Config encryption uses cipher name provided by cipher instead of storing it itself
This commit is contained in:
parent
e976e946b4
commit
3a04c8697f
@ -37,7 +37,7 @@ namespace cryfs {
|
|||||||
if (boost::filesystem::exists(path)) {
|
if (boost::filesystem::exists(path)) {
|
||||||
throw std::runtime_error("Config file exists already.");
|
throw std::runtime_error("Config file exists already.");
|
||||||
}
|
}
|
||||||
auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password, "aes-256-gcm")); // TODO Take cipher from config instead
|
auto result = CryConfigFile(path, std::move(config), CryConfigEncryptorFactory::deriveKey<ConfigCipher, SCryptSettings>(password));
|
||||||
result.save();
|
result.save();
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -15,7 +15,7 @@ namespace cryfs {
|
|||||||
public:
|
public:
|
||||||
static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size
|
static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size
|
||||||
|
|
||||||
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName);
|
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key);
|
||||||
|
|
||||||
cpputils::Data encrypt(const cpputils::Data &plaintext) const override;
|
cpputils::Data encrypt(const cpputils::Data &plaintext) const override;
|
||||||
boost::optional<cpputils::Data> decrypt(const cpputils::Data &ciphertext) const override;
|
boost::optional<cpputils::Data> decrypt(const cpputils::Data &ciphertext) const override;
|
||||||
@ -24,13 +24,12 @@ namespace cryfs {
|
|||||||
cpputils::Data _serialize(const cpputils::Data &data) const;
|
cpputils::Data _serialize(const cpputils::Data &data) const;
|
||||||
boost::optional<cpputils::Data> _deserialize(const cpputils::Data &data) const;
|
boost::optional<cpputils::Data> _deserialize(const cpputils::Data &data) const;
|
||||||
|
|
||||||
std::string _cipherName;
|
|
||||||
typename Cipher::EncryptionKey _key;
|
typename Cipher::EncryptionKey _key;
|
||||||
};
|
};
|
||||||
|
|
||||||
template<class Cipher>
|
template<class Cipher>
|
||||||
ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName)
|
ConcreteInnerEncryptor<Cipher>::ConcreteInnerEncryptor(typename Cipher::EncryptionKey key)
|
||||||
: _cipherName(cipherName), _key(std::move(key)) {
|
: _key(std::move(key)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
template<class Cipher>
|
template<class Cipher>
|
||||||
@ -56,7 +55,7 @@ namespace cryfs {
|
|||||||
try {
|
try {
|
||||||
_checkHeader(&deserializer);
|
_checkHeader(&deserializer);
|
||||||
std::string readCipherName = deserializer.readString();
|
std::string readCipherName = deserializer.readString();
|
||||||
if (readCipherName != _cipherName) {
|
if (readCipherName != Cipher::NAME) {
|
||||||
cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used";
|
cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used";
|
||||||
return boost::none;
|
return boost::none;
|
||||||
}
|
}
|
||||||
@ -80,10 +79,10 @@ namespace cryfs {
|
|||||||
cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const {
|
cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const {
|
||||||
try {
|
try {
|
||||||
cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER)
|
cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER)
|
||||||
+ cpputils::Serializer::StringSize(_cipherName)
|
+ cpputils::Serializer::StringSize(Cipher::NAME)
|
||||||
+ ciphertext.size());
|
+ ciphertext.size());
|
||||||
serializer.writeString(HEADER);
|
serializer.writeString(HEADER);
|
||||||
serializer.writeString(_cipherName);
|
serializer.writeString(Cipher::NAME);
|
||||||
serializer.writeTailData(ciphertext);
|
serializer.writeTailData(ciphertext);
|
||||||
return serializer.finished();
|
return serializer.finished();
|
||||||
} catch (const std::exception &e) {
|
} catch (const std::exception &e) {
|
||||||
|
@ -24,7 +24,7 @@ namespace cryfs {
|
|||||||
auto outerKey = derivedKey.key().take<OuterKeySize>();
|
auto outerKey = derivedKey.key().take<OuterKeySize>();
|
||||||
auto innerKey = derivedKey.key().drop<OuterKeySize>();
|
auto innerKey = derivedKey.key().drop<OuterKeySize>();
|
||||||
return make_unique_ref<CryConfigEncryptor>(
|
return make_unique_ref<CryConfigEncryptor>(
|
||||||
make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, "aes-256-gcm"), // TODO Allow other ciphers
|
make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
|
||||||
outerKey,
|
outerKey,
|
||||||
derivedKey.moveOutConfig()
|
derivedKey.moveOutConfig()
|
||||||
);
|
);
|
||||||
|
@ -12,7 +12,7 @@ namespace cryfs {
|
|||||||
class CryConfigEncryptorFactory {
|
class CryConfigEncryptorFactory {
|
||||||
public:
|
public:
|
||||||
template<class Cipher, class SCryptConfig>
|
template<class Cipher, class SCryptConfig>
|
||||||
static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password, const std::string &cipherName);
|
static cpputils::unique_ref<CryConfigEncryptor> deriveKey(const std::string &password);
|
||||||
|
|
||||||
static boost::optional <cpputils::unique_ref<CryConfigEncryptor>> loadKey(const cpputils::Data &ciphertext,
|
static boost::optional <cpputils::unique_ref<CryConfigEncryptor>> loadKey(const cpputils::Data &ciphertext,
|
||||||
const std::string &password);
|
const std::string &password);
|
||||||
@ -31,12 +31,12 @@ namespace cryfs {
|
|||||||
}
|
}
|
||||||
|
|
||||||
template<class Cipher, class SCryptConfig>
|
template<class Cipher, class SCryptConfig>
|
||||||
cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password, const std::string &cipherName) {
|
cpputils::unique_ref<CryConfigEncryptor> CryConfigEncryptorFactory::deriveKey(const std::string &password) {
|
||||||
auto derivedKey = cpputils::SCrypt().generateKey<TotalKeySize<Cipher>(), SCryptConfig>(password);
|
auto derivedKey = cpputils::SCrypt().generateKey<TotalKeySize<Cipher>(), SCryptConfig>(password);
|
||||||
auto outerKey = derivedKey.key().template take<OuterKeySize>();
|
auto outerKey = derivedKey.key().template take<OuterKeySize>();
|
||||||
auto innerKey = derivedKey.key().template drop<OuterKeySize>();
|
auto innerKey = derivedKey.key().template drop<OuterKeySize>();
|
||||||
return cpputils::make_unique_ref<CryConfigEncryptor>(
|
return cpputils::make_unique_ref<CryConfigEncryptor>(
|
||||||
cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey, cipherName),
|
cpputils::make_unique_ref<ConcreteInnerEncryptor<Cipher>>(innerKey),
|
||||||
outerKey,
|
outerKey,
|
||||||
derivedKey.moveOutConfig()
|
derivedKey.moveOutConfig()
|
||||||
);
|
);
|
||||||
|
Loading…
Reference in New Issue
Block a user