Implement secure key via KDF for transparent data encryption/decryption #60

CHANGELOG.md

@@ -14,6 +14,7 @@
 * \#54 Remove 'default' as initial bucket name for Sia
 * \#58 Create macOS bundle for simplified installation
 * \#59 [bug] [ui] UI is hanging after launching repertory mount in background
+* \#60 Implement secure key via KDF for transparent data encryption/decryption
 * \#61 [ui] UI theme should match repertory blue
 
 ## v2.0.7-release

support/src/utils/encryption.cpp

@@ -84,6 +84,50 @@ void kdf_config::seal() {
   checksum = generate_checksum();
 }
 
+auto decrypt_file_name(std::string_view encryption_token,
+                       std::string &file_name) -> bool {
+  data_buffer buffer;
+  if (not utils::collection::from_hex_string(file_name, buffer)) {
+    return false;
+  }
+
+  file_name.clear();
+  return utils::encryption::decrypt_data(encryption_token, buffer, file_name);
+}
+
+auto decrypt_file_name(std::string_view encryption_token, const kdf_config &cfg,
+                       std::string &file_name) -> bool {
+  data_buffer buffer;
+  if (not utils::collection::from_hex_string(file_name, buffer)) {
+    return false;
+  }
+
+  file_name.clear();
+  return utils::encryption::decrypt_data(encryption_token, cfg, buffer,
+                                         file_name);
+}
+
+auto decrypt_file_name(const utils::hash::hash_256_t &master_key,
+                       std::string &file_name) -> bool {
+  data_buffer buffer;
+  if (not utils::collection::from_hex_string(file_name, buffer)) {
+    return false;
+  }
+
+  utils::encryption::kdf_config path_cfg;
+  if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) {
+    return false;
+  }
+
+  auto path_key = path_cfg.recreate_subkey(utils::encryption::kdf_context::path,
+                                           master_key);
+
+  file_name.clear();
+  return utils::encryption::decrypt_data(
+      path_key, &buffer[utils::encryption::kdf_config::size()],
+      buffer.size() - utils::encryption::kdf_config::size(), file_name);
+}
+
 auto decrypt_file_path(std::string_view encryption_token,
                        std::string &file_path) -> bool {
   std::vector<std::string> decrypted_parts;
@@ -147,49 +191,6 @@ auto decrypt_file_path(const utils::hash::hash_256_t &master_key,
   return true;
 }
 
-auto decrypt_file_name(std::string_view encryption_token,
-                       std::string &file_name) -> bool {
-  data_buffer buffer;
-  if (not utils::collection::from_hex_string(file_name, buffer)) {
-    return false;
-  }
-
-  file_name.clear();
-  return utils::encryption::decrypt_data(encryption_token, buffer, file_name);
-}
-
-auto decrypt_file_name(std::string_view encryption_token, const kdf_config &cfg,
-                       std::string &file_name) -> bool {
-  data_buffer buffer;
-  if (not utils::collection::from_hex_string(file_name, buffer)) {
-    return false;
-  }
-
-  file_name.clear();
-  return utils::encryption::decrypt_data(encryption_token, cfg, buffer,
-                                         file_name);
-}
-
-auto decrypt_file_name(const utils::hash::hash_256_t &master_key,
-                       std::string &file_name) -> bool {
-  data_buffer buffer;
-  if (not utils::collection::from_hex_string(file_name, buffer)) {
-    return false;
-  }
-
-  utils::encryption::kdf_config path_cfg;
-  if (not utils::encryption::kdf_config::from_header(buffer, path_cfg)) {
-    return false;
-  }
-
-  auto path_key = path_cfg.recreate_subkey(utils::encryption::kdf_context::path,
-                                           master_key);
-
-  file_name.clear();
-  return utils::encryption::decrypt_data(
-      path_key, &buffer[utils::encryption::kdf_config::size()], file_name);
-}
-
 template <typename data_t>
 [[nodiscard]] auto
 read_encrypted_range(http_range range, const utils::hash::hash_256_t &key,