libcryfs/src/cryfs/config/CryConfigLoader.cpp

#include "CryConfigLoader.h"
#include "CryConfigFile.h"
#include <boost/filesystem.hpp>
#include <cpp-utils/random/Random.h>
#include <cpp-utils/logging/logging.h>
#include <boost/algorithm/string/predicate.hpp>
#include <gitversion/gitversion.h>

namespace bf = boost::filesystem;
using cpputils::unique_ref;
using cpputils::make_unique_ref;
using cpputils::Console;
using cpputils::IOStreamConsole;
using cpputils::Random;
using cpputils::RandomGenerator;
using cpputils::SCryptSettings;
using boost::optional;
using boost::none;
using std::shared_ptr;
using std::vector;
using std::string;
using std::function;
using std::shared_ptr;
using namespace cpputils::logging;

namespace cryfs {

CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive)
    : _creator(std::move(console), keyGenerator, noninteractive), _scryptSettings(scryptSettings),
      _askPasswordForExistingFilesystem(askPasswordForExistingFilesystem), _askPasswordForNewFilesystem(askPasswordForNewFilesystem),
      _cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine) {
}

optional<CryConfigFile> CryConfigLoader::_loadConfig(const bf::path &filename) {
  string password = _askPasswordForExistingFilesystem();
  std::cout << "Loading config file (this can take some time)..." << std::flush;
  auto config = CryConfigFile::load(filename, password);
  if (config == none) {
    return none;
  }
  std::cout << "done" << std::endl;
  _checkVersion(*config->config());
  if (config->config()->Version() != gitversion::VersionString()) {
    config->config()->SetVersion(gitversion::VersionString());
    config->save();
  }
  _checkCipher(*config->config());
  return std::move(*config);
}

void CryConfigLoader::_checkVersion(const CryConfig &config) {
  const string allowedVersionPrefix = string() + gitversion::MajorVersion() + "." + gitversion::MinorVersion() + ".";
  if (!boost::starts_with(config.Version(), allowedVersionPrefix)) {
    throw std::runtime_error(string() + "This filesystem was created with CryFS " + config.Version() + " and is incompatible. Please create a new one with your version of CryFS and migrate your data.");
  }
}

void CryConfigLoader::_checkCipher(const CryConfig &config) const {
  if (_cipherFromCommandLine != none && config.Cipher() != *_cipherFromCommandLine) {
    throw std::runtime_error(string() + "Filesystem uses " + config.Cipher() + " cipher and not " + *_cipherFromCommandLine + " as specified.");
  }
}

optional<CryConfigFile> CryConfigLoader::loadOrCreate(const bf::path &filename) {
  if (bf::exists(filename)) {
    return _loadConfig(filename);
  } else {
    return _createConfig(filename);
  }
}

CryConfigFile CryConfigLoader::_createConfig(const bf::path &filename) {
  auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine);
  //TODO Ask confirmation if using insecure password (<8 characters)
  string password = _askPasswordForNewFilesystem();
  std::cout << "Creating config file (this can take some time)..." << std::flush;
  auto result = CryConfigFile::create(filename, std::move(config), password, _scryptSettings);
  std::cout << "done" << std::endl;
  return result;
}


}
Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00			`#include "CryConfigLoader.h"`
Refactor config file handling 2015-10-19 02:46:47 +02:00			`#include "CryConfigFile.h"`
Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00			`#include <boost/filesystem.hpp>`
Merge all git repositories into one 2016-02-11 16:39:42 +01:00			`#include <cpp-utils/random/Random.h>`
			`#include <cpp-utils/logging/logging.h>`
Adding the file access times makes CryFS 0.9 incompatible with earlier versions. This commit adds a warning telling the user when they try to mount an old file system. 2016-02-09 10:55:28 +01:00			`#include <boost/algorithm/string/predicate.hpp>`
Switch to new git version number recognition 2016-03-02 13:53:37 +01:00			`#include <gitversion/gitversion.h>`
Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00
			`namespace bf = boost::filesystem;`
More use of unique_ref instead of unique_ptr 2015-06-18 13:45:08 +02:00			`using cpputils::unique_ref;`
			`using cpputils::make_unique_ref;`
Refactor directory structure 2015-09-12 20:16:13 +02:00			`using cpputils::Console;`
			`using cpputils::IOStreamConsole;`
Config file is AES256_GCM encrypted, the config file key is generated with scrypt 2015-10-24 19:35:37 +02:00			`using cpputils::Random;`
			`using cpputils::RandomGenerator;`
Make test cases faster by using SCrypt::TestSettings 2015-11-04 05:27:00 +01:00			`using cpputils::SCryptSettings;`
More use of unique_ref instead of unique_ptr 2015-06-18 13:45:08 +02:00			`using boost::optional;`
			`using boost::none;`
Refactor CryConfigCreator (factor out CryConfigConsole). This is preparation for adding a 'use default config' question. 2016-01-17 14:57:40 +01:00			`using std::shared_ptr;`
CryConfigLoader asks for cipher to use when creating a new config 2015-07-01 14:33:18 +02:00			`using std::vector;`
			`using std::string;`
Config file is AES256_GCM encrypted, the config file key is generated with scrypt 2015-10-24 19:35:37 +02:00			`using std::function;`
Make test cases faster by using SCrypt::TestSettings 2015-11-04 05:27:00 +01:00			`using std::shared_ptr;`
Refactor CryConfigEncryptor: Store instance instead of static 2015-10-26 16:36:57 +01:00			`using namespace cpputils::logging;`
Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00
			`namespace cryfs {`

