120 #include "../base/bytes.h"
121 #include "../base/functional.h"
122 #include "../base/macros.h"
171 uint32_t replay_window{4096U};
179 uint32_t pbkdf2_iterations{200000U};
216 [[nodiscard]]
static Config from_key_paths(
const std::string& public_key_path,
const std::string& private_key_path);
296 [[nodiscard]]
bool is_configured() const noexcept;
307 [[nodiscard]]
bool can_encrypt() const noexcept;
318 [[nodiscard]]
bool can_decrypt() const noexcept;
322 std::unique_ptr<Impl> impl_;
Fixed-size 128-byte buffer holder with SBO, five ownership modes and integrated codecs.
Definition: bytes.h:120
Thread-safe authenticated encryption with symmetric, asymmetric, and pluggable modes.
Definition: security.h:136
static Config from_public_key_path(const std::string &public_key_path)
Loads a public-key PEM file into a fresh Config.
Security()
Constructs an empty Security; equivalent to Security(Config{}).
Security(const Config &cfg)
Constructs from a configuration aggregate, copying caller state.
static Config from_private_key_path(const std::string &private_key_path)
Loads a private-key PEM file into a fresh Config.
static Config from_key_paths(const std::string &public_key_path, const std::string &private_key_path)
Loads both a public-key and a private-key PEM file into a fresh Config.
~Security()
Destroys the instance and zeroises any held symmetric key material in place.
Security(Config &&cfg)
Constructs from a configuration aggregate, moving caller state in.
Security(Security &&) noexcept
Move-constructs from another Security; the source becomes default-constructed.
#define VLINK_EXPORT
Definition: macros.h:81
#define VLINK_DISALLOW_COPY_AND_ASSIGN(classname)
Deletes the copy constructor and copy-assignment operator of classname.
Definition: macros.h:174
Low-frequency policy knobs and sender-authentication keys.
Definition: security.h:169
std::string aad_context
Application or channel tag (<= 65535 bytes) bound into AEAD AAD.
Definition: security.h:170
std::string signing_key_pem
Local RSA private key (PEM) used to sign with RSA-PSS-SHA256.
Definition: security.h:172
std::string verify_key_pem
Peer's RSA public key (PEM) required for RSA-PSS verification.
Definition: security.h:173
Aggregate of every parameter accepted by the Security constructor.
Definition: security.h:164
std::string private_key_pem
Local RSA private key (PEM) for RSA-OAEP inbound unwrap.
Definition: security.h:181
Advanced advanced
AAD, replay window, and signing / verifying PEM material.
Definition: security.h:184
Callback encrypt_callback
Custom encrypt; bypasses the built-in AEAD pipeline.
Definition: security.h:182
Bytes pbkdf2_salt
Per-deployment salt (>=16 bytes) shared out of band.
Definition: security.h:178
std::string key
Raw symmetric seed; SHA-256 truncated to 16 bytes.
Definition: security.h:176
std::string public_key_pem
Peer's RSA public key (PEM) for RSA-OAEP outbound wrap.
Definition: security.h:180
std::string passphrase
Low-entropy passphrase consumed by PBKDF2-HMAC-SHA256.
Definition: security.h:177
Callback decrypt_callback
Custom decrypt; must accompany encrypt_callback.
Definition: security.h:183