Add a padding step between inner encryption and outer encryption to hide the size of the cipher name that is added inbetween
This commit is contained in:
parent
08e4ae8a2e
commit
5a73042c63
@ -13,7 +13,7 @@ namespace cryfs {
|
|||||||
template<class Cipher>
|
template<class Cipher>
|
||||||
class ConcreteInnerEncryptor: public InnerEncryptor {
|
class ConcreteInnerEncryptor: public InnerEncryptor {
|
||||||
public:
|
public:
|
||||||
static constexpr size_t CONFIG_SIZE = 512; // Config data is grown to this size before encryption to hide its actual size
|
static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size
|
||||||
|
|
||||||
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName);
|
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key, const std::string &cipherName);
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
#include "CryConfigEncryptor.h"
|
#include "CryConfigEncryptor.h"
|
||||||
|
#include "RandomPadding.h"
|
||||||
|
|
||||||
using std::string;
|
using std::string;
|
||||||
using cpputils::Deserializer;
|
using cpputils::Deserializer;
|
||||||
@ -29,7 +30,8 @@ namespace cryfs {
|
|||||||
|
|
||||||
Data CryConfigEncryptor::encrypt(const Data &plaintext) {
|
Data CryConfigEncryptor::encrypt(const Data &plaintext) {
|
||||||
auto inner = _innerEncryptor->encrypt(plaintext);
|
auto inner = _innerEncryptor->encrypt(plaintext);
|
||||||
auto ciphertext = OuterCipher::encrypt(static_cast<const uint8_t*>(inner.data()), inner.size(), _outerKey);
|
auto padded = RandomPadding::add(inner, CONFIG_SIZE);
|
||||||
|
auto ciphertext = OuterCipher::encrypt(static_cast<const uint8_t*>(padded.data()), padded.size(), _outerKey);
|
||||||
return _serialize(ciphertext);
|
return _serialize(ciphertext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -53,9 +55,9 @@ namespace cryfs {
|
|||||||
try {
|
try {
|
||||||
checkHeader(&deserializer);
|
checkHeader(&deserializer);
|
||||||
_ignoreKey(&deserializer);
|
_ignoreKey(&deserializer);
|
||||||
auto configData = _loadAndDecryptConfigData(&deserializer);
|
auto result = _loadAndDecryptConfigData(&deserializer);
|
||||||
deserializer.finished();
|
deserializer.finished();
|
||||||
return configData;
|
return result;
|
||||||
} catch (const std::exception &e) {
|
} catch (const std::exception &e) {
|
||||||
LOG(ERROR) << "Error loading configuration: " << e.what();
|
LOG(ERROR) << "Error loading configuration: " << e.what();
|
||||||
return boost::none; // This can be caused by invalid loaded data and is not necessarily a programming logic error. Don't throw exception.
|
return boost::none; // This can be caused by invalid loaded data and is not necessarily a programming logic error. Don't throw exception.
|
||||||
@ -72,6 +74,10 @@ namespace cryfs {
|
|||||||
if(inner == none) {
|
if(inner == none) {
|
||||||
return none;
|
return none;
|
||||||
}
|
}
|
||||||
return _innerEncryptor->decrypt(*inner);
|
auto depadded = RandomPadding::remove(*inner);
|
||||||
|
if(depadded == none) {
|
||||||
|
return none;
|
||||||
|
}
|
||||||
|
return _innerEncryptor->decrypt(*depadded);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,7 @@ namespace cryfs {
|
|||||||
class CryConfigEncryptor {
|
class CryConfigEncryptor {
|
||||||
public:
|
public:
|
||||||
using OuterCipher = blockstore::encrypted::AES256_GCM;
|
using OuterCipher = blockstore::encrypted::AES256_GCM;
|
||||||
|
static constexpr size_t CONFIG_SIZE = 1024; // Config data is grown to this size before encryption to hide its actual size
|
||||||
|
|
||||||
CryConfigEncryptor(cpputils::unique_ref<InnerEncryptor> innerEncryptor, OuterCipher::EncryptionKey outerKey, DerivedKeyConfig keyConfig);
|
CryConfigEncryptor(cpputils::unique_ref<InnerEncryptor> innerEncryptor, OuterCipher::EncryptionKey outerKey, DerivedKeyConfig keyConfig);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user