Implement secure key via KDF for transparent data encryption/decryption #60

support/include/utils/encrypting_reader.hpp

@@ -79,6 +79,13 @@ public:
                     std::optional<std::string> relative_parent_path,
                     std::size_t error_return = 0U);
 
+  encrypting_reader(std::string_view file_name, std::string_view source_path,
+                    stop_type_callback stop_requested_cb,
+                    const utils::hash::hash_256_t &master_key,
+                    const std::pair<kdf_config, kdf_config> &configs,
+                    std::optional<std::string> relative_parent_path,
+                    std::size_t error_return = 0U);
+
   encrypting_reader(stop_type_callback stop_requested_cb,
                     std::string_view encrypted_file_path,
                     std::string_view source_path,
@@ -94,6 +101,16 @@ public:
           iv_list,
       std::size_t error_return = 0U);
 
+  encrypting_reader(
+      stop_type_callback stop_requested_cb,
+      std::string_view encrypted_file_path, std::string_view source_path,
+      const utils::hash::hash_256_t &master_key,
+      const std::pair<kdf_config, kdf_config> &configs,
+      std::vector<std::array<unsigned char,
+                             crypto_aead_xchacha20poly1305_IETF_NPUBBYTES>>
+          iv_list,
+      std::size_t error_return = 0U);
+
   encrypting_reader(const encrypting_reader &reader);
   encrypting_reader(encrypting_reader &&) = delete;
 

support/include/utils/encryption.hpp

@@ -173,8 +173,8 @@ struct kdf_config final {
     return sub_key;
   }
 
-  [[nodiscard]] static auto from_header(data_cspan data, kdf_config &cfg)
-      -> bool;
+  [[nodiscard]] static auto from_header(data_cspan data, kdf_config &cfg,
+                                        bool ignore_checksum = false) -> bool;
 
   [[nodiscard]] auto generate_checksum() const -> std::uint64_t;