CryFS uses the cipher specified in the configuration file

src/CryDevice.cpp

@@ -37,23 +37,7 @@ namespace cryfs {
 constexpr uint32_t CryDevice::BLOCