103.   if (work_mode != "GCM" && work_mode != "CBC") {

  104.     MS_LOG(ERROR) << "Work mode " << work_mode << " is invalid.";

  105.     return nullptr;

  106.   }

  107. 

  108.   const EVP_CIPHER *(*funcPtr)() = nullptr;

  109.   if (work_mode == "GCM") {

  110.     switch (key_len) {

  111.       case 16:

  112.         funcPtr = EVP_aes_128_gcm;

  113.         break;

  114.       case 24:

  115.         funcPtr = EVP_aes_192_gcm;

  116.         break;

  117.       case 32:

  118.         funcPtr = EVP_aes_256_gcm;

  119.         break;

  120.       default:

  121.         MS_EXCEPTION(ValueError) << "The key length must be 16, 24 or 32, but got key length is " << key_len << ".";

  122.     }

  123.   } else if (work_mode == "CBC") {

  124.     switch (key_len) {

  125.       case 16:

  126.         funcPtr = EVP_aes_128_cbc;

  127.         break;

  128.       case 24:

  129.         funcPtr = EVP_aes_192_cbc;

  130.         break;

  131.       case 32:

  132.         funcPtr = EVP_aes_256_cbc;

  133.         break;

  134.       default:

  135.         MS_EXCEPTION(ValueError) << "The key length must be 16, 24 or 32, but got key length is " << key_len << ".";

  136.     }

  137.   }

  138. 

  139.   if (flag == 0) {

  140.     ret = EVP_EncryptInit_ex(ctx, funcPtr(), NULL, key, iv);

  141.   } else if (flag == 1) {

  142.     ret = EVP_DecryptInit_ex(ctx, funcPtr(), NULL, key, iv);

  143.   }

  144. 

  145.   if (ret != 1) {

  146.     MS_LOG(ERROR) << "EVP_EncryptInit_ex failed";

  147.     return nullptr;

  148.   }

  149.   if (work_mode == "CBC") EVP_CIPHER_CTX_set_padding(ctx, 1);

  150.   return ctx;

  151. }

  152. 

  153. bool _BlockEncrypt(Byte *encrypt_data, int64_t *encrypt_data_len, Byte *plain_data, const int64_t plain_len, Byte *key,

  154.                    const int32_t key_len, const std::string &enc_mode) {

  155.   int32_t cipher_len = 0;

  156. 

  157.   int32_t iv_len = AES_BLOCK_SIZE;

  158.   Byte *iv = new Byte[iv_len];

  159.   RAND_bytes(iv, sizeof(Byte) * iv_len);

  160. 

  161.   Byte *iv_cpy = new Byte[16];

  162.   memcpy_s(iv_cpy, 16, iv, 16);

  163. 

  164.   int32_t ret = 0;

  165.   int32_t flen = 0;

  166.   std::string alg_mode;

  167.   std::string work_mode;

  168.   if (!ParseMode(enc_mode, &alg_mode, &work_mode)) {

  169.     return false;

  170.   }

  171. 

  172.   auto ctx = GetEVP_CIPHER_CTX(work_mode, key, key_len, iv, 0);

  173.   if (ctx == nullptr) {

  174.     MS_LOG(ERROR) << "Failed to get EVP_CIPHER_CTX.";

  175.     return false;

  176.   }

  177. 

  178.   Byte *cipher_data;

  179.   cipher_data = new Byte[plain_len + 16];

  180.   ret = EVP_EncryptUpdate(ctx, cipher_data, &cipher_len, plain_data, plain_len);

  181.   if (ret != 1) {

  182.     MS_LOG(ERROR) << "EVP_EncryptUpdate failed";

  183.     delete[] cipher_data;

  184.     return false;

  185.   }

  186.   if (work_mode == "CBC") {

  187.     EVP_EncryptFinal_ex(ctx, cipher_data + cipher_len, &flen);

  188.     cipher_len += flen;

  189.   }

  190.   EVP_CIPHER_CTX_free(ctx);

  191. 

