|
VLink
2.0.0
A high-performance communication middleware
|
Thread-safe authenticated encryption with symmetric, asymmetric, and pluggable modes. 更多...
#include <security.h>
类 | |
| struct | Config |
Aggregate of every parameter accepted by the Security constructor. 更多... | |
Public 类型 | |
| using | Callback = Function< bool(const Bytes &in, Bytes &out)> |
| Callable signature for user-supplied encrypt / decrypt callbacks. 更多... | |
Public 成员函数 | |
| Security () | |
Constructs an empty Security; equivalent to Security(Config{}). 更多... | |
| Security (const Config &cfg) | |
| Constructs from a configuration aggregate, copying caller state. 更多... | |
| Security (Config &&cfg) | |
| Constructs from a configuration aggregate, moving caller state in. 更多... | |
| ~Security () | |
| Destroys the instance and zeroises any held symmetric key material in place. 更多... | |
| Security (Security &&) noexcept | |
Move-constructs from another Security; the source becomes default-constructed. 更多... | |
| Security & | operator= (Security &&) noexcept |
Move-assigns from another Security; the source becomes default-constructed. 更多... | |
| bool | encrypt (const Bytes &in, Bytes &out) |
Encrypts in into out using the highest-precedence active mode. 更多... | |
| bool | decrypt (const Bytes &in, Bytes &out) |
Decrypts in into out using the highest-precedence active mode. 更多... | |
| bool | is_configured () const noexcept |
| Reports whether at least one usable cryptographic slot is installed. 更多... | |
| bool | can_encrypt () const noexcept |
Reports whether encrypt() will succeed. 更多... | |
| bool | can_decrypt () const noexcept |
Reports whether decrypt() will succeed. 更多... | |
静态 Public 成员函数 | |
| static Config | from_private_key_path (const std::string &private_key_path) |
Loads a private-key PEM file into a fresh Config. 更多... | |
| static Config | from_public_key_path (const std::string &public_key_path) |
Loads a public-key PEM file into a fresh Config. 更多... | |
| static Config | from_key_paths (const std::string &public_key_path, const std::string &private_key_path) |
Loads both a public-key and a private-key PEM file into a fresh Config. 更多... | |
Thread-safe authenticated encryption with symmetric, asymmetric, and pluggable modes.
One Security instance per endpoint. Configuration is supplied through Config at construction time; copy and assignment are deleted, move is supported. Each call to encrypt() / decrypt() selects a mode using the precedence order described in the file-level mode summary diagram.
| using vlink::Security::Callback = Function<bool(const Bytes& in, Bytes& out)> |
| vlink::Security::Security | ( | ) |
Constructs an empty Security; equivalent to Security(Config{}).
With built-in algorithms compiled in, this installs the default symmetric slot; otherwise the instance reports is_configured() == false and refuses to encrypt or decrypt.
|
explicit |
Constructs from a configuration aggregate, copying caller state.
| cfg | Configuration aggregate; every non-empty field is validated and installed. |
|
explicit |
Constructs from a configuration aggregate, moving caller state in.
| cfg | Configuration aggregate consumed during construction. |
| vlink::Security::~Security | ( | ) |
Destroys the instance and zeroises any held symmetric key material in place.
|
noexcept |
Move-constructs from another Security; the source becomes default-constructed.
|
noexcept |
Reports whether decrypt() will succeed.
Requires at least one of: a custom callback pair, a derived AES-128 key, or a local private_key_pem. A bare public_key_pem alone is insufficient.
true when a decryption capability is installed.
|
noexcept |
Reports whether encrypt() will succeed.
Requires at least one of: a custom callback pair, a derived AES-128 key, or a peer public_key_pem. A bare private_key_pem alone is insufficient.
true when an encryption capability is installed. Decrypts in into out using the highest-precedence active mode.
Mode selection mirrors encrypt() but uses the inbound direction (custom > asymmetric private key > symmetric). Tampered ciphertext, mismatched AAD, replayed sequence numbers, and missing or invalid RSA-PSS signatures (when verify_key_pem is set) cause failure.
| in | Ciphertext produced by a peer's encrypt(). |
| out | Output buffer overwritten on success and emptied on failure. |
true on success; false otherwise. Encrypts in into out using the highest-precedence active mode.
The selected mode follows the precedence summarised in the file-level diagram: custom > asymmetric (public key present) > symmetric. Empty in fails; AEAD requires at least one byte of authenticated material. Inputs exceeding INT_MAX bytes are rejected.
| in | Plaintext payload. |
| out | Output buffer overwritten on success and emptied on failure. |
true on success; false otherwise.
|
static |
|
static |
Loads a private-key PEM file into a fresh Config.
Reads the file at construction time and populates Config::private_key_pem. RSA validation is deferred until the Security constructor consumes the config.
| private_key_path | Filesystem path of the PEM-encoded private key. |
Config; private_key_pem is empty when the file is unreadable.
|
static |
|
noexcept |
Reports whether at least one usable cryptographic slot is installed.
A true result merely means the instance can call encrypt() or decrypt() in some direction; senders should additionally verify can_encrypt() and receivers can_decrypt() to catch direction-specific RSA misconfiguration.
true when any slot is usable in either direction. Move-assigns from another Security; the source becomes default-constructed.