Implement secure key via KDF for transparent data encryption/decryption #60
Some checks reported errors
BlockStorage/repertory/pipeline/head Something is wrong with the build of this commit
Some checks reported errors
BlockStorage/repertory/pipeline/head Something is wrong with the build of this commit
This commit is contained in:
@@ -79,6 +79,13 @@ public:
|
||||
std::optional<std::string> relative_parent_path,
|
||||
std::size_t error_return = 0U);
|
||||
|
||||
encrypting_reader(std::string_view file_name, std::string_view source_path,
|
||||
stop_type_callback stop_requested_cb,
|
||||
const utils::hash::hash_256_t &master_key,
|
||||
const std::pair<kdf_config, kdf_config> &configs,
|
||||
std::optional<std::string> relative_parent_path,
|
||||
std::size_t error_return = 0U);
|
||||
|
||||
encrypting_reader(stop_type_callback stop_requested_cb,
|
||||
std::string_view encrypted_file_path,
|
||||
std::string_view source_path,
|
||||
@@ -94,6 +101,16 @@ public:
|
||||
iv_list,
|
||||
std::size_t error_return = 0U);
|
||||
|
||||
encrypting_reader(
|
||||
stop_type_callback stop_requested_cb,
|
||||
std::string_view encrypted_file_path, std::string_view source_path,
|
||||
const utils::hash::hash_256_t &master_key,
|
||||
const std::pair<kdf_config, kdf_config> &configs,
|
||||
std::vector<std::array<unsigned char,
|
||||
crypto_aead_xchacha20poly1305_IETF_NPUBBYTES>>
|
||||
iv_list,
|
||||
std::size_t error_return = 0U);
|
||||
|
||||
encrypting_reader(const encrypting_reader &reader);
|
||||
encrypting_reader(encrypting_reader &&) = delete;
|
||||
|
||||
|
||||
@@ -173,8 +173,8 @@ struct kdf_config final {
|
||||
return sub_key;
|
||||
}
|
||||
|
||||
[[nodiscard]] static auto from_header(data_cspan data, kdf_config &cfg)
|
||||
-> bool;
|
||||
[[nodiscard]] static auto from_header(data_cspan data, kdf_config &cfg,
|
||||
bool ignore_checksum = false) -> bool;
|
||||
|
||||
[[nodiscard]] auto generate_checksum() const -> std::uint64_t;
|
||||
|
||||
|
||||
@@ -285,6 +285,27 @@ encrypting_reader::encrypting_reader(
|
||||
create_encrypted_paths(file_name, relative_parent_path);
|
||||
}
|
||||
|
||||
encrypting_reader::encrypting_reader(
|
||||
std::string_view file_name, std::string_view source_path,
|
||||
stop_type_callback stop_requested_cb,
|
||||
const utils::hash::hash_256_t &master_key,
|
||||
const std::pair<kdf_config, kdf_config> &configs,
|
||||
std::optional<std::string> relative_parent_path, std::size_t error_return)
|
||||
: stop_requested_cb_(std::move(stop_requested_cb)),
|
||||
error_return_(error_return),
|
||||
source_file_(utils::file::file::open_or_create_file(source_path, true)) {
|
||||
keys_.first = configs.first.recreate_subkey(
|
||||
utils::encryption::kdf_context::data, master_key);
|
||||
keys_.second = configs.second.recreate_subkey(
|
||||
utils::encryption::kdf_context::path, master_key);
|
||||
kdf_headers_ = {
|
||||
configs.first.to_header(),
|
||||
configs.second.to_header(),
|
||||
};
|
||||
common_initialize(true);
|
||||
create_encrypted_paths(file_name, relative_parent_path);
|
||||
}
|
||||
|
||||
encrypting_reader::encrypting_reader(stop_type_callback stop_requested_cb,
|
||||
std::string_view encrypted_file_path,
|
||||
std::string_view source_path,
|
||||
@@ -322,6 +343,32 @@ encrypting_reader::encrypting_reader(
|
||||
common_initialize(false);
|
||||
}
|
||||
|
||||
encrypting_reader::encrypting_reader(
|
||||
stop_type_callback stop_requested_cb, std::string_view encrypted_file_path,
|
||||
std::string_view source_path, const utils::hash::hash_256_t &master_key,
|
||||
const std::pair<kdf_config, kdf_config> &configs,
|
||||
std::vector<
|
||||
std::array<unsigned char, crypto_aead_xchacha20poly1305_IETF_NPUBBYTES>>
|
||||
iv_list,
|
||||
std::size_t error_return)
|
||||
: stop_requested_cb_(std::move(stop_requested_cb)),
|
||||
error_return_(error_return),
|
||||
source_file_(utils::file::file::open_or_create_file(source_path, true)),
|
||||
encrypted_file_name_(
|
||||
utils::path::strip_to_file_name(std::string{encrypted_file_path})),
|
||||
encrypted_file_path_(encrypted_file_path),
|
||||
iv_list_(std::move(iv_list)) {
|
||||
keys_.first = configs.first.recreate_subkey(
|
||||
utils::encryption::kdf_context::data, master_key);
|
||||
keys_.second = configs.second.recreate_subkey(
|
||||
utils::encryption::kdf_context::path, master_key);
|
||||
kdf_headers_ = {
|
||||
configs.first.to_header(),
|
||||
configs.second.to_header(),
|
||||
};
|
||||
common_initialize(false);
|
||||
}
|
||||
|
||||
encrypting_reader::encrypting_reader(const encrypting_reader &reader)
|
||||
: keys_(reader.keys_),
|
||||
stop_requested_cb_(reader.stop_requested_cb_),
|
||||
|
||||
@@ -63,7 +63,8 @@ auto kdf_config::generate_checksum() const -> std::uint64_t {
|
||||
return *reinterpret_cast<std::uint64_t *>(hash.data());
|
||||
}
|
||||
|
||||
auto kdf_config::from_header(data_cspan data, kdf_config &cfg) -> bool {
|
||||
auto kdf_config::from_header(data_cspan data, kdf_config &cfg,
|
||||
bool ignore_checksum) -> bool {
|
||||
if (data.size() < kdf_config::size()) {
|
||||
return false;
|
||||
}
|
||||
@@ -77,7 +78,7 @@ auto kdf_config::from_header(data_cspan data, kdf_config &cfg) -> bool {
|
||||
cfg.memlimit <= memlimit_level::level4 &&
|
||||
cfg.opslimit >= opslimit_level::level1 &&
|
||||
cfg.opslimit <= opslimit_level::level3 &&
|
||||
cfg.checksum == cfg.generate_checksum();
|
||||
(ignore_checksum || cfg.checksum == cfg.generate_checksum());
|
||||
}
|
||||
|
||||
void kdf_config::seal() {
|
||||
|
||||
Reference in New Issue
Block a user