Added support for encrypting/decrypting large files (#6)

* Increased file buffer size and introduced PWCRYPT_CCRUSH_BUFFER_SIZE_KIB.

* Rewrote pwcrypt_encrypt to write in chunks.

* Had to introduce lib chillbuff to properly implement v4.4.0 of the pwcrypt_decrypt function.

* Reduced argon2id params inside tests.c to speed things up...

* Cleanup.

* Upgraded lib/ccrush to v2.1.1

* Improved pwcrypt_encrypt function by using a chillbuff instead of output buffer size approximations.

Author: GlitchedPolygons

CMakeLists.txt

@@ -19,8 +19,8 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/cmake" ${CMAKE_MODULE_PATH})
 
 set(${PROJECT_NAME}_MAJOR 4)
-set(${PROJECT_NAME}_MINOR 3)
-set(${PROJECT_NAME}_PATCH 1)
+set(${PROJECT_NAME}_MINOR 4)
+set(${PROJECT_NAME}_PATCH 0)
 set(${PROJECT_NAME}_VERSION_STRING "${${PROJECT_NAME}_MAJOR}.${${PROJECT_NAME}_MINOR}.${${PROJECT_NAME}_PATCH}")
 
 option(ENABLE_TESTING "Build MbedTLS tests." OFF)
@@ -89,10 +89,15 @@ if (NOT TARGET ccrush)
     add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/lib/ccrush ccrush)
 endif ()
 
+if (NOT TARGET chillbuff)
+    add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/lib/ccrush/lib/chillbuff chillbuff)
+endif ()
+
 set_property(TARGET ccrush PROPERTY POSITION_INDEPENDENT_CODE ON)
 
 target_link_libraries(${PROJECT_NAME}
         PUBLIC ccrush
+        PUBLIC chillbuff
         PUBLIC mbedcrypto
         )
 

README.md

@@ -116,8 +116,6 @@ Append `--algorithm=chachapoly` at the end to use the [ChaCha20-Poly1305](https:
 
 Since [v4.3.0](https://github.com/GlitchedPolygons/pwcrypt/releases/tag/4.3.0) it is now possible to make the pwcrypt CLI read the input from `stdin`.
 
-> ⚠️ Warning: encrypting [files larger than 64 GiB will fail miserably when using AES-GCM](https://crypto.stackexchange.com/a/31798): please use the ChaCha20-Poly1305 algorithm in that case (pass the `--algorithm=chachapoly` argument to the CLI to do so).
-
 To do so, just pass `-` as the input parameter after the `e` or `d` argument. The `--file=/output/file/path/here` still works (and if it's not set, the output will be written to `stdout`).
 
 For example, to compress and encrypt a whole directory you could pipe the result of `tar` into `pwcrypt`. Such a command would look like this:

include/pwcrypt.h

@@ -72,19 +72,12 @@ static const uint8_t EMPTY64[64] = {
 /**
  * Current version of the used pwcrypt library.
  */
-#define PWCRYPT_VERSION 431
+#define PWCRYPT_VERSION 440
 
 /**
  * Current version of the used pwcrypt library (nicely-formatted string).
  */
-#define PWCRYPT_VERSION_STR "4.3.1"
-
-#ifndef PWCRYPT_Z_CHUNKSIZE
-/**
- * Default chunksize to use for compressing and decompressing buffers.
- */
-#define PWCRYPT_Z_CHUNKSIZE (1024 * 256)
-#endif
+#define PWCRYPT_VERSION_STR "4.4.0"
 
 #ifndef PWCRYPT_ARGON2_T_COST
 /**
@@ -119,9 +112,16 @@ static const uint8_t EMPTY64[64] = {
 
 #ifndef PWCRYPT_FILE_BUFFER_SIZE
 /**
- * The size in bytes of the file's background buffer.
+ * The buffer size in bytes to use for reading/writing files.
+ */
+#define PWCRYPT_FILE_BUFFER_SIZE (1024 * 512)
+#endif
+
+#ifndef PWCRYPT_CCRUSH_BUFFER_SIZE_KIB
+/**
+ * The buffer size in KiB to use for compressing/decompressing via ccrush.
  */
-#define PWCRYPT_FILE_BUFFER_SIZE (1024 * 256)
+#define PWCRYPT_CCRUSH_BUFFER_SIZE_KIB 256
 #endif
 
 /**
@@ -175,6 +175,11 @@ static const uint8_t EMPTY64[64] = {
  */
 #define PWCRYPT_ERROR_FILE_FAILURE 9000
 
+/**
+ * Error code for failures concerning the output buffer (which uses the chillbuff lib to grow dynamically).
+ */
+#define PWCRYPT_ERROR_CHILLBUFF_FAILURE 10000
+
 /**
  * Picks the smaller of two numbers.
  */
@@ -377,6 +382,15 @@ PWCRYPT_API void pwcrypt_free(void* ptr);
  */
 PWCRYPT_API FILE* pwcrypt_fopen(const char* filename, const char* mode);
 
+/**
+ * Compares two blocks of memory against equality in a cryptographically safe manner (time-safe impl./constant-time comparison).
+ * @param mem1 Memory block 1 to compare.
+ * @param mem2 Memory block 2 to compare.
+ * @param n How many bytes to compare.
+ * @return Returns <code>0</code> if the two memory blocks are equal for the passed amount of bytes.
+ */
+PWCRYPT_API int pwcrypt_memcmp(const void* mem1, const void* mem2, size_t n);
+
 #ifdef __cplusplus
 } // extern "C"
 #endif