ORNL · JoshuaSBrown · Sep 24, 2025 · Sep 24, 2025 · Sep 22, 2025 · Sep 22, 2025
diff --git a/common/CMakeLists.txt b/common/CMakeLists.txt
@@ -4,12 +4,12 @@ cmake_minimum_required (VERSION 3.17.0)
 # we want to place them in the binary folder in /proto/common
 add_subdirectory(proto/common)
 
-if( BUILD_COMMON ) 
+if( BUILD_COMMON )
   configure_file(
     "${CMAKE_CURRENT_SOURCE_DIR}/include/common/Version.hpp.in"
     "${CMAKE_CURRENT_BINARY_DIR}/include/common/Version.hpp"
     @ONLY)
-  file( GLOB Sources "source/*.cpp" 
+  file( GLOB Sources "source/*.cpp"
     "source/credentials/*cpp"
     "source/communicators/*.cpp"
     "source/messages/*.cpp"
@@ -19,12 +19,11 @@ if( BUILD_COMMON )
     "source/sockets/*.cpp")
   if(BUILD_SHARED_LIBS)
     add_library( common SHARED ${Sources})
-    target_link_libraries( common PUBLIC ${DATAFED_BOOST_DATE_TIME_LIBRARY_PATH} protobuf::libprotobuf libzmq datafed-protobuf) 
+    target_link_libraries( common PUBLIC ${DATAFED_BOOST_DATE_TIME_LIBRARY_PATH} protobuf::libprotobuf libzmq datafed-protobuf ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
   else()
     add_library( common STATIC ${Sources})
-    target_link_libraries( common PUBLIC ${DATAFED_BOOST_DATE_TIME_LIBRARY_PATH} protobuf::libprotobuf libzmq-static datafed-protobuf) 
+    target_link_libraries( common PUBLIC ${DATAFED_BOOST_DATE_TIME_LIBRARY_PATH} protobuf::libprotobuf libzmq-static datafed-protobuf ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
   endif()
-
   set_target_properties(common PROPERTIES POSITION_INDEPENDENT_CODE ON SOVERSION ${DATAFED_COMMON_LIB_MAJOR} VERSION ${DATAFED_COMMON_LIB_MAJOR}.${DATAFED_COMMON_LIB_MINOR}.${DATAFED_COMMON_LIB_PATCH} )
   target_include_directories( common PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include )
   target_include_directories( common PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include )

