BlockStorage/repertory
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
Scott E. Graves
2025-08-30 11:10:44 -05:00
parent faaf7648a8
commit 8979e6e2a4
4 changed files with 151 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
support/include/utils/encryption.hpp
View File

@@ -133,10 +133,20 @@ struct kdf_config final {
[[nodiscard]] auto create_subkey(kdf_context ctx, std::size_t unique_id_,
const hash_t &master_key) const
-> std::pair<hash_t, kdf_config> {
REPERTORY_USES_FUNCTION_NAME();
hash_t sub_key;
crypto_kdf_derive_from_key(sub_key.data(), sub_key.size(), unique_id_,
get_kdf_context_name(ctx).data(),
master_key.data());
auto res = crypto_kdf_derive_from_key(
sub_key.data(), sub_key.size(), unique_id_,
get_kdf_context_name(ctx).data(), master_key.data());
if (res != 0) {
throw repertory::utils::error::create_exception(
function_name, {
"failed to create sub-key",
std::to_string(res),
});
}
auto cfg = *this;
cfg.unique_id = unique_id_;
cfg.checksum = cfg.generate_checksum();
@@ -146,10 +156,20 @@ struct kdf_config final {
template <typename hash_t>
[[nodiscard]] auto recreate_subkey(kdf_context ctx,
const hash_t &master_key) const -> hash_t {
REPERTORY_USES_FUNCTION_NAME();
hash_t sub_key;
crypto_kdf_derive_from_key(sub_key.data(), sub_key.size(), unique_id,
get_kdf_context_name(ctx).data(),
master_key.data());
auto res = crypto_kdf_derive_from_key(
sub_key.data(), sub_key.size(), unique_id,
get_kdf_context_name(ctx).data(), master_key.data());
if (res != 0) {
throw repertory::utils::error::create_exception(
function_name, {
"failed to recreate sub-key",
std::to_string(res),
});
}
return sub_key;
}

