Skip to content

Commit

Permalink
add encryption (PaddlePaddle#1002)
Browse files Browse the repository at this point in the history
* add encryption

* add doc

* add doc

* fix bug
  • Loading branch information
HexToString authored Jan 3, 2023
1 parent 11ce2f4 commit ab49b41
Show file tree
Hide file tree
Showing 32 changed files with 1,865 additions and 1 deletion.
18 changes: 17 additions & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ option(ENABLE_LITE_BACKEND "Whether to enable paddle lite backend." OFF)
option(ENABLE_VISION "Whether to enable vision models usage." OFF)
option(ENABLE_TEXT "Whether to enable text models usage." OFF)
option(ENABLE_FLYCV "Whether to enable flycv to boost image preprocess." OFF)
option(ENABLE_ENCRYPTION "Whether to enable ENCRYPTION." OFF)
option(WITH_ASCEND "Whether to compile for Huawei Ascend deploy." OFF)
option(WITH_TIMVX "Whether to compile for TIMVX deploy." OFF)
option(WITH_KUNLUNXIN "Whether to compile for KunlunXin XPU deploy." OFF)
Expand Down Expand Up @@ -195,11 +196,13 @@ file(GLOB_RECURSE DEPLOY_OPENVINO_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/f
file(GLOB_RECURSE DEPLOY_RKNPU2_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/backends/rknpu/rknpu2/*.cc)
file(GLOB_RECURSE DEPLOY_LITE_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/backends/lite/*.cc)
file(GLOB_RECURSE DEPLOY_VISION_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/vision/*.cc)
file(GLOB_RECURSE DEPLOY_ENCRYPTION_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/encryption/*.cc)
file(GLOB_RECURSE DEPLOY_PIPELINE_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/pipeline/*.cc)
file(GLOB_RECURSE DEPLOY_VISION_CUDA_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/vision/*.cu)
file(GLOB_RECURSE DEPLOY_TEXT_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/text/*.cc)
file(GLOB_RECURSE DEPLOY_PYBIND_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/pybind/*.cc ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/*_pybind.cc)
list(REMOVE_ITEM ALL_DEPLOY_SRCS ${DEPLOY_ORT_SRCS} ${DEPLOY_PADDLE_SRCS} ${DEPLOY_POROS_SRCS} ${DEPLOY_TRT_SRCS} ${DEPLOY_OPENVINO_SRCS} ${DEPLOY_LITE_SRCS} ${DEPLOY_VISION_SRCS} ${DEPLOY_TEXT_SRCS} ${DEPLOY_PIPELINE_SRCS} ${DEPLOY_RKNPU2_SRCS})

list(REMOVE_ITEM ALL_DEPLOY_SRCS ${DEPLOY_ORT_SRCS} ${DEPLOY_PADDLE_SRCS} ${DEPLOY_POROS_SRCS} ${DEPLOY_TRT_SRCS} ${DEPLOY_OPENVINO_SRCS} ${DEPLOY_LITE_SRCS} ${DEPLOY_VISION_SRCS} ${DEPLOY_TEXT_SRCS} ${DEPLOY_PIPELINE_SRCS} ${DEPLOY_RKNPU2_SRCS} ${DEPLOY_ENCRYPTION_SRCS})

set(DEPEND_LIBS "")

Expand Down Expand Up @@ -441,6 +444,14 @@ if(ENABLE_TEXT)
include(${PROJECT_SOURCE_DIR}/cmake/fast_tokenizer.cmake)
endif()

if(ENABLE_ENCRYPTION)
add_definitions(-DENABLE_ENCRYPTION)
list(APPEND ALL_DEPLOY_SRCS ${DEPLOY_ENCRYPTION_SRCS})
include(${PROJECT_SOURCE_DIR}/cmake/gflags.cmake)
include(${PROJECT_SOURCE_DIR}/cmake/openssl.cmake)
list(APPEND DEPEND_LIBS ${OPENSSL_LIBRARIES})
endif()

if(ENABLE_PADDLE_FRONTEND)
add_definitions(-DENABLE_PADDLE_FRONTEND)
include(${PROJECT_SOURCE_DIR}/cmake/paddle2onnx.cmake)
Expand Down Expand Up @@ -653,6 +664,11 @@ if(BUILD_FASTDEPLOY_PYTHON)
list(REMOVE_ITEM DEPLOY_PYBIND_SRCS ${VISION_PYBIND_SRCS} ${PIPELINE_PYBIND_SRCS})
endif()

if(NOT ENABLE_ENCRYPTION)
file(GLOB_RECURSE ENCRYPTION_PYBIND_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/encryption/*_pybind.cc)
list(REMOVE_ITEM DEPLOY_PYBIND_SRCS ${ENCRYPTION_PYBIND_SRCS})
endif()

