Develop encryption (#919)

* add encryption tool

* add encryption decrypt

* yaml c_str

* yaml c_str

* yaml c_str

* yaml c_str

* encryption dllexport

* fix encryption bug

* fix decryp bug

* fix decryp check_file bug

* fix encryption compile

* change key print

* fix key bug

* modify cmakelist

dygraph/deploy/cpp/CMakeLists.txt

@@ -9,11 +9,13 @@ else()
     option(WITH_STATIC_LIB "Compile demo with static/shared library, default use static."   ON)
 endif()
 option(WITH_TENSORRT "Compile demo with TensorRT."   OFF)
+option(WITH_ENCRYPTION "Compile demo with ENCRYPTION."   OFF)
 
 SET(TENSORRT_DIR "" CACHE PATH "Location of libraries")
 SET(PADDLE_DIR "" CACHE PATH "Location of libraries")
 SET(OPENCV_DIR "" CACHE PATH "Location of libraries")
 SET(CUDA_LIB "" CACHE PATH "Location of libraries")
+SET(OPENSSL_DIR "" CACHE PATH "Location of libraries")
 
 SET(PROJECT_ROOT_DIR  "." CACHE PATH  "root directory of project.")
 
@@ -25,6 +27,7 @@ else()
     set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/paddle_deploy)
     set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/paddle_deploy)
     set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/paddle_deploy)
+    add_definitions(-DPADDLEX_DEPLOY)
 endif()
 
 #source
@@ -209,24 +212,49 @@ aux_source_directory(${PROJECT_ROOT_DIR}/model_deploy/ppseg/src DETECTOR_SRC)
 aux_source_directory(${PROJECT_ROOT_DIR}/model_deploy/ppclas/src DETECTOR_SRC)
 aux_source_directory(${PROJECT_ROOT_DIR}/model_deploy/paddlex/src DETECTOR_SRC)
 
-add_executable(model_infer ${PROJECT_ROOT_DIR}/demo/model_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC})
+set(ENCRYPTION_SRC "")
+if (WITH_ENCRYPTION)
+  add_definitions(-DPADDLEX_DEPLOY_ENCRYPTION)
+  set(CMAKE_C_FLAGS "-fPIC ${CMAKE_C_FLAGS}")
+  set(CMAKE_CXX_FLAGS "-fPIC ${CMAKE_CXX_FLAGS}")
+
+  include_directories("${OPENSSL_DIR}/install-${CMAKE_SYSTEM_PROCESSOR}/include")
+  link_directories("${OPENSSL_DIR}/install-${CMAKE_SYSTEM_PROCESSOR}/lib")
+  if (WIN32)
+    set(DEPS ${DEPS} libssl_static${CMAKE_STATIC_LIBRARY_SUFFIX} libcrypto_static${CMAKE_STATIC_LIBRARY_SUFFIX})
+  else ()
+    set(DEPS ${DEPS} libssl${CMAKE_STATIC_LIBRARY_SUFFIX} libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX})
+   endif()
+  aux_source_directory(${PROJECT_ROOT_DIR}/encryption/src ENCRYPTION_SRC)
+  aux_source_directory(${PROJECT_ROOT_DIR}/encryption/util/src ENCRYPTION_SRC)
+  aux_source_directory(${PROJECT_ROOT_DIR}/encryption/util/src/crypto ENCRYPTION_SRC)
+endif()
+
+add_executable(model_infer ${PROJECT_ROOT_DIR}/demo/model_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC} ${ENCRYPTION_SRC})
 ADD_DEPENDENCIES(model_infer ext-yaml-cpp)
 target_link_libraries(model_infer ${DEPS})
 
-add_executable(batch_infer ${PROJECT_ROOT_DIR}/demo/batch_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC})
+add_executable(batch_infer ${PROJECT_ROOT_DIR}/demo/batch_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC} ${ENCRYPTION_SRC})
 ADD_DEPENDENCIES(batch_infer ext-yaml-cpp)
 target_link_libraries(batch_infer ${DEPS})
 
-add_executable(multi_gpu_model_infer ${PROJECT_ROOT_DIR}/demo/multi_gpu_model_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC})
+add_executable(multi_gpu_model_infer ${PROJECT_ROOT_DIR}/demo/multi_gpu_model_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC} ${ENCRYPTION_SRC})
 ADD_DEPENDENCIES(multi_gpu_model_infer ext-yaml-cpp)
 target_link_libraries(multi_gpu_model_infer ${DEPS})
 
 if (WITH_TENSORRT)
-  add_executable(tensorrt_infer ${PROJECT_ROOT_DIR}/demo/tensorrt_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC})
+  add_executable(tensorrt_infer ${PROJECT_ROOT_DIR}/demo/tensorrt_infer.cpp ${SRC} ${ENGINE_SRC} ${DETECTOR_SRC} ${ENCRYPTION_SRC})
   ADD_DEPENDENCIES(tensorrt_infer ext-yaml-cpp)
   target_link_libraries(tensorrt_infer ${DEPS})
 endif()
 
+if (WITH_ENCRYPTION)
+  add_executable(decrypt_infer ${PROJECT_ROOT_DIR}/demo/decrypt_infer.cpp ${SRC}
+                               ${ENGINE_SRC} ${DETECTOR_SRC} ${ENCRYPTION_SRC})
+  ADD_DEPENDENCIES(decrypt_infer ext-yaml-cpp)
+  target_link_libraries(decrypt_infer ${DEPS})
+endif()
+
 if(WIN32)
   add_custom_command(TARGET model_infer POST_BUILD
     COMMAND ${CMAKE_COMMAND} -E copy ${PADDLE_DIR}/third_party/install/mklml/lib/mklml.dll ${CMAKE_BINARY_DIR}/paddle_deploy

dygraph/deploy/cpp/CMakeSettings.json

@@ -47,8 +47,18 @@
           "name": "WITH_TENSORRT",
           "value": "False",
           "type": "BOOL"
+        },
+        {
+          "name": "WITH_ENCRYPTION",
+          "value": "False",
+          "type": "BOOL"
+        },
+        {
+          "name": "OPENSSL_DIR",
+          "value": "path\\to\\openssl1.1.0k",
+          "type": "PATH"
         }
       ]
     }
   ]
-}
+}

dygraph/deploy/cpp/demo/decrypt_infer.cpp

@@ -0,0 +1,69 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <gflags/gflags.h>
+#include <string>
+#include <vector>
+
+#include "model_deploy/common/include/paddle_deploy.h"
+
+DEFINE_string(model_filename, "", "Path of det inference model");
+DEFINE_string(params_filename, "", "Path of det inference params");
+DEFINE_string(cfg_file, "", "Path of yaml file");
+DEFINE_string(model_type, "", "model type");
+DEFINE_string(image, "", "Path of test image file");
+DEFINE_bool(use_gpu, false, "Infering with GPU or CPU");
+DEFINE_int32(gpu_id, 0, "GPU card id");
+DEFINE_string(key, "", "encrypt key");
+
+int main(int argc, char** argv) {
+  // Parsing command-line
+  google::ParseCommandLineFlags(&argc, &argv, true);
+
+  // create model
+  PaddleDeploy::Model* model = PaddleDeploy::CreateModel(FLAGS_model_type);
+
+  // model init
+  model->Init(FLAGS_cfg_file, FLAGS_key);
+
+
+  // inference engine init
+  PaddleDeploy::PaddleEngineConfig engine_config;
+  // encryption
+  if ("" != FLAGS_key) {
+    engine_config.key = FLAGS_key;
+    engine_config.model_filename = decrypt_file(FLAGS_model_filename.c_str(),
+                                                FLAGS_key.c_str());
+    engine_config.params_filename = decrypt_file(FLAGS_params_filename.c_str(),
+                                                 FLAGS_key.c_str());
+  } else {
+    engine_config.model_filename = FLAGS_model_filename;
+    engine_config.params_filename = FLAGS_params_filename;
+  }
+  engine_config.use_gpu = FLAGS_use_gpu;
+  engine_config.gpu_id = FLAGS_gpu_id;
+  model->PaddleEngineInit(engine_config);
+
+  // prepare data
+  std::vector<cv::Mat> imgs;
+  imgs.push_back(std::move(cv::imread(FLAGS_image)));
+
+  // predict
+  std::vector<PaddleDeploy::Result> results;
+  model->Predict(imgs, &results, 1);
+
+  std::cout << results[0] << std::endl;
+  delete model;
+  return 0;
+}

dygraph/deploy/cpp/demo/model_infer.cpp

@@ -25,6 +25,7 @@ DEFINE_string(model_type, "", "model type");
 DEFINE_string(image, "", "Path of test image file");
 DEFINE_bool(use_gpu, false, "Infering with GPU or CPU");
 DEFINE_int32(gpu_id, 0, "GPU card id");
+DEFINE_string(key, "", "encrypt key");
 
 int main(int argc, char** argv) {
   // Parsing command-line
@@ -34,7 +35,7 @@ int main(int argc, char** argv) {
   PaddleDeploy::Model* model = PaddleDeploy::CreateModel(FLAGS_model_type);
 
   // model init
-  model->Init(FLAGS_cfg_file);
+  model->Init(FLAGS_cfg_file, FLAGS_key);
 
   // inference engine init
   PaddleDeploy::PaddleEngineConfig engine_config;

dygraph/deploy/cpp/encryption/CMakeLists.txt

@@ -3,23 +3,13 @@ project(paddle_model_protect)
 
 set(CMAKE_CXX_STANDARD 11)
 
-option(WITH_PADDLE "build with paddle libs" ON)
-
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        option(PM_EXPORTS "export symbols in windows" ON)
-        IF (PM_EXPORTS)
-                message("add_definitions of PM_EXPORTS")
-                add_definitions("-DPM_EXPORTS")
-        ENDIF ()
-ENDIF ()
-
 IF (CMAKE_SYSTEM_NAME MATCHES "Linux")
         # use "-fvisibility=hidden" instead of "-Wl,--version-script ${CMAKE_CURRENT_SOURCE_DIR}/export_rule.map"
         set(CMAKE_C_VISIBILITY_PRESET hidden)
         set(CMAKE_CXX_VISIBILITY_PRESET hidden)
         set(CMAKE_C_FLAGS "-g -O2 -fPIC ${CMAKE_C_FLAGS}")
         set(CMAKE_CXX_FLAGS "-g -O2 -fPIC ${CMAKE_CXX_FLAGS}")
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Windows") 
+ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Windows")
         set(CMAKE_C_FLAGS_RELEASE "/MT")
         set(CMAKE_CXX_FLAGS_RELEASE "/MT")
 ENDIF ()
@@ -28,59 +18,41 @@ SET(EXECUTABLE_OUTPUT_PATH ${PROJECT_SOURCE_DIR}/output/bin)
 SET(LIBRARY_OUTPUT_PATH ${PROJECT_SOURCE_DIR}/output/lib)
 
 file(COPY "${PROJECT_SOURCE_DIR}/include/paddle_model_encrypt.h" DESTINATION "${PROJECT_SOURCE_DIR}/output/include/paddle_model_encrypt.h")
-IF(WITH_PADDLE)
 file(COPY "${PROJECT_SOURCE_DIR}/include/paddle_model_decrypt.h" DESTINATION "${PROJECT_SOURCE_DIR}/output/include/paddle_model_decrypt.h")
-ENDIF()
 file(COPY "${PROJECT_SOURCE_DIR}/include/paddle_stream_decrypt.h" DESTINATION "${PROJECT_SOURCE_DIR}/output/include/paddle_stream_decrypt.h")
 file(COPY "${PROJECT_SOURCE_DIR}/include/model_code.h" DESTINATION "${PROJECT_SOURCE_DIR}/output/include/model_code.h")
 
-set(SRC_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/src")
-
 set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/3rd/openssl-1.1.0k/install-${CMAKE_SYSTEM_PROCESSOR}")
-set(OPENSSL_INCLUDE "${OPENSSL_ROOT_DIR}/include")
+include_directories("../" ${OPENSSL_ROOT_DIR}/include)
+include_directories("${CMAKE_CURRENT_SOURCE_DIR}/3rd/gflags/include")
 IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
         set(OPENSSL_LIBS
                 "${OPENSSL_ROOT_DIR}/lib/libssl_static.lib"
                 "${OPENSSL_ROOT_DIR}/lib/libcrypto_static.lib")
+        set(OPENSSL_LIBS ${OPENSSL_LIBS} ${CMAKE_CURRENT_SOURCE_DIR}/3rd/gflags/lib/gflags_static.lib shlwapi)
 ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
         set(OPENSSL_LIBS
                 "${OPENSSL_ROOT_DIR}/lib/libssl.a"
-                "${OPENSSL_ROOT_DIR}/lib/libcrypto.a")
-ENDIF ()
-
-IF(WITH_PADDLE)
-set(PADDLE_INCLUDE_DIR "${PADDLE_DIR}/include")
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        # -DPADDLE_DIR=C:\developer\Paddle-developer\Paddle\build\fluid_inference_install_dir\paddle
-        # developer paddle_fluid.lib
-        # set(PADDLE_LIBS "${PADDLE_DIR}/lib/paddle_fluid.lib")
-
-        # 2.0.1 paddle_inference.lib
-        set(PADDLE_LIBS "${PADDLE_DIR}/lib/paddle_inference.lib")
-ENDIF ()
+                "${OPENSSL_ROOT_DIR}/lib/libcrypto.a"
+                -ldl -lpthread)
+        set(OPENSSL_LIBS ${OPENSSL_LIBS} ${CMAKE_CURRENT_SOURCE_DIR}/3rd/gflags/lib/libgflags.a)
 ENDIF ()
 
-IF(WITH_PADDLE)
-message("build with paddle libs")
-include_directories(
-        include
-        ${OPENSSL_INCLUDE}
-	${PADDLE_INCLUDE_DIR}
-)
-ELSE()
 message("build no paddle libs")
-include_directories(
-        include
-        ${OPENSSL_INCLUDE}
-)
-ENDIF()
-
-
-
 IF (MSVC)
         # Visual Studio 2015
         set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ws2_32.lib /NODEFAULTLIB:libcmt.lib")
         set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ws2_32.lib /NODEFAULTLIB:libcmt.lib")
 ENDIF ()
 
-add_subdirectory(${SRC_ROOT_DIR})
+
+
+aux_source_directory(util/src SRC_COMMON)
+aux_source_directory(util/src/crypto SRC_COMMON)
+set(SRC_ENCRYPT src/paddle_model_encrypt.cpp ${SRC_COMMON})
+
+# tool: paddle_encrypt_tool
+add_executable(paddle_encrypt_tool
+        sample/paddle_encrypt_tool.cpp
+        ${SRC_ENCRYPT})
+target_link_libraries(paddle_encrypt_tool ${OPENSSL_LIBS})

dygraph/deploy/cpp/encryption/build.bat

@@ -1,5 +1,4 @@
 @echo off
-set PADDLE_DIR=/path/to/Paddle/include
 
 set workPath=%~dp0
 set thirdPartyPath=%~dp03rd
@@ -14,9 +13,11 @@ md %thirdPartyPath%
 
 
 cd %thirdPartyPath%
-wget --no-check-certificate https://bj.bcebos.com/paddlex/tools/openssl-1.1.0k.tar.gz
-tar -zxvf openssl-1.1.0k.tar.gz
-del openssl-1.1.0k.tar.gz
+wget --no-check-certificate https://bj.bcebos.com/paddlex/tools/windows_openssl-1.1.0k.zip
+tar -zxvf windows_openssl-1.1.0k.zip
+del windows_openssl-1.1.0k.zip
+
+
 
 cd %workPath%
 if exist %workPath%build (
@@ -30,6 +31,6 @@ MD %workPath%build
 MD %workPath%\output
 cd %workPath%build
 
-cmake .. -G "Visual Studio 14 2015" -A x64 -T host=x64 -DCMAKE_BUILD_TYPE=Release -DPADDLE_DIR=%PADDLE_DIR%
+cmake .. -G "Visual Studio 16 2019" -A x64 -T host=x64 -DCMAKE_BUILD_TYPE=Release
 
 cd %workPath%

dygraph/deploy/cpp/encryption/build.sh

@@ -1,23 +1,20 @@
-PADDLE_DIR=/paddle_path/paddle_inference/paddle
-
 if [ ! -d "3rd" ]; then
   mkdir 3rd
-fi
+  cd 3rd
 
-cd 3rd
-wget https://bj.bcebos.com/paddlex/tools/openssl-1.1.0k.tar.gz
-tar -zxvf openssl-1.1.0k.tar.gz
-rm openssl-1.1.0k.tar.gz
+  wget https://bj.bcebos.com/paddlex/tools/openssl-1.1.0k.tar.gz
+  tar -zxvf openssl-1.1.0k.tar.gz
+  rm openssl-1.1.0k.tar.gz
 
-cd ..
-rm -rf build output
-mkdir build && cd build
+  wget https://bj.bcebos.com/paddlex/deploy/gflags.tar.gz
+  tar -zxvf gflags.tar.gz
+  rm -rf gflags.tar.gz
 
-# cmake .. \
-#     -DWITH_PADDLE=OFF
-# make
+  cd ..
+fi
 
-cmake .. \
-    -DPADDLE_DIR=${PADDLE_DIR}
-make
+rm -rf build output
+mkdir build && cd build
 
+cmake ..
+make -j16

dygraph/deploy/cpp/encryption/include/model_code.h

@@ -1,5 +1,20 @@
-#ifndef PADDLE_MODEL_PROTECT_MODEL_CODE_H
-#define PADDLE_MODEL_PROTECT_MODEL_CODE_H
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#ifndef DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_
+#define DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_
 
 #ifdef __cplusplus
 extern  "C" {
@@ -26,4 +41,4 @@ extern  "C" {
 }
 #endif
 
-#endif //PADDLE_MODEL_PROTECT_MODEL_CODE_H
+#endif  // DYGRAPH_DEPLOY_CPP_ENCRYPTION_INCLUDE_MODEL_CODE_H_

dygraph/deploy/cpp/encryption/include/paddle_model_decrypt.h

@@ -1,22 +1,27 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #pragma once
 
 #include <stdio.h>
-#include "paddle_inference_api.h"
+#include <string>
+
+#include "model_deploy/common/include/deploy_delacre.h"
+// #include "paddle/include/paddle_inference_api.h"  // NOLINT
 
 #ifndef PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
 #define PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
 
-#ifdef WIN32
-#ifdef PM_EXPORTS
-#define PDD_MODEL_API __declspec(dllexport)
-#else
-#define PDD_MODEL_API __declspec(dllimport)
-#endif
-#endif
-#ifdef linux
-#define PDD_MODEL_API __attribute__((visibility("default")))
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -28,23 +33,24 @@ extern "C" {
  * @param model_file    模型文件路径
  * @param param_file    参数文件路径
  * @return              error_code
- */
-PDD_MODEL_API int paddle_security_load_model(paddle::AnalysisConfig* config,
+
+PD_INFER_DECL int paddle_security_load_model(paddle::AnalysisConfig* config,
                                const char* key,
                                const char* model_file,
                                const char* param_file);
+ */
 
 /**
  * check file (un)encrypted?
  * @param file_path
  * @return
  */
-PDD_MODEL_API int paddle_check_file_encrypted(const char* file_path);
+PD_INFER_DECL int paddle_check_file_encrypted(const char* file_path);
 
