This commit is contained in:
160
support/include/utils/encryption.hpp
Normal file
160
support/include/utils/encryption.hpp
Normal file
@ -0,0 +1,160 @@
|
||||
/*
|
||||
Copyright <2018-2024> <scott.e.graves@protonmail.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
*/
|
||||
#ifndef REPERTORY_INCLUDE_UTILS_ENCRYPTION_HPP_
|
||||
#define REPERTORY_INCLUDE_UTILS_ENCRYPTION_HPP_
|
||||
#if defined(PROJECT_ENABLE_LIBSODIUM)
|
||||
|
||||
#include "utils/config.hpp"
|
||||
|
||||
namespace repertory::utils::encryption {
|
||||
using hash_256_t = std::array<unsigned char, 32U>;
|
||||
using hash_256_func_t = std::function<hash_256_t(std::string_view)>;
|
||||
using key_type = std::array<unsigned char, 32U>;
|
||||
|
||||
inline constexpr const std::uint32_t encryption_header_size{
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES +
|
||||
crypto_aead_xchacha20poly1305_IETF_ABYTES,
|
||||
};
|
||||
|
||||
[[nodiscard]] auto generate_key(std::string_view encryption_token) -> key_type;
|
||||
|
||||
#if defined(PROJECT_ENABLE_BOOST)
|
||||
[[nodiscard]] auto decrypt_data(
|
||||
std::string_view data, std::string_view password,
|
||||
std::optional<hash_256_func_t> hasher = std::nullopt) -> data_buffer;
|
||||
|
||||
[[nodiscard]] auto encrypt_data(
|
||||
std::string_view data, std::string_view password,
|
||||
std::optional<hash_256_func_t> hasher = std::nullopt) -> data_buffer;
|
||||
|
||||
template <typename result>
|
||||
[[nodiscard]] inline auto
|
||||
decrypt_data(const key_type &key, const unsigned char *buffer,
|
||||
std::size_t buffer_size, result &res) -> bool {
|
||||
if (buffer_size > encryption_header_size) {
|
||||
const std::uint32_t size =
|
||||
boost::endian::native_to_big(static_cast<std::uint32_t>(buffer_size));
|
||||
res.resize(buffer_size - encryption_header_size);
|
||||
return crypto_aead_xchacha20poly1305_ietf_decrypt_detached(
|
||||
reinterpret_cast<unsigned char *>(res.data()), nullptr,
|
||||
&buffer[encryption_header_size], res.size(),
|
||||
&buffer[crypto_aead_xchacha20poly1305_IETF_NPUBBYTES],
|
||||
reinterpret_cast<const unsigned char *>(&size), sizeof(size),
|
||||
buffer, key.data()) == 0;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
[[nodiscard]] inline auto decrypt_data(const key_type &key, const buffer &buf,
|
||||
result &res) -> bool {
|
||||
return decrypt_data<result>(
|
||||
key, reinterpret_cast<const unsigned char *>(buf.data()), buf.size(),
|
||||
res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
[[nodiscard]] inline auto decrypt_data(std::string_view encryption_token,
|
||||
const buffer &buf, result &res) -> bool {
|
||||
return decrypt_data<buffer, result>(generate_key(encryption_token), buf, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
[[nodiscard]] inline auto
|
||||
decrypt_data(std::string_view encryption_token, const unsigned char *buffer,
|
||||
std::size_t buffer_size, result &res) -> bool {
|
||||
return decrypt_data<result>(generate_key(encryption_token), buffer,
|
||||
buffer_size, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
inline void
|
||||
encrypt_data(const std::array<unsigned char,
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> &iv,
|
||||
const key_type &key, const unsigned char *buffer,
|
||||
std::size_t buffer_size, result &res) {
|
||||
std::array<unsigned char, crypto_aead_xchacha20poly1305_IETF_ABYTES> mac{};
|
||||
|
||||
const std::uint32_t size = boost::endian::native_to_big(
|
||||
static_cast<std::uint32_t>(buffer_size + encryption_header_size));
|
||||
|
||||
res.resize(buffer_size + encryption_header_size);
|
||||
|
||||
unsigned long long mac_length{};
|
||||
if (crypto_aead_xchacha20poly1305_ietf_encrypt_detached(
|
||||
reinterpret_cast<unsigned char *>(&res[encryption_header_size]),
|
||||
mac.data(), &mac_length, buffer, buffer_size,
|
||||
reinterpret_cast<const unsigned char *>(&size), sizeof(size), nullptr,
|
||||
iv.data(), key.data()) != 0) {
|
||||
throw std::runtime_error("encryption failed");
|
||||
}
|
||||
|
||||
std::memcpy(res.data(), iv.data(), iv.size());
|
||||
std::memcpy(&res[iv.size()], mac.data(), mac.size());
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
inline void encrypt_data(const key_type &key, const unsigned char *buffer,
|
||||
std::size_t buffer_size, result &res) {
|
||||
std::array<unsigned char, crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> iv{};
|
||||
randombytes_buf(iv.data(), iv.size());
|
||||
|
||||
encrypt_data<result>(iv, key, buffer, buffer_size, res);
|
||||
}
|
||||
|
||||
template <typename result>
|
||||
inline void encrypt_data(std::string_view encryption_token,
|
||||
const unsigned char *buffer, std::size_t buffer_size,
|
||||
result &res) {
|
||||
encrypt_data<result>(generate_key(encryption_token), buffer, buffer_size,
|
||||
res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
inline void encrypt_data(std::string_view encryption_token, const buffer &buf,
|
||||
result &res) {
|
||||
encrypt_data<result>(generate_key(encryption_token),
|
||||
reinterpret_cast<const unsigned char *>(buf.data()),
|
||||
buf.size(), res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
inline void encrypt_data(const key_type &key, const buffer &buf, result &res) {
|
||||
encrypt_data<result>(key, reinterpret_cast<const unsigned char *>(buf.data()),
|
||||
buf.size(), res);
|
||||
}
|
||||
|
||||
template <typename buffer, typename result>
|
||||
inline void
|
||||
encrypt_data(const std::array<unsigned char,
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES> &iv,
|
||||
const key_type &key, const buffer &buf, result &res) {
|
||||
encrypt_data<result>(iv, key,
|
||||
reinterpret_cast<const unsigned char *>(buf.data()),
|
||||
buf.size(), res);
|
||||
}
|
||||
#endif // defined(PROJECT_ENABLE_BOOST)
|
||||
} // namespace repertory::utils::encryption
|
||||
|
||||
#endif // defined(PROJECT_ENABLE_LIBSODIUM)
|
||||
#endif // REPERTORY_INCLUDE_UTILS_ENCRYPTION_HPP_
|
||||
Reference in New Issue
Block a user