doc/html/crypto__sym_8hpp_source.html

//*********************************************************************/

// dar - disk archive - a backup/restoration program

// Copyright (C) 2002-2025 Denis Corbin

//

// This program is free software; you can redistribute it and/or

// modify it under the terms of the GNU General Public License

// as published by the Free Software Foundation; either version 2

// of the License, or (at your option) any later version.

//

// This program is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU General Public License for more details.

//

// You should have received a copy of the GNU General Public License

// along with this program; if not, write to the Free Software

// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

//

// to contact the author, see the AUTHOR file

/*********************************************************************/


#ifndef CRYPTO_SYM_HPP

#define CRYPTO_SYM_HPP


extern "C"

{

#if HAVE_GCRYPT_H

#ifndef GCRYPT_NO_DEPRECATED

#define GCRYPT_NO_DEPRECATED

#endif

#include <gcrypt.h>

#endif

}


#include "../my_config.h"

#include <string>


#include "crypto_module.hpp"

#include "secu_string.hpp"

#include "crypto.hpp"

#include "archive_aux.hpp"

#include "archive_version.hpp"


namespace libdar

{


    inline bool crypto_min_ver_libgcrypt_no_bug()

    {

#if CRYPTO_AVAILABLE

    return gcry_check_version(MIN_VERSION_GCRYPT_HASH_BUG);

#else

    return true;

#endif

    }


    class crypto_sym : public crypto_module

    {

    public:

    crypto_sym(const secu_string & password,

           const archive_version & reading_ver,

           crypto_algo algo,

           const std::string & salt,

           const infinint & iteration_count,

           hash_algo kdf_hash,

           bool use_pkcs5

        );

    crypto_sym(const crypto_sym & ref) { copy_from(ref); };

    crypto_sym(crypto_sym && ref) noexcept { try { move_from(std::move(ref)); } catch(...) {} };

    crypto_sym & operator = (const crypto_sym & ref) { detruit(); copy_from(ref); return *this; };

    crypto_sym & operator = (crypto_sym && ref) noexcept { try { detruit(); move_from(std::move(ref)); } catch(...) {} return *this; };

    virtual ~crypto_sym() noexcept { try { detruit(); } catch(...) {} };


        // inherited from class crypto_module


    virtual U_32 encrypted_block_size_for(U_32 clear_block_size) override;

    virtual U_32 clear_block_allocated_size_for(U_32 clear_block_size) override;

    virtual U_32 encrypt_data(const infinint & block_num,

                  const char *clear_buf,

                  const U_32 clear_size,

                  const U_32 clear_allocated,

                  char *crypt_buf, U_32 crypt_size) override;

    virtual U_32 decrypt_data(const infinint & block_num,

                  const char *crypt_buf,

                  const U_32 crypt_size,

                  char *clear_buf,

                  U_32 clear_size) override;

    virtual std::unique_ptr<crypto_module> clone() const override;


    const std::string & get_salt() const { return sel; };


    static size_t max_key_len(crypto_algo algo);


    static size_t max_key_len_libdar(crypto_algo algo);


    static bool is_a_strong_password(crypto_algo algo, const secu_string & password);


    private:

    std::string sel;

#if CRYPTO_AVAILABLE

    archive_version reading_ver;

    crypto_algo algo;

    secu_string hashed_password;

    secu_string essiv_password;

    gcry_cipher_hd_t main_clef;

    gcry_cipher_hd_t essiv_clef;

    size_t algo_block_size;

    unsigned char *ivec;


    void init_hashed_password(const secu_string & password,

                  bool use_pkcs5,

                  const std::string & salt,

                  infinint iteration_count,

                  hash_algo kdf_hash,

                  crypto_algo algo);

    void init_essiv_password(const secu_string & key,

                 unsigned int IV_hashing);

    void init_main_clef(const secu_string & password,

                crypto_algo algo

        );

    void init_essiv_clef(const secu_string & essiv_password,

                 U_I IV_cipher,

                 U_I main_cipher_algo_block_size);

    void init_algo_block_size(crypto_algo algo);

    void init_ivec(crypto_algo algo, size_t algo_block_size);


    void detruit();

    void copy_from(const crypto_sym & ref);

    void move_from(crypto_sym && ref);


    static void get_IV_cipher_and_hashing(const archive_version & ver, U_I main_cipher, U_I & cipher, U_I & hashing);


    static void make_ivec(const infinint & ref,

                  unsigned char *ivec,

                  U_I size,

                  const gcry_cipher_hd_t & IVkey);


    static secu_string pkcs5_pass2key(const secu_string & password,

                      const std::string & salt,

                      U_I iteration_count,

                      U_I hash_gcrypt,

                      U_I output_length);


    static secu_string argon2_pass2key(const secu_string & password,

                       const std::string & salt,

                       U_I iteration_count,

                       U_I output_length);


    static U_I get_algo_id(crypto_algo algo);


    static std::string generate_salt(U_I size);


#ifdef LIBDAR_NO_OPTIMIZATION

    static bool self_tested;

    static void self_test(void);

#endif


#else

    void detruit() { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };

    void copy_from(const crypto_sym & ref) { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };

    void move_from(crypto_sym && ref) { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };

#endif

    };


} // end of namespace


#endif

archive_aux.hpp
set of datastructures used to interact with a catalogue object

archive_version.hpp
class archive_version that rules which archive format to follow

libdar::Ecompilation
exception used when a requested fearture has not beed activated at compilation time
Definition: erreurs.hpp:366

libdar::archive_version
class archive_version manages the version of the archive format
Definition: archive_version.hpp:47

libdar::crypto_sym
symetrical strong encryption, interface to grypt library
Definition: crypto_sym.hpp:67

libdar::crypto_sym::sel
std::string sel
the salt
Definition: crypto_sym.hpp:113

libdar::crypto_sym::crypto_sym
crypto_sym(const secu_string &password, const archive_version &reading_ver, crypto_algo algo, const std::string &salt, const infinint &iteration_count, hash_algo kdf_hash, bool use_pkcs5)

libdar::crypto_sym::max_key_len_libdar
static size_t max_key_len_libdar(crypto_algo algo)
returns the max key length in octets to use to compute a key from a user provided password

libdar::crypto_sym::is_a_strong_password
static bool is_a_strong_password(crypto_algo algo, const secu_string &password)
check whether the given password is reported as strong in regard to the given cipher

libdar::crypto_sym::get_salt
const std::string & get_salt() const
give access to the calculated or provided salt
Definition: crypto_sym.hpp:100

libdar::crypto_sym::max_key_len
static size_t max_key_len(crypto_algo algo)
returns the max key length in octets for the given algorithm

libdar::infinint
the arbitrary large positive integer class
Definition: real_infinint.hpp:62

libdar::secu_string
class secu_string
Definition: secu_string.hpp:54

crypto.hpp
the crypto algoritm definition

crypto_module.hpp
per block cryptography implementation

libdar::hash_algo
hash_algo
hashing algorithm available
Definition: archive_aux.hpp:63

libdar::crypto_algo
crypto_algo
the different cypher available for encryption (strong or weak)
Definition: crypto.hpp:50

libdar
libdar namespace encapsulate all libdar symbols
Definition: archive.hpp:47

secu_string.hpp
this file contains the definition of secu_string class, a std::string like class but allocated in sec...