BlockStorage/repertory
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
Scott E. Graves
2025-08-29 19:39:36 -05:00
parent 62194271c0
commit 72db4e12cd
5 changed files with 115 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
support/include/utils/encryption.hpp
View File

@@ -143,6 +143,16 @@ struct kdf_config final {
return {sub_key, cfg};
}
template <typename hash_t>
[[nodiscard]] auto recreate_subkey(kdf_context ctx,
const hash_t &master_key) const -> hash_t {
hash_t sub_key;
crypto_kdf_derive_from_key(sub_key.data(), sub_key.size(), unique_id,
get_kdf_context_name(ctx).data(),
master_key.data());
return sub_key;
}
[[nodiscard]] static auto from_header(data_cspan data, kdf_config &cfg)
-> bool;
@@ -201,19 +211,19 @@ template <typename string_t>
utils::hash::hash_256_t &key) -> bool;
template <typename hash_t, typename string_t>
[[nodiscard]] inline bool
[[nodiscard]] inline auto
detect_and_recreate_key(string_t password, data_cspan header, hash_t &key,
std::optional<kdf_config> &cfg);
std::optional<kdf_config> &cfg) -> bool;
template <typename hash_t>
[[nodiscard]] inline bool
[[nodiscard]] inline auto
detect_and_recreate_key(std::string_view password, data_cspan header,
hash_t &key, std::optional<kdf_config> &cfg);
hash_t &key, std::optional<kdf_config> &cfg) -> bool;
template <typename hash_t>
[[nodiscard]] inline bool
[[nodiscard]] inline auto
detect_and_recreate_key(std::wstring_view password, data_cspan header,
hash_t &key, std::optional<kdf_config> &cfg);
hash_t &key, std::optional<kdf_config> &cfg) -> bool;
[[nodiscard]] auto decrypt_file_name(std::string_view encryption_token,
std::string &file_name) -> bool;
@@ -229,6 +239,12 @@ detect_and_recreate_key(std::wstring_view password, data_cspan header,
const kdf_config &cfg,
std::string &file_path) -> bool;
[[nodiscard]] auto decrypt_file_name(const utils::hash::hash_256_t &master_key,
std::string &file_name) -> bool;
[[nodiscard]] auto decrypt_file_path(const utils::hash::hash_256_t &master_key,
std::string &file_path) -> bool;
template <typename result_t, typename arr_t, std::size_t arr_size>
[[nodiscard]] inline auto decrypt_data(const std::array<arr_t, arr_size> &key,
const unsigned char *buffer,
@@ -570,9 +586,9 @@ inline auto recreate_key(std::wstring_view password, const kdf_config &cfg)
}
template <typename hash_t, typename string_t>
inline bool detect_and_recreate_key(string_t password, data_cspan header,
hash_t &key,
std::optional<kdf_config> &cfg) {
inline auto detect_and_recreate_key(string_t password, data_cspan header,
hash_t &key, std::optional<kdf_config> &cfg)
-> bool {
if (header.size() >= kdf_config::size()) {
kdf_config tmp{};
if (kdf_config::from_header(header.first(kdf_config::size()), tmp)) {
@@ -587,17 +603,17 @@ inline bool detect_and_recreate_key(string_t password, data_cspan header,
}
template <typename hash_t>
inline bool detect_and_recreate_key(std::string_view password,
inline auto detect_and_recreate_key(std::string_view password,
data_cspan header, hash_t &key,
std::optional<kdf_config> &cfg) {
std::optional<kdf_config> &cfg) -> bool {
return detect_and_recreate_key<hash_t, std::string_view>(password, header,
key, cfg);
}
template <typename hash_t>
inline bool detect_and_recreate_key(std::wstring_view password,
inline auto detect_and_recreate_key(std::wstring_view password,
data_cspan header, hash_t &key,
std::optional<kdf_config> &cfg) {
std::optional<kdf_config> &cfg) -> bool {
return detect_and_recreate_key<hash_t, std::wstring_view>(password, header,
key, cfg);
}