Read/Write Encrypted XML Files #3125
Conversation
github-actions
bot
added
lang-cpp
amin1377
requested review from
soheilshahrouz,
AmirhosseinPoolad and
AlexandreSinger
| @@ -0,0 +1,182 @@ | |||
| #pragma once | |||
There was a problem hiding this comment.
This file seems to have come from this repo. I think it should be added as a submodule
| @@ -0,0 +1,182 @@ | |||
| #pragma once | |||
There was a problem hiding this comment.
This is exactly the same as another file with the same name. I think we should remove both files and add them as submodules.
|
I'm not sure it's an "essential" part of OpenFPGA, but it is certainly a useful feature, and we do use it, mainly to read the architecture file. Within OpenFPGA, it's used directly in the codebase (not as a submodule or external dependency). Given that, I'm inclined to follow the same approach and avoid adding it as a submodule. |
There was a problem hiding this comment.
Hi @amin1377 ,
I have some concerns with bringing these libraries in. What is the context of this library? Was this copied from somewhere else? I find it a bit strange that this is separated into two separate libraries. I also am surprised a library like this does not already exist. I think rolling our own encryption / decryption flow can come with unwanted baggage.
Also, I think that this should be an optional feature (similar to CapNProto where it will only turn on if CapNProto is installed). I think we should avoid adding dependencies unless it is a feature that we know everyone wants.
| @@ -0,0 +1,98 @@ | |||
| # libdecrypt | |||
There was a problem hiding this comment.
Is this a fully custom library, or something from the internet? I feel like encrypting XML files should not be complicated enough to warent its own library? Are we sure a library for this does not already exist?
There was a problem hiding this comment.
I agree with you and have noted both your and Soheil’s concerns. If you’re okay with it, I suggest we prioritize completing the full integration with OpenFPGA first, and we can revisit and roll back any changes we don’t want afterward.
There was a problem hiding this comment.
I am not sure I agree. I thought I understood from the meeting last Friday that the goal was to bring in the necessary data structures first, then the necessary features, then the bonus features last. This feels more like a bonus feature which requires a bit more discussion.
My worry about this is that this is another thing that we will need to support in VTR; and encryption can come with a good amount of baggage. We need to really think about how much we want this feature.
| add_compile_definitions(PASS_PHRASE="${PASS_PHRASE}") | ||
| add_compile_definitions(PRIVATE_KEY="${PRIVATE_KEY}") | ||
| find_package(PkgConfig REQUIRED) | ||
| pkg_search_module(OPENSSL REQUIRED openssl) |
There was a problem hiding this comment.
This line makes OpenSSL a required library for all of VTR. Be aware. I would recommend creating a top-level CMake variable to allow the user to build with this feature or not. I think this is a large dependency for this feature.
There was a problem hiding this comment.
I believe that now, with the addition of the new variable VTR_ENABLE_ENCRYPTION to indicate whether the user wants encryption, this CMake will only be triggered if the user wants.
libs/libdecrypt/config.txt
Outdated
| @@ -0,0 +1 @@ | |||
| abcd | |||
There was a problem hiding this comment.
What is this file?
There was a problem hiding this comment.
According to the README, this file is used if the user chooses to use a passphrase. I added the following line from the README to this file:
Write your passphrase in the file
| @@ -0,0 +1,30 @@ | |||
| -----BEGIN ENCRYPTED PRIVATE KEY----- | |||
There was a problem hiding this comment.
Is it common to include a private key in a repository like this? Shouldnt it be public?
There was a problem hiding this comment.
It’s just a placeholder for the user to insert the private key they intend to use.
libs/libpugiutil/src/pugixml_loc.hpp
Outdated
| @@ -6,7 +6,8 @@ | |||
|
|
|||
| #include <vector> | |||
| #include "pugixml.hpp" | |||
|
|
|||
| #include "decryption.h" | |||
There was a problem hiding this comment.
Why add the decryption header file to the hpp file and not the CPP file?
| //store the characters after the '.' from the file_name string | ||
| result = filename.substr(position); | ||
| } | ||
| if (result == ".xmle") { |
There was a problem hiding this comment.
This should really be an optional feature in my opinion. I think IFDEFing this out would be a good idea.
github-actions
bot
added
the
libarchfpga
|
Thanks, @AlexandreSinger. What you mentioned about not making it mandatory and instead checking for the requirement in CMake makes sense; I’ll implement that. As for the way the library is currently used, as I mentioned to Soheil, I’m following the approach used in OpenFPGA since I’m integrating their code. We can revisit and discuss potential changes, such as Soheil’s suggestion to add the repository as a submodule, which I agree with, once the OpenFPGA merging process is complete. |
…r to build the encryption/decryption libs
| @@ -8,8 +8,37 @@ namespace pugiutil { | |||
| //Returns loc_data look-up for xml node line numbers | |||
| loc_data load_xml(pugi::xml_document& doc, //Document object to be loaded with file contents | |||
| const std::string filename) { //Filename to load from | |||
| #ifdef VTR_ENABLE_ENCRYPTION | |||
There was a problem hiding this comment.
You are missing something in your CMake file. CPP code cannot read variables from CMake like this. In CMake you are going to need to set this as a define for the PUGI target. See how this is done for Eigen in the AP flow.
| @@ -8,8 +8,37 @@ namespace pugiutil { | |||
| //Returns loc_data look-up for xml node line numbers | |||
| loc_data load_xml(pugi::xml_document& doc, //Document object to be loaded with file contents | |||
| const std::string filename) { //Filename to load from | |||
| #ifdef VTR_ENABLE_ENCRYPTION | |||
| #include "decryption.h" | |||
There was a problem hiding this comment.
Normally to do this we still put the header file at the top of the file and wrap ifdefs around it. Its a bit strange to put the header all the way down here.
| delete[] final; | ||
| return location_data; | ||
| } | ||
| #endif |
There was a problem hiding this comment.
Minor nit: I would comment what this is ending.
| return location_data; | ||
| } | ||
| #endif | ||
| //auto location_data = loc_data(end_result_fname); |
|
After discussing with @AlexandreSinger and @vaughnbetz, we decided to close this PR. |
In this PR, libraries related to encrypting and decrypting files from OpenFPGA have been added. The PugiXML utility has been updated to support reading and writing encrypted files.