From faaf7648a8df8b1b62f9bf27e3fbd096daf73e81 Mon Sep 17 00:00:00 2001 From: "Scott E. Graves" Date: Fri, 29 Aug 2025 19:45:04 -0500 Subject: [PATCH] Implement secure key via KDF for transparent data encryption/decryption #60 --- CHANGELOG.md | 1 + support/src/utils/encryption.cpp | 87 ++++++++++++++++---------------- 2 files changed, 45 insertions(+), 43 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13c6da10..ebe7bb95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ * \#54 Remove 'default' as initial bucket name for Sia * \#58 Create macOS bundle for simplified installation * \#59 [bug] [ui] UI is hanging after launching repertory mount in background +* \#60 Implement secure key via KDF for transparent data encryption/decryption * \#61 [ui] UI theme should match repertory blue ## v2.0.7-release diff --git a/support/src/utils/encryption.cpp b/support/src/utils/encryption.cpp index f600ae18..18087155 100644 --- a/support/src/utils/encryption.cpp +++ b/support/src/utils/encryption.cpp @@ -84,6 +84,50 @@ void kdf_config::seal() { checksum = generate_checksum(); } +auto decrypt_file_name(std::string_view encryption_token, + std::string &file_name) -> bool { + data_buffer buffer; + if (not utils::collection::from_hex_string(file_name, buffer)) { + return false; + } + + file_name.clear(); + return utils::encryption::decrypt_data(encryption_token, buffer, file_name); +} + +auto decrypt_file_name(std::string_view encryption_token, const kdf_config &cfg, + std::string &file_name) -> bool { + data_buffer buffer; + if (not utils::collection::from_hex_string(file_name, buffer)) { + return false; + } + + file_name.clear(); + return utils::encryption::decrypt_data(encryption_token, cfg, buffer, + file_name); +} + +auto decrypt_file_name(const utils::hash::hash_256_t &master_key, + std::string &file_name) -> bool { + data_buffer buffer; + if (not utils::collection::from_hex_string(file_name, buffer)) { + return false; + } + + utils::encryption::kdf_config path_cfg; + if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) { + return false; + } + + auto path_key = path_cfg.recreate_subkey(utils::encryption::kdf_context::path, + master_key); + + file_name.clear(); + return utils::encryption::decrypt_data( + path_key, &buffer[utils::encryption::kdf_config::size()], + buffer.size() - utils::encryption::kdf_config::size(), file_name); +} + auto decrypt_file_path(std::string_view encryption_token, std::string &file_path) -> bool { std::vector decrypted_parts; @@ -147,49 +191,6 @@ auto decrypt_file_path(const utils::hash::hash_256_t &master_key, return true; } -auto decrypt_file_name(std::string_view encryption_token, - std::string &file_name) -> bool { - data_buffer buffer; - if (not utils::collection::from_hex_string(file_name, buffer)) { - return false; - } - - file_name.clear(); - return utils::encryption::decrypt_data(encryption_token, buffer, file_name); -} - -auto decrypt_file_name(std::string_view encryption_token, const kdf_config &cfg, - std::string &file_name) -> bool { - data_buffer buffer; - if (not utils::collection::from_hex_string(file_name, buffer)) { - return false; - } - - file_name.clear(); - return utils::encryption::decrypt_data(encryption_token, cfg, buffer, - file_name); -} - -auto decrypt_file_name(const utils::hash::hash_256_t &master_key, - std::string &file_name) -> bool { - data_buffer buffer; - if (not utils::collection::from_hex_string(file_name, buffer)) { - return false; - } - - utils::encryption::kdf_config path_cfg; - if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) { - return false; - } - - auto path_key = path_cfg.recreate_subkey(utils::encryption::kdf_context::path, - master_key); - - file_name.clear(); - return utils::encryption::decrypt_data( - path_key, &buffer[utils::encryption::kdf_config::size()], file_name); -} - template [[nodiscard]] auto read_encrypted_range(http_range range, const utils::hash::hash_256_t &key,