98
support/include/utils/file.hpp
View File

@@ -41,13 +41,13 @@ namespace repertory::utils::file {
[[nodiscard]] auto create_temp_name(std::string_view file_part) -> std::string;
// INFO: has test
[[nodiscard]] auto
create_temp_name(std::wstring_view file_part) -> std::wstring;
[[nodiscard]] auto create_temp_name(std::wstring_view file_part)
-> std::wstring;
// INFO: has test
[[nodiscard]] inline auto
directory_exists_in_path(std::string_view path,
std::string_view sub_directory) -> bool;
directory_exists_in_path(std::string_view path, std::string_view sub_directory)
-> bool;
// INFO: has test
[[nodiscard]] inline auto
@@ -55,45 +55,46 @@ directory_exists_in_path(std::wstring_view path,
std::wstring_view sub_directory) -> bool;
// INFO: has test
[[nodiscard]] inline auto
file_exists_in_path(std::string_view path, std::string_view file_name) -> bool;
[[nodiscard]] inline auto file_exists_in_path(std::string_view path,
std::string_view file_name)
-> bool;
// INFO: has test
[[nodiscard]] inline auto
file_exists_in_path(std::wstring_view path,
std::wstring_view file_name) -> bool;
[[nodiscard]] inline auto file_exists_in_path(std::wstring_view path,
std::wstring_view file_name)
-> bool;
// INFO: has test
[[nodiscard]] auto
get_free_drive_space(std::string_view path) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_free_drive_space(std::string_view path)
-> std::optional<std::uint64_t>;
// INFO: has test
[[nodiscard]] auto
get_free_drive_space(std::wstring_view path) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_free_drive_space(std::wstring_view path)
-> std::optional<std::uint64_t>;
// INFO: has test
[[nodiscard]] auto get_time(std::string_view path,
time_type type) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_time(std::string_view path, time_type type)
-> std::optional<std::uint64_t>;
// INFO: has test
[[nodiscard]] auto get_time(std::wstring_view path,
time_type type) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_time(std::wstring_view path, time_type type)
-> std::optional<std::uint64_t>;
// INFO: has test
[[nodiscard]] auto
get_times(std::string_view path) -> std::optional<file_times>;
[[nodiscard]] auto get_times(std::string_view path)
-> std::optional<file_times>;
// INFO: has test
[[nodiscard]] auto
get_times(std::wstring_view path) -> std::optional<file_times>;
[[nodiscard]] auto get_times(std::wstring_view path)
-> std::optional<file_times>;
// INFO: has test
[[nodiscard]] auto
get_total_drive_space(std::string_view path) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_total_drive_space(std::string_view path)
-> std::optional<std::uint64_t>;
// INFO: has test
[[nodiscard]] auto
get_total_drive_space(std::wstring_view path) -> std::optional<std::uint64_t>;
[[nodiscard]] auto get_total_drive_space(std::wstring_view path)
-> std::optional<std::uint64_t>;
#if defined(PROJECT_ENABLE_LIBDSM)
[[nodiscard]] auto
@@ -101,20 +102,20 @@ smb_create_and_validate_relative_path(std::string_view smb_path,
std::string_view rel_path) -> std::string;
// INFO: has test
[[nodiscard]] auto
smb_create_relative_path(std::string_view smb_path) -> std::string;
[[nodiscard]] auto smb_create_relative_path(std::string_view smb_path)
-> std::string;
// INFO: has test
[[nodiscard]] auto
smb_create_search_path(std::string_view smb_path) -> std::string;
[[nodiscard]] auto smb_create_search_path(std::string_view smb_path)
-> std::string;
// INFO: has test
[[nodiscard]] auto
smb_create_smb_path(std::string_view smb_path,
std::string_view rel_path) -> std::string;
[[nodiscard]] auto smb_create_smb_path(std::string_view smb_path,
std::string_view rel_path)
-> std::string;
[[nodiscard]] auto
smb_get_parent_path(std::string_view smb_path) -> std::string;
[[nodiscard]] auto smb_get_parent_path(std::string_view smb_path)
-> std::string;
[[nodiscard]] auto smb_get_root_path(std::string_view smb_path) -> std::string;
@@ -143,27 +144,30 @@ read_json_file(std::string_view path, nlohmann::json &data,
std::optional<std::string_view> password = std::nullopt) -> bool;
// INFO: has test
[[nodiscard]] auto read_json_file(
std::wstring_view path, nlohmann::json &data,
std::optional<std::wstring_view> password = std::nullopt) -> bool;
[[nodiscard]] auto
read_json_file(std::wstring_view path, nlohmann::json &data,
std::optional<std::wstring_view> password = std::nullopt)
-> bool;
// INFO: has test
[[nodiscard]] auto write_json_file(
std::string_view path, const nlohmann::json &data,
std::optional<std::string_view> password = std::nullopt) -> bool;
[[nodiscard]] auto
write_json_file(std::string_view path, const nlohmann::json &data,
std::optional<std::string_view> password = std::nullopt)
-> bool;
// INFO: has test
[[nodiscard]] auto write_json_file(
std::wstring_view path, const nlohmann::json &data,
std::optional<std::wstring_view> password = std::nullopt) -> bool;
[[nodiscard]] auto
write_json_file(std::wstring_view path, const nlohmann::json &data,
std::optional<std::wstring_view> password = std::nullopt)
-> bool;
#else // !defined(PROJECT_ENABLE_LIBSODIUM) && defined(PROJECT_ENABLE_BOOST)
// INFO: has test
[[nodiscard]] auto read_json_file(std::string_view path,
nlohmann::json &data) -> bool;
[[nodiscard]] auto read_json_file(std::string_view path, nlohmann::json &data)
-> bool;
// INFO: has test
[[nodiscard]] auto read_json_file(std::wstring_view path,
nlohmann::json &data) -> bool;
[[nodiscard]] auto read_json_file(std::wstring_view path, nlohmann::json &data)
-> bool;
// INFO: has test
[[nodiscard]] auto write_json_file(std::string_view path,