From 84cd362d482e438e488d0485e3641baa1d67d61a Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Wed, 29 Jul 2015 12:08:39 +0200 Subject: [PATCH] CryFS uses the cipher specified in the configuration file --- src/CryDevice.cpp | 45 ++++++++++++++++++++++++++++----------------- src/CryDevice.h | 9 ++++----- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/src/CryDevice.cpp b/src/CryDevice.cpp index 51f0497b..3836ba80 100644 --- a/src/CryDevice.cpp +++ b/src/CryDevice.cpp @@ -37,23 +37,7 @@ namespace cryfs { constexpr uint32_t CryDevice::BLOCKSIZE_BYTES; CryDevice::CryDevice(unique_ref config, unique_ref blockStore) -: _blobStore(make_unique_ref(make_unique_ref(make_unique_ref>(std::move(blockStore), GetEncryptionKey(config.get()))), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) { -} - -Key CryDevice::GetOrCreateRootKey(CryConfig *config) { - string root_key = config->RootBlob(); - if (root_key == "") { - auto new_key = CreateRootBlobAndReturnKey(); - config->SetRootBlob(new_key.ToString()); - config->save(); - return new_key; - } - - return Key::FromString(root_key); -} - -CryDevice::Cipher::EncryptionKey CryDevice::GetEncryptionKey(CryConfig *config) { - return Cipher::EncryptionKey::FromString(config->EncryptionKey()); +: _blobStore(make_unique_ref(make_unique_ref(CreateEncryptedBlockStore(*config, std::move(blockStore))), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) { } Key CryDevice::CreateRootBlobAndReturnKey() { @@ -136,4 +120,31 @@ void CryDevice::RemoveBlob(const blockstore::Key &key) { } } +Key CryDevice::GetOrCreateRootKey(CryConfig *config) { + string root_key = config->RootBlob(); + if (root_key == "") { + auto new_key = CreateRootBlobAndReturnKey(); + config->SetRootBlob(new_key.ToString()); + config->save(); + return new_key; + } + + return Key::FromString(root_key); +} + +cpputils::unique_ref CryDevice::CreateEncryptedBlockStore(const CryConfig &config, unique_ref baseBlockStore) { + //TODO Can we somehow ensure that the if/else chain here doesn't forget a valid value? + //TODO Test that CryFS is using the specified cipher + std::string cipherName = config.Cipher(); + if (cipherName == "aes-256-gcm") { + using Cipher = blockstore::encrypted::AES256_GCM; + return make_unique_ref>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(config.EncryptionKey())); + } else if (cipherName == "aes-256-cfb") { + using Cipher = blockstore::encrypted::AES256_CFB; + return make_unique_ref>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(config.EncryptionKey())); + } else { + ASSERT(false, "Unknown cipher"); + } +} + } diff --git a/src/CryDevice.h b/src/CryDevice.h index d09cebdc..977c8934 100644 --- a/src/CryDevice.h +++ b/src/CryDevice.h @@ -18,8 +18,6 @@ class CryDevice: public fspp::Device { public: static constexpr uint32_t BLOCKSIZE_BYTES = 32 * 1024; - using Cipher = CryConfigLoader::Cipher; - CryDevice(cpputils::unique_ref config, cpputils::unique_ref blockStore); virtual ~CryDevice(); @@ -34,14 +32,15 @@ public: boost::optional> LoadDirBlob(const boost::filesystem::path &path); private: - blockstore::Key GetOrCreateRootKey(CryConfig *config); - Cipher::EncryptionKey GetEncryptionKey(CryConfig *config); - blockstore::Key CreateRootBlobAndReturnKey(); cpputils::unique_ref _blobStore; blockstore::Key _rootKey; + blockstore::Key GetOrCreateRootKey(CryConfig *config); + blockstore::Key CreateRootBlobAndReturnKey(); + static cpputils::unique_ref CreateEncryptedBlockStore(const CryConfig &config, cpputils::unique_ref baseBlockStore); + DISALLOW_COPY_AND_ASSIGN(CryDevice); };