Implement secure key via KDF for transparent data encryption/decryption #60
All checks were successful
BlockStorage/repertory/pipeline/head This commit looks good
All checks were successful
BlockStorage/repertory/pipeline/head This commit looks good
This commit is contained in:
@@ -281,6 +281,11 @@ encrypting_reader::encrypting_reader(
|
||||
error_return_(error_return),
|
||||
source_file_(utils::file::file::open_or_create_file(source_path, true)) {
|
||||
common_initialize_kdf_data(cfg, master_key);
|
||||
auto [path_key, path_cfg] = cfg.create_subkey(
|
||||
kdf_context::path, utils::generate_secure_random<std::uint64_t>(),
|
||||
master_key);
|
||||
keys_.second = std::move(path_key);
|
||||
kdf_headers_->second = path_cfg.to_header();
|
||||
common_initialize(true);
|
||||
create_encrypted_paths(file_name, relative_parent_path);
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
|
||||
#include "utils/base64.hpp"
|
||||
#include "utils/collection.hpp"
|
||||
#include "utils/config.hpp"
|
||||
#include "utils/encrypting_reader.hpp"
|
||||
#include "utils/hash.hpp"
|
||||
#include "utils/path.hpp"
|
||||
@@ -99,29 +100,49 @@ auto decrypt_file_name(std::string_view encryption_token,
|
||||
|
||||
auto decrypt_file_name(std::string_view encryption_token, const kdf_config &cfg,
|
||||
std::string &file_name) -> bool {
|
||||
auto buffer = macaron::Base64::Decode(file_name);
|
||||
REPERTORY_USES_FUNCTION_NAME();
|
||||
|
||||
file_name.clear();
|
||||
return utils::encryption::decrypt_data(encryption_token, cfg, buffer,
|
||||
file_name);
|
||||
try {
|
||||
auto buffer = macaron::Base64::Decode(file_name);
|
||||
|
||||
file_name.clear();
|
||||
return utils::encryption::decrypt_data(encryption_token, cfg, buffer,
|
||||
file_name);
|
||||
} catch (const std::exception &e) {
|
||||
utils::error::handle_exception(function_name, e);
|
||||
} catch (...) {
|
||||
utils::error::handle_exception(function_name);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
auto decrypt_file_name(const utils::hash::hash_256_t &master_key,
|
||||
std::string &file_name) -> bool {
|
||||
auto buffer = macaron::Base64::Decode(file_name);
|
||||
REPERTORY_USES_FUNCTION_NAME();
|
||||
|
||||
utils::encryption::kdf_config path_cfg;
|
||||
if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) {
|
||||
return false;
|
||||
try {
|
||||
auto buffer = macaron::Base64::Decode(file_name);
|
||||
|
||||
utils::encryption::kdf_config path_cfg;
|
||||
if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
auto path_key = path_cfg.recreate_subkey(
|
||||
utils::encryption::kdf_context::path, master_key);
|
||||
|
||||
file_name.clear();
|
||||
return utils::encryption::decrypt_data(
|
||||
path_key, &buffer[utils::encryption::kdf_config::size()],
|
||||
buffer.size() - utils::encryption::kdf_config::size(), file_name);
|
||||
} catch (const std::exception &e) {
|
||||
utils::error::handle_exception(function_name, e);
|
||||
} catch (...) {
|
||||
utils::error::handle_exception(function_name);
|
||||
}
|
||||
|
||||
auto path_key = path_cfg.recreate_subkey(utils::encryption::kdf_context::path,
|
||||
master_key);
|
||||
|
||||
file_name.clear();
|
||||
return utils::encryption::decrypt_data(
|
||||
path_key, &buffer[utils::encryption::kdf_config::size()],
|
||||
buffer.size() - utils::encryption::kdf_config::size(), file_name);
|
||||
return false;
|
||||
}
|
||||
|
||||
auto decrypt_file_path(std::string_view encryption_token,
|
||||
|
||||
@@ -266,7 +266,7 @@ auto file::move_to(std::string_view path) -> bool {
|
||||
#if defined(_WIN32)
|
||||
success = ::MoveFileExA(path_.c_str(), abs_path.c_str(),
|
||||
MOVEFILE_REPLACE_EXISTING) != 0;
|
||||
#else // !// defined(_WIN32)
|
||||
#else // !defined(_WIN32)
|
||||
std::error_code ec{};
|
||||
std::filesystem::rename(path_, abs_path, ec);
|
||||
success = ec.value() == 0;
|
||||
|
||||
Reference in New Issue
Block a user