  192.   int64_t cur = 0;

  193.   *encrypt_data_len = sizeof(int32_t) * 2 + iv_len + cipher_len;

  194. 

  195.   memcpy(encrypt_data + cur, intToByte(*encrypt_data_len), 4);

  196.   cur += 4;

  197.   memcpy(encrypt_data + cur, intToByte(iv_len), 4);

  198.   cur += 4;

  199.   memcpy(encrypt_data + cur, iv_cpy, iv_len);

  200.   cur += iv_len;

  201.   memcpy(encrypt_data + cur, intToByte(cipher_len), 4);

  202.   cur += 4;

  203.   memcpy(encrypt_data + cur, cipher_data, cipher_len);

  204.   *encrypt_data_len += 4;

  205. 

  206.   delete[] cipher_data;

  207.   return true;

  208. }

  209. 

  210. bool _BlockDecrypt(Byte **plain_data, int32_t *plain_len, Byte *encrypt_data, const int64_t encrypt_len, Byte *key,

  211.                    const int32_t key_len, const std::string &dec_mode) {

  212.   std::string alg_mode;

  213.   std::string work_mode;

  214. 

  215.   if (!ParseMode(dec_mode, &alg_mode, &work_mode)) {

  216.     return false;

  217.   }

  218. 

  219.   int32_t iv_len = 0;

  220.   int32_t cipher_len = 0;

  221.   Byte *iv = NULL;

  222.   Byte *cipher_data = NULL;

  223. 

  224.   if (!ParseEncryptData(encrypt_data, encrypt_len, &iv, &iv_len, &cipher_data, &cipher_len)) {

  225.     return false;

  226.   }

  227.   *plain_data = new Byte[cipher_len + 16];

  228.   if (*plain_data == NULL) {

  229.     MS_LOG(ERROR) << "Unable to allocate memory for decrypt_string.";

  230.     return false;

  231.   }

  232. 

  233.   int ret = 0;

  234.   int mlen = 0;

  235. 

  236.   auto ctx = GetEVP_CIPHER_CTX(work_mode, key, key_len, iv, 1);

  237.   if (ctx == nullptr) {

  238.     MS_LOG(ERROR) << "Failed to get EVP_CIPHER_CTX.";

  239.     return false;

  240.   }

  241.   ret = EVP_DecryptUpdate(ctx, *plain_data, plain_len, cipher_data, cipher_len);

  242.   if (ret != 1) {

  243.     MS_LOG(ERROR) << "EVP_DecryptUpdate failed";

  244.     return false;

  245.   }

  246.   if (work_mode == "CBC") {

  247.     ret = EVP_DecryptFinal_ex(ctx, *plain_data + *plain_len, &mlen);

  248.     if (ret != 1) {

  249.       MS_LOG(ERROR) << "EVP_DecryptFinal_ex failed";

  250.       return false;

  251.     }

  252.     *plain_len += mlen;

  253.   }

  254.   delete[] iv;

  255.   delete[] cipher_data;

  256.   EVP_CIPHER_CTX_free(ctx);

  257.   return true;

  258. }

  259. 

  260. Byte *Encrypt(int64_t *encrypt_len, Byte *plain_data, const int64_t plain_len, Byte *key, const int32_t key_len,

  261.               const std::string &enc_mode) {

  262.   int64_t cur_pos = 0;

  263.   int64_t block_enc_len = 0;

  264.   int64_t encrypt_buf_len = plain_len + (plain_len / MAX_BLOCK_SIZE + 1) * 100;

  265.   Byte *encrypt_data = new Byte[encrypt_buf_len];

  266.   Byte *block_buf = new Byte[MAX_BLOCK_SIZE];

  267.   Byte *block_enc_buf = new Byte[MAX_BLOCK_SIZE + 100];

  268. 