if (NOT ENABLE_TEXT)
file(GLOB_RECURSE TEXT_PYBIND_SRCS ${PROJECT_SOURCE_DIR}/${CSRCS_DIR_NAME}/fastdeploy/text/*_pybind.cc)
list(REMOVE_ITEM DEPLOY_PYBIND_SRCS ${TEXT_PYBIND_SRCS})
Expand Down
2 changes: 2 additions & 0 deletions FastDeploy.cmake.in
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ set(ENABLE_PADDLE_FRONTEND @ENABLE_PADDLE_FRONTEND@)
set(ENABLE_VISION @ENABLE_VISION@)
set(ENABLE_FLYCV @ENABLE_FLYCV@)
set(ENABLE_TEXT @ENABLE_TEXT@)
set(ENABLE_ENCRYPTION @ENABLE_ENCRYPTION@)
set(BUILD_ON_JETSON @BUILD_ON_JETSON@)
set(PADDLEINFERENCE_VERSION @PADDLEINFERENCE_VERSION@)
set(OPENVINO_VERSION @OPENVINO_VERSION@)
Expand Down Expand Up @@ -287,6 +288,7 @@ endif()
message(STATUS " ENABLE_TRT_BACKEND : ${ENABLE_TRT_BACKEND}")
message(STATUS " ENABLE_VISION : ${ENABLE_VISION}")
message(STATUS " ENABLE_TEXT : ${ENABLE_TEXT}")
message(STATUS " ENABLE_ENCRYPTION : ${ENABLE_ENCRYPTION}")
if(WITH_GPU)
message(STATUS " CUDA_DIRECTORY : ${CUDA_DIRECTORY}")
endif()
Expand Down
50 changes: 50 additions & 0 deletions cmake/openssl.cmake
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Copyright (c) 2022 PaddlePaddle Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

SET(OPENSSL_URL_PREFIX "https://bj.bcebos.com/paddlex/tools")
IF(CMAKE_SYSTEM_NAME MATCHES "Windows")
set(OPENSSL_FILENAME "windows_openssl-1.1.0k")
set(COMPRESSED_SUFFIX ".zip")
add_definitions(-DWIN32)
ELSEIF(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(OPENSSL_FILENAME "openssl-1.1.0k")
set(COMPRESSED_SUFFIX ".tar.gz")
add_definitions(-DLINUX)
ENDIF()
set(OPENSSL_URL ${OPENSSL_URL_PREFIX}/${OPENSSL_FILENAME}${COMPRESSED_SUFFIX})
if(THIRD_PARTY_PATH)
SET(OPENSSL_INSTALL_DIR ${THIRD_PARTY_PATH})
SET(OPENSSL_ROOT_DIR ${THIRD_PARTY_PATH}/openssl-1.1.0k/install-${CMAKE_SYSTEM_PROCESSOR})
else()
SET(OPENSSL_INSTALL_DIR ${FASTDEPLOY_INSTALL_DIR}/installed_fastdeploy/cmake)
SET(OPENSSL_ROOT_DIR ${FASTDEPLOY_INSTALL_DIR}/installed_fastdeploy/cmake/openssl-1.1.0k/install-${CMAKE_SYSTEM_PROCESSOR})
endif()
download_and_decompress(${OPENSSL_URL} ${CMAKE_CURRENT_BINARY_DIR}/${OPENSSL_FILENAME}${COMPRESSED_SUFFIX} ${OPENSSL_INSTALL_DIR})
SET(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/include" CACHE PATH "openssl include directory." FORCE)
include_directories(${OPENSSL_INCLUDE_DIR})
IF(CMAKE_SYSTEM_NAME MATCHES "Windows")
set(OPENSSL_LIBRARIES
"${OPENSSL_ROOT_DIR}/lib/libssl_static.lib"
"${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib"
${GFLAGS_LIBRARIES}
shlwapi
CACHE FILEPATH "OPENSSL_LIBRARIES" FORCE)
ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
set(OPENSSL_LIBRARIES
"${OPENSSL_ROOT_DIR}/lib/libssl.a"
"${OPENSSL_ROOT_DIR}/lib/libcrypto.a"
${GFLAGS_LIBRARIES}
-ldl -lpthread
CACHE FILEPATH "OPENSSL_LIBRARIES" FORCE)
ENDIF()
1 change: 1 addition & 0 deletions cmake/summary.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ function(fastdeploy_summary)
endif()
message(STATUS " ENABLE_VISION : ${ENABLE_VISION}")
message(STATUS " ENABLE_TEXT : ${ENABLE_TEXT}")
message(STATUS " ENABLE_ENCRYPTION : ${ENABLE_ENCRYPTION}")
message(STATUS " ENABLE_DEBUG : ${ENABLE_DEBUG}")
message(STATUS " ENABLE_VISION_VISUALIZE : ${ENABLE_VISION_VISUALIZE}")
if(ANDROID)
Expand Down
20 changes: 20 additions & 0 deletions fastdeploy/encryption.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
// Copyright (c) 2022 PaddlePaddle Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#pragma once

