Config encryption uses cipher name provided by cipher instead of storing it itself

2015-10-28 01:58:01 +01:00 · 2015-10-28 01:58:01 +01:00 · 3a04c8697f
commit 3a04c8697f
parent e976e946b4
4 changed files with 11 additions and 12 deletions
--- a/src/config/CryConfigFile.h
+++ b/src/config/CryConfigFile.h
@ -37,7 +37,7 @@ namespace cryfs {
        if (boost::filesystem::exists(path)) {
            throw std::runtime_error("Config file exists already.");
        }
-        auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password, "aes-256-gcm")); // TODO Take cipher from config instead
+        auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password));
        result.save();
        return result;
    }
--- a/src/config/crypto/ConcreteInnerEncryptor.h
+++ b/src/config/crypto/ConcreteInnerEncryptor.h
@ -15,7 +15,7 @@ namespace cryfs {
    public:
        static constexpr size_t CONFIG_SIZE = 512;  // Inner config data is grown to this size before encryption to hide its actual size

-        ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName);
+        ConcreteInnerEncryptor(typename Cipher::EncryptionKey key);

        cpputils::Data encrypt(const cpputils::Data &plaintext) const override;
        boost::optional<cpputils::Data> decrypt(const cpputils::Data &ciphertext) const override;
@ -24,13 +24,12 @@ namespace cryfs {
        cpputils::Data _serialize(const cpputils::Data &data) const;
        boost::optional<cpputils::Data> _deserialize(const cpputils::Data &data) const;

-        std::string _cipherName;
        typename Cipher::EncryptionKey _key;
    };

    template<class Cipher>
-    ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName)
-            :  _cipherName(cipherName), _key(std::move(key)) {
+    ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key)
+            : _key(std::move(key)) {
    }

    template<class Cipher>
@ -56,7 +55,7 @@ namespace cryfs {
        try {
            _checkHeader(&deserializer);
            std::string readCipherName = deserializer.readString();
-            if (readCipherName != _cipherName) {
+            if (readCipherName != Cipher::NAME) {
                cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used";
                return boost::none;
            }
@ -80,10 +79,10 @@ namespace cryfs {
    cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const {
        try {
            cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER)
-                                            + cpputils::Serializer::StringSize(_cipherName)
+                                            + cpputils::Serializer::StringSize(Cipher::NAME)
                                            + ciphertext.size());
            serializer.writeString(HEADER);
-            serializer.writeString(_cipherName);
+            serializer.writeString(Cipher::NAME);
            serializer.writeTailData(ciphertext);
            return serializer.finished();
        } catch (const std::exception &e) {
--- a/src/config/crypto/CryConfigEncryptorFactory.cpp
+++ b/src/config/crypto/CryConfigEncryptorFactory.cpp
@ -24,7 +24,7 @@ namespace cryfs {
            auto outerKey = derivedKey.key().take<OuterKeySize>();
            auto innerKey = derivedKey.key().drop<OuterKeySize>();
            return make_unique_ref<CryConfigEncryptor>(
-                       make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, "aes-256-gcm"), // TODO Allow other ciphers
+                       make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
                       outerKey,
                       derivedKey.moveOutConfig()
                   );
--- a/src/config/crypto/CryConfigEncryptorFactory.h
+++ b/src/config/crypto/CryConfigEncryptorFactory.h
@ -12,7 +12,7 @@ namespace cryfs {
    class CryConfigEncryptorFactory {
    public:
        template<class Cipher, class SCryptConfig>
-        static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password, const std::string &cipherName);
+        static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password);

        static boost::optional <cpputils::unique_ref<CryConfigEncryptor>> loadKey(const cpputils::Data &ciphertext,
                                                                                  const std::string &password);
@ -31,12 +31,12 @@ namespace cryfs {
    }

    template<class Cipher, class SCryptConfig>
-    cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password, const std::string &cipherName) {
+    cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password) {
        auto derivedKey = cpputils::SCrypt().generateKey<TotalKeySize<Cipher>(), SCryptConfig>(password);
        auto outerKey = derivedKey.key().template take<OuterKeySize>();
        auto innerKey = derivedKey.key().template drop<OuterKeySize>();
        return cpputils::make_unique_ref<CryConfigEncryptor>(
-                   cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, cipherName),
+                   cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
                   outerKey,
                   derivedKey.moveOutConfig()
               );