-PDD_MODEL_API std::string decrypt_file(const char* file_path, const char* key);
+PD_INFER_DECL std::string decrypt_file(const char* file_path, const char* key);
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif //PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
+#endif  // PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H

dygraph/deploy/cpp/encryption/include/paddle_model_encrypt.h

@@ -1,22 +1,26 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #pragma once
 
 #include <iostream>
+#include <string>
+
+#include "model_deploy/common/include/deploy_delacre.h"
 
 #ifndef PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
 #define PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
 
-#ifdef WIN32
-#ifdef PM_EXPORTS
-#define PDE_MODEL_API __declspec(dllexport)
-#else
-#define PDE_MODEL_API __declspec(dllimport)
-#endif
-#endif
-
-#ifdef linux
-#define PDE_MODEL_API __attribute__((visibility("default")))
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -27,7 +31,7 @@ extern "C" {
  * 对于传入的key信息有要求（需符合产生32字节随机值后做 BASE64 编码
  * @return
  */
-PDE_MODEL_API std::string paddle_generate_random_key();
+PD_INFER_DECL std::string paddle_generate_random_key();
 
 /**
  * encrypt __model__, __params__ files in src_dir to dst_dir
@@ -36,7 +40,9 @@ PDE_MODEL_API std::string paddle_generate_random_key();
  * @param dst_dir
  * @return
  */
-PDE_MODEL_API int paddle_encrypt_dir(const char* keydata, const char* src_dir, const char* dst_dir);
+PD_INFER_DECL int paddle_encrypt_dir(const char* keydata,
+                                     const char* src_dir,
+                                     const char* dst_dir);
 
 /**
  * encrypt file
@@ -45,12 +51,16 @@ PDE_MODEL_API int paddle_encrypt_dir(const char* keydata, const char* src_dir, c
  * @param outfile
  * @return          error_code
  */
-PDE_MODEL_API int paddle_encrypt_model(const char* keydata, const char* infile, const char* outfile);
+PD_INFER_DECL int paddle_encrypt_model(const char* keydata,
+                                       const char* infile,
+                                       const char* outfile);
 
-PDE_MODEL_API int encrypt_stream(const std::string &keydata, std::istream &in_stream, std::ostream &out_stream);
+PD_INFER_DECL int encrypt_stream(const std::string &keydata,
+                                 std::istream &in_stream,
+                                 std::ostream &out_stream);
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif //PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H
+#endif  // PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_ENCRYPT_H

dygraph/deploy/cpp/encryption/include/paddle_stream_decrypt.h

@@ -1,21 +1,26 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #pragma once
 
 #include <stdio.h>
+#include <string>
+
+#include "model_deploy/common/include/deploy_delacre.h"
 
 #ifndef PADDLE_MODEL_PROTECT_API_PADDLE_STREAM_DECRYPT_H
 #define PADDLE_MODEL_PROTECT_API_PADDLE_STREAM_DECRYPT_H
 
-#ifdef WIN32
-#ifdef PM_EXPORTS
-#define PDD_MODEL_API __declspec(dllexport)
-#else
-#define PDD_MODEL_API __declspec(dllimport)
-#endif
-#endif
-#ifdef linux
-#define PDD_MODEL_API __attribute__((visibility("default")))
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -26,12 +31,14 @@ extern "C" {
  * @return
  */
 
-PDD_MODEL_API int paddle_check_stream_encrypted(std::istream &cipher_stream);
+PD_INFER_DECL int paddle_check_stream_encrypted(std::istream& cipher_stream);
 
-PDD_MODEL_API int decrypt_stream(std::istream &cipher_stream, std::ostream &plain_stream, const std::string &key_base64);
+PD_INFER_DECL int decrypt_stream(std::istream& cipher_stream,
+                                 std::ostream& plain_stream,
+                                 const std::string& key_base64);
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif //PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H
+#endif  // PADDLE_MODEL_PROTECT_API_PADDLE_MODEL_DECRYPT_H

dygraph/deploy/cpp/encryption/sample/paddle_encrypt_tool.cpp

@@ -1,99 +1,68 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <stdio.h>
+#include <gflags/gflags.h>
 #include <iostream>
-#include <cstring>
-#include "model_code.h"
-#include "paddle_model_encrypt.h"
-// #include "paddle_inference_api.h"
+#include <string>
 
-#ifdef linux
-#define RESET           "\033[0m"
-#define BOLD            "\033[1m"
-#define BOLDGREEN       "\033[1m\033[32m"
-#elif WIN32
-#define RESET           ""
-#define BOLD            ""
-#define BOLDGREEN       ""
-#endif
+#include "encryption/include/model_code.h"
+#include "encryption/include/paddle_model_encrypt.h"
+#include "encryption/util/include/io_utils.h"
 
-void help() {
-    std::cout << BOLD << "*** paddle_encrypt_tool Usage ***" << RESET << std::endl;
-
-    std::cout << "[1]Help:" << std::endl;
-    std::cout << "\t-h" << std::endl;
-    std::cout << "[2]Generate random key and encrypt dir files" << std::endl;
-    std::cout << "\t-model_dir\tmodel_dir_ori\t-save_dir\tencrypted_models" << std::endl;
-    std::cout << "[3]Generate random key for encrypt file" << std::endl;
-    std::cout << "\t-g" << std::endl;
-    std::cout << "[4]Encrypt file:" << std::endl;
-    std::cout << "\t-e\t-key\tkeydata\t-infile\tinfile\t-outfile\toutfile" << std::endl;
-}
+DEFINE_string(model_filename, "", "Path of model");
+DEFINE_string(params_filename, "", "Path of params");
+DEFINE_string(cfg_file, "", "Path of yaml file");
+DEFINE_string(save_dir, "", "Path of save");
+DEFINE_string(key, "", "encrypt key");
 
 int main(int argc, char** argv) {
+  // Parsing command-line
+  google::ParseCommandLineFlags(&argc, &argv, true);
 
-    switch (argc) {
-        case 2:
-            if (strcmp(argv[1], "-g") == 0) {
-                std::cout << BOLD << "Generate key success: \n\t" << RESET << BOLDGREEN << paddle_generate_random_key()
-                          << RESET << std::endl;
-            } else {
-                help();
-            }
-            break;
-        case 5:
-            if (strcmp(argv[1], "-model_dir") == 0 && strcmp(argv[3], "-save_dir") == 0) {
-                std::string key_random = paddle_generate_random_key();
-                std::cout << BOLD << "Output: " << "Encryption key: \n\t" << RESET << BOLDGREEN
-                          << key_random << RESET << std::endl;
-                int ret = paddle_encrypt_dir(key_random.c_str(), argv[2], argv[4]);
-                switch (ret) {
-                    case CODE_OK:
-                        std::cout << "Success, Encrypt __model__, __params__ to " << argv[4] << "(dir) success!"
-                                  << std::endl;
-                        break;
-                    case CODE_MODEL_FILE_NOT_EXIST:
-                        std::cout << "Failed, errorcode = " << ret << ", could't find __model__(file) in " << argv[2]
-                                  << std::endl;
-                        break;
-                    case CODE_MODEL_YML_FILE_NOT_EXIST:
-                        std::cout << "Failed, errorcode = " << ret << ", could't find model.yml(file) in " << argv[2]
-                                  << std::endl;
-                        break;
-                    case CODE_PARAMS_FILE_NOT_EXIST:
-                        std::cout << "Failed, errorcode = " << ret << ", could't find __params__(file) in " << argv[2]
-                                  << std::endl;
-                        break;
-                    case CODE_NOT_EXIST_DIR:
-                        std::cout << "Failed, errorcode = " << ret << ", " << argv[2] << "(dir) not exist" << std::endl;
-                        break;
-                    case CODE_FILES_EMPTY_WITH_DIR:
-                        std::cout << "Failed, errorcode = " << ret << ", could't find any files in " << argv[2]
-                                  << std::endl;
-                        break;
-                    default:std::cout << "Failed, errorcode = " << ret << ", others" << std::endl;
-                        break;
-                }
-            } else {
-                help();
-            }
-            break;
-        case 8:
-            if (strcmp(argv[1], "-e") == 0 && strcmp(argv[2], "-key") == 0 && strcmp(argv[4], "-infile") == 0
-                && strcmp(argv[6], "-outfile") == 0) {
-                int ret_encrypt = paddle_encrypt_model(argv[3], argv[5], argv[7]);
-                if (ret_encrypt == 0) {
-                    std::cout << "Encrypt " << argv[5] << "(file) to " << argv[7] << "(file) success" << std::endl;
-                } else {
-                    std::cout << "Encrypt " << argv[5] << " failed, ret = " << ret_encrypt << std::endl;
-                }
-            } else {
-                help();
-            }
-            break;
-        default:help();
-    }
+  if ("" == FLAGS_key) {
+    FLAGS_key = paddle_generate_random_key();
+  }
+  std::cout << "key is " << FLAGS_key << std::endl;
 
-#ifdef WIN32
-    system("pause");
-#endif
+  if ("" == FLAGS_save_dir) {
+      std::cerr << "Please input a save path" << std::endl;
+      return -1;
+  }
+  int ret = ioutil::dir_exist_or_mkdir(FLAGS_save_dir.c_str());
+  if (FLAGS_save_dir[FLAGS_save_dir.length() - 1] != '/') {
+    FLAGS_save_dir.append("/");
+  }
 
-    return 0;
-}
+  std::string save_name[] = {"encrypted.yml",
+                             "encrypted.pdmodel",
+                             "encrypted.pdparams"};
+
+  std::string input_files[] = {FLAGS_cfg_file,
+                               FLAGS_model_filename,
+                               FLAGS_params_filename};
+  std::string outfile;
+  for (auto i = 0; i < 3; ++i) {
+    outfile = FLAGS_save_dir + save_name[i];
+    ret = paddle_encrypt_model(FLAGS_key.c_str(),
+                               input_files[i].c_str(),
+                               outfile.c_str());
+    if (ret != 0) {
+      std::cerr << ret << ", Failed encrypt "
+                << input_files[i] << std::endl;
+      return -1;
+    }
+  }
+  std::cout << "save to " << FLAGS_save_dir << std::endl;
+  return 0;
+}

dygraph/deploy/cpp/encryption/sample/paddle_safe_stream_test.cpp

@@ -1,33 +1,41 @@
-#include "../include/paddle_model_encrypt.h"
-#include "../include/paddle_stream_decrypt.h"
-
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #include <iostream>
 #include <string>
 #include <sstream>
 
-int main(){
+#include "encryption/include/paddle_model_encrypt.h"
+#include "encryption/include/paddle_stream_decrypt.h"
 
+int main() {
     std::string key_data = paddle_generate_random_key();
     std::cout << "key is:" << key_data << std::endl;
     std::istringstream isst(std::string("hello world !"));
     std::ostringstream osst;
     int enc_ret =  encrypt_stream(key_data, isst, osst);
-    if (enc_ret != 0){
+    if (enc_ret != 0) {
         std::cout << "ERROR paddle_encrypt_stream" << enc_ret <<std::endl;
         return 0;
     }
     std::istringstream isst_cipher(osst.str());
     std::ostringstream osst_plain;
     int dec_ret = decrypt_stream(isst_cipher, osst_plain, key_data);
-    if (dec_ret != 0){
+    if (dec_ret != 0) {
         std::cout << "ERROR decrypt_stream " << dec_ret <<std::endl;
         return 0;
     }
 
     std::cout << "data is:" << osst_plain.str() << std::endl;
-
     return 0;
 }
-
-
-    

dygraph/deploy/cpp/encryption/src/CMakeLists.txt

@@ -1,106 +0,0 @@
-set(SRC_COMMON
-        util/crypto/basic.cpp
-        util/system_utils.cpp
-        util/io_utils.cpp
-        util/crypto/aes_gcm.cpp
-        util/crypto/sha256_utils.cpp
-        util/crypto/base64.cpp)
-
-set(SRC_ENCRYPT
-        safeapi/paddle_model_encrypt.cpp
-        ${SRC_COMMON}
-        )
-
-set(SRC_DECRYPT
-        safeapi/paddle_model_decrypt.cpp
-        ${SRC_COMMON})
-
-# encrypt: libpmodel-encrypt.so
-add_library(pmodel-encrypt SHARED
-        ${SRC_ENCRYPT})
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        target_link_libraries(pmodel-encrypt
-                ${OPENSSL_LIBS}
-                )
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
-	target_link_libraries(pmodel-encrypt
-        	${OPENSSL_LIBS}
-		-ldl -lpthread
-		)
-ENDIF ()
-
-IF(WITH_PADDLE)
-# decrypt: libpmodel-decrypt.so
-add_library(pmodel-decrypt SHARED
-        ${SRC_DECRYPT})
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        target_link_libraries(pmodel-decrypt
-                ${OPENSSL_LIBS}
-                ${PADDLE_LIBS}
-                )
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
-        target_link_libraries(pmodel-decrypt
-                ${OPENSSL_LIBS}
-		-ldl -lpthread
-		)
-ENDIF ()
-ENDIF ()
-
-# decrypt: libpstream-decrypt.so
-add_library(pstream-decrypt SHARED
-        ${SRC_COMMON}
-        safeapi/paddle_stream_decrypt.cpp)
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        target_link_libraries(pstream-decrypt
-                ${OPENSSL_LIBS}
-                )
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
-        target_link_libraries(pstream-decrypt
-                ${OPENSSL_LIBS}
-		-ldl -lpthread
-		)
-ENDIF ()
-
-
-# tool: paddle_encrypt_tool
-add_executable(paddle_encrypt_tool
-        ../sample/paddle_encrypt_tool.cpp
-        safeapi/paddle_model_encrypt.cpp
-        util/crypto/basic.cpp
-        util/system_utils.cpp
-        util/io_utils.cpp
-        util/crypto/aes_gcm.cpp
-        util/crypto/sha256_utils.cpp
-        util/crypto/base64.cpp)
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        target_link_libraries(paddle_encrypt_tool
-                ${OPENSSL_LIBS}
-                )
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
-	target_link_libraries(paddle_encrypt_tool
-        	${OPENSSL_LIBS}
-		-ldl -lpthread
-        	)
-ENDIF ()
-
-# test: test stream encryption and decryption
-add_executable(test_enc_dec
-        ../sample/paddle_safe_stream_test.cpp
-        safeapi/paddle_stream_decrypt.cpp
-        safeapi/paddle_model_encrypt.cpp
-        util/crypto/basic.cpp
-        util/system_utils.cpp
-        util/io_utils.cpp
-        util/crypto/aes_gcm.cpp
-        util/crypto/sha256_utils.cpp
-        util/crypto/base64.cpp)
-IF (CMAKE_SYSTEM_NAME MATCHES "Windows")
-        target_link_libraries(test_enc_dec
-                ${OPENSSL_LIBS}
-                )
-ELSEIF (CMAKE_SYSTEM_NAME MATCHES "Linux")
-	target_link_libraries(test_enc_dec
-        	${OPENSSL_LIBS}
-		-ldl -lpthread
-        	)
-ENDIF ()

dygraph/deploy/cpp/encryption/src/constant/constant_model.h

@@ -1,15 +0,0 @@
-#ifndef PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H
-#define PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H
-
-namespace constant {
-
-const static std::string MAGIC_NUMBER = "PADDLE";
-const static std::string VERSION = "1";
-
-const static int MAGIC_NUMBER_LEN = 6;
-const static int VERSION_LEN = 1;
-const static int TAG_LEN = 128;
-
-}
-
-#endif //PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H