Add a command line option for blocksize 2016-03-04 23:12:41 +01:00			`CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive)`
If CRYFS_FRONTEND=noninteractive is set in the environment, assume we're used by a tool and: - Don't ask for config. Use default settings for everything that is not specified as command line parameter. - Don't ask for password confirmation. Password only has to be passed in once to stdin. 2016-02-21 01:34:21 +01:00			`: _creator(std::move(console), keyGenerator, noninteractive), _scryptSettings(scryptSettings),`
When creating a new filesystem, ask password twice (second time for confirmation) 2015-11-19 10:08:09 +01:00			`_askPasswordForExistingFilesystem(askPasswordForExistingFilesystem), _askPasswordForNewFilesystem(askPasswordForNewFilesystem),`
Add a command line option for blocksize 2016-03-04 23:12:41 +01:00			`_cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine) {`
Config file is AES256_GCM encrypted, the config file key is generated with scrypt 2015-10-24 19:35:37 +02:00			`}`
Test cases don't need user interaction anymore 2015-07-26 13:09:55 +02:00
Refactor CryConfigEncryptor: Store instance instead of static 2015-10-26 16:36:57 +01:00			`optional<CryConfigFile> CryConfigLoader::_loadConfig(const bf::path &filename) {`
When creating a new filesystem, ask password twice (second time for confirmation) 2015-11-19 10:08:09 +01:00			`string password = _askPasswordForExistingFilesystem();`
Increase scrypt KDF effort for generating the config file key from the password 2016-02-16 20:35:51 +01:00			`std::cout << "Loading config file (this can take some time)..." << std::flush;`
Config file is AES256_GCM encrypted, the config file key is generated with scrypt 2015-10-24 19:35:37 +02:00			`auto config = CryConfigFile::load(filename, password);`
			`if (config == none) {`
Refactor CryConfigEncryptor: Store instance instead of static 2015-10-26 16:36:57 +01:00			`return none;`
Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00			`}`
When creating a new filesystem, ask password twice (second time for confirmation) 2015-11-19 10:08:09 +01:00			`std::cout << "done" << std::endl;`
Adding the file access times makes CryFS 0.9 incompatible with earlier versions. This commit adds a warning telling the user when they try to mount an old file system. 2016-02-09 10:55:28 +01:00			`_checkVersion(*config->config());`
- The version field in the config file is updated when the file system is opened with a newer CryFS version (i.e. it is migrated to the newer version). - We introduced a CreatedWithVersion field instead which gets the semantics the version field had before (i.e. which version of CryFS was the file system originally created with) - Move VersionCompare to gitversion package 2016-03-26 17:09:07 +01:00			`if (config->config()->Version() != gitversion::VersionString()) {`
			`config->config()->SetVersion(gitversion::VersionString());`
			`config->save();`
			`}`
Adding the file access times makes CryFS 0.9 incompatible with earlier versions. This commit adds a warning telling the user when they try to mount an old file system. 2016-02-09 10:55:28 +01:00			`_checkCipher(*config->config());`
Config file is AES256_GCM encrypted, the config file key is generated with scrypt 2015-10-24 19:35:37 +02:00			`return std::move(*config);`
			`}`

Adding the file access times makes CryFS 0.9 incompatible with earlier versions. This commit adds a warning telling the user when they try to mount an old file system. 2016-02-09 10:55:28 +01:00			`void CryConfigLoader::_checkVersion(const CryConfig &config) {`
Switch to new git version number recognition 2016-03-02 13:53:37 +01:00			`const string allowedVersionPrefix = string() + gitversion::MajorVersion() + "." + gitversion::MinorVersion() + ".";`
Adding the file access times makes CryFS 0.9 incompatible with earlier versions. This commit adds a warning telling the user when they try to mount an old file system. 2016-02-09 10:55:28 +01:00			`if (!boost::starts_with(config.Version(), allowedVersionPrefix)) {`
			`throw std::runtime_error(string() + "This filesystem was created with CryFS " + config.Version() + " and is incompatible. Please create a new one with your version of CryFS and migrate your data.");`
			`}`
			`}`

			`void CryConfigLoader::_checkCipher(const CryConfig &config) const {`
			`if (_cipherFromCommandLine != none && config.Cipher() != *_cipherFromCommandLine) {`
			`throw std::runtime_error(string() + "Filesystem uses " + config.Cipher() + " cipher and not " + *_cipherFromCommandLine + " as specified.");`
			`}`
			`}`

Make test cases faster by using SCrypt::TestSettings 2015-11-04 05:27:00 +01:00			`optional<CryConfigFile> CryConfigLoader::loadOrCreate(const bf::path &filename) {`
			`if (bf::exists(filename)) {`
			`return _loadConfig(filename);`
			`} else {`
			`return _createConfig(filename);`
			`}`
			`}`

			`CryConfigFile CryConfigLoader::_createConfig(const bf::path &filename) {`
Add a command line option for blocksize 2016-03-04 23:12:41 +01:00			`auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine);`
Make test cases faster by using SCrypt::TestSettings 2015-11-04 05:27:00 +01:00			`//TODO Ask confirmation if using insecure password (<8 characters)`
When creating a new filesystem, ask password twice (second time for confirmation) 2015-11-19 10:08:09 +01:00			`string password = _askPasswordForNewFilesystem();`
Increase scrypt KDF effort for generating the config file key from the password 2016-02-16 20:35:51 +01:00			`std::cout << "Creating config file (this can take some time)..." << std::flush;`
When creating a new filesystem, ask password twice (second time for confirmation) 2015-11-19 10:08:09 +01:00			`auto result = CryConfigFile::create(filename, std::move(config), password, _scryptSettings);`
			`std::cout << "done" << std::endl;`
			`return result;`
Make test cases faster by using SCrypt::TestSettings 2015-11-04 05:27:00 +01:00			`}`


Refactored creation of new config files - this happens in a CryConfigLoader now 2015-06-16 18:20:31 +02:00			`}`