encryption.hpp

/* -*- mode: c++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
 *
 * Copyright (C) 2025 Marco Craveiro <marco.craveiro@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 3 of the License, or (at your option) any later
 * version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 51
 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 *
 */
#ifndef ORES_SECURITY_CRYPTO_ENCRYPTION_HPP
#define ORES_SECURITY_CRYPTO_ENCRYPTION_HPP
 
#include <string>
#include <vector>
 
namespace ores::security::crypto {
 
class encryption final {
public:
    static constexpr size_t SALT_LEN = 16;
    static constexpr size_t IV_LEN = 12;
    static constexpr size_t TAG_LEN = 16;
    static constexpr size_t KEY_LEN = 32;  // AES-256
    static constexpr int PBKDF2_ITERATIONS = 600000;  // OWASP recommendation
 
    static std::string encrypt(const std::string& plaintext,
                               const std::string& password);
 
    static std::string decrypt(const std::string& encrypted_data,
                               const std::string& password);
 
    static bool verify_password(const std::string& encrypted_data,
                                const std::string& password);
 
private:
    static std::vector<unsigned char> derive_key(
        const std::string& password,
        const std::vector<unsigned char>& salt);
};
 
}
 
#endif