dygraph/deploy/cpp/encryption/src/paddle_model_decrypt.cpp

@@ -0,0 +1,255 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <string.h>
+
+#include <iostream>
+#include <string>
+#include <fstream>
+#include <memory>
+#include <iterator>
+#include <algorithm>
+
+#include "encryption/include/paddle_model_decrypt.h"
+#include "encryption/include/model_code.h"
+#include "encryption/util/include/crypto/aes_gcm.h"
+#include "encryption/util/include/crypto/base64.h"
+#include "encryption/util/include/io_utils.h"
+#include "encryption/util/include/log.h"
+#include "encryption/util/include/constant/constant_model.h"
+#include "encryption/util/include/system_utils.h"
+
+/**
+ * 0 - encrypted
+ * 1 - unencrypt
+ */
+int paddle_check_file_encrypted(const char* file_path) {
+  return util::SystemUtils::check_file_encrypted(file_path);
+}
+
+std::string decrypt_file(const char* file_path, const char* key) {
+  int ret = paddle_check_file_encrypted(file_path);
+  if (ret != CODE_OK) {
+    LOGD("[M]check file encrypted failed, code: %d", ret);
+    return std::string();
+  }
+
+// std::string key_str = util::crypto::Base64Utils::decode(std::string(key));
+  std::string key_str = baidu::base::base64::base64_decode(std::string(key));
+  int ret_check =
+          util::SystemUtils::check_key_match(key_str.c_str(), file_path);
+  if (ret_check != CODE_OK) {
+    LOGD("[M]check key failed in decrypt_file, code: %d", ret_check);
+    return std::string();
+  }
+  unsigned char* aes_key =
+          (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
+  unsigned char* aes_iv =
+          (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
+  memcpy(aes_key, key_str.c_str(), AES_GCM_KEY_LENGTH);
+  memcpy(aes_iv, key_str.c_str() + 16, AES_GCM_IV_LENGTH);
+
+  size_t pos = constant::MAGIC_NUMBER_LEN +
+                    constant::VERSION_LEN + constant::TAG_LEN;
+
+  // read encrypted data
+  unsigned char* dataptr = NULL;
+  size_t data_len = 0;
+  int ret_read_data = ioutil::read_with_pos(file_path, pos,
+                                            &dataptr, &data_len);
+  if (ret_read_data != CODE_OK) {
+    LOGD("[M]read file failed, code = %d", ret_read_data);
+    return std::string();
+  }
+
+  // decrypt model data
+  size_t model_plain_len = data_len - AES_GCM_TAG_LENGTH;
+  unsigned char* model_plain =
+            (unsigned char*) malloc(sizeof(unsigned char) * model_plain_len);
+
+  int ret_decrypt_file =
+        util::crypto::AesGcm::decrypt_aes_gcm(
+            dataptr,
+            data_len,
+            aes_key,
+            aes_iv,
+            model_plain,
+            reinterpret_cast<int&>(model_plain_len));
+  free(dataptr);
+  free(aes_key);
+  free(aes_iv);
+  if (ret_decrypt_file != CODE_OK) {
+    free(model_plain);
+    LOGD("[M]decrypt file failed, decrypt ret = %d", ret_decrypt_file);
+    return std::string();
+  }
+  std::string result((const char*)model_plain, model_plain_len);
+  free(model_plain);
+  return result;
+}
+
+/**
+ * support model_file encrypted or unencrypt
+ * support params_file encrypted or unencrypt
+ * all in one interface
+ */
+/*
+int paddle_security_load_model(
+    paddle::AnalysisConfig* config,
+    const char* key,
+    const char* model_file,
+    const char* param_file) {
+
+    // 0 - file encrypted   1 - file unencrypted
+    int m_en_flag = util::SystemUtils::check_file_encrypted(model_file);
+    if (m_en_flag == CODE_OPEN_FAILED) {
+        return m_en_flag;
+    }
+    int p_en_flag = util::SystemUtils::check_file_encrypted(param_file);
+    if (p_en_flag == CODE_OPEN_FAILED) {
+        return p_en_flag;
+    }
+
+    unsigned char* aes_key = NULL;
+    unsigned char* aes_iv = NULL;
+    if (m_en_flag == 0 || p_en_flag == 0) {
+//  std::string key_str = util::crypto::Base64Utils::decode(std::string(key));
+        std::string key_str =
+                baidu::base::base64::base64_decode(std::string(key));
+        int ret_check = 0;
+        if (m_en_flag == 0) {
+            ret_check = util::SystemUtils::check_key_match(key_str.c_str(),
+                                                           model_file);
+            if (ret_check != CODE_OK) {
+                LOGD("[M]check key failed in model_file");
+                return ret_check;
+            }
+        }
+
+        if (p_en_flag == 0) {
+            ret_check = util::SystemUtils::check_key_match(key_str.c_str(),
+                                                           param_file);
+            if (ret_check != CODE_OK) {
+                LOGD("[M]check key failed in param_file");
+                return ret_check;
+            }
+        }
+        aes_key =
+           (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
+        aes_iv =
+           (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
+        memcpy(aes_key, key_str.c_str(), AES_GCM_KEY_LENGTH);
+        memcpy(aes_iv, key_str.c_str() + 16, AES_GCM_IV_LENGTH);
+    }
+
+    size_t pos = constant::MAGIC_NUMBER_LEN +
+                      constant::VERSION_LEN + constant::TAG_LEN;
+
+    // read encrypted model
+    unsigned char* model_dataptr = NULL;
+    size_t model_data_len = 0;
+    int ret_read_model = ioutil::read_with_pos(model_file, pos,
+                                       &model_dataptr, &model_data_len);
+    if (ret_read_model != CODE_OK) {
+        LOGD("[M]read model failed");
+        return ret_read_model;
+    }
+
+    size_t model_plain_len = 0;
+    unsigned char* model_plain = NULL;
+    if (m_en_flag == 0) {
+        // decrypt model data
+        model_plain_len = model_data_len - AES_GCM_TAG_LENGTH;
+        model_plain =
+            (unsigned char*) malloc(sizeof(unsigned char) * model_plain_len);
+
+        int ret_decrypt_model =
+            util::crypto::AesGcm::decrypt_aes_gcm(model_dataptr,
+                                                  model_data_len,
+                                                  aes_key,
+                                                  aes_iv,
+                                                  model_plain,
+                      reinterpret_cast<int&>(model_plain_len));
+        free(model_dataptr);
+        if (ret_decrypt_model != CODE_OK) {
+            free(aes_key);
+            free(aes_iv);
+            free(model_plain);
+            LOGD("[M]decrypt model failed, decrypt ret = %d",
+                                           ret_decrypt_model);
+            return CODE_AES_GCM_DECRYPT_FIALED;
+        }
+    } else {
+        model_plain = model_dataptr;
+        model_plain_len = model_data_len;
+    }
+
+
+    // read encrypted params
+    unsigned char* params_dataptr = NULL;
+    size_t params_data_len = 0;
+    int ret_read_params = ioutil::read_with_pos(param_file, pos,
+                                                &params_dataptr,
+                                                &params_data_len);
+    if (ret_read_params != CODE_OK) {
+        LOGD("[M]read params failed");
+        return ret_read_params;
+    }
+
+    size_t params_plain_len = 0;
+    unsigned char* params_plain = NULL;
+    if (p_en_flag == 0) {
+        // decrypt params data
+        params_plain_len = params_data_len - AES_GCM_TAG_LENGTH;
+        params_plain =
+            (unsigned char*) malloc(sizeof(unsigned char) * params_plain_len);
+
+        int ret_decrypt_params =
+            util::crypto::AesGcm::decrypt_aes_gcm(params_dataptr,
+                                                  params_data_len,
+                                                  aes_key,
+                                                  aes_iv,
+                                                  params_plain,
+                      reinterpret_cast<int&>(params_plain_len));
+        free(params_dataptr);
+        free(aes_key);
+        free(aes_iv);
+        if (ret_decrypt_params != CODE_OK) {
+            free(params_plain);
+            LOGD("[M]decrypt params failed, decrypt ret = %d",
+                  ret_decrypt_params);
+            return CODE_AES_GCM_DECRYPT_FIALED;
+        }
+    } else {
+        params_plain = params_dataptr;
+        params_plain_len = params_data_len;
+    }
+
+    LOGD("Prepare to set config");
+
+    config->SetModelBuffer(reinterpret_cast<const char*>(model_plain),
+                           model_plain_len,
+                           reinterpret_cast<const char*>(params_plain),
+                           params_plain_len);
+
+    if (m_en_flag == 1) {
+        free(model_dataptr);
+    }
+
+    if (p_en_flag == 1) {
+        free(params_dataptr);
+    }
+
+    return CODE_OK;
+}
+*/

dygraph/deploy/cpp/encryption/src/safeapi/paddle_model_encrypt.cpp → dygraph/deploy/cpp/encryption/src/paddle_model_encrypt.cpp

@@ -1,17 +1,31 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <string.h>
 #include <iostream>
 #include <string>
 #include <memory>
 #include <vector>
-#include <string.h>
-#include "paddle_model_encrypt.h"
-#include "model_code.h"
-#include "../util/system_utils.h"
-#include "../util/io_utils.h"
-#include "../constant/constant_model.h"
-#include "../util/crypto/aes_gcm.h"
-#include "../util/crypto/sha256_utils.h"
-#include "../util/crypto/base64.h"
-#include "../util/log.h"
+
+#include "encryption/include/model_code.h"
+#include "encryption/include/paddle_model_encrypt.h"
+#include "encryption/util/include/constant/constant_model.h"
+#include "encryption/util/include/crypto/aes_gcm.h"
+#include "encryption/util/include/crypto/sha256_utils.h"
+#include "encryption/util/include/crypto/base64.h"
+#include "encryption/util/include/system_utils.h"
+#include "encryption/util/include/io_utils.h"
+#include "encryption/util/include/log.h"
 
 std::string paddle_generate_random_key() {
     std::string tmp = util::SystemUtils::random_key_iv(AES_GCM_KEY_LENGTH);
@@ -19,7 +33,9 @@ std::string paddle_generate_random_key() {
     return baidu::base::base64::base64_encode(tmp);
 }
 
-int paddle_encrypt_dir(const char* keydata, const char* src_dir, const char* dst_dir) {
+int paddle_encrypt_dir(const char* keydata,
+                       const char* src_dir,
+                       const char* dst_dir) {
     std::vector<std::string> files;
     int ret_files = ioutil::read_dir_files(src_dir, files);
     if (ret_files == -1) {
@@ -51,10 +67,13 @@ int paddle_encrypt_dir(const char* keydata, const char* src_dir, const char* dst
     int ret = CODE_OK;
     ret = ioutil::dir_exist_or_mkdir(dst_str.c_str());
     for (int i = 0; i < files.size(); ++i) {
-        if (strcmp(files[i].c_str(), "__model__") == 0 || strcmp(files[i].c_str(), "__params__") == 0 || strcmp(files[i].c_str(), "model.yml") == 0) {
+        if (strcmp(files[i].c_str(), "__model__") == 0
+            || strcmp(files[i].c_str(), "__params__") == 0
+            || strcmp(files[i].c_str(), "model.yml") == 0) {
             std::string infile = src_str + files[i];
             std::string outfile = dst_str + files[i] + ".encrypted";
-            ret = paddle_encrypt_model(keydata, infile.c_str(), outfile.c_str());
+            ret = paddle_encrypt_model(keydata, infile.c_str(),
+                                       outfile.c_str());
         } else {
             std::string infile = src_str + files[i];
             std::string outfile = dst_str + files[i];
@@ -66,15 +85,14 @@ int paddle_encrypt_dir(const char* keydata, const char* src_dir, const char* dst
         }
     }
     files.clear();
-
     return ret;
-
 }
 
-int paddle_encrypt_model(const char* keydata, const char* infile, const char* outfile) {
-
-    // std::string key_str = util::crypto::Base64Utils::decode(std::string(keydata));
-    std::string key_str = baidu::base::base64::base64_decode(std::string(keydata));
+int paddle_encrypt_model(const char* keydata,
+                         const char* infile,
+                         const char* outfile) {
+    std::string key_str =
+            baidu::base::base64::base64_decode(std::string(keydata));
     if (key_str.length() != 32) {
         return CODE_KEY_LENGTH_ABNORMAL;
     }
@@ -86,12 +104,15 @@ int paddle_encrypt_model(const char* keydata, const char* infile, const char* ou
         return ret_read;
     }
 
-    unsigned char* aes_key = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
-    unsigned char* aes_iv = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
+    unsigned char* aes_key =
+          (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
+    unsigned char* aes_iv =
+          (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
     memcpy(aes_key, key_str.c_str(), AES_GCM_KEY_LENGTH);
     memcpy(aes_iv, key_str.c_str() + 16, AES_GCM_IV_LENGTH);
 
-    unsigned char* cipher = (unsigned char*) malloc(sizeof(unsigned char) * (plain_len + AES_GCM_TAG_LENGTH));
+    unsigned char* cipher = (unsigned char*) malloc(sizeof(unsigned char) *
+                                            (plain_len + AES_GCM_TAG_LENGTH));
     size_t cipher_len = 0;
     int ret_encrypt =
         util::crypto::AesGcm::encrypt_aes_gcm(plain,
@@ -99,7 +120,7 @@ int paddle_encrypt_model(const char* keydata, const char* infile, const char* ou
                                               aes_key,
                                               aes_iv,
                                               cipher,
-                                              reinterpret_cast<int&>(cipher_len));
+                    reinterpret_cast<int&>(cipher_len));
     free(aes_key);
     free(aes_iv);
     if (ret_encrypt != CODE_OK) {
@@ -111,16 +132,22 @@ int paddle_encrypt_model(const char* keydata, const char* infile, const char* ou
 
     std::string randstr = util::SystemUtils::random_str(constant::TAG_LEN);
     std::string aes_key_iv(key_str);
-    std::string sha256_key_iv = util::crypto::SHA256Utils::sha256_string(aes_key_iv);
+    std::string sha256_key_iv =
+             util::crypto::SHA256Utils::sha256_string(aes_key_iv);
     for (int i = 0; i < 64; ++i) {
         randstr[i] = sha256_key_iv[i];
     }
 
-    size_t header_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN + constant::TAG_LEN;
-    unsigned char* header = (unsigned char*) malloc(sizeof(unsigned char) * header_len);
+    size_t header_len = constant::MAGIC_NUMBER_LEN +
+                             constant::VERSION_LEN + constant::TAG_LEN;
+    unsigned char* header =
+            (unsigned char*) malloc(sizeof(unsigned char) * header_len);
     memcpy(header, constant::MAGIC_NUMBER.c_str(), constant::MAGIC_NUMBER_LEN);
-    memcpy(header + constant::MAGIC_NUMBER_LEN, constant::VERSION.c_str(), constant::VERSION_LEN);
-    memcpy(header + constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN, randstr.c_str(), constant::TAG_LEN);
+    memcpy(header + constant::MAGIC_NUMBER_LEN,
+           constant::VERSION.c_str(),
+           constant::VERSION_LEN);
+    memcpy(header + constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN,
+           randstr.c_str(), constant::TAG_LEN);
 
     int ret_write_file = ioutil::write_file(outfile, header, header_len);
     ret_write_file = ioutil::append_file(outfile, cipher, cipher_len);
@@ -128,11 +155,10 @@ int paddle_encrypt_model(const char* keydata, const char* infile, const char* ou
     free(cipher);
 
     return ret_write_file;
-
 }
 
-int encrypt_stream(const std::string &keydata, std::istream &in_stream, std::ostream &out_stream) {
-
+int encrypt_stream(const std::string &keydata,
+                   std::istream &in_stream, std::ostream &out_stream) {
     std::string key_str = baidu::base::base64::base64_decode(keydata);
     if (key_str.length() != 32) {
         return CODE_KEY_LENGTH_ABNORMAL;
@@ -149,14 +175,16 @@ int encrypt_stream(const std::string &keydata, std::istream &in_stream, std::ost
     std::string aes_key = key_str.substr(0, AES_GCM_KEY_LENGTH);
     std::string aes_iv = key_str.substr(16, AES_GCM_IV_LENGTH);
 
-    std::unique_ptr<unsigned char[]> cipher(new unsigned char[plain_len + AES_GCM_TAG_LENGTH]);
+    std::unique_ptr<unsigned char[]> cipher(
+            new unsigned char[plain_len + AES_GCM_TAG_LENGTH]);
     size_t cipher_len = 0;
-    int ret_encrypt = util::crypto::AesGcm::encrypt_aes_gcm(plain.get(),
-                                              plain_len,
-                                              reinterpret_cast<const unsigned char*>(aes_key.c_str()),
-                                              reinterpret_cast<const unsigned char*>(aes_iv.c_str()),
-                                              cipher.get(),
-                                              reinterpret_cast<int&>(cipher_len));
+    int ret_encrypt = util::crypto::AesGcm::encrypt_aes_gcm(
+                    plain.get(),
+                    plain_len,
+                    reinterpret_cast<const unsigned char*>(aes_key.c_str()),
+                    reinterpret_cast<const unsigned char*>(aes_iv.c_str()),
+                    cipher.get(),
+                    reinterpret_cast<int&>(cipher_len));
     if (ret_encrypt != CODE_OK) {
         LOGD("[M]aes encrypt ret code: %d", ret_encrypt);
         return CODE_AES_GCM_ENCRYPT_FIALED;
@@ -164,17 +192,19 @@ int encrypt_stream(const std::string &keydata, std::istream &in_stream, std::ost
 
     std::string randstr = util::SystemUtils::random_str(constant::TAG_LEN);
     std::string aes_key_iv(key_str);
-    std::string sha256_key_iv = util::crypto::SHA256Utils::sha256_string(aes_key_iv);
+    std::string sha256_key_iv =
+             util::crypto::SHA256Utils::sha256_string(aes_key_iv);
     for (int i = 0; i < 64; ++i) {
         randstr[i] = sha256_key_iv[i];
     }
 
-    size_t header_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN + constant::TAG_LEN;
-    out_stream.write(constant::MAGIC_NUMBER.c_str(), constant::MAGIC_NUMBER_LEN);
+    size_t header_len = constant::MAGIC_NUMBER_LEN +
+                             constant::VERSION_LEN + constant::TAG_LEN;
+    out_stream.write(constant::MAGIC_NUMBER.c_str(),
+                     constant::MAGIC_NUMBER_LEN);
     out_stream.write(constant::VERSION.c_str(), constant::VERSION_LEN);
     out_stream.write(randstr.c_str(), constant::TAG_LEN);
     out_stream.write(reinterpret_cast<char *>(cipher.get()), cipher_len);
 
     return CODE_OK;
 }
-

dygraph/deploy/cpp/encryption/src/safeapi/paddle_stream_decrypt.cpp → dygraph/deploy/cpp/encryption/src/paddle_stream_decrypt.cpp

@@ -1,31 +1,48 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <string.h>
 #include <iostream>
 #include <string>
-#include <string.h>
 #include <fstream>
 #include <memory>
 #include <iterator>
 #include <algorithm>
-#include "paddle_stream_decrypt.h"
-#include "model_code.h"
-#include "../util/crypto/aes_gcm.h"
-#include "../util/io_utils.h"
-#include "../util/log.h"
-#include "../constant/constant_model.h"
-#include "../util/system_utils.h"
-#include "../util/crypto/base64.h"
+
+#include "encryption/include/paddle_stream_decrypt.h"
+#include "encryption/include/model_code.h"
+#include "encryption/util/include/crypto/aes_gcm.h"
+#include "encryption/util/include/io_utils.h"
+#include "encryption/util/include/log.h"
+#include "encryption/util/include/constant/constant_model.h"
+#include "encryption/util/include/system_utils.h"
+#include "encryption/util/include/crypto/base64.h"
 
 int paddle_check_stream_encrypted(std::istream &cipher_stream) {
     return util::SystemUtils::check_file_encrypted(cipher_stream);
 }
 
-int decrypt_stream(std::istream &cipher_stream, std::ostream &plain_stream, const std::string &key_base64){
+int decrypt_stream(std::istream &cipher_stream,
+                   std::ostream &plain_stream,
+                   const std::string &key_base64) {
     int ret = paddle_check_stream_encrypted(cipher_stream);
     if (ret != CODE_OK) {
         LOGD("[M]check file encrypted failed, code: %d", ret);
         return ret;
     }
 
-    std::string key_str = baidu::base::base64::base64_decode(key_base64.c_str());
+    std::string key_str =
+            baidu::base::base64::base64_decode(key_base64.c_str());
     int ret_check = util::SystemUtils::check_key_match(key_str, cipher_stream);
     if (ret_check != CODE_OK) {
         LOGD("[M]check key failed in decrypt_file, code: %d", ret_check);
@@ -39,12 +56,15 @@ int decrypt_stream(std::istream &cipher_stream, std::ostream &plain_stream, cons
     cipher_stream.seekg(0, std::ios::end);
     int data_len = cipher_stream.tellg();
     cipher_stream.seekg(0, std::ios::beg);
-    size_t pos = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN + constant::TAG_LEN;
+    size_t pos = constant::MAGIC_NUMBER_LEN +
+                      constant::VERSION_LEN + constant::TAG_LEN;
 
     size_t cipher_len = data_len - pos;
-    std::unique_ptr<unsigned char[]> model_cipher(new unsigned char[cipher_len]);
-    cipher_stream.seekg(pos); // skip header
-    cipher_stream.read(reinterpret_cast<char *>(model_cipher.get()), cipher_len);
+    std::unique_ptr<unsigned char[]> model_cipher(
+                                 new unsigned char[cipher_len]);
+    cipher_stream.seekg(pos);  // skip header
+    cipher_stream.read(reinterpret_cast<char *>(model_cipher.get()),
+                       cipher_len);
 
     size_t plain_len = data_len - AES_GCM_TAG_LENGTH - pos;
     std::unique_ptr<unsigned char[]> model_plain(new unsigned char[plain_len]);
@@ -62,7 +82,8 @@ int decrypt_stream(std::istream &cipher_stream, std::ostream &plain_stream, cons
         return ret_decrypt_file;
     }
 
