encryption.py

"""
RSA/Hybrid Decryption utilities for the URL Blink application.

Supports two encryption modes from the client:
1. Direct RSA-OAEP (for data ≤ 190 bytes)
2. Hybrid RSA-OAEP + AES-GCM (for data > 190 bytes)
"""
import base64
import json
import os
import logging
from typing import Any, Optional
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

logger = logging.getLogger(__name__)

# Path to the private key file
PRIVATE_KEY_PATH = os.getenv("PRIVATE_KEY_PATH", "./PRIVATE_KEY.pem")

# Cache the private key after first load
_private_key = None


def load_private_key():
    """
    Load the RSA private key from environment variable or PEM file.
    Caches the key for subsequent calls.
    
    Priority:
    1. PRIVATE_KEY environment variable (PEM content)
    2. PRIVATE_KEY_PATH file
    
    Returns:
        RSA private key object, or None if not available
    """
    global _private_key
    
    if _private_key is not None:
        return _private_key
    
    # Try loading from environment variable first
    private_key_pem = os.getenv("PRIVATE_KEY")
    if private_key_pem:
        try:
            _private_key = serialization.load_pem_private_key(
                private_key_pem.encode(),
                password=None,
                backend=default_backend()
            )
            logger.info("Successfully loaded private key from PRIVATE_KEY env variable")
            return _private_key
        except Exception as e:
            logger.warning(f"Failed to load private key from env: {e}")
    
    # Try loading from file
    try:
        with open(PRIVATE_KEY_PATH, "rb") as key_file:
            _private_key = serialization.load_pem_private_key(
                key_file.read(),
                password=None,
                backend=default_backend()
            )
        logger.info(f"Successfully loaded private key from {PRIVATE_KEY_PATH}")
        return _private_key
    except FileNotFoundError:
        logger.warning(f"Private key file not found: {PRIVATE_KEY_PATH}")
    except Exception as e:
        logger.warning(f"Failed to load private key from file: {e}")
    
    logger.warning("No private key available - encrypted data will not be decrypted")
    return None


def decrypt_direct(payload: dict, private_key) -> str:
    """
    Decrypt directly RSA-OAEP encrypted data.
    
    Args:
        payload: Dict with 'data' field containing base64 RSA-encrypted data
        private_key: RSA private key object
        
    Returns:
        Decrypted plaintext string
    """
    encrypted_bytes = base64.b64decode(payload['data'])
    decrypted = private_key.decrypt(
        encrypted_bytes,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    return decrypted.decode('utf-8')


def decrypt_hybrid(payload: dict, private_key) -> str:
    """
    Decrypt hybrid RSA+AES-GCM encrypted data.
    
    Args:
        payload: Dict with 'key' (RSA-encrypted AES key), 'iv', and 'data' (AES-encrypted)
        private_key: RSA private key object
        
    Returns:
        Decrypted plaintext string
    """
    # 1. Decrypt the AES key with RSA-OAEP
    encrypted_aes_key = base64.b64decode(payload['key'])
    aes_key = private_key.decrypt(
        encrypted_aes_key,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    
    # 2. Decrypt the data with AES-GCM
    iv = base64.b64decode(payload['iv'])
    encrypted_data = base64.b64decode(payload['data'])
    
    # AES-GCM: the tag is appended to the ciphertext (last 16 bytes)
    # Split ciphertext and tag
    tag = encrypted_data[-16:]
    ciphertext = encrypted_data[:-16]
    
    cipher = Cipher(
        algorithms.AES(aes_key),
        modes.GCM(iv, tag),
        backend=default_backend()
    )
    decryptor = cipher.decryptor()
    decrypted = decryptor.update(ciphertext) + decryptor.finalize()
    
    return decrypted.decode('utf-8')


def decrypt_data(encrypted_base64: str) -> Optional[Any]:
    """
    Decrypt data encrypted by the client usageService.
    
    The encrypted data format is: btoa(JSON.stringify({ type: 'direct'|'hybrid', ... }))
    
    Args:
        encrypted_base64: The outer base64 string from the client
        
    Returns:
        Decrypted data parsed as JSON, or error info if decryption fails
    """
    private_key = load_private_key()
    
    # If no private key, return the encrypted data as-is
    if private_key is None:
        logger.warning("No private key - returning encrypted data")
        return {"encrypted_data": encrypted_base64, "decryption_status": "no_key_available"}
    
    try:
        # Decode outer base64 and parse JSON
        outer_json = base64.b64decode(encrypted_base64).decode('utf-8')
        payload = json.loads(outer_json)
        
        encryption_type = payload.get('type')
        
        if encryption_type == 'direct':
            decrypted_str = decrypt_direct(payload, private_key)
        elif encryption_type == 'hybrid':
            decrypted_str = decrypt_hybrid(payload, private_key)
        else:
            logger.error(f"Unknown encryption type: {encryption_type}")
            return {"encrypted_data": encrypted_base64, "decryption_error": f"Unknown type: {encryption_type}"}
        
        # Try to parse decrypted string as JSON
        try:
            return json.loads(decrypted_str)
        except json.JSONDecodeError:
            return {"raw_data": decrypted_str}
            
    except Exception as e:
        logger.error(f"Decryption failed: {e}")
        return {"encrypted_data": encrypted_base64[:100] + "...", "decryption_error": str(e)}


def decrypt_multiple_blocks(encrypted_data: str) -> list[Any]:
    """
    Decrypt multiple concatenated encrypted blocks.
    
    Each block is a complete base64 JSON payload. Since blocks can vary in size,
    we need to find block boundaries by looking for valid JSON structures.
    
    Args:
        encrypted_data: Concatenated base64-encoded encrypted blocks
        
    Returns:
        List of decrypted data objects
    """
    results = []
    
    # If it looks like a single block (starts with valid base64 for JSON)
    # Try single block first
    if encrypted_data:
        result = decrypt_data(encrypted_data)
        if result and "decryption_error" not in result:
            results.append(result)
            return results
    
    # If single block fails, the data might be multiple blocks
    # Since each block is base64(JSON), we need to find block boundaries
    # Common approach: try to find where one base64 ends and another begins
    # For now, store the error result from single attempt
    if not results:
        result = decrypt_data(encrypted_data)
        if result:
            results.append(result)
    
    return results