|
VLink
2.0.0
A high-performance communication middleware
|
Application-layer authenticated encryption with symmetric, hybrid asymmetric, and pluggable backends. 更多...
#include <cstdint>#include <memory>#include <string>#include "../base/bytes.h"#include "../base/functional.h"#include "../base/macros.h"类 | |
| class | vlink::Security |
| Thread-safe authenticated encryption with symmetric, asymmetric, and pluggable modes. 更多... | |
| struct | vlink::Security::Config |
Aggregate of every parameter accepted by the Security constructor. 更多... | |
| struct | vlink::Security::Config::Advanced |
| Low-frequency policy knobs and sender-authentication keys. 更多... | |
命名空间 | |
| vlink | |
Application-layer authenticated encryption with symmetric, hybrid asymmetric, and pluggable backends.
Security sits between VLink serialisation and any transport layer. Every endpoint (publisher / subscriber / client / server / setter / getter) may own at most one Security instance; the instance authenticates and encrypts each outbound message and verifies and decrypts each inbound message before the transport sees the payload. It is fully orthogonal to the channel-level TLS controlled by SslOptions and can be combined with it.
Compiling with VLINK_ENABLE_SECURITY enables the OpenSSL-backed default crypto suite. Without that macro only the user-supplied callback path is available.
| Algorithm | Key size | Mode / construction | Used for |
|---|---|---|---|
| AES-GCM | 128 bit | AEAD, 12-byte nonce, 16-byte tag | bulk encrypt / decrypt |
| RSA-OAEP-SHA256 | >= 2048 b | wrap a fresh per-message AES key | asymmetric session-key wrap |
| RSA-PSS-SHA256 | >= 2048 b | sender signature over AAD-bound envelope | optional sender identity |
| SHA-256 truncation | 256 -> 128 | derive raw key -> AES-128 key | symmetric key derivation |
| PBKDF2-HMAC-SHA256 | configurable iters | derive passphrase -> AES-128 | symmetric key derivation |
| Source | Selector field(s) | Notes |
|---|---|---|
| Built-in default symmetric | every cryptographic field empty | only with VLINK_ENABLE_SECURITY |
| Explicit raw key | Config::key | SHA-256 truncated to AES-128 |
| Passphrase + salt | Config::passphrase + pbkdf2_salt | PBKDF2-HMAC-SHA256 @ iterations |
| Peer public-key PEM | Config::public_key_pem | RSA-OAEP wrap of a fresh session key |
| Local private-key PEM | Config::private_key_pem | RSA-OAEP unwrap of session key |
| Custom callback pair | encrypt_callback + decrypt_callback | bypasses every built-in algorithm |
encrypt() / decrypt() are serialised by an internal mutex.Security instance to change keys or callbacks.VLINK_ENABLE_SECURITY is undefined only the callback path is usable; other fields are accepted but emit a warning and remain unconfigured.