-    plain_stream.write(reinterpret_cast<const char*>(model_plain.get()), plain_len);
+    plain_stream.write(reinterpret_cast<const char*>(model_plain.get()),
+                       plain_len);
 
     return CODE_OK;
-}
+}

dygraph/deploy/cpp/encryption/src/safeapi/paddle_model_decrypt.cpp

@@ -1,220 +0,0 @@
-#include <iostream>
-#include <string>
-#include <string.h>
-#include <fstream>
-#include <memory>
-#include <iterator>
-#include <algorithm>
-#include "paddle_model_decrypt.h"
-#include "model_code.h"
-#include "../util/crypto/aes_gcm.h"
-#include "../util/io_utils.h"
-#include "../util/log.h"
-#include "../constant/constant_model.h"
-#include "../util/system_utils.h"
-#include "../util/crypto/base64.h"
-
-/**
- * 0 - encrypted
- * 1 - unencrypt
- */
-int paddle_check_file_encrypted(const char* file_path) {
-    return util::SystemUtils::check_file_encrypted(file_path);
-}
-
-std::string decrypt_file(const char* file_path, const char* key) {
-    int ret = paddle_check_file_encrypted(file_path);
-    if (ret != CODE_OK) {
-        LOGD("[M]check file encrypted failed, code: %d", ret);
-        return std::string();
-    }
-
-    // std::string key_str = util::crypto::Base64Utils::decode(std::string(key));
-    std::string key_str = baidu::base::base64::base64_decode(std::string(key));
-    int ret_check = util::SystemUtils::check_key_match(key_str.c_str(), file_path);
-    if (ret_check != CODE_OK) {
-        LOGD("[M]check key failed in decrypt_file, code: %d", ret_check);
-        return std::string();
-    }
-    unsigned char* aes_key = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
-    unsigned char* aes_iv = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
-    memcpy(aes_key, key_str.c_str(), AES_GCM_KEY_LENGTH);
-    memcpy(aes_iv, key_str.c_str() + 16, AES_GCM_IV_LENGTH);
-
-    size_t pos = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN + constant::TAG_LEN;
-
-    // read encrypted data
-    unsigned char* dataptr = NULL;
-    size_t data_len = 0;
-    int ret_read_data = ioutil::read_with_pos(file_path, pos, &dataptr, &data_len);
-    if (ret_read_data != CODE_OK) {
-        LOGD("[M]read file failed, code = %d", ret_read_data);
-        return std::string();
-    }
-
-    // decrypt model data
-    size_t model_plain_len = data_len - AES_GCM_TAG_LENGTH;
-    unsigned char* model_plain = (unsigned char*) malloc(sizeof(unsigned char) * model_plain_len);
-
-    int ret_decrypt_file = 
-        util::crypto::AesGcm::decrypt_aes_gcm(
-            dataptr,
-            data_len,
-            aes_key,
-            aes_iv,
-            model_plain,
-            reinterpret_cast<int&>(model_plain_len));
-    free(dataptr);
-    free(aes_key);
-    free(aes_iv);
-    if (ret_decrypt_file != CODE_OK) {
-        free(model_plain);
-        LOGD("[M]decrypt file failed, decrypt ret = %d", ret_decrypt_file);
-        return std::string();
-    }
-    std::string result((const char*)model_plain);
-    free(model_plain);
-    return result;
-}
-
-/**
- * support model_file encrypted or unencrypt
- * support params_file encrypted or unencrypt
- * all in one interface
- */
-
-int paddle_security_load_model(
-    paddle::AnalysisConfig* config,
-    const char* key,
-    const char* model_file,
-    const char* param_file) {
-
-    // 0 - file encrypted   1 - file unencrypted
-    int m_en_flag = util::SystemUtils::check_file_encrypted(model_file);
-    if (m_en_flag == CODE_OPEN_FAILED) {
-        return m_en_flag;
-    }
-    int p_en_flag = util::SystemUtils::check_file_encrypted(param_file);
-    if (p_en_flag == CODE_OPEN_FAILED) {
-        return p_en_flag;
-    }
-
-    unsigned char* aes_key = NULL;
-    unsigned char* aes_iv = NULL;
-    if (m_en_flag == 0 || p_en_flag == 0) {
-        // std::string key_str = util::crypto::Base64Utils::decode(std::string(key));
-        std::string key_str = baidu::base::base64::base64_decode(std::string(key));
-        int ret_check = 0;
-        if (m_en_flag == 0) {
-            ret_check = util::SystemUtils::check_key_match(key_str.c_str(), model_file);
-            if (ret_check != CODE_OK) {
-                LOGD("[M]check key failed in model_file");
-                return ret_check;
-            }
-
-        }
-
-        if (p_en_flag == 0) {
-            ret_check = util::SystemUtils::check_key_match(key_str.c_str(), param_file);
-            if (ret_check != CODE_OK) {
-                LOGD("[M]check key failed in param_file");
-                return ret_check;
-            }
-        }
-        aes_key = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_KEY_LENGTH);
-        aes_iv = (unsigned char*) malloc(sizeof(unsigned char) * AES_GCM_IV_LENGTH);
-        memcpy(aes_key, key_str.c_str(), AES_GCM_KEY_LENGTH);
-        memcpy(aes_iv, key_str.c_str() + 16, AES_GCM_IV_LENGTH);
-    }
-
-    size_t pos = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN + constant::TAG_LEN;
-
-    // read encrypted model
-    unsigned char* model_dataptr = NULL;
-    size_t model_data_len = 0;
-    int ret_read_model = ioutil::read_with_pos(model_file, pos, &model_dataptr, &model_data_len);
-    if (ret_read_model != CODE_OK) {
-        LOGD("[M]read model failed");
-        return ret_read_model;
-    }
-
-    size_t model_plain_len = 0;
-    unsigned char* model_plain = NULL;
-    if (m_en_flag == 0) {
-        // decrypt model data
-        model_plain_len = model_data_len - AES_GCM_TAG_LENGTH;
-        model_plain = (unsigned char*) malloc(sizeof(unsigned char) * model_plain_len);
-
-        int ret_decrypt_model =
-            util::crypto::AesGcm::decrypt_aes_gcm(model_dataptr,
-                                                  model_data_len,
-                                                  aes_key,
-                                                  aes_iv,
-                                                  model_plain,
-                                                  reinterpret_cast<int&>(model_plain_len));
-        free(model_dataptr);
-        if (ret_decrypt_model != CODE_OK) {
-            free(aes_key);
-            free(aes_iv);
-            free(model_plain);
-            LOGD("[M]decrypt model failed, decrypt ret = %d", ret_decrypt_model);
-            return CODE_AES_GCM_DECRYPT_FIALED;
-        }
-    } else {
-        model_plain = model_dataptr;
-        model_plain_len = model_data_len;
-    }
-
-
-    // read encrypted params
-    unsigned char* params_dataptr = NULL;
-    size_t params_data_len = 0;
-    int ret_read_params = ioutil::read_with_pos(param_file, pos, &params_dataptr, &params_data_len);
-    if (ret_read_params != CODE_OK) {
-        LOGD("[M]read params failed");
-        return ret_read_params;
-    }
-
-    size_t params_plain_len = 0;
-    unsigned char* params_plain = NULL;
-    if (p_en_flag == 0) {
-        // decrypt params data
-        params_plain_len = params_data_len - AES_GCM_TAG_LENGTH;
-        params_plain = (unsigned char*) malloc(sizeof(unsigned char) * params_plain_len);
-
-        int ret_decrypt_params =
-            util::crypto::AesGcm::decrypt_aes_gcm(params_dataptr,
-                                                  params_data_len,
-                                                  aes_key,
-                                                  aes_iv,
-                                                  params_plain,
-                                                  reinterpret_cast<int&>(params_plain_len));
-        free(params_dataptr);
-        free(aes_key);
-        free(aes_iv);
-        if (ret_decrypt_params != CODE_OK) {
-            free(params_plain);
-            LOGD("[M]decrypt params failed, decrypt ret = %d", ret_decrypt_params);
-            return CODE_AES_GCM_DECRYPT_FIALED;
-        }
-    } else {
-        params_plain = params_dataptr;
-        params_plain_len = params_data_len;
-    }
-
-    LOGD("Prepare to set config");
-
-    config->SetModelBuffer(reinterpret_cast<const char*>(model_plain), model_plain_len,
-                           reinterpret_cast<const char*>(params_plain), params_plain_len);
-
-    if (m_en_flag == 1) {
-        free(model_dataptr);
-    }
-
-    if (p_en_flag == 1) {
-        free(params_dataptr);
-    }
-
-    return CODE_OK;
-}
-

dygraph/deploy/cpp/encryption/src/util/crypto/aes_gcm.cpp

@@ -1,190 +0,0 @@
-#include <iostream>
-
-#include "aes_gcm.h"
-
-namespace util {
-namespace crypto {
-
-int AesGcm::aes_gcm_key(
-    const unsigned char* key,
-    const unsigned char* iv,
-    EVP_CIPHER_CTX* e_ctx,
-    EVP_CIPHER_CTX* d_ctx) {
-    int ret = 0;
-    if (e_ctx != NULL) {
-        ret = EVP_EncryptInit_ex(e_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
-        if (ret != 1) {
-            return -1;
-        }
-        ret = EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_SET_IVLEN, AES_GCM_IV_LENGTH, NULL);
-        if (ret != 1) {
-            return -2;
-        }
-        ret = EVP_EncryptInit_ex(e_ctx, NULL, NULL, key, iv);
-        if (ret != 1) {
-            return -3;
-        }
-    }
-    // initial decrypt ctx
-    if (d_ctx != NULL) {
-        ret = EVP_DecryptInit_ex(d_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
-        if (!ret) {
-            return -1;
-        }
-        ret = EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_IVLEN, AES_GCM_IV_LENGTH, NULL);
-        if (!ret) {
-            return -2;
-        }
-        ret = EVP_DecryptInit_ex(d_ctx, NULL, NULL, key, iv);
-        if (!ret) {
-            return -3;
-        }
-    }
-    return 0;
-}
-
-int AesGcm::aes_gcm_key(
-    const std::string& key_hex,
-    const std::string& iv_hex,
-    EVP_CIPHER_CTX* e_ctx,
-    EVP_CIPHER_CTX* d_ctx) {
-    // check key_hex and iv_hex length
-    if (key_hex.length() != AES_GCM_KEY_LENGTH * 2
-        || iv_hex.length() != AES_GCM_IV_LENGTH * 2) {
-        return -4;
-    }
-
-    unsigned char key[AES_GCM_KEY_LENGTH];
-    unsigned char iv[AES_GCM_IV_LENGTH];
-
-    int ret = Basic::hex_to_byte(key_hex, key);
-    if (ret < 0) {
-        return -5;
-    }
-    ret = Basic::hex_to_byte(iv_hex, iv);
-    if (ret < 0) {
-        return -5;
-    }
-    return aes_gcm_key(key, iv, e_ctx, d_ctx);
-}
-
-int AesGcm::encrypt_aes_gcm(
-    const unsigned char* plaintext,
-    const int& len,
-    const unsigned char* key,
-    const unsigned char* iv,
-    unsigned char* ciphertext,
-    int& out_len) {
-    EVP_CIPHER_CTX* ctx = NULL;
-    int ret = 0;
-    int update_len = 0;
-    int ciphertext_len = 0;
-    unsigned char tag_char[AES_GCM_TAG_LENGTH];
-
-    if (!(ctx = EVP_CIPHER_CTX_new())) {
-        return -1;
-    }
-    // initial context
-    ret = aes_gcm_key(key, iv, ctx, NULL);
-    if (ret) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -1;
-    }
-    // encryption
-    ret = EVP_EncryptUpdate(ctx, ciphertext, &update_len, plaintext, len);
-    if (ret != 1) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -2;
-    }
-    ciphertext_len = update_len;
-
-    ret = EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &update_len);
-    if (1 != ret) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -3;
-    }
-    ciphertext_len += update_len;
-
-    // Get the tags for authentication
-    ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GCM_TAG_LENGTH, tag_char);
-    if (1 != ret) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -4;
-    }
-
-    EVP_CIPHER_CTX_free(ctx);
-
-    //append the tags to the end of encryption text
-    for (int i = 0; i < AES_GCM_TAG_LENGTH; ++i) {
-        ciphertext[ciphertext_len + i] = tag_char[i];
-    }
-    out_len = ciphertext_len + AES_GCM_TAG_LENGTH;
-
-    return 0;
-}
-
-int AesGcm::decrypt_aes_gcm(
-    const unsigned char* ciphertext,
-    const int& len,
-    const unsigned char* key,
-    const unsigned char* iv,
-    unsigned char* plaintext,
-    int& out_len) {
-    EVP_CIPHER_CTX* ctx = NULL;
-    int ret = 0;
-    int update_len = 0;
-    int cipher_len = 0;
-    int plaintext_len = 0;
-    unsigned char tag_char[AES_GCM_TAG_LENGTH];
-
-    // get the tag at the end of ciphertext
-    for (int i = 0; i < AES_GCM_TAG_LENGTH; ++i) {
-        tag_char[i] = ciphertext[len - AES_GCM_TAG_LENGTH + i];
-    }
-    cipher_len = len - AES_GCM_TAG_LENGTH;
-
-    // initial aes context
-    if (!(ctx = EVP_CIPHER_CTX_new())) {
-        return -1;
-    }
-
-    ret = aes_gcm_key(key, iv, NULL, ctx);
-    if (ret) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -1;
-    }
-
-    // decryption
-    ret = EVP_DecryptUpdate(ctx, plaintext, &update_len, ciphertext, cipher_len);
-    if (ret != 1) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -2;
-    }
-    plaintext_len = update_len;
-
-
-    // check if the tag is equal to the decrption tag
-    ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GCM_TAG_LENGTH, tag_char);
-    if (!ret) {
-        EVP_CIPHER_CTX_free(ctx);
-        // decrption failed
-        return -3;
-    }
-
-    ret = EVP_DecryptFinal_ex(ctx, plaintext + update_len, &update_len);
-    if (ret <= 0) {
-        EVP_CIPHER_CTX_free(ctx);
-        return -4;
-    }
-
-    plaintext_len += update_len;
-
-    EVP_CIPHER_CTX_free(ctx);
-
-    out_len = plaintext_len;
-    return 0;
-
-}
-
-} // namespace crypt
-} // namespace common

dygraph/deploy/cpp/encryption/src/util/crypto/aes_gcm.h

@@ -1,128 +0,0 @@
-#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H
-#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H
-
-#include <iostream>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <string>
-
-#include "basic.h"
-
-namespace util {
-namespace crypto {
-// aes key 32 byte for 256 bit
-#define AES_GCM_KEY_LENGTH 32
-
-// aes tag 16 byte for 128 bit
-#define AES_GCM_TAG_LENGTH 16
-
-// aes iv 12 byte for 96 bit
-#define AES_GCM_IV_LENGTH 16
-
-class AesGcm {
-
-public:
-    /**
-     * \brief        initial aes-gcm-256 context use key & iv
-     *
-     * \note         initial aes-gcm-256 context use key & iv. gcm mode
-     *               will generate a tag(16 byte), so the ciphertext's length
-     *               should be longer 16 byte than plaintext.
-     *               
-     *
-     * \param plaintext     plain text to be encrypted(in)
-     * \param len      plain text's length(in)
-     * \param key     aes key (in)
-     * \param iv      aes iv (in)
-     * \param ciphertext   encrypted text(out)
-     * \param out_len   encrypted length(out)
-     *
-     * \return         return  0 if successful
-     *                        -1 EVP_CIPHER_CTX_new or aes_gcm_key error
-     *                        -2 EVP_EncryptUpdate error
-     *                        -3 EVP_EncryptFinal_ex error
-     *                        -4 EVP_CIPHER_CTX_ctrl error
-     */
-    static int encrypt_aes_gcm(
-        const unsigned char* plaintext,
-        const int& len,
-        const unsigned char* key,
-        const unsigned char* iv,
-        unsigned char* ciphertext,
-        int& out_len);
-    /**
-     * \brief        encrypt using aes-gcm-256
-     *
-     * \note         encrypt using aes-gcm-256
-     *
-     * \param ciphertext     cipher text to be decrypted(in)
-     * \param len      plain text's length(in)
-     * \param key     aes key (in)
-     * \param iv      aes iv (in)
-     * \param plaintext   decrypted text(out)
-     * \param out_len   decrypted length(out)
-     *
-     * \return         return  0 if successful
-     *                        -1 EVP_CIPHER_CTX_new or aes_gcm_key error
-     *                        -2 EVP_DecryptUpdate error
-     *                        -3 EVP_CIPHER_CTX_ctrl error
-     *                        -4 EVP_DecryptFinal_ex error
-     */
-    static int decrypt_aes_gcm(
-        const unsigned char* ciphertext,
-        const int& len,
-        const unsigned char* key,
-        const unsigned char* iv,
-        unsigned char* plaintext,
-        int& out_len);
-
-private:
-    /**
-     * \brief        initial aes-gcm-256 context use key & iv
-     *
-     * \note         initial aes-gcm-256 context use key & iv
-     *
-     * \param key     aes key (in)
-     * \param iv      aes iv (in)
-     * \param e_ctx   encryption context(out)
-     * \param d_ctx   decryption context(out)
-     *
-     * \return         return  0 if successful
-     *                        -1 EVP_xxcryptInit_ex error
-     *                        -2 EVP_CIPHER_CTX_ctrl error
-     *                        -3 EVP_xxcryptInit_ex error
-     */
-    static int aes_gcm_key(
-        const unsigned char* key,
-        const unsigned char* iv,
-        EVP_CIPHER_CTX* e_ctx,
-        EVP_CIPHER_CTX* d_ctx);
-
-    /**
-     * \brief        initial aes-gcm-256 context use key & iv
-     *
-     * \note         initial aes-gcm-256 context use key & iv
-     *
-     * \param key     aes key (in)
-     * \param iv      aes iv (in)
-     * \param e_ctx   encryption context(out)
-     * \param d_ctx   decryption context(out)
-     *
-     * \return         return  0 if successful
-     *                        -1 EVP_xxcryptInit_ex error
-     *                        -2 EVP_CIPHER_CTX_ctrl error
-     *                        -3 EVP_xxcryptInit_ex error
-     *                        -4 invalid key length or iv length
-     *                        -5 hex_to_byte error
-     */
-    static int aes_gcm_key(
-        const std::string& key_hex,
-        const std::string& iv_hex,
-        EVP_CIPHER_CTX* e_ctx,
-        EVP_CIPHER_CTX* d_ctx);
-};
-
-} // namespace crypt
-} // namespace common
-
-#endif // PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H