  269.   *encrypt_len = 0;

  270.   while (cur_pos < plain_len) {

  271.     int64_t cur_block_size = Min(MAX_BLOCK_SIZE, plain_len - cur_pos);

  272.     memcpy_s(block_buf, MAX_BLOCK_SIZE, plain_data + cur_pos, cur_block_size);

  273. 

  274.     if (!_BlockEncrypt(block_enc_buf, &block_enc_len, block_buf, cur_block_size, key, key_len, enc_mode)) {

  275.       delete[] block_buf;

  276.       delete[] block_enc_buf;

  277.       delete[] encrypt_data;

  278.       MS_EXCEPTION(ValueError) << "Failed to encrypt data, please check if enc_key or enc_mode is valid.";

  279.     }

  280.     memcpy_s(encrypt_data + *encrypt_len, encrypt_buf_len - *encrypt_len, intToByte(MAGIC_NUM), sizeof(int32_t));

  281.     *encrypt_len += sizeof(int32_t);

  282.     memcpy_s(encrypt_data + *encrypt_len, encrypt_buf_len - *encrypt_len, block_enc_buf, block_enc_len);

  283.     *encrypt_len += block_enc_len;

  284.     cur_pos += cur_block_size;

  285.   }

  286.   delete[] block_buf;

  287.   delete[] block_enc_buf;

  288.   return encrypt_data;

  289. }

  290. 

  291. Byte *Decrypt(int64_t *decrypt_len, const std::string &encrypt_data_path, Byte *key, const int32_t key_len,

  292.               const std::string &dec_mode) {

  293.   Byte *decrypt_data = nullptr;

  294.   char *block_buf = new char[MAX_BLOCK_SIZE * 2];

  295.   char *int_buf = new char[4];

  296.   Byte *decrypt_block_buf = nullptr;

  297.   int32_t decrypt_block_len;

  298. 

  299.   std::ifstream fid(encrypt_data_path, std::ios::in | std::ios::binary);

  300.   if (!fid) {

  301.     MS_LOG(ERROR) << "Open file failed";

  302.     exit(-1);

  303.   }

  304.   fid.seekg(0, std::ios_base::end);

  305.   int64_t file_size = fid.tellg();

  306.   fid.clear();

  307.   fid.seekg(0);

  308.   decrypt_data = new Byte[file_size];

  309. 

  310.   *decrypt_len = 0;

  311.   while (fid.tellg() < file_size) {

  312.     fid.read(int_buf, sizeof(int32_t));

  313.     int cipher_flag = ByteToint(reinterpret_cast<Byte *>(int_buf));

  314.     if (cipher_flag != MAGIC_NUM) {

  315.       MS_EXCEPTION(ValueError) << "File \"" << encrypt_data_path

  316.                                << "\"is not an encrypted file and cannot be decrypted";

  317.     }

  318.     fid.read(int_buf, sizeof(int32_t));

  319. 

  320.     int32_t block_size = ByteToint(reinterpret_cast<Byte *>(int_buf));

  321.     fid.read(block_buf, sizeof(char) * block_size);

  322.     if (!(_BlockDecrypt(&decrypt_block_buf, &decrypt_block_len, reinterpret_cast<Byte *>(block_buf), block_size, key,

  323.                         key_len, dec_mode))) {

  324.       delete[] block_buf;

  325.       delete[] int_buf;

  326.       delete[] decrypt_data;

  327.       MS_EXCEPTION(ValueError) << "Failed to decrypt data, please check if dec_key or dec_mode is valid";

  328.     }

  329.     memcpy_s(decrypt_data + *decrypt_len, file_size - *decrypt_len, decrypt_block_buf, decrypt_block_len);

  330.     *decrypt_len += decrypt_block_len;

  331.   }

  332.   fid.close();

  333.   delete[] block_buf;

  334.   delete[] int_buf;

  335.   return decrypt_data;

  336. }

  337. #endif

  338. }  // namespace crypto

  339. }  // namespace mindspore

阿对对队