Config encryption uses cipher name provided by cipher instead of storing it itself

This commit is contained in:
Sebastian Messmer 2015-10-28 01:58:01 +01:00
parent e976e946b4
commit 3a04c8697f
4 changed files with 11 additions and 12 deletions

View File

@ -37,7 +37,7 @@ namespace cryfs {
if (boost::filesystem::exists(path)) { if (boost::filesystem::exists(path)) {
throw std::runtime_error("Config file exists already."); throw std::runtime_error("Config file exists already.");
} }
auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password, "aes-256-gcm")); // TODO Take cipher from config instead auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password));
result.save(); result.save();
return result; return result;
} }

View File

@ -15,7 +15,7 @@ namespace cryfs {
public: public:
static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName); ConcreteInnerEncryptor(typename Cipher::EncryptionKey key);
cpputils::Data encrypt(const cpputils::Data &plaintext) const override; cpputils::Data encrypt(const cpputils::Data &plaintext) const override;
boost::optional<cpputils::Data> decrypt(const cpputils::Data &ciphertext) const override; boost::optional<cpputils::Data> decrypt(const cpputils::Data &ciphertext) const override;
@ -24,13 +24,12 @@ namespace cryfs {
cpputils::Data _serialize(const cpputils::Data &data) const; cpputils::Data _serialize(const cpputils::Data &data) const;
boost::optional<cpputils::Data> _deserialize(const cpputils::Data &data) const; boost::optional<cpputils::Data> _deserialize(const cpputils::Data &data) const;
std::string _cipherName;
typename Cipher::EncryptionKey _key; typename Cipher::EncryptionKey _key;
}; };
template<class Cipher> template<class Cipher>
ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName) ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key)
: _cipherName(cipherName), _key(std::move(key)) { : _key(std::move(key)) {
} }
template<class Cipher> template<class Cipher>
@ -56,7 +55,7 @@ namespace cryfs {
try { try {
_checkHeader(&deserializer); _checkHeader(&deserializer);
std::string readCipherName = deserializer.readString(); std::string readCipherName = deserializer.readString();
if (readCipherName != _cipherName) { if (readCipherName != Cipher::NAME) {
cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used"; cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used";
return boost::none; return boost::none;
} }
@ -80,10 +79,10 @@ namespace cryfs {
cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const { cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const {
try { try {
cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER) cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER)
+ cpputils::Serializer::StringSize(_cipherName) + cpputils::Serializer::StringSize(Cipher::NAME)
+ ciphertext.size()); + ciphertext.size());
serializer.writeString(HEADER); serializer.writeString(HEADER);
serializer.writeString(_cipherName); serializer.writeString(Cipher::NAME);
serializer.writeTailData(ciphertext); serializer.writeTailData(ciphertext);
return serializer.finished(); return serializer.finished();
} catch (const std::exception &e) { } catch (const std::exception &e) {

View File

@ -24,7 +24,7 @@ namespace cryfs {
auto outerKey = derivedKey.key().take<OuterKeySize>(); auto outerKey = derivedKey.key().take<OuterKeySize>();
auto innerKey = derivedKey.key().drop<OuterKeySize>(); auto innerKey = derivedKey.key().drop<OuterKeySize>();
return make_unique_ref<CryConfigEncryptor>( return make_unique_ref<CryConfigEncryptor>(
make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, "aes-256-gcm"), // TODO Allow other ciphers make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
outerKey, outerKey,
derivedKey.moveOutConfig() derivedKey.moveOutConfig()
); );

View File

@ -12,7 +12,7 @@ namespace cryfs {
class CryConfigEncryptorFactory { class CryConfigEncryptorFactory {
public: public:
template<class Cipher, class SCryptConfig> template<class Cipher, class SCryptConfig>
static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password, const std::string &cipherName); static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password);
static boost::optional <cpputils::unique_ref<CryConfigEncryptor>> loadKey(const cpputils::Data &ciphertext, static boost::optional <cpputils::unique_ref<CryConfigEncryptor>> loadKey(const cpputils::Data &ciphertext,
const std::string &password); const std::string &password);
@ -31,12 +31,12 @@ namespace cryfs {
} }
template<class Cipher, class SCryptConfig> template<class Cipher, class SCryptConfig>
cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password, const std::string &cipherName) { cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password) {
auto derivedKey = cpputils::SCrypt().generateKey<TotalKeySize<Cipher>(), SCryptConfig>(password); auto derivedKey = cpputils::SCrypt().generateKey<TotalKeySize<Cipher>(), SCryptConfig>(password);
auto outerKey = derivedKey.key().template take<OuterKeySize>(); auto outerKey = derivedKey.key().template take<OuterKeySize>();
auto innerKey = derivedKey.key().template drop<OuterKeySize>(); auto innerKey = derivedKey.key().template drop<OuterKeySize>();
return cpputils::make_unique_ref<CryConfigEncryptor>( return cpputils::make_unique_ref<CryConfigEncryptor>(
cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, cipherName), cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
outerKey, outerKey,
derivedKey.moveOutConfig() derivedKey.moveOutConfig()
); );