Disk ARchive  2.7.14
Full featured and portable backup and archiving tool
crypto_sym.hpp
Go to the documentation of this file.
1 //*********************************************************************/
2 // dar - disk archive - a backup/restoration program
3 // Copyright (C) 2002-2024 Denis Corbin
4 //
5 // This program is free software; you can redistribute it and/or
6 // modify it under the terms of the GNU General Public License
7 // as published by the Free Software Foundation; either version 2
8 // of the License, or (at your option) any later version.
9 //
10 // This program is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with this program; if not, write to the Free Software
17 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 //
19 // to contact the author, see the AUTHOR file
20 /*********************************************************************/
21 
25 
26 #ifndef CRYPTO_SYM_HPP
27 #define CRYPTO_SYM_HPP
28 
29 extern "C"
30 {
31 #if HAVE_GCRYPT_H
32 #ifndef GCRYPT_NO_DEPRECATED
33 #define GCRYPT_NO_DEPRECATED
34 #endif
35 #include <gcrypt.h>
36 #endif
37 }
38 
39 #include "../my_config.h"
40 #include <string>
41 
42 #include "crypto_module.hpp"
43 #include "secu_string.hpp"
44 #include "crypto.hpp"
45 #include "archive_aux.hpp"
46 #include "archive_version.hpp"
47 
48 
49 namespace libdar
50 {
51 
54 
55  inline bool crypto_min_ver_libgcrypt_no_bug()
56  {
57 #if CRYPTO_AVAILABLE
58  return gcry_check_version(MIN_VERSION_GCRYPT_HASH_BUG);
59 #else
60  return true;
61 #endif
62  }
63 
65 
66  class crypto_sym : public crypto_module
67  {
68  public:
69  crypto_sym(const secu_string & password,
70  const archive_version & reading_ver,
71  crypto_algo algo,
72  const std::string & salt,
73  const infinint & iteration_count,
74  hash_algo kdf_hash,
75  bool use_pkcs5
76  );
77  crypto_sym(const crypto_sym & ref) { copy_from(ref); };
78  crypto_sym(crypto_sym && ref) noexcept { try { move_from(std::move(ref)); } catch(...) {} };
79  crypto_sym & operator = (const crypto_sym & ref) { detruit(); copy_from(ref); return *this; };
80  crypto_sym & operator = (crypto_sym && ref) noexcept { try { detruit(); move_from(std::move(ref)); } catch(...) {} return *this; };
81  virtual ~crypto_sym() noexcept { try { detruit(); } catch(...) {} };
82 
83  // inherited from class crypto_module
84 
85  virtual U_32 encrypted_block_size_for(U_32 clear_block_size) override;
86  virtual U_32 clear_block_allocated_size_for(U_32 clear_block_size) override;
87  virtual U_32 encrypt_data(const infinint & block_num,
88  const char *clear_buf,
89  const U_32 clear_size,
90  const U_32 clear_allocated,
91  char *crypt_buf, U_32 crypt_size) override;
92  virtual U_32 decrypt_data(const infinint & block_num,
93  const char *crypt_buf,
94  const U_32 crypt_size,
95  char *clear_buf,
96  U_32 clear_size) override;
97  virtual std::unique_ptr<crypto_module> clone() const override;
98 
100  const std::string & get_salt() const { return sel; };
101 
102 
104  static size_t max_key_len(crypto_algo algo);
105 
107  static size_t max_key_len_libdar(crypto_algo algo);
108 
110  static bool is_a_strong_password(crypto_algo algo, const secu_string & password);
111 
112  private:
113  std::string sel;
114 #if CRYPTO_AVAILABLE
115  archive_version reading_ver;
116  crypto_algo algo;
117  secu_string hashed_password;
118  secu_string essiv_password;
119  gcry_cipher_hd_t main_clef;
120  gcry_cipher_hd_t essiv_clef;
121  size_t algo_block_size;
122  unsigned char *ivec;
123 
124  void init_hashed_password(const secu_string & password,
125  bool use_pkcs5,
126  const std::string & salt,
127  infinint iteration_count,
128  hash_algo kdf_hash,
129  crypto_algo algo);
130  void init_essiv_password(const secu_string & key,
131  unsigned int IV_hashing);
132  void init_main_clef(const secu_string & password,
133  crypto_algo algo
134  );
135  void init_essiv_clef(const secu_string & essiv_password,
136  U_I IV_cipher,
137  U_I main_cipher_algo_block_size);
138  void init_algo_block_size(crypto_algo algo);
139  void init_ivec(crypto_algo algo, size_t algo_block_size);
140 
141  void detruit();
142  void copy_from(const crypto_sym & ref);
143  void move_from(crypto_sym && ref);
144 
146 
148 
149  static void get_IV_cipher_and_hashing(const archive_version & ver, U_I main_cipher, U_I & cipher, U_I & hashing);
150 
152 
158  static void make_ivec(const infinint & ref,
159  unsigned char *ivec,
160  U_I size,
161  const gcry_cipher_hd_t & IVkey);
162 
164  static secu_string pkcs5_pass2key(const secu_string & password,
165  const std::string & salt,
166  U_I iteration_count,
167  U_I hash_gcrypt,
168  U_I output_length);
169 
171  static secu_string argon2_pass2key(const secu_string & password,
172  const std::string & salt,
173  U_I iteration_count,
174  U_I output_length);
175 
177  static U_I get_algo_id(crypto_algo algo);
178 
180  static std::string generate_salt(U_I size);
181 
182 #ifdef LIBDAR_NO_OPTIMIZATION
183  static bool self_tested;
184  static void self_test(void);
185 #endif
186 
187 #else
188  void detruit() { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };
189  void copy_from(const crypto_sym & ref) { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };
190  void move_from(crypto_sym && ref) { throw Ecompilation(gettext("Strong encryption support (libgcrypt)")); };
191 #endif
192  };
193 
195 
196 } // end of namespace
197 
198 #endif
set of datastructures used to interact with a catalogue object
class archive_version that rules which archive format to follow
exception used when a requested fearture has not beed activated at compilation time
Definition: erreurs.hpp:366
class archive_version manages the version of the archive format
symetrical strong encryption, interface to grypt library
Definition: crypto_sym.hpp:67
std::string sel
the salt
Definition: crypto_sym.hpp:113
crypto_sym(const secu_string &password, const archive_version &reading_ver, crypto_algo algo, const std::string &salt, const infinint &iteration_count, hash_algo kdf_hash, bool use_pkcs5)
const std::string & get_salt() const
give access to the calculated or provided salt
Definition: crypto_sym.hpp:100
static size_t max_key_len_libdar(crypto_algo algo)
returns the max key length in octets to use to compute a key from a user provided password
static bool is_a_strong_password(crypto_algo algo, const secu_string &password)
check whether the given password is reported as strong in regard to the given cipher
static size_t max_key_len(crypto_algo algo)
returns the max key length in octets for the given algorithm
the arbitrary large positive integer class
class secu_string
Definition: secu_string.hpp:54
the crypto algoritm definition
per block cryptography implementation
hash_algo
hashing algorithm available
Definition: archive_aux.hpp:63
crypto_algo
the different cypher available for encryption (strong or weak)
Definition: crypto.hpp:50
libdar namespace encapsulate all libdar symbols
Definition: archive.hpp:47
this file contains the definition of secu_string class, a std::string like class but allocated in sec...