support fo rgenerating and setting encryption keys

chayim · Apr 7, 2022 · cfb9f11 · cfb9f11
1 parent 7f139c5
commit cfb9f11
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM redis:6.2.6 as builder
+FROM redis:7.0-rc3 as builder
 
 ARG GO_VER=1.17.3
 
@@ -14,7 +14,7 @@ RUN make all
 
 # -------------------------------------------------------- #
 
-FROM redis:6.2.6 as runner
+FROM redis:7.0-rc3 as runner
 ARG REDICRYPT_KEY=default
 ENV REDICRYPT_KEY ${REDICRYPT_KEY}
 COPY --from=builder /build/dist/redicrypt.so /usr/local/lib/redicrypt.so

diff --git a/README.md b/README.md
@@ -30,6 +30,12 @@ It does this by introducing two new redis commands, one for storing an encrypted
 * RC.GETB64 - Get the plaintext value of a base64 encoded redis key.
     - eg: RC.GETB64 *somekey*
 
+* RC.KEYGEN - Generate and store an encyrption key of length *bits*, without disclosing it to the user.
+    - eg: RC.KEYGEN 32
+
+* RC.SETKEY - Change the encryption key on the redis instance.
+    - eg: RC.SETKEY myencryptionkey
+
 ### Supported Hashtypes
 
 The following are the supported hashtypes to use with SETHASH. An unsupported type will return a blank string.

diff --git a/c_bridge.go b/c_bridge.go
@@ -3,6 +3,9 @@ package main
 import "C"
 
 import (
+	"math/rand"
+	"os"
+
 	"github.com/chayim/redicrypt/src/redicrypt"
 )
 
@@ -41,4 +44,23 @@ func Decrypt(encKey *C.char, value *C.char) *C.char {
 	return C.CString(redicrypt.Decrypt(secret, encryptedText))
 }
 
+//export SetKey
+func SetKey(secret *C.char) {
+	private := string(C.GoString(secret))
+	os.Setenv("REDICRYPT_KEY", private)
+}
+
+//export GenerateKey
+func GenerateKey(bits *C.int) {
+	numchars := int(*bits)
+
+	var chars = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`~!@#$%^&*()-_+={}[]|\\;:'\",<.>/?")
+	s := make([]rune, numchars)
+	for i := range s {
+		s[i] = chars[rand.Intn(len(chars))]
+	}
+
+	os.Setenv("REDICRYPT_KEY", string(s))
+}
+
 func main() {}
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/chayim/redicrypt
 
-go 1.16
+go 1.17
 
 require (
 	github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 // indirect

diff --git a/redicrypt.c b/redicrypt.c
@@ -93,6 +93,35 @@ int SetEncCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
     return REDISMODULE_OK;
 }
 
+/* Generate a new encrytion key, on the back end */
+int GenerateKeyCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+    RedisModule_AutoMemory(ctx);
+
+    size_t s;
+    const char *bits = RedisModule_StringPtrLen(argv[1], &s);
+    int ibits = atoi(bits);
+    if (ibits == 0) {
+      return REDISMODULE_ERR;
+    }
+
+    GenerateKey(ibits);
+    RedisModule_ReplyWithSimpleString(ctx, "OK");
+    return REDISMODULE_OK;
+}
+
+/* Give the server a specific encryption key to use */
+int SetKeyCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+    if (argc != 2) return RedisModule_WrongArity(ctx);
+    RedisModule_AutoMemory(ctx);
+
+    size_t s;
+    const char *key = RedisModule_StringPtrLen(argv[1], &s);
+
+    SetKey(key);
+    RedisModule_ReplyWithSimpleString(ctx, "OK");
+    return REDISMODULE_OK;
+}
+
 /* Set a value, hashed
  * [1] = Hash Type
  * [2] = Redis key to set
@@ -195,6 +224,16 @@ int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc)
         0, 0, 0) == REDISMODULE_ERR)
         return REDISMODULE_ERR;
 
+    if (RedisModule_CreateCommand(ctx,"RC.KEYGEN",
+        GenerateKeyCommand, "write",
+        0, 0, 0) == REDISMODULE_ERR)
+        return REDISMODULE_ERR;
+
+    if (RedisModule_CreateCommand(ctx,"RC.SETKEY",
+        SetKeyCommand, "write",
+        0, 0, 0) == REDISMODULE_ERR)
+        return REDISMODULE_ERR;
+
     if (RedisModule_CreateCommand(ctx,"RC.BSETENC",
         BSetEncCommand, "write",
         0, 0, 0) == REDISMODULE_ERR)