diff --git a/common/include/common/CipherEngine.hpp b/common/include/common/CipherEngine.hpp
@@ -0,0 +1,164 @@
+#ifndef CIPHER_ENGINE_HPP
+#define CIPHER_ENGINE_HPP
+#pragma once
+
+//Local public includes
+#include "DynaLog.hpp"
+#include "libjson.hpp"
+
+// Standard includes
+#include <string>
+#include <memory>
+
+namespace SDMS{
+
+/**
+ * @class CipherEngine
+ * @brief Provides symmetric encryption and decryption functionalities using a 256-bit key.
+ */
+class CipherEngine
+{
+    protected:
+        /**
+         * @brief Base64 encodes an input of a specified length and returns the output
+         * @param input Pointer to input bytes to encode
+         * @param length Number of bytes in input
+         * @param log_context Context for logging
+         * @return Base64 encoded null-terminated char array
+         */
+        std::unique_ptr<char[]> encode64(const unsigned char* input, const int length, LogContext log_context) const;
+
+        /**
+         * @brief Base64 decodes an input of a specified length and returns the output
+         * @param input Pointer to Base64 encoded input chars
+         * @param length Number of bytes in input
+         * @param log_context Context for logging
+         * @return Decoded bytes
+         */
+        std::unique_ptr<unsigned char[]> decode64(const char* input, const int length, LogContext log_context) const;
+
+    public:
+        /** Base64 encoded block size (always 4) */
+        static const int BASE64_ENCODED_BLOCK_SIZE = 4;
+
+        /** Base64 input block size (always 3) */
+        static const int BASE64_INPUT_BLOCK_SIZE = 3;
+
+        /** Null terminator size */
+        static const int NULL_TERMINATOR_SIZE = 1;
+
+        /** Initialization vector length in bytes */
+        static const int IV_LENGTH = 16;
+
+        /** Encryption key length in bytes (256-bit) */
+        static const int KEY_LENGTH = 32;
+
+        /** Maximum message length in bytes */
+        static const int MAX_MSG_LENGTH = 96;
+
+        /** Base64 encoded IV length */
+        static const int ENCODED_IV_LENGTH = 24;
+
+        /** Base64 encoded encrypted message length */
+        static const int ENCODED_MSG_LENGTH = 128;
+
+        /**
+         * @brief Generates a random encryption key.
+         * @param token_key Buffer to store the generated key (must be KEY_LENGTH bytes).
+         */
+        static void generateEncryptionKey(unsigned char token_key[KEY_LENGTH]);
+
+        /**
+         * @brief Generates a random initialization vector (IV).
+         * @param iv Buffer to store the generated IV (must be IV_LENGTH bytes).
+         */
+        static void generateIV(unsigned char iv[IV_LENGTH]);
+
+        /**
+         * @brief Constructs the CipherEngine with the specified key.
+         * @param inputKey Pointer to encryption key bytes (KEY_LENGTH bytes).
+         */
+        explicit CipherEngine(const unsigned char* inputKey);
+
+        /**
+         * @brief Constructs the empty CipherEngine.
+         */
+        CipherEngine(){};
+
+
+        /**
+         * @struct CipherBytes
+         * @brief Holds encrypted message bytes, IV, and message length.
+         */
+        struct CipherBytes
+        {
+            unsigned char encrypted_msg[ENCODED_MSG_LENGTH]; /**< Encrypted message bytes */
+            unsigned char iv[IV_LENGTH];                  /**< Initialization vector bytes */
+            int encrypted_msg_len;                         /**< Length of encrypted message */
+        };
+
+        /**
+         * @struct CipherString
+         * @brief Holds Base64 encoded encrypted message, IV, and message length.
+         */
+        struct CipherString
+        {
+            std::unique_ptr<char[]> encrypted_msg; /**< Base64 encoded encrypted message */
+            std::unique_ptr<char[]> iv;            /**< Base64 encoded IV */
+            int encrypted_msg_len;                  /**< Length of encrypted message */
+        };
+
+        /**
+         * @brief Encrypts the message using the given IV.
+         * @param iv Initialization vector to use for encryption.
+         * @param msg Plaintext message to encrypt.
+         * @param log_context Context for logging.
+         * @return CipherBytes struct with raw encrypted bytes.
+         */
+        CipherBytes encryptAlgorithm(unsigned char* iv, const std::string& msg, LogContext log_context);
+
+        /**
+         * @brief Encodes CipherBytes into Base64 strings.
+         * @param unencoded_bytes CipherBytes to encode.
+         * @param log_context Context for logging.
+         * @return CipherString with Base64 encoded encrypted message and IV.
+         */
+        CipherString encodeBytes(CipherBytes unencoded_bytes, LogContext log_context);
+
+        /**
+         * @brief Encrypts a message using the specified IV and returns Base64 encoded output.
+         * @param iv Initialization vector to use.
+         * @param msg Plaintext message.
+         * @param log_context Context for logging.
+         * @return CipherString with Base64 encoded encrypted data.
+         */
+        CipherString encrypt(unsigned char *iv, const std::string& msg, LogContext log_context);
+
+        /**
+         * @brief Encrypts a message, generating a random IV automatically.
+         * @param msg Plaintext message.
+         * @param log_context Context for logging.
+         * @return CipherString with Base64 encoded encrypted data.
+         */
+        CipherString encrypt(const std::string& msg, LogContext log_context);
+
+        /**
+         * @brief Decrypts a Base64 encoded encrypted string.
+         * @param encrypted_string CipherString with encrypted message and IV.
+         * @param log_context Context for logging.
+         * @return Decrypted plaintext string.
+         */
+        std::string decrypt(const CipherString& encrypted_string, LogContext log_context);
+
+        static bool tokenNeedsUpdate(const libjson::Value::Object &obj);
+    private:
+        unsigned char key[KEY_LENGTH]; /**< Encryption key bytes */
+
+        /**
+         * @brief Handles errors during encryption/decryption.
+         */
+        static void handleErrors(void);
+
+};
+} // namespace SDMS
+#endif
diff --git a/common/include/common/Util.hpp b/common/include/common/Util.hpp
@@ -21,11 +21,6 @@ void hexDump(const char *a_buffer, const char *a_buffer_end,
 std::string escapeCSV(const std::string &a_value);
 std::string escapeJSON(const std::string &a_value);
 bool to_uint32(const char *a_str, uint32_t &a_out);
-
-// std::vector<std::string> smartTokenize( const std::string & a_text, const
-// std::string & a_delim );
-
-// std::string parseQuery( const std::string & a_query, bool & use_client, bool
-// & use_shared_users, bool & use_shared_projects );
+void readFile(const std::string &fileName,const int arraySize, unsigned char* array);
 
 #endif