dygraph/deploy/cpp/encryption/src/util/crypto/base64.cpp

@@ -1,207 +0,0 @@
-#include "base64.h"
-
-using std::string;
-
-namespace baidu {
-namespace base {
-namespace base64 {
-
-namespace {
-const string base64_chars = 
-         "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-         "abcdefghijklmnopqrstuvwxyz"
-         "0123456789+/";
-
-inline bool is_base64(unsigned char c) {
-    return isalnum(c) || (c == '+') || (c == '/');
-}
-
-inline size_t encode_len(size_t input_len) {
-    return (input_len + 2) / 3 * 4;
-}
-
-void encode_char_array(unsigned char *encode_block, const unsigned char *decode_block) {
-    encode_block[0] = (decode_block[0] & 0xfc) >> 2;
-    encode_block[1] = ((decode_block[0] & 0x03) << 4) + ((decode_block[1] & 0xf0) >> 4);
-    encode_block[2] = ((decode_block[1] & 0x0f) << 2) + ((decode_block[2] & 0xc0) >> 6);
-    encode_block[3] = decode_block[2] & 0x3f;
-}
-
-void decode_char_array(unsigned char *encode_block, unsigned char *decode_block) {
-    for (int i = 0; i < 4; ++i) {
-        encode_block[i] = base64_chars.find(encode_block[i]);
-    }
-    decode_block[0] = (encode_block[0] << 2) + ((encode_block[1] & 0x30) >> 4);
-    decode_block[1] = ((encode_block[1] & 0xf) << 4) + ((encode_block[2] & 0x3c) >> 2);
-    decode_block[2] = ((encode_block[2] & 0x3) << 6) + encode_block[3];
-}
-}
-
-string base64_encode(const string& input) {
-    string output;
-    size_t i = 0;
-    unsigned char decode_block[3];
-    unsigned char encode_block[4];
-
-    for (string::size_type len = 0; len != input.size(); ++len) {
-        decode_block[i++] = input[len];
-        if (i == 3) {
-            encode_char_array(encode_block, decode_block);
-            for (i = 0; i < 4; ++i) {
-                output += base64_chars[encode_block[i]];
-            }
-            i = 0;
-        }
-    }
-
-    if (i > 0) {
-        for (size_t j = i; j < 3; ++j) {
-            decode_block[j] = '\0';
-        }
-
-        encode_char_array(encode_block, decode_block);
-
-        for (size_t j = 0; j < i + 1; ++j) {
-            output += base64_chars[encode_block[j]];
-        }
-
-        while (i++ < 3) {
-            output += '=';
-        }
-    }
-
-    return output;
-}
-
-string base64_decode(const string& encoded_string) {
-    int in_len = encoded_string.size();
-    int i = 0;
-    int len = 0;
-    unsigned char encode_block[4];
-    unsigned char decode_block[3];
-    string output;
-
-    while (in_len-- && (encoded_string[len] != '=') && is_base64(encoded_string[len])) {
-        encode_block[i++] = encoded_string[len];
-        len++;
-        if (i == 4) {
-            decode_char_array(encode_block, decode_block);
-
-            for (int j = 0; j < 3; ++j) {
-                output += decode_block[j];
-            }
-            i = 0;
-        }
-    }
-
-    if (i > 0) {
-        for (int j = i; j < 4; ++j) {
-            encode_block[j] = 0;
-        }
-
-        decode_char_array(encode_block, decode_block);
-
-        for (int j = 0; j < i - 1; ++j) {
-            output += decode_block[j];
-        }
-    }
-
-    return output;
-}
-
-}
-}
-}
-// #include <string>
-// #include <cassert>
-// #include <limits>
-// #include <stdexcept>
-// #include <ctype.h>
-// #include "base64_utils.h"
-
-// namespace util {
-// namespace crypto {
-
-// static const char b64_table[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-// static const char reverse_table[128] = {
-//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
-//     52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
-//     64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
-//     15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
-//     64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
-//     41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64
-// };
-
-// std::string Base64Utils::encode(const ::std::string& data) {
-//     try {
-//         if (data.size() > (std::numeric_limits<std::string::size_type>::max() / 4u) * 3u) {
-//             throw ::std::length_error("Converting too large a string to base64.");
-//         }
-//     } catch (std::length_error& e) {
-//         printf("%s\n", e.what());
-//         return "";
-//     }
-
-//     const std::size_t binlen = data.size();
-//     std::string retval((((binlen + 2) / 3) * 4), '=');
-//     std::size_t outpos = 0;
-//     int bits_collected = 0;
-//     unsigned int accumulator = 0;
-//     const std::string::const_iterator binend = data.end();
-
-//     for (std::string::const_iterator i = data.begin(); i != binend; ++i) {
-//         accumulator = (accumulator << 8) | (*i & 0xffu);
-//         bits_collected += 8;
-//         while (bits_collected >= 6) {
-//             bits_collected -= 6;
-//             retval[outpos++] = b64_table[(accumulator >> bits_collected) & 0x3fu];
-//         }
-//     }
-//     if (bits_collected > 0) { // Any trailing bits that are missing.
-//         assert(bits_collected < 6);
-//         accumulator <<= 6 - bits_collected;
-//         retval[outpos++] = b64_table[accumulator & 0x3fu];
-//     }
-//     assert(outpos >= (retval.size() - 2));
-//     assert(outpos <= retval.size());
-//     return retval;
-// }
-
-// std::string Base64Utils::decode(const std::string& data) {
-//     std::string retval;
-//     const std::string::const_iterator last = data.end();
-//     int bits_collected = 0;
-//     unsigned int accumulator = 0;
-
-//     try {
-
-//         for (std::string::const_iterator i = data.begin(); i != last; ++i) {
-//             const int c = *i;
-//             if (isspace(c) || c == '=') {
-//                 continue;
-//             }
-//             if ((c > 127) || (c < 0) || (reverse_table[c] > 63)) {
-//                 throw ::std::invalid_argument("This contains characters not legal in a base64 encoded string.");
-//             }
-//             accumulator = (accumulator << 6) | reverse_table[c];
-//             bits_collected += 6;
-//             if (bits_collected >= 8) {
-//                 bits_collected -= 8;
-//                 retval += static_cast<char>((accumulator >> bits_collected) & 0xffu);
-//             }
-//         }
-//     } catch (std::invalid_argument& e) {
-//         printf("%s\n", e.what());
-//         return "";
-//     }
-
-//     return retval;
-// }
-
-// }
-// }
-
-

dygraph/deploy/cpp/encryption/src/util/crypto/base64.h

@@ -1,30 +0,0 @@
-#include <vector>
-#include <string>
-
-#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_BASE64_UTILS_H
-#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_BASE64_UTILS_H
-
-namespace baidu {
-namespace base {
-namespace base64 {
-
-std::string base64_encode(const std::string& input);
-std::string base64_decode(const std::string& input);
-
-}
-}
-}
-
-// namespace util {
-// namespace crypto {
-
-// class Base64Utils {
-// public:
-//     static std::string encode(const ::std::string& data);
-
-//     static std::string decode(const ::std::string& data);
-// };
-
-// }
-// }
-#endif //PADDLE_MODEL_PROTECT_BASE64_UTILS_H

dygraph/deploy/cpp/encryption/src/util/crypto/basic.cpp

@@ -1,71 +0,0 @@
-#include "basic.h"
-
-namespace util {
-namespace crypto {
-
-int Basic::byte_to_hex(
-    const unsigned char* in_byte,
-    int len,
-    std::string& out_hex) {
-    std::ostringstream oss;
-    oss << std::hex << std::setfill('0');
-    for (int i = 0; i < len; ++i) {
-        oss << std::setw(2) << int(in_byte[i]);
-    }
-    out_hex = oss.str();
-    return 0;
-}
-
-int Basic::hex_to_byte(
-    const std::string& in_hex,
-    unsigned char* out_byte) {
-    int i = 0;
-    int j = 0;
-    int len = in_hex.length() / 2;
-    const unsigned char* hex;
-    if (in_hex.length() % 2 != 0 || out_byte == NULL) {
-        return -1;
-    }
-    hex = (unsigned char*) in_hex.c_str();
-
-    for (; j < len; i += 2, ++j) {
-        unsigned char high = hex[i];
-        unsigned char low = hex[i + 1];
-        if (high >= '0' && high <= '9') {
-            high = high - '0';
-        } else if (high >= 'A' && high <= 'F') {
-            high = high - 'A' + 10;
-        } else if (high >= 'a' && high <= 'f') {
-            high = high - 'a' + 10;
-        } else {
-            return -2;
-        }
-
-        if (low >= '0' && low <= '9') {
-            low = low - '0';
-        } else if (low >= 'A' && low <= 'F') {
-            low = low - 'A' + 10;
-        } else if (low >= 'a' && low <= 'f') {
-            low = low - 'a' + 10;
-        } else {
-            return -2;
-        }
-        out_byte[j] = high << 4 | low;
-    }
-    return 0;
-}
-
-int Basic::random(unsigned char* random, int len) {
-    std::random_device rd;
-    int i = 0;
-    if (len <= 0 || random == NULL) {
-        return -1;
-    }
-    for (; i < len; ++i) {
-        random[i] = rd() % 256;
-    }
-    return 0;
-}
-
-}
-} // namespace common

dygraph/deploy/cpp/encryption/src/util/crypto/basic.h

@@ -1,68 +0,0 @@
-#ifndef PADDLE_MODEL_PROTECT_UTIL_BASIC_H
-#define PADDLE_MODEL_PROTECT_UTIL_BASIC_H
-
-#include <iomanip>
-#include <iostream>
-#include <random>
-#include <string>
-#include <sstream>
-
-namespace util {
-namespace crypto {
-
-class Basic {
-public:
-    /**
-     * \brief        byte to hex
-     *
-     * \note         byte to hex.
-     *               
-     *
-     * \param in_byte  byte array(in)
-     * \param len      byte array length(in)
-     * \param out_hex  the hex string(in)
-     * 
-     *
-     * \return         return  0 if successful
-     */
-    static int byte_to_hex(
-        const unsigned char* in_byte,
-        int len,
-        std::string& out_hex);
-
-    /**
-     * \brief        hex to byte
-     *
-     * \note         hex to byte.
-     *               
-     *
-     * \param in_hex    the hex string(in)
-     * \param out_byte  byte array(out)
-     *
-     * \return         return  0 if successful
-     *                        -1 invalid in_hex
-     */
-    static int hex_to_byte(
-        const std::string& in_hex,
-        unsigned char* out_byte);
-
-    /**
-     * \brief        get random char for length
-     *
-     * \note         get random char for length
-     *               
-     *
-     * \param array     to be random(out)
-     * \param len       array length(in)
-     *
-     * \return         return  0 if successful
-     *                        -1 invalid parameters
-     */
-    static int random(
-        unsigned char* random,
-        int len);
-};
-
-}
-} // namespace common
-#endif // PADDLE_MODEL_PROTECT_UTIL_BASIC_H

dygraph/deploy/cpp/encryption/src/util/crypto/sha256_utils.cpp

@@ -1,69 +0,0 @@
-#include "sha256_utils.h"
-#include <iomanip>
-#include <stdio.h>
-#include <openssl/sha.h>
-#include <sstream>
-
-namespace util {
-namespace crypto {
-
-void SHA256Utils::sha256(const void* data, size_t len, unsigned char* md) {
-    SHA256_CTX sha_ctx = {};
-    SHA256_Init(&sha_ctx);
-    SHA256_Update(&sha_ctx, data, len);
-    SHA256_Final(md, &sha_ctx);
-}
-std::vector<unsigned char> SHA256Utils::sha256(const void* data, size_t len) {
-    std::vector<unsigned char> md(32);
-    sha256(data, len, &md[0]);
-    return md;
-}
-std::vector<unsigned char> SHA256Utils::sha256(const std::vector<unsigned char>& data) {
-    return sha256(&data[0], data.size());
-}
-std::string SHA256Utils::sha256_string(const void* data, size_t len) {
-    std::vector<unsigned char> md = sha256(data, len);
-    std::ostringstream oss;
-    oss << std::hex << std::setfill('0');
-    for (unsigned char c : md) {
-        oss << std::setw(2) << int(c);
-    }
-    return oss.str();
-}
-std::string SHA256Utils::sha256_string(const std::vector<unsigned char>& data) {
-    return sha256_string(&data[0], data.size());
-}
-std::string SHA256Utils::sha256_string(const std::string& string) {
-    return sha256_string(string.c_str(), string.size());
-}
-std::string SHA256Utils::sha256_file(const std::string& path) {
-    FILE* file = fopen(path.c_str(), "rb");
-    if (!file) {
-        return "";
-    }
-    unsigned char hash[SHA256_DIGEST_LENGTH];
-    SHA256_CTX sha_ctx = {};
-    SHA256_Init(&sha_ctx);
-    const int size = 32768;
-    void* buffer = malloc(size);
-    if (!buffer) {
-        fclose(file);
-        return "";
-    }
-    int read = 0;
-    while ((read = fread(buffer, 1, size, file))) {
-        SHA256_Update(&sha_ctx, buffer, read);
-    }
-    SHA256_Final(hash, &sha_ctx);
-    std::ostringstream oss;
-    oss << std::hex << std::setfill('0');
-    for (unsigned char c : hash) {
-        oss << std::setw(2) << int(c);
-    }
-    fclose(file);
-    free(buffer);
-    return oss.str();
-}
-
-}
-}

dygraph/deploy/cpp/encryption/src/util/crypto/sha256_utils.h

@@ -1,23 +0,0 @@
-#include <vector>
-#include <string>
-
-#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H
-#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H
-
-namespace util {
-namespace crypto {
-
-class SHA256Utils {
-public:
-    static void sha256(const void* data, size_t len, unsigned char* md);
-    static std::vector<unsigned char> sha256(const void* data, size_t len);
-    static std::vector<unsigned char> sha256(const std::vector<unsigned char>& data);
-    static std::string sha256_string(const void* data, size_t len);
-    static std::string sha256_string(const std::vector<unsigned char>& data);
-    static std::string sha256_string(const std::string& string);
-    static std::string sha256_file(const std::string& path);
-};
-
-}
-}
-#endif //PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H

dygraph/deploy/cpp/encryption/src/util/io_utils.cpp

@@ -1,209 +0,0 @@
-#ifdef linux
-#include <unistd.h>
-#include <dirent.h>
-#endif
-#ifdef WIN32
-#include <windows.h>
-#include <io.h>
-#endif
-
-#include <iostream>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include "io_utils.h"
-#include "model_code.h"
-#include "log.h"
-
-namespace ioutil {
-
-int read_file(const char* file_path, unsigned char** dataptr, size_t* sizeptr) {
-    FILE* fp = NULL;
-    fp = fopen(file_path, "rb");
-    if (fp == NULL) {
-        LOGD("[M]open file(%s) failed", file_path);
-        return CODE_OPEN_FAILED;
-    }
-
-    fseek(fp, 0, SEEK_END);
-    *sizeptr = ftell(fp);
-    *dataptr = (unsigned char*) malloc(sizeof(unsigned char) * (*sizeptr));
-
-    fseek(fp, 0, SEEK_SET);
-    fread(*dataptr, 1, *sizeptr, fp);
-    fclose(fp);
-
-    return CODE_OK;
-}
-
-int read_with_pos_and_length(const char* file_path, unsigned char* dataptr, size_t pos, size_t length) {
-    if (dataptr == NULL) {
-        LOGD("Read file pos dataptr = NULL");
-        return CODE_READ_FILE_PTR_IS_NULL;
-    }
-
-    FILE* fp = NULL;
-    if ((fp = fopen(file_path, "rb")) == NULL) {
-        LOGD("[M]open file(%s) failed", file_path);
-        return CODE_OPEN_FAILED;
-    }
-
-    fseek(fp, pos, SEEK_SET);
-    fread(dataptr, 1, length, fp);
-    fclose(fp);
-
-    return CODE_OK;
-}
-
-int read_with_pos(const char* file_path, size_t pos, unsigned char** dataptr, size_t* sizeptr) {
-
-    FILE* fp = NULL;
-    if ((fp = fopen(file_path, "rb")) == NULL) {
-        LOGD("[M]open file(%s) failed when read_with_pos", file_path);
-        return CODE_OPEN_FAILED;
-    }
-
-    fseek(fp, 0, SEEK_END);
-    size_t filesize = ftell(fp);
-
-    *sizeptr = filesize - pos;
-    *dataptr = (unsigned char*) malloc(sizeof(unsigned char) * (filesize - pos));
-    fseek(fp, pos, SEEK_SET);
-    fread(*dataptr, 1, filesize - pos, fp);
-    fclose(fp);
-
-    return CODE_OK;
-}
-
-int write_file(const char* file_path, const unsigned char* dataptr, size_t sizeptr) {
-    FILE* fp = NULL;
-    if ((fp = fopen(file_path, "wb")) == NULL) {
-        LOGD("[M]open file(%s) failed", file_path);
-        return CODE_OPEN_FAILED;
-    }
-
-    fwrite(dataptr, 1, sizeptr, fp);
-
-    fclose(fp);
-    return CODE_OK;
-}
-
-int append_file(const char* file_path, const unsigned char* data, size_t len) {
-    FILE* fp = fopen(file_path, "ab+");
-    if (fp == NULL) {
-        LOGD("[M]open file(%s) failed when append_file", file_path);
-        return CODE_OPEN_FAILED;
-    }
-    fwrite(data, sizeof(char), len, fp);
-    fclose(fp);
-    return CODE_OK;
-}
-
-size_t read_file_size(const char* file_path) {
-    FILE* fp = NULL;
-    fp = fopen(file_path, "rb");
-    if (fp == NULL) {
-        LOGD("[M]open file(%s) failed when read_file_size", file_path);
-        return 0;
-    }
-
-    fseek(fp, 0, SEEK_END);
-    size_t filesize = ftell(fp);
-    fclose(fp);
-
-    return filesize;
-}
-
-int read_file_to_file(const char* src_path, const char* dst_path) {
-    FILE* infp = NULL;
-    if ((infp = fopen(src_path, "rb")) == NULL) {
-        LOGD("[M]read src file failed when read_file_to_file");
-        return CODE_OPEN_FAILED;
-    }
-
-    fseek(infp, 0, SEEK_END);
-    size_t insize = ftell(infp);
-    char* content = (char*) malloc(sizeof(char) * insize);
-
-    fseek(infp, 0, SEEK_SET);
-    fread(content, 1, insize, infp);
-    fclose(infp);
-
-    FILE* outfp = NULL;
-    if ((outfp = fopen(dst_path, "wb")) == NULL) {
-        LOGD("[M]open dst file failed when read_file_to_file");
-        return CODE_OPEN_FAILED;
-    }
-    fwrite(content, 1, insize, outfp);
-    fclose(outfp);
-    free(content);
-    return CODE_OK;
-}
-
-int read_dir_files(const char* dir_path, std::vector<std::string>& files) {
-#ifdef linux
-    struct dirent* ptr;
-    DIR* dir = NULL;
-    dir = opendir(dir_path);
-    if (dir == NULL) {
-        return -1; // CODE_NOT_EXIST_DIR
-    }
-    while ((ptr = readdir(dir)) != NULL) {
-        if (strcmp(ptr->d_name, ".") != 0 && strcmp(ptr->d_name, "..") != 0) {
-            files.push_back(ptr->d_name);
-        }
-    }
-    closedir(dir);
-#endif
-#ifdef WIN32
-    intptr_t handle;
-	struct _finddata_t fileinfo;
-	
-	std::string tmp_dir(dir_path);
-	std::string::size_type idx = tmp_dir.rfind("\\*");
-	if (idx == std::string::npos || idx != tmp_dir.length() - 1)
-	{
-		tmp_dir.append("\\*");
-	}
-
-	handle = _findfirst(tmp_dir.c_str(), &fileinfo);
-	if (handle == -1) {
-		return -1;
-	}
-
-	do {
-		std::cout << "File name = " << fileinfo.name << std::endl;
-		if (strcmp(fileinfo.name, ".") != 0 && strcmp(fileinfo.name, "..") != 0) {
-			files.push_back(fileinfo.name);
-		}
-	} while (!_findnext(handle, &fileinfo));
-
-std::cout << files.size() << std::endl;
-    for (size_t i = 0; i < files.size(); i++)
-    {
-        std::cout << files[i] << std::endl;
-    }
-
-	_findclose(handle);
-#endif
-    return files.size();
-}
-
-int dir_exist_or_mkdir(const char* dir) {
-#ifdef WIN32
-    if (CreateDirectory(dir, NULL)) {
-        // return CODE_OK;
-    } else {
-        return CODE_MKDIR_FAILED;
-    }
-    
-#endif
-#ifdef linux
-    if (access(dir, 0) != 0) {
-        mkdir(dir, S_IRWXU | S_IRWXG | S_IRWXO);
-    }
-#endif
-    return CODE_OK;
-}
-
-}

dygraph/deploy/cpp/encryption/src/util/io_utils.h

@@ -1,33 +0,0 @@
-#include <iostream>
-#include <memory>
-#include <vector>
-#include <string>
-
-#ifndef PADDLE_MODEL_PROTECT_IO_UTILS_H
-#define PADDLE_MODEL_PROTECT_IO_UTILS_H
-
-namespace ioutil {
-
-int read_file(const char* file_path, unsigned char** dataptr, size_t* sizeptr);
-
-int read_with_pos_and_length(const char* file_path, unsigned char* dataptr, size_t pos, size_t length);
-
-int read_with_pos(const char* file_path, size_t pos, unsigned char** dataptr, size_t* sizeptr);
-
-int write_file(const char* file_path, const unsigned char* dataptr, size_t sizeptr);
-
-int append_file(const char* file_path, const unsigned char* data, size_t len);
-
-size_t read_file_size(const char* file_path);
-
-int read_file_to_file(const char* src_path, const char* dst_path);
-
-int dir_exist_or_mkdir(const char* dir);
-
-/**
- * @return files.size()
- */
-int read_dir_files(const char* dir_path, std::vector<std::string>& files);
-
-}
-#endif //PADDLE_MODEL_PROTECT_IO_UTILS_H