#include "fastdeploy/core/config.h"
#ifdef ENABLE_ENCRYPTION
#include "fastdeploy/encryption/include/decrypt.h"
#include "fastdeploy/encryption/include/encrypt.h"
#endif
30 changes: 30 additions & 0 deletions fastdeploy/encryption/encryption_pybind.cc
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// Copyright (c) 2022 PaddlePaddle Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include "fastdeploy/pybind/main.h"

namespace fastdeploy {

void BindEncryption(pybind11::module& m) {
m.def("encrypt", [](const std::string& input, const std::string& key) {
return Encrypt(input, key);
});
m.def("decrypt", [](const std::string& cipher, const std::string& key) {
return Decrypt(cipher, key);
});
m.def("generate_key", []() {
return GenerateRandomKey();
});
}
} // namespace fastdeploy
60 changes: 60 additions & 0 deletions fastdeploy/encryption/include/decrypt.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
// Copyright (c) 2022 PaddlePaddle Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#pragma once

#include <stdio.h>
#include <string>

#include "fastdeploy/utils/utils.h"

#ifndef PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
#define PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
namespace fastdeploy {
#ifdef __cplusplus
extern "C" {
#endif

/** \brief check stream is encrypted or not
*
* \param[in] cipher_stream The encrypted stream
* \return 0 if stream is encrypted.
*/
FASTDEPLOY_DECL int CheckStreamEncrypted(std::istream& cipher_stream);


/** \brief decrypt an encrypted stream
*
* \param[in] cipher_stream The encrypted stream
* \param[in] plain_stream The decrypted stream
* \param[in] key_base64 The key for decryption
* \return 0 if decrypt success.
*/
FASTDEPLOY_DECL int DecryptStream(std::istream& cipher_stream,
std::ostream& plain_stream,
const std::string& key_base64);


/** \brief decrypt an encrypted string
*
* \param[in] cipher The encrypted string
* \param[in] key The key for decryption
* \return The decrypted string
*/
FASTDEPLOY_DECL std::string Decrypt(const std::string& cipher,
const std::string& key);
#ifdef __cplusplus
}
#endif
} // namespace fastdeploy
#endif // PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
58 changes: 58 additions & 0 deletions fastdeploy/encryption/include/encrypt.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#pragma once

#include <iostream>
#include <string>

#include "fastdeploy/utils/utils.h"

#ifndef PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
#define PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
namespace fastdeploy {
#ifdef __cplusplus
extern "C" {
#endif

/** \brief generate a random key(base64-32bytes) for an encrypted model
*
* \return std::string key
*/
FASTDEPLOY_DECL std::string GenerateRandomKey();

/** \brief encrypt a std::istream with key
*
* \param[in] keydata The key(base64-32bytes) for encryption
* \param[in] in_stream The plain stream
* \param[in] out_stream The ecrypted stream
* \return true if encrypt successed, otherwise false
*/
FASTDEPLOY_DECL int EncryptStream(const std::string &keydata,
std::istream& in_stream,
std::ostream& out_stream);

/** \brief encrypt a string with key
*
* \param[in] input The input string for encryption
* \param[in] key If not given by user, generate key automatically.
* \return std::vector<std::string> [encrypted string, key]
*/
FASTDEPLOY_DECL std::vector<std::string> Encrypt(const std::string& input,
const std::string& key = GenerateRandomKey());

#ifdef __cplusplus
}
#endif
} // namespace fastdeploy
#endif // PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
43 changes: 43 additions & 0 deletions fastdeploy/encryption/include/model_code.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
// Copyright (c) 2022 PaddlePaddle Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#pragma once

#ifndef DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_
#define DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_
namespace fastdeploy {
#ifdef __cplusplus
extern "C" {
#endif

enum {
CODE_OK = 0,
CODE_OPEN_FAILED = 100,
CODE_READ_FILE_PTR_IS_NULL = 101,
CODE_AES_GCM_ENCRYPT_FIALED = 102,
CODE_AES_GCM_DECRYPT_FIALED = 103,
CODE_KEY_NOT_MATCH = 104,
CODE_KEY_LENGTH_ABNORMAL = 105,
CODE_NOT_EXIST_DIR = 106,
CODE_FILES_EMPTY_WITH_DIR = 107,
CODE_MODEL_FILE_NOT_EXIST = 108,
CODE_PARAMS_FILE_NOT_EXIST = 109,
CODE_MODEL_YML_FILE_NOT_EXIST = 110,
CODE_MKDIR_FAILED = 111
};

#ifdef __cplusplus
}
#endif
} // namespace fastdeploy
#endif // DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_
Loading

0 comments on commit ab49b41

Please sign in to comment.