BlockStorage/repertory
1
0
Fork 0
Code Issues 3 Pull Requests Releases 9 Wiki Activity

Implement secure key via KDF for transparent data encryption/decryption #60

Browse Source
This commit is contained in:
sgraves76
2025-08-30 11:10:44 -05:00
parent faaf7648a8
commit 8979e6e2a4
4 changed files with 151 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
support/include/utils/encryption.hpp
View File

@@ -133,10 +133,20 @@ struct kdf_config final {
[[nodiscard]] auto create_subkey(kdf_context ctx, std::size_t unique_id_,
const hash_t &master_key) const
-> std::pair<hash_t, kdf_config> {
REPERTORY_USES_FUNCTION_NAME();
hash_t sub_key;
crypto_kdf_derive_from_key(sub_key.data(), sub_key.size(), unique_id_,
get_kdf_context_name(ctx).data(),
master_key.data());
auto res = crypto_kdf_derive_from_key(
sub_key.data(), sub_key.size(), unique_id_,
get_kdf_context_name(ctx).data(), master_key.data());
if (res != 0) {
throw repertory::utils::error::create_exception(
function_name, {
"failed to create sub-key",
std::to_string(res),
});
}
auto cfg = *this;
cfg.unique_id = unique_id_;
cfg.checksum = cfg.generate_checksum();
@@ -146,10 +156,20 @@ struct kdf_config final {
template <typename hash_t>
[[nodiscard]] auto recreate_subkey(kdf_context ctx,
const hash_t &master_key) const -> hash_t {
REPERTORY_USES_FUNCTION_NAME();
hash_t sub_key;
crypto_kdf_derive_from_key(sub_key.data(), sub_key.size(), unique_id,
get_kdf_context_name(ctx).data(),
master_key.data());
auto res = crypto_kdf_derive_from_key(
sub_key.data(), sub_key.size(), unique_id,
get_kdf_context_name(ctx).data(), master_key.data());
if (res != 0) {
throw repertory::utils::error::create_exception(
function_name, {
"failed to recreate sub-key",
std::to_string(res),
});
}
return sub_key;
}