dygraph/deploy/cpp/encryption/src/util/log.h

@@ -1,9 +0,0 @@
-#ifndef PADDLE_MODEL_PROTECT_UTIL_LOG_H
-#define PADDLE_MODEL_PROTECT_UTIL_LOG_H
-
-#include <stdio.h>
-
-#define LOGD(fmt,...)\
-    printf("{%s:%u}:" fmt "\n", __FUNCTION__, __LINE__,  ##__VA_ARGS__)
-
-#endif //PADDLE_MODEL_PROTECT_UTIL_LOG_H

dygraph/deploy/cpp/encryption/src/util/system_utils.cpp

@@ -1,124 +0,0 @@
-#include <sys/timeb.h>
-#include <string.h>
-#include <model_code.h>
-#include <algorithm>
-#include <iterator>
-#include "system_utils.h"
-#include "crypto/basic.h"
-#include "crypto/sha256_utils.h"
-#include "io_utils.h"
-#include "log.h"
-#include "../constant/constant_model.h"
-
-const char alphabet[] = "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(){}[]<>?~";
-
-namespace util {
-
-int SystemUtils::intN(int n) {
-    return rand() % n;
-}
-
-std::string SystemUtils::random_key_iv(int len) {
-    unsigned char* tmp = (unsigned char*) malloc(sizeof(unsigned char) * len);
-    int ret = util::crypto::Basic::random(tmp, len);
-    std::string tmp_str(reinterpret_cast<const char*>(tmp), len);
-    free(tmp);
-    return tmp_str;
-}
-
-std::string SystemUtils::random_str(int len) {
-    unsigned char* tmp = (unsigned char*) malloc(sizeof(unsigned char) * len);
-    int ret = util::crypto::Basic::random(tmp, len);
-    std::string tmp_str(reinterpret_cast<const char*>(tmp), len);
-    free(tmp);
-    return tmp_str;
-}
-
-int SystemUtils::check_key_match(const char* key, const char* filepath) {
-    std::string aes_key_iv(key);
-    std::string sha256_aes_key_iv = util::crypto::SHA256Utils::sha256_string(aes_key_iv);
-
-    unsigned char* data_pos = (unsigned char*) malloc(sizeof(unsigned char) * 64);
-    int ret =
-        ioutil::read_with_pos_and_length(filepath, data_pos, constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN, 64);
-    if (ret != CODE_OK) {
-        LOGD("[M]read file failed when check key");
-        return ret;
-    }
-    std::string check_str((char*) data_pos, 64);
-    free(data_pos);
-
-    if (strcmp(sha256_aes_key_iv.c_str(), check_str.c_str()) != 0) {
-        return CODE_KEY_NOT_MATCH;
-    }
-    return CODE_OK;
-}
-
-int SystemUtils::check_key_match(const std::string &key, std::istream &cipher_stream) {
-    cipher_stream.seekg(0, std::ios::beg);
-    std::string sha256_aes_key_iv = util::crypto::SHA256Utils::sha256_string(key);
-    int check_len = 64;
-
-    std::string data_pos_str;
-    cipher_stream.seekg(constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN);
-    std::copy_n(std::istreambuf_iterator<char>(cipher_stream), check_len, std::back_inserter(data_pos_str));
-    if (data_pos_str.size() != check_len){
-        LOGD("[M]read file failed when check key");
-        return CODE_OPEN_FAILED;
-    }
-    if (data_pos_str == sha256_aes_key_iv){
-        return CODE_OK;
-    }
-    
-    return CODE_KEY_NOT_MATCH;
-}
-
-/**
- *
- * @param filepath
- * @return 0 - file encrypted    1 - file unencrypted
- */
-int SystemUtils::check_file_encrypted(const char* filepath) {
-    size_t read_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN;
-    unsigned char* data_pos = (unsigned char*) malloc(sizeof(unsigned char) * read_len);
-    if (ioutil::read_with_pos_and_length(filepath, data_pos, 0, read_len) != CODE_OK) {
-        LOGD("check file failed when read %s(file)", filepath);
-        return CODE_OPEN_FAILED;
-    }
-
-    std::string tag(constant::MAGIC_NUMBER);
-    tag.append(constant::VERSION);
-    int ret_cmp = strcmp(tag.c_str(), (const char*) data_pos) == 0 ? 0 : 1;
-    free(data_pos);
-    return ret_cmp;
-}
-
-int SystemUtils::check_file_encrypted(std::istream &cipher_stream) {
-    cipher_stream.seekg(0, std::ios::beg);
-    size_t read_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN;
-    std::string data_pos_str;
-    std::copy_n(std::istreambuf_iterator<char>(cipher_stream), read_len, std::back_inserter(data_pos_str));
-    if (data_pos_str.size() != read_len){
-        LOGD("check file failed when read cipher stream");
-        return CODE_OPEN_FAILED;
-    }
-
-    std::string tag(constant::MAGIC_NUMBER);
-    tag.append(constant::VERSION);
-    if (data_pos_str == tag){
-        return 0;
-    }
-
-    return 1;
-}
-
-int SystemUtils::check_pattern_exist(const std::vector<std::string>& vecs, const std::string& pattern) {
-
-    if (std::find(vecs.begin(), vecs.end(), pattern) == vecs.end()) {
-        return -1; // not exist
-    } else {
-        return 0; // exist
-    }
-}
-
-}

dygraph/deploy/cpp/encryption/src/util/system_utils.h

@@ -1,26 +0,0 @@
-#include <string>
-#include <vector>
-
-#ifndef PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H
-#define PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H
-
-namespace util {
-
-class SystemUtils {
-public:
-    static std::string random_key_iv(int len);
-    static std::string random_str(int len);
-    static int check_key_match(const char* key, const char* filepath);
-    static int check_key_match(const std::string &key, std::istream &cipher_stream);
-    static int check_file_encrypted(const char* filepath);
-    static int check_file_encrypted(std::istream &cipher_stream);
-    static int check_pattern_exist(const std::vector<std::string>& vecs, const std::string& pattern);
-
-private:
-    inline static int intN(int n);
-
-};
-
-}
-
-#endif //PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H

dygraph/deploy/cpp/encryption/util/include/constant/constant_model.h

@@ -0,0 +1,30 @@
+//   Copyright (c) 2020 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#ifndef PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H
+#define PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H
+
+namespace constant {
+
+const static std::string MAGIC_NUMBER = "PADDLE";  // NOLINT
+const static std::string VERSION = "1";            // NOLINT
+
+const static int MAGIC_NUMBER_LEN = 6;  // NOLINT
+const static int VERSION_LEN = 1;       // NOLINT
+const static int TAG_LEN = 128;         // NOLINT
+
+}  // namespace constant
+
+#endif  // PADDLE_MODEL_PROTECT_CONSTANT_CONSTANT_MODEL_H

dygraph/deploy/cpp/encryption/util/include/crypto/aes_gcm.h

@@ -0,0 +1,129 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H
+#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H
+
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+#include <iostream>
+#include <string>
+
+#include "encryption/util/include/crypto/basic.h"
+
+namespace util {
+namespace crypto {
+// aes key 32 byte for 256 bit
+#define AES_GCM_KEY_LENGTH 32
+
+// aes tag 16 byte for 128 bit
+#define AES_GCM_TAG_LENGTH 16
+
+// aes iv 12 byte for 96 bit
+#define AES_GCM_IV_LENGTH 16
+
+class AesGcm {
+ public:
+  /**
+   * \brief        initial aes-gcm-256 context use key & iv
+   *
+   * \note         initial aes-gcm-256 context use key & iv. gcm mode
+   *               will generate a tag(16 byte), so the ciphertext's length
+   *               should be longer 16 byte than plaintext.
+   *
+   *
+   * \param plaintext     plain text to be encrypted(in)
+   * \param len      plain text's length(in)
+   * \param key     aes key (in)
+   * \param iv      aes iv (in)
+   * \param ciphertext   encrypted text(out)
+   * \param out_len   encrypted length(out)
+   *
+   * \return         return  0 if successful
+   *                        -1 EVP_CIPHER_CTX_new or aes_gcm_key error
+   *                        -2 EVP_EncryptUpdate error
+   *                        -3 EVP_EncryptFinal_ex error
+   *                        -4 EVP_CIPHER_CTX_ctrl error
+   */
+  static int encrypt_aes_gcm(const unsigned char* plaintext, const int& len,
+                             const unsigned char* key, const unsigned char* iv,
+                             unsigned char* ciphertext,
+                             int& out_len);  // NOLINT
+  /**
+   * \brief        encrypt using aes-gcm-256
+   *
+   * \note         encrypt using aes-gcm-256
+   *
+   * \param ciphertext     cipher text to be decrypted(in)
+   * \param len      plain text's length(in)
+   * \param key     aes key (in)
+   * \param iv      aes iv (in)
+   * \param plaintext   decrypted text(out)
+   * \param out_len   decrypted length(out)
+   *
+   * \return         return  0 if successful
+   *                        -1 EVP_CIPHER_CTX_new or aes_gcm_key error
+   *                        -2 EVP_DecryptUpdate error
+   *                        -3 EVP_CIPHER_CTX_ctrl error
+   *                        -4 EVP_DecryptFinal_ex error
+   */
+  static int decrypt_aes_gcm(const unsigned char* ciphertext, const int& len,
+                             const unsigned char* key, const unsigned char* iv,
+                             unsigned char* plaintext, int& out_len);  // NOLINT
+
+ private:
+  /**
+   * \brief        initial aes-gcm-256 context use key & iv
+   *
+   * \note         initial aes-gcm-256 context use key & iv
+   *
+   * \param key     aes key (in)
+   * \param iv      aes iv (in)
+   * \param e_ctx   encryption context(out)
+   * \param d_ctx   decryption context(out)
+   *
+   * \return         return  0 if successful
+   *                        -1 EVP_xxcryptInit_ex error
+   *                        -2 EVP_CIPHER_CTX_ctrl error
+   *                        -3 EVP_xxcryptInit_ex error
+   */
+  static int aes_gcm_key(const unsigned char* key, const unsigned char* iv,
+                         EVP_CIPHER_CTX* e_ctx, EVP_CIPHER_CTX* d_ctx);
+
+  /**
+   * \brief        initial aes-gcm-256 context use key & iv
+   *
+   * \note         initial aes-gcm-256 context use key & iv
+   *
+   * \param key     aes key (in)
+   * \param iv      aes iv (in)
+   * \param e_ctx   encryption context(out)
+   * \param d_ctx   decryption context(out)
+   *
+   * \return         return  0 if successful
+   *                        -1 EVP_xxcryptInit_ex error
+   *                        -2 EVP_CIPHER_CTX_ctrl error
+   *                        -3 EVP_xxcryptInit_ex error
+   *                        -4 invalid key length or iv length
+   *                        -5 hex_to_byte error
+   */
+  static int aes_gcm_key(const std::string& key_hex, const std::string& iv_hex,
+                         EVP_CIPHER_CTX* e_ctx, EVP_CIPHER_CTX* d_ctx);
+};
+
+}  // namespace crypto
+}  // namespace util
+
+#endif  // PADDLE_MODEL_PROTECT_UTIL_CRYPTO_AES_GCM_H

dygraph/deploy/cpp/encryption/util/include/crypto/base64.h

@@ -0,0 +1,45 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#include <vector>
+#include <string>
+
+#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_BASE64_UTILS_H
+#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_BASE64_UTILS_H
+
+namespace baidu {
+namespace base {
+namespace base64 {
+
+std::string base64_encode(const std::string& input);
+std::string base64_decode(const std::string& input);
+
+}  // namespace base64
+}  // namespace base
+}  // namespace baidu
+
+// namespace util {
+// namespace crypto {
+
+// class Base64Utils {
+// public:
+//     static std::string encode(const ::std::string& data);
+
+//     static std::string decode(const ::std::string& data);
+// };
+
+// }
+// }
+#endif  // PADDLE_MODEL_PROTECT_BASE64_UTILS_H

dygraph/deploy/cpp/encryption/util/include/crypto/basic.h

@@ -0,0 +1,77 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#ifndef PADDLE_MODEL_PROTECT_UTIL_BASIC_H
+#define PADDLE_MODEL_PROTECT_UTIL_BASIC_H
+
+#include <iomanip>
+#include <iostream>
+#include <random>
+#include <string>
+#include <sstream>
+
+namespace util {
+namespace crypto {
+
+class Basic {
+ public:
+  /**
+   * \brief        byte to hex
+   *
+   * \note         byte to hex.
+   *
+   *
+   * \param in_byte  byte array(in)
+   * \param len      byte array length(in)
+   * \param out_hex  the hex string(in)
+   *
+   *
+   * \return         return  0 if successful
+   */
+  static int byte_to_hex(const unsigned char* in_byte, int len,
+                         std::string& out_hex);  // NOLINT
+
+  /**
+   * \brief        hex to byte
+   *
+   * \note         hex to byte.
+   *
+   *
+   * \param in_hex    the hex string(in)
+   * \param out_byte  byte array(out)
+   *
+   * \return         return  0 if successful
+   *                        -1 invalid in_hex
+   */
+  static int hex_to_byte(const std::string& in_hex, unsigned char* out_byte);
+
+  /**
+   * \brief        get random char for length
+   *
+   * \note         get random char for length
+   *
+   *
+   * \param array     to be random(out)
+   * \param len       array length(in)
+   *
+   * \return         return  0 if successful
+   *                        -1 invalid parameters
+   */
+  static int random(unsigned char* random, int len);
+};
+
+}  // namespace crypto
+}  // namespace util
+#endif  // PADDLE_MODEL_PROTECT_UTIL_BASIC_H

dygraph/deploy/cpp/encryption/util/include/crypto/sha256_utils.h

@@ -0,0 +1,39 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#include <vector>
+#include <string>
+
+#ifndef PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H
+#define PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H
+
+namespace util {
+namespace crypto {
+
+class SHA256Utils {
+ public:
+  static void sha256(const void* data, size_t len, unsigned char* md);
+  static std::vector<unsigned char> sha256(const void* data, size_t len);
+  static std::vector<unsigned char> sha256(
+      const std::vector<unsigned char>& data);
+  static std::string sha256_string(const void* data, size_t len);
+  static std::string sha256_string(const std::vector<unsigned char>& data);
+  static std::string sha256_string(const std::string& string);
+  static std::string sha256_file(const std::string& path);
+};
+
+}  // namespace crypto
+}  // namespace util
+#endif  // PADDLE_MODEL_PROTECT_UTIL_CRYPTO_SHA256_UTILS_H

dygraph/deploy/cpp/encryption/util/include/io_utils.h

@@ -0,0 +1,52 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#include <iostream>
+#include <memory>
+#include <vector>
+#include <string>
+
+#ifndef PADDLE_MODEL_PROTECT_IO_UTILS_H
+#define PADDLE_MODEL_PROTECT_IO_UTILS_H
+
+namespace ioutil {
+
+int read_file(const char* file_path, unsigned char** dataptr, size_t* sizeptr);
+
+int read_with_pos_and_length(const char* file_path, unsigned char* dataptr,
+                             size_t pos, size_t length);
+
+int read_with_pos(const char* file_path, size_t pos, unsigned char** dataptr,
+                  size_t* sizeptr);
+
+int write_file(const char* file_path, const unsigned char* dataptr,
+               size_t sizeptr);
+
+int append_file(const char* file_path, const unsigned char* data, size_t len);
+
+size_t read_file_size(const char* file_path);
+
+int read_file_to_file(const char* src_path, const char* dst_path);
+
+int dir_exist_or_mkdir(const char* dir);
+
+/**
+ * @return files.size()
+ */
+int read_dir_files(const char* dir_path,
+                   std::vector<std::string>& files);  // NOLINT
+
+}  // namespace ioutil
+#endif  // PADDLE_MODEL_PROTECT_IO_UTILS_H

dygraph/deploy/cpp/encryption/util/include/log.h

@@ -0,0 +1,24 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#ifndef PADDLE_MODEL_PROTECT_UTIL_LOG_H
+#define PADDLE_MODEL_PROTECT_UTIL_LOG_H
+
+#include <stdio.h>
+
+#define LOGD(fmt, ...) \
+  printf("{%s:%u}:" fmt "\n", __FUNCTION__, __LINE__, ##__VA_ARGS__)
+
+#endif  // PADDLE_MODEL_PROTECT_UTIL_LOG_H

dygraph/deploy/cpp/encryption/util/include/system_utils.h

@@ -0,0 +1,42 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#pragma once
+
+#include <string>
+#include <vector>
+
+#ifndef PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H
+#define PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H
+
+namespace util {
+
+class SystemUtils {
+ public:
+  static std::string random_key_iv(int len);
+  static std::string random_str(int len);
+  static int check_key_match(const char* key, const char* filepath);
+  static int check_key_match(const std::string& key,
+                             std::istream& cipher_stream);
+  static int check_file_encrypted(const char* filepath);
+  static int check_file_encrypted(std::istream& cipher_stream);
+  static int check_pattern_exist(const std::vector<std::string>& vecs,
+                                 const std::string& pattern);
+
+ private:
+  inline static int intN(int n);
+};
+
+}  // namespace util
+
+#endif  // PADDLE_MODEL_PROTECT_SYSTEM_UTIL_H

