CryFS uses an encrypted blockstore
This commit is contained in:
Sebastian Messmer
parent
b5391a7d64
commit
5596544365
@ -7,11 +7,13 @@
|
||||
namespace bf = boost::filesystem;
|
||||
|
||||
using boost::property_tree::ptree;
|
||||
using blockstore::encrypted::EncryptionKey;
|
||||
using std::string;
|
||||
|
||||
namespace cryfs {
|
||||
|
||||
CryConfig::CryConfig(const bf::path &configfile)
|
||||
:_configfile(configfile), _rootBlob("") {
|
||||
:_configfile(configfile), _rootBlob(""), _encKey(EncryptionKey::CreateRandom()) {
|
||||
if (bf::exists(_configfile)) {
|
||||
load();
|
||||
}
|
||||
@ -22,12 +24,18 @@ void CryConfig::load() {
|
||||
read_json(_configfile.native(), pt);
|
||||
|
||||
_rootBlob = pt.get("cryfs.rootblob", "");
|
||||
|
||||
string key = pt.get("cryfs.key", "");
|
||||
if (key != "") {
|
||||
_encKey = EncryptionKey::FromString(key);
|
||||
}
|
||||
}
|
||||
|
||||
void CryConfig::save() const {
|
||||
ptree pt;
|
||||
|
||||
pt.put("cryfs.rootblob", _rootBlob);
|
||||
pt.put("cryfs.key", _encKey.ToString());
|
||||
|
||||
write_json(_configfile.native(), pt);
|
||||
}
|
||||
@ -40,6 +48,10 @@ void CryConfig::SetRootBlob(const std::string &value) {
|
||||
_rootBlob = value;
|
||||
}
|
||||
|
||||
const blockstore::encrypted::EncryptionKey &CryConfig::EncryptionKey() const {
|
||||
return _encKey;
|
||||
}
|
||||
|
||||
CryConfig::~CryConfig() {
|
||||
save();
|
||||
}
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
#include <boost/filesystem/path.hpp>
|
||||
|
||||
#include "messmer/cpp-utils/macros.h"
|
||||
#include "messmer/blockstore/implementations/encrypted/EncryptionKey.h"
|
||||
|
||||
namespace cryfs {
|
||||
|
||||
@ -16,6 +17,8 @@ public:
|
||||
const std::string &RootBlob() const;
|
||||
void SetRootBlob(const std::string &value);
|
||||
|
||||
const blockstore::encrypted::EncryptionKey &EncryptionKey() const;
|
||||
|
||||
private:
|
||||
boost::filesystem::path _configfile;
|
||||
|
||||
@ -23,6 +26,7 @@ private:
|
||||
void save() const;
|
||||
|
||||
std::string _rootBlob;
|
||||
blockstore::encrypted::EncryptionKey _encKey;
|
||||
|
||||
DISALLOW_COPY_AND_ASSIGN(CryConfig);
|
||||
};
|
||||
|
||||
@ -7,6 +7,7 @@
|
||||
#include "messmer/fspp/fuse/FuseErrnoException.h"
|
||||
#include "messmer/blobstore/implementations/onblocks/BlobStoreOnBlocks.h"
|
||||
#include "messmer/blobstore/implementations/onblocks/BlobOnBlocks.h"
|
||||
#include "messmer/blockstore/implementations/encrypted/EncryptedBlockStore.h"
|
||||
|
||||
using std::unique_ptr;
|
||||
using std::make_unique;
|
||||
@ -18,6 +19,7 @@ using fspp::fuse::FuseErrnoException;
|
||||
|
||||
using blockstore::BlockStore;
|
||||
using blockstore::Key;
|
||||
using blockstore::encrypted::EncryptedBlockStore;
|
||||
using blobstore::onblocks::BlobStoreOnBlocks;
|
||||
using blobstore::onblocks::BlobOnBlocks;
|
||||
|
||||
@ -26,7 +28,7 @@ namespace cryfs {
|
||||
constexpr uint32_t CryDevice::BLOCKSIZE_BYTES;
|
||||
|
||||
CryDevice::CryDevice(unique_ptr<CryConfig> config, unique_ptr<BlockStore> blockStore)
|
||||
: _blobStore(make_unique<BlobStoreOnBlocks>(std::move(blockStore), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) {
|
||||
: _blobStore(make_unique<BlobStoreOnBlocks>(make_unique<EncryptedBlockStore>(std::move(blockStore), config->EncryptionKey()), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) {
|
||||
}
|
||||
|
||||
Key CryDevice::GetOrCreateRootKey(CryConfig *config) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user