dygraph/deploy/cpp/encryption/util/src/crypto/aes_gcm.cpp

@@ -0,0 +1,192 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <iostream>
+
+#include "encryption/util/include/crypto/aes_gcm.h"
+
+namespace util {
+namespace crypto {
+
+int AesGcm::aes_gcm_key(const unsigned char* key, const unsigned char* iv,
+                        EVP_CIPHER_CTX* e_ctx, EVP_CIPHER_CTX* d_ctx) {
+  int ret = 0;
+  if (e_ctx != NULL) {
+    ret = EVP_EncryptInit_ex(e_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+    if (ret != 1) {
+      return -1;
+    }
+    ret = EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_SET_IVLEN, AES_GCM_IV_LENGTH,
+                              NULL);
+    if (ret != 1) {
+      return -2;
+    }
+    ret = EVP_EncryptInit_ex(e_ctx, NULL, NULL, key, iv);
+    if (ret != 1) {
+      return -3;
+    }
+  }
+  // initial decrypt ctx
+  if (d_ctx != NULL) {
+    ret = EVP_DecryptInit_ex(d_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+    if (!ret) {
+      return -1;
+    }
+    ret = EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_IVLEN, AES_GCM_IV_LENGTH,
+                              NULL);
+    if (!ret) {
+      return -2;
+    }
+    ret = EVP_DecryptInit_ex(d_ctx, NULL, NULL, key, iv);
+    if (!ret) {
+      return -3;
+    }
+  }
+  return 0;
+}
+
+int AesGcm::aes_gcm_key(const std::string& key_hex, const std::string& iv_hex,
+                        EVP_CIPHER_CTX* e_ctx, EVP_CIPHER_CTX* d_ctx) {
+  // check key_hex and iv_hex length
+  if (key_hex.length() != AES_GCM_KEY_LENGTH * 2 ||
+      iv_hex.length() != AES_GCM_IV_LENGTH * 2) {
+    return -4;
+  }
+
+  unsigned char key[AES_GCM_KEY_LENGTH];
+  unsigned char iv[AES_GCM_IV_LENGTH];
+
+  int ret = Basic::hex_to_byte(key_hex, key);
+  if (ret < 0) {
+    return -5;
+  }
+  ret = Basic::hex_to_byte(iv_hex, iv);
+  if (ret < 0) {
+    return -5;
+  }
+  return aes_gcm_key(key, iv, e_ctx, d_ctx);
+}
+
+int AesGcm::encrypt_aes_gcm(const unsigned char* plaintext, const int& len,
+                            const unsigned char* key, const unsigned char* iv,
+                            unsigned char* ciphertext, int& out_len) {
+  EVP_CIPHER_CTX* ctx = NULL;
+  int ret = 0;
+  int update_len = 0;
+  int ciphertext_len = 0;
+  unsigned char tag_char[AES_GCM_TAG_LENGTH];
+
+  if (!(ctx = EVP_CIPHER_CTX_new())) {
+    return -1;
+  }
+  // initial context
+  ret = aes_gcm_key(key, iv, ctx, NULL);
+  if (ret) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -1;
+  }
+  // encryption
+  ret = EVP_EncryptUpdate(ctx, ciphertext, &update_len, plaintext, len);
+  if (ret != 1) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -2;
+  }
+  ciphertext_len = update_len;
+
+  ret = EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &update_len);
+  if (1 != ret) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -3;
+  }
+  ciphertext_len += update_len;
+
+  // Get the tags for authentication
+  ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GCM_TAG_LENGTH,
+                            tag_char);
+  if (1 != ret) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -4;
+  }
+
+  EVP_CIPHER_CTX_free(ctx);
+
+  // append the tags to the end of encryption text
+  for (int i = 0; i < AES_GCM_TAG_LENGTH; ++i) {
+    ciphertext[ciphertext_len + i] = tag_char[i];
+  }
+  out_len = ciphertext_len + AES_GCM_TAG_LENGTH;
+
+  return 0;
+}
+
+int AesGcm::decrypt_aes_gcm(const unsigned char* ciphertext, const int& len,
+                            const unsigned char* key, const unsigned char* iv,
+                            unsigned char* plaintext, int& out_len) {
+  EVP_CIPHER_CTX* ctx = NULL;
+  int ret = 0;
+  int update_len = 0;
+  int cipher_len = 0;
+  int plaintext_len = 0;
+  unsigned char tag_char[AES_GCM_TAG_LENGTH];
+
+  // get the tag at the end of ciphertext
+  for (int i = 0; i < AES_GCM_TAG_LENGTH; ++i) {
+    tag_char[i] = ciphertext[len - AES_GCM_TAG_LENGTH + i];
+  }
+  cipher_len = len - AES_GCM_TAG_LENGTH;
+
+  // initial aes context
+  if (!(ctx = EVP_CIPHER_CTX_new())) {
+    return -1;
+  }
+
+  ret = aes_gcm_key(key, iv, NULL, ctx);
+  if (ret) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -1;
+  }
+
+  // decryption
+  ret = EVP_DecryptUpdate(ctx, plaintext, &update_len, ciphertext, cipher_len);
+  if (ret != 1) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -2;
+  }
+  plaintext_len = update_len;
+
+  // check if the tag is equal to the decrption tag
+  ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GCM_TAG_LENGTH,
+                            tag_char);
+  if (!ret) {
+    EVP_CIPHER_CTX_free(ctx);
+    // decrption failed
+    return -3;
+  }
+
+  ret = EVP_DecryptFinal_ex(ctx, plaintext + update_len, &update_len);
+  if (ret <= 0) {
+    EVP_CIPHER_CTX_free(ctx);
+    return -4;
+  }
+
+  plaintext_len += update_len;
+
+  EVP_CIPHER_CTX_free(ctx);
+
+  out_len = plaintext_len;
+  return 0;
+}
+
+}  // namespace crypto
+}  // namespace util

dygraph/deploy/cpp/encryption/util/src/crypto/base64.cpp

@@ -0,0 +1,229 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "encryption/util/include/crypto/base64.h"
+
+using std::string;
+
+namespace baidu {
+namespace base {
+namespace base64 {
+
+namespace {
+const string base64_chars =  // NOLINT
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "abcdefghijklmnopqrstuvwxyz"
+    "0123456789+/";
+
+inline bool is_base64(unsigned char c) {
+  return isalnum(c) || (c == '+') || (c == '/');
+}
+
+inline size_t encode_len(size_t input_len) { return (input_len + 2) / 3 * 4; }
+
+void encode_char_array(unsigned char *encode_block,
+                       const unsigned char *decode_block) {
+  encode_block[0] = (decode_block[0] & 0xfc) >> 2;
+  encode_block[1] =
+      ((decode_block[0] & 0x03) << 4) + ((decode_block[1] & 0xf0) >> 4);
+  encode_block[2] =
+      ((decode_block[1] & 0x0f) << 2) + ((decode_block[2] & 0xc0) >> 6);
+  encode_block[3] = decode_block[2] & 0x3f;
+}
+
+void decode_char_array(unsigned char *encode_block,
+                       unsigned char *decode_block) {
+  for (int i = 0; i < 4; ++i) {
+    encode_block[i] = base64_chars.find(encode_block[i]);
+  }
+  decode_block[0] = (encode_block[0] << 2) + ((encode_block[1] & 0x30) >> 4);
+  decode_block[1] =
+      ((encode_block[1] & 0xf) << 4) + ((encode_block[2] & 0x3c) >> 2);
+  decode_block[2] = ((encode_block[2] & 0x3) << 6) + encode_block[3];
+}
+}  // namespace
+
+string base64_encode(const string &input) {
+  string output;
+  size_t i = 0;
+  unsigned char decode_block[3];
+  unsigned char encode_block[4];
+
+  for (string::size_type len = 0; len != input.size(); ++len) {
+    decode_block[i++] = input[len];
+    if (i == 3) {
+      encode_char_array(encode_block, decode_block);
+      for (i = 0; i < 4; ++i) {
+        output += base64_chars[encode_block[i]];
+      }
+      i = 0;
+    }
+  }
+
+  if (i > 0) {
+    for (size_t j = i; j < 3; ++j) {
+      decode_block[j] = '\0';
+    }
+
+    encode_char_array(encode_block, decode_block);
+
+    for (size_t j = 0; j < i + 1; ++j) {
+      output += base64_chars[encode_block[j]];
+    }
+
+    while (i++ < 3) {
+      output += '=';
+    }
+  }
+
+  return output;
+}
+
+string base64_decode(const string &encoded_string) {
+  int in_len = encoded_string.size();
+  int i = 0;
+  int len = 0;
+  unsigned char encode_block[4];
+  unsigned char decode_block[3];
+  string output;
+
+  while (in_len-- && (encoded_string[len] != '=') &&
+         is_base64(encoded_string[len])) {
+    encode_block[i++] = encoded_string[len];
+    len++;
+    if (i == 4) {
+      decode_char_array(encode_block, decode_block);
+
+      for (int j = 0; j < 3; ++j) {
+        output += decode_block[j];
+      }
+      i = 0;
+    }
+  }
+
+  if (i > 0) {
+    for (int j = i; j < 4; ++j) {
+      encode_block[j] = 0;
+    }
+
+    decode_char_array(encode_block, decode_block);
+
+    for (int j = 0; j < i - 1; ++j) {
+      output += decode_block[j];
+    }
+  }
+
+  return output;
+}
+
+}  // namespace base64
+}  // namespace base
+}  // namespace baidu
+// #include <string>
+// #include <cassert>
+// #include <limits>
+// #include <stdexcept>
+// #include <ctype.h>
+// #include "base64_utils.h"
+
+// namespace util {
+// namespace crypto {
+
+// static const char b64_table[65] =
+// "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+// static const char reverse_table[128] = {
+//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
+//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
+//     64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
+//     52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
+//     64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+//     15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
+//     64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+//     41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64
+// };
+
+// std::string Base64Utils::encode(const ::std::string& data) {
+//     try {
+//         if (data.size() > (std::numeric_limits<std::string::size_type>::max()
+//         / 4u) * 3u) {
+//             throw ::std::length_error("Converting too large a string to
+//             base64.");
+//         }
+//     } catch (std::length_error& e) {
+//         printf("%s\n", e.what());
+//         return "";
+//     }
+
+//     const std::size_t binlen = data.size();
+//     std::string retval((((binlen + 2) / 3) * 4), '=');
+//     std::size_t outpos = 0;
+//     int bits_collected = 0;
+//     unsigned int accumulator = 0;
+//     const std::string::const_iterator binend = data.end();
+
+//     for (std::string::const_iterator i = data.begin(); i != binend; ++i) {
+//         accumulator = (accumulator << 8) | (*i & 0xffu);
+//         bits_collected += 8;
+//         while (bits_collected >= 6) {
+//             bits_collected -= 6;
+//             retval[outpos++] = b64_table[(accumulator >> bits_collected) &
+//             0x3fu];
+//         }
+//     }
+//     if (bits_collected > 0) { // Any trailing bits that are missing.
+//         assert(bits_collected < 6);
+//         accumulator <<= 6 - bits_collected;
+//         retval[outpos++] = b64_table[accumulator & 0x3fu];
+//     }
+//     assert(outpos >= (retval.size() - 2));
+//     assert(outpos <= retval.size());
+//     return retval;
+// }
+
+// std::string Base64Utils::decode(const std::string& data) {
+//     std::string retval;
+//     const std::string::const_iterator last = data.end();
+//     int bits_collected = 0;
+//     unsigned int accumulator = 0;
+
+//     try {
+
+//         for (std::string::const_iterator i = data.begin(); i != last; ++i) {
+//             const int c = *i;
+//             if (isspace(c) || c == '=') {
+//                 continue;
+//             }
+//             if ((c > 127) || (c < 0) || (reverse_table[c] > 63)) {
+//                 throw ::std::invalid_argument("This contains characters not
+//                 legal in a base64 encoded string.");
+//             }
+//             accumulator = (accumulator << 6) | reverse_table[c];
+//             bits_collected += 6;
+//             if (bits_collected >= 8) {
+//                 bits_collected -= 8;
+//                 retval += static_cast<char>((accumulator >> bits_collected) &
+//                 0xffu);
+//             }
+//         }
+//     } catch (std::invalid_argument& e) {
+//         printf("%s\n", e.what());
+//         return "";
+//     }
+
+//     return retval;
+// }
+
+// }
+// }

dygraph/deploy/cpp/encryption/util/src/crypto/basic.cpp

@@ -0,0 +1,80 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include "encryption/util/include/crypto/basic.h"
+
+namespace util {
+namespace crypto {
+
+int Basic::byte_to_hex(const unsigned char* in_byte, int len,
+                       std::string& out_hex) {
+  std::ostringstream oss;
+  oss << std::hex << std::setfill('0');
+  for (int i = 0; i < len; ++i) {
+    oss << std::setw(2) << int(in_byte[i]);
+  }
+  out_hex = oss.str();
+  return 0;
+}
+
+int Basic::hex_to_byte(const std::string& in_hex, unsigned char* out_byte) {
+  int i = 0;
+  int j = 0;
+  int len = in_hex.length() / 2;
+  const unsigned char* hex;
+  if (in_hex.length() % 2 != 0 || out_byte == NULL) {
+    return -1;
+  }
+  hex = (unsigned char*)in_hex.c_str();
+
+  for (; j < len; i += 2, ++j) {
+    unsigned char high = hex[i];
+    unsigned char low = hex[i + 1];
+    if (high >= '0' && high <= '9') {
+      high = high - '0';
+    } else if (high >= 'A' && high <= 'F') {
+      high = high - 'A' + 10;
+    } else if (high >= 'a' && high <= 'f') {
+      high = high - 'a' + 10;
+    } else {
+      return -2;
+    }
+
+    if (low >= '0' && low <= '9') {
+      low = low - '0';
+    } else if (low >= 'A' && low <= 'F') {
+      low = low - 'A' + 10;
+    } else if (low >= 'a' && low <= 'f') {
+      low = low - 'a' + 10;
+    } else {
+      return -2;
+    }
+    out_byte[j] = high << 4 | low;
+  }
+  return 0;
+}
+
+int Basic::random(unsigned char* random, int len) {
+  std::random_device rd;
+  int i = 0;
+  if (len <= 0 || random == NULL) {
+    return -1;
+  }
+  for (; i < len; ++i) {
+    random[i] = rd() % 256;
+  }
+  return 0;
+}
+
+}  // namespace crypto
+}  // namespace util

dygraph/deploy/cpp/encryption/util/src/crypto/sha256_utils.cpp

@@ -0,0 +1,84 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <stdio.h>
+#include <openssl/sha.h>
+#include <iomanip>
+#include <sstream>
+
+#include "encryption/util/include/crypto/sha256_utils.h"
+
+namespace util {
+namespace crypto {
+
+void SHA256Utils::sha256(const void* data, size_t len, unsigned char* md) {
+  SHA256_CTX sha_ctx = {};
+  SHA256_Init(&sha_ctx);
+  SHA256_Update(&sha_ctx, data, len);
+  SHA256_Final(md, &sha_ctx);
+}
+std::vector<unsigned char> SHA256Utils::sha256(const void* data, size_t len) {
+  std::vector<unsigned char> md(32);
+  sha256(data, len, &md[0]);
+  return md;
+}
+std::vector<unsigned char> SHA256Utils::sha256(
+    const std::vector<unsigned char>& data) {
+  return sha256(&data[0], data.size());
+}
+std::string SHA256Utils::sha256_string(const void* data, size_t len) {
+  std::vector<unsigned char> md = sha256(data, len);
+  std::ostringstream oss;
+  oss << std::hex << std::setfill('0');
+  for (unsigned char c : md) {
+    oss << std::setw(2) << int(c);
+  }
+  return oss.str();
+}
+std::string SHA256Utils::sha256_string(const std::vector<unsigned char>& data) {
+  return sha256_string(&data[0], data.size());
+}
+std::string SHA256Utils::sha256_string(const std::string& string) {
+  return sha256_string(string.c_str(), string.size());
+}
+std::string SHA256Utils::sha256_file(const std::string& path) {
+  FILE* file = fopen(path.c_str(), "rb");
+  if (!file) {
+    return "";
+  }
+  unsigned char hash[SHA256_DIGEST_LENGTH];
+  SHA256_CTX sha_ctx = {};
+  SHA256_Init(&sha_ctx);
+  const int size = 32768;
+  void* buffer = malloc(size);
+  if (!buffer) {
+    fclose(file);
+    return "";
+  }
+  int read = 0;
+  while ((read = fread(buffer, 1, size, file))) {
+    SHA256_Update(&sha_ctx, buffer, read);
+  }
+  SHA256_Final(hash, &sha_ctx);
+  std::ostringstream oss;
+  oss << std::hex << std::setfill('0');
+  for (unsigned char c : hash) {
+    oss << std::setw(2) << int(c);
+  }
+  fclose(file);
+  free(buffer);
+  return oss.str();
+}
+
+}  // namespace crypto
+}  // namespace util

dygraph/deploy/cpp/encryption/util/src/io_utils.cpp

@@ -0,0 +1,224 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifdef linux
+#include <unistd.h>
+#include <dirent.h>
+#endif
+#ifdef WIN32
+#include <windows.h>
+#include <io.h>
+#endif
+
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <iostream>
+
+#include "encryption/util/include/io_utils.h"
+#include "encryption/include/model_code.h"
+#include "encryption/util/include/log.h"
+
+namespace ioutil {
+
+int read_file(const char* file_path, unsigned char** dataptr, size_t* sizeptr) {
+  FILE* fp = NULL;
+  fp = fopen(file_path, "rb");
+  if (fp == NULL) {
+    LOGD("[M]open file(%s) failed", file_path);
+    return CODE_OPEN_FAILED;
+  }
+
+  fseek(fp, 0, SEEK_END);
+  *sizeptr = ftell(fp);
+  *dataptr = (unsigned char*)malloc(sizeof(unsigned char) * (*sizeptr));
+
+  fseek(fp, 0, SEEK_SET);
+  fread(*dataptr, 1, *sizeptr, fp);
+  fclose(fp);
+
+  return CODE_OK;
+}
+
+int read_with_pos_and_length(const char* file_path, unsigned char* dataptr,
+                             size_t pos, size_t length) {
+  if (dataptr == NULL) {
+    LOGD("Read file pos dataptr = NULL");
+    return CODE_READ_FILE_PTR_IS_NULL;
+  }
+
+  FILE* fp = NULL;
+  if ((fp = fopen(file_path, "rb")) == NULL) {
+    LOGD("[M]open file(%s) failed", file_path);
+    return CODE_OPEN_FAILED;
+  }
+
+  fseek(fp, pos, SEEK_SET);
+  fread(dataptr, 1, length, fp);
+  fclose(fp);
+
+  return CODE_OK;
+}
+
+int read_with_pos(const char* file_path, size_t pos, unsigned char** dataptr,
+                  size_t* sizeptr) {
+  FILE* fp = NULL;
+  if ((fp = fopen(file_path, "rb")) == NULL) {
+    LOGD("[M]open file(%s) failed when read_with_pos", file_path);
+    return CODE_OPEN_FAILED;
+  }
+
+  fseek(fp, 0, SEEK_END);
+  size_t filesize = ftell(fp);
+
+  *sizeptr = filesize - pos;
+  *dataptr = (unsigned char*)malloc(sizeof(unsigned char) * (filesize - pos));
+  fseek(fp, pos, SEEK_SET);
+  fread(*dataptr, 1, filesize - pos, fp);
+  fclose(fp);
+
+  return CODE_OK;
+}
+
+int write_file(const char* file_path, const unsigned char* dataptr,
+               size_t sizeptr) {
+  FILE* fp = NULL;
+  if ((fp = fopen(file_path, "wb")) == NULL) {
+    LOGD("[M]open file(%s) failed", file_path);
+    return CODE_OPEN_FAILED;
+  }
+
+  fwrite(dataptr, 1, sizeptr, fp);
+
+  fclose(fp);
+  return CODE_OK;
+}
+
+int append_file(const char* file_path, const unsigned char* data, size_t len) {
+  FILE* fp = fopen(file_path, "ab+");
+  if (fp == NULL) {
+    LOGD("[M]open file(%s) failed when append_file", file_path);
+    return CODE_OPEN_FAILED;
+  }
+  fwrite(data, sizeof(char), len, fp);
+  fclose(fp);
+  return CODE_OK;
+}
+
+size_t read_file_size(const char* file_path) {
+  FILE* fp = NULL;
+  fp = fopen(file_path, "rb");
+  if (fp == NULL) {
+    LOGD("[M]open file(%s) failed when read_file_size", file_path);
+    return 0;
+  }
+
+  fseek(fp, 0, SEEK_END);
+  size_t filesize = ftell(fp);
+  fclose(fp);
+
+  return filesize;
+}
+
+int read_file_to_file(const char* src_path, const char* dst_path) {
+  FILE* infp = NULL;
+  if ((infp = fopen(src_path, "rb")) == NULL) {
+    LOGD("[M]read src file failed when read_file_to_file");
+    return CODE_OPEN_FAILED;
+  }
+
+  fseek(infp, 0, SEEK_END);
+  size_t insize = ftell(infp);
+  char* content = reinterpret_cast<char*>(malloc(sizeof(char) * insize));
+
+  fseek(infp, 0, SEEK_SET);
+  fread(content, 1, insize, infp);
+  fclose(infp);
+
+  FILE* outfp = NULL;
+  if ((outfp = fopen(dst_path, "wb")) == NULL) {
+    LOGD("[M]open dst file failed when read_file_to_file");
+    return CODE_OPEN_FAILED;
+  }
+  fwrite(content, 1, insize, outfp);
+  fclose(outfp);
+  free(content);
+  return CODE_OK;
+}
+
+int read_dir_files(const char* dir_path,
+                   std::vector<std::string>& files) {  // NOLINT
+#ifdef linux
+  struct dirent* ptr;
+  DIR* dir = NULL;
+  dir = opendir(dir_path);
+  if (dir == NULL) {
+    return -1;  // CODE_NOT_EXIST_DIR
+  }
+  while ((ptr = readdir(dir)) != NULL) {
+    if (strcmp(ptr->d_name, ".") != 0 && strcmp(ptr->d_name, "..") != 0) {
+      files.push_back(ptr->d_name);
+    }
+  }
+  closedir(dir);
+#endif
+#ifdef WIN32
+  intptr_t handle;
+  struct _finddata_t fileinfo;
+
+  std::string tmp_dir(dir_path);
+  std::string::size_type idx = tmp_dir.rfind("\\*");
+  if (idx == std::string::npos || idx != tmp_dir.length() - 1) {
+    tmp_dir.append("\\*");
+  }
+
+  handle = _findfirst(tmp_dir.c_str(), &fileinfo);
+  if (handle == -1) {
+    return -1;
+  }
+
+  do {
+    std::cout << "File name = " << fileinfo.name << std::endl;
+    if (strcmp(fileinfo.name, ".") != 0 && strcmp(fileinfo.name, "..") != 0) {
+      files.push_back(fileinfo.name);
+    }
+  } while (!_findnext(handle, &fileinfo));
+
+  std::cout << files.size() << std::endl;
+  for (size_t i = 0; i < files.size(); i++) {
+    std::cout << files[i] << std::endl;
+  }
+
+  _findclose(handle);
+#endif
+  return files.size();
+}
+
+int dir_exist_or_mkdir(const char* dir) {
+#ifdef WIN32
+  if (CreateDirectory(dir, NULL)) {
+    // return CODE_OK;
+  } else {
+    return CODE_MKDIR_FAILED;
+  }
+
+#endif
+#ifdef linux
+  if (access(dir, 0) != 0) {
+    mkdir(dir, S_IRWXU | S_IRWXG | S_IRWXO);
+  }
+#endif
+  return CODE_OK;
+}
+
+}  // namespace ioutil

dygraph/deploy/cpp/encryption/util/src/system_utils.cpp

@@ -0,0 +1,145 @@
+// Copyright (c) 2021 PaddlePaddle Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <sys/timeb.h>
+#include <string.h>
+#include <algorithm>
+#include <iterator>
+
+#include "encryption/include/model_code.h"
+#include "encryption/util/include/system_utils.h"
+#include "encryption/util/include/crypto/basic.h"
+#include "encryption/util/include/crypto/sha256_utils.h"
+#include "encryption/util/include/io_utils.h"
+#include "encryption/util/include/log.h"
+#include "encryption/util/include/constant/constant_model.h"
+
+const char alphabet[] =
+    "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(){}[]<>?~";
+
+namespace util {
+
+int SystemUtils::intN(int n) { return rand() % n; }
+
+std::string SystemUtils::random_key_iv(int len) {
+  unsigned char* tmp = (unsigned char*)malloc(sizeof(unsigned char) * len);
+  int ret = util::crypto::Basic::random(tmp, len);
+  std::string tmp_str(reinterpret_cast<const char*>(tmp), len);
+  free(tmp);
+  return tmp_str;
+}
+
+std::string SystemUtils::random_str(int len) {
+  unsigned char* tmp = (unsigned char*)malloc(sizeof(unsigned char) * len);
+  int ret = util::crypto::Basic::random(tmp, len);
+  std::string tmp_str(reinterpret_cast<const char*>(tmp), len);
+  free(tmp);
+  return tmp_str;
+}
+
+int SystemUtils::check_key_match(const char* key, const char* filepath) {
+  std::string aes_key_iv(key);
+  std::string sha256_aes_key_iv =
+      util::crypto::SHA256Utils::sha256_string(aes_key_iv);
+
+  unsigned char* data_pos = (unsigned char*)malloc(sizeof(unsigned char) * 64);
+  int ret = ioutil::read_with_pos_and_length(
+      filepath, data_pos, constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN,
+      64);
+  if (ret != CODE_OK) {
+    LOGD("[M]read file failed when check key");
+    return ret;
+  }
+
+  std::string check_str(reinterpret_cast<char*>(data_pos), 64);
+  if (strcmp(sha256_aes_key_iv.c_str(), check_str.c_str()) != 0) {
+    return CODE_KEY_NOT_MATCH;
+  }
+  free(data_pos);
+  return CODE_OK;
+}
+
+int SystemUtils::check_key_match(const std::string& key,
+                                 std::istream& cipher_stream) {
+  cipher_stream.seekg(0, std::ios::beg);
+  std::string sha256_aes_key_iv = util::crypto::SHA256Utils::sha256_string(key);
+  int check_len = 64;
+
+  std::string data_pos_str;
+  cipher_stream.seekg(constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN);
+  std::copy_n(std::istreambuf_iterator<char>(cipher_stream), check_len,
+              std::back_inserter(data_pos_str));
+  if (data_pos_str.size() != check_len) {
+    LOGD("[M]read file failed when check key");
+    return CODE_OPEN_FAILED;
+  }
+  if (data_pos_str == sha256_aes_key_iv) {
+    return CODE_OK;
+  }
+
+  return CODE_KEY_NOT_MATCH;
+}
+
+/**
+ *
+ * @param filepath
+ * @return 0 - file encrypted    1 - file unencrypted
+ */
+int SystemUtils::check_file_encrypted(const char* filepath) {
+  size_t read_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN;
+  unsigned char* data_pos =
+      (unsigned char*)malloc(sizeof(unsigned char) * read_len);
+  if (ioutil::read_with_pos_and_length(filepath, data_pos, 0, read_len) !=
+      CODE_OK) {
+    LOGD("check file failed when read %s(file)", filepath);
+    return CODE_OPEN_FAILED;
+  }
+
+  std::string tag(constant::MAGIC_NUMBER);
+  tag.append(constant::VERSION);
+  std::string check_str(reinterpret_cast<char*>(data_pos), read_len);
+  int ret_cmp = strcmp(tag.c_str(), check_str.c_str()) == 0 ? 0 : 1;
+  free(data_pos);
+  return ret_cmp;
+}
+
+int SystemUtils::check_file_encrypted(std::istream& cipher_stream) {
+  cipher_stream.seekg(0, std::ios::beg);
+  size_t read_len = constant::MAGIC_NUMBER_LEN + constant::VERSION_LEN;
+  std::string data_pos_str;
+  std::copy_n(std::istreambuf_iterator<char>(cipher_stream), read_len,
+              std::back_inserter(data_pos_str));
+  if (data_pos_str.size() != read_len) {
+    LOGD("check file failed when read cipher stream");
+    return CODE_OPEN_FAILED;
+  }
+
+  std::string tag(constant::MAGIC_NUMBER);
+  tag.append(constant::VERSION);
+  if (data_pos_str == tag) {
+    return 0;
+  }
+
+  return 1;
+}
+
+int SystemUtils::check_pattern_exist(const std::vector<std::string>& vecs,
+                                     const std::string& pattern) {
+  if (std::find(vecs.begin(), vecs.end(), pattern) == vecs.end()) {
+    return -1;  // not exist
+  } else {
+    return 0;  // exist
+  }
+}
+
+}  // namespace util

dygraph/deploy/cpp/model_deploy/common/include/base_model.h

@@ -26,6 +26,10 @@
 #include "model_deploy/common/include/output_struct.h"
 #include "model_deploy/engine/include/engine.h"
 
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+#include "encryption/include/paddle_model_decrypt.h"
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+
 namespace PaddleDeploy {
 
 class PD_INFER_DECL Model {
@@ -47,15 +51,15 @@ class PD_INFER_DECL Model {
   // Init model_type.
   explicit Model(const std::string model_type) : model_type_(model_type) {}
 
-  virtual bool Init(const std::string& cfg_file) {
-    if (!YamlConfigInit(cfg_file)) return false;
+  virtual bool Init(const std::string& cfg_file, const std::string key = "") {
+    if (!YamlConfigInit(cfg_file, key)) return false;
     if (!PreprocessInit()) return false;
     if (!PostprocessInit()) return false;
     return true;
   }
 
-  virtual bool YamlConfigInit(const std::string& cfg_file) {
-    // YAML::Node yaml_config_ = YAML::LoadFile(cfg_file);
+  virtual bool YamlConfigInit(const std::string& cfg_file,
+                              const std::string key) {
     std::cerr << "Error! The Base Model was incorrectly entered" << std::endl;
     return false;
   }

dygraph/deploy/cpp/model_deploy/common/include/deploy_delacre.h

@@ -21,5 +21,5 @@
 #define PD_INFER_DECL __declspec(dllimport)
 #endif  // PADDLEX_DEPLOY
 #else
-#define PD_INFER_DECL
-#endif  // _WIN32
+#define PD_INFER_DECL __attribute__((visibility("default")))
+#endif  // _WIN32

dygraph/deploy/cpp/model_deploy/common/include/paddle_deploy.h

@@ -21,6 +21,10 @@
 #include "model_deploy/common/include/model_factory.h"
 #include "model_deploy/engine/include/engine.h"
 
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+#include "encryption/include/paddle_model_encrypt.h"
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+
 namespace PaddleDeploy {
 
 PD_INFER_DECL Model* CreateModel(const std::string& name);

dygraph/deploy/cpp/model_deploy/engine/include/engine_config.h

@@ -29,6 +29,9 @@ struct PaddleEngineConfig {
   //  model params file path
   std::string params_filename = "";
 
+  //  model encrypt key
+  std::string key = "";
+
   //  Whether to use mkdnn accelerator library when deploying on CPU
   bool use_mkl = true;
 

dygraph/deploy/cpp/model_deploy/engine/src/ppinference_engine.cpp

@@ -25,8 +25,15 @@ bool Model::PaddleEngineInit(const PaddleEngineConfig& engine_config) {
 bool PaddleInferenceEngine::Init(const InferenceConfig& infer_config) {
   const PaddleEngineConfig& engine_config = *(infer_config.paddle_config);
   paddle_infer::Config config;
-  config.SetModel(engine_config.model_filename,
+  if ("" == engine_config.key) {
+    config.SetModel(engine_config.model_filename,
                   engine_config.params_filename);
+  } else {
+    config.SetModelBuffer(engine_config.model_filename.c_str(),
+                          engine_config.model_filename.size(),
+                          engine_config.params_filename.c_str(),
+                          engine_config.params_filename.size());
+  }
   if (engine_config.use_mkl && !engine_config.use_gpu) {
     config.EnableMKLDNN();
     config.SetCpuMathLibraryNumThreads(engine_config.mkl_thread_num);

dygraph/deploy/cpp/model_deploy/paddlex/include/x_model.h

@@ -35,7 +35,7 @@ class PaddleXModel : public Model {
 
   bool GenerateTransformsConfig(const YAML::Node &preprocess_op);
 
-  bool YamlConfigInit(const std::string &cfg_file);
+  bool YamlConfigInit(const std::string &cfg_file, const std::string key);
 
   bool PreprocessInit();
 

dygraph/deploy/cpp/model_deploy/paddlex/src/x_model.cpp

@@ -51,8 +51,20 @@ bool PaddleXModel::GenerateTransformsConfig(const YAML::Node& src) {
   return true;
 }
 
-bool PaddleXModel::YamlConfigInit(const std::string& cfg_file) {
-  YAML::Node x_config = YAML::LoadFile(cfg_file);
+bool PaddleXModel::YamlConfigInit(const std::string& cfg_file,
+                                  const std::string key) {
+  YAML::Node x_config;
+  if ("" == key) {
+    x_config = YAML::LoadFile(cfg_file);
+  } else {
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+    std::string cfg = decrypt_file(cfg_file.c_str(), key.c_str());
+    x_config = YAML::Load(cfg);
+#else
+    std::cerr << "Don't open encryption on compile" << std::endl;
+    return false;
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+  }
 
   yaml_config_["model_format"] = "Paddle";
   yaml_config_["toolkit"] = "PaddleX";

dygraph/deploy/cpp/model_deploy/ppclas/include/clas_model.h

@@ -33,7 +33,7 @@ class ClasModel : public Model {
     std::cerr << "init ClasModel,model_type=" << model_type << std::endl;
   }
 
-  bool YamlConfigInit(const std::string &cfg_file);
+  bool YamlConfigInit(const std::string &cfg_file, const std::string key);
 
   bool PreprocessInit();
 

dygraph/deploy/cpp/model_deploy/ppclas/src/clas_model.cpp

@@ -15,8 +15,19 @@
 
 namespace PaddleDeploy {
 
-bool ClasModel::YamlConfigInit(const std::string& cfg_file) {
-  yaml_config_ = YAML::LoadFile(cfg_file);
+bool ClasModel::YamlConfigInit(const std::string& cfg_file,
+                               const std::string key) {
+  if ("" == key) {
+    yaml_config_ = YAML::LoadFile(cfg_file);
+  } else {
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+    std::string cfg = decrypt_file(cfg_file.c_str(), key.c_str());
+    yaml_config_ = YAML::Load(cfg);
+#else
+     std::cerr << "Don't open encryption on compile" << std::endl;
+    return false;
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+  }
   return true;
 }
 

dygraph/deploy/cpp/model_deploy/ppdet/include/det_model.h

@@ -35,7 +35,7 @@ class DetModel : public Model {
 
   bool GenerateTransformsConfig(const YAML::Node &node);
 
-  bool YamlConfigInit(const std::string &cfg_file);
+  bool YamlConfigInit(const std::string &cfg_file, const std::string key);
 
   bool PreprocessInit();
 

dygraph/deploy/cpp/model_deploy/ppdet/src/det_model.cpp

@@ -43,8 +43,20 @@ bool DetModel::GenerateTransformsConfig(const YAML::Node& src) {
   return true;
 }
 
-bool DetModel::YamlConfigInit(const std::string& cfg_file) {
-  YAML::Node det_config = YAML::LoadFile(cfg_file);
+bool DetModel::YamlConfigInit(const std::string& cfg_file,
+                              const std::string key) {
+  YAML::Node det_config;
+  if ("" == key) {
+    det_config = YAML::LoadFile(cfg_file);
+  } else {
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+    std::string cfg = decrypt_file(cfg_file.c_str(), key.c_str());
+    det_config = YAML::Load(cfg);
+#else
+     std::cerr << "Don't open encryption on compile" << std::endl;
+    return false;
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+  }
 
   yaml_config_["model_format"] = "Paddle";
   // arch support value:YOLO, SSD, RetinaNet, RCNN, Face

dygraph/deploy/cpp/model_deploy/ppseg/include/seg_model.h

@@ -35,7 +35,7 @@ class SegModel : public Model {
 
   bool GenerateTransformsConfig(const YAML::Node &node);
 
-  bool YamlConfigInit(const std::string &cfg_file);
+  bool YamlConfigInit(const std::string &cfg_file, const std::string key);
 
   bool PreprocessInit();
 

dygraph/deploy/cpp/model_deploy/ppseg/src/seg_model.cpp

@@ -38,8 +38,20 @@ bool SegModel::GenerateTransformsConfig(const YAML::Node& src) {
   return true;
 }
 
-bool SegModel::YamlConfigInit(const std::string& cfg_file) {
-  YAML::Node seg_config = YAML::LoadFile(cfg_file);
+bool SegModel::YamlConfigInit(const std::string& cfg_file,
+                              const std::string key) {
+  YAML::Node seg_config;
+  if ("" == key) {
+    seg_config = YAML::LoadFile(cfg_file);
+  } else {
+#ifdef PADDLEX_DEPLOY_ENCRYPTION
+    std::string cfg = decrypt_file(cfg_file.c_str(), key.c_str());
+    seg_config = YAML::Load(cfg);
+#else
+     std::cerr << "Don't open encryption on compile" << std::endl;
+    return false;
+#endif  // PADDLEX_DEPLOY_ENCRYPTION
+  }
 
   yaml_config_["model_format"] = "Paddle";
   yaml_config_["toolkit"] = "PaddleSeg";

dygraph/deploy/cpp/scripts/bootstrap.sh

@@ -35,3 +35,15 @@ if [ ! -d "./deps/opencv3.4.6gcc4.8ffmpeg/" ]; then
     rm -rf opencv3.4.6gcc4.8ffmpeg.tar.gz2
     cd ..
 fi
+
+
+#download openssl
+OPENSSL_URL=https://bj.bcebos.com/paddlex/tools/openssl-1.1.0k.tar.gz
+if [ ! -d "./deps/openssl-1.1.0k/" ]; then
+    mkdir -p deps
+    cd deps
+    wget -c ${OPENCV_URL} -O openssl-1.1.0k.tar.gz
+    tar xvfj openssl-1.1.0k.tar.gz
+    rm -rf openssl-1.1.0k.tar.gz
+    cd ..
+fi

dygraph/deploy/cpp/scripts/build.sh

@@ -15,6 +15,10 @@ WITH_STATIC_LIB=ON
 CUDA_LIB=/usr/local/cuda/lib64
 # CUDNN 的 lib 路径
 CUDNN_LIB=/usr/lib/x86_64-linux-gnu
+# 是否加密
+WITH_ENCRYPTION=OFF
+# OPENSSL 路径
+OPENSSL_DIR=$(pwd)/deps/openssl-1.1.0k
 
 {
     bash $(pwd)/scripts/bootstrap.sh # 下载预编译版本的加密工具和opencv依赖库
@@ -39,5 +43,7 @@ cmake .. \
     -DWITH_STATIC_LIB=${WITH_STATIC_LIB} \
     -DCUDA_LIB=${CUDA_LIB} \
     -DCUDNN_LIB=${CUDNN_LIB} \
-    -DOPENCV_DIR=${OPENCV_DIR}
+    -DOPENCV_DIR=${OPENCV_DIR} \
+    -DWITH_ENCRYPTION=${WITH_ENCRYPTION} \
+    -DOPENSSL_DIR=${OPENSSL_DIR}
 make -j16

dygraph/deploy/cpp/scripts/tensorrt_build.sh

@@ -66,14 +66,14 @@ if [ ! -d ${GLOG_DIR} ]; then
     cd ..
 fi
 
-# download gflogs library
+# download gflags library
 GFLAGS_DIR=$(pwd)/deps/gflags/
 GFLAGS_URL=https://bj.bcebos.com/paddlex/deploy/gflags.tar.gz
 if [ ! -d ${GFLAGS_DIR} ]; then
     cd deps
-    wget -c ${GFLAGS_URL} -O glog.tar.gz
-    tar -zxvf glog.tar.gz
-    rm -rf glog.tar.gz
+    wget -c ${GFLAGS_URL} -O gflags.tar.gz
+    tar -zxvf gflags.tar.gz
+    rm -rf gflags.tar.gz
     cd ..
 fi
 

dygraph/deploy/cpp/scripts/triton_build.sh

@@ -53,9 +53,9 @@ GFLAGS_DIR=$(pwd)/deps/gflags/
 GFLAGS_URL=https://bj.bcebos.com/paddlex/deploy/gflags.tar.gz
 if [ ! -d ${GFLAGS_DIR} ]; then
     cd deps
-    wget -c ${GFLAGS_URL} -O glog.tar.gz
-    tar -zxvf glog.tar.gz
-    rm -rf glog.tar.gz
+    wget -c ${GFLAGS_URL} -O glags.tar.gz
+    tar -zxvf gflags.tar.gz
+    rm -rf gflags.tar.gz
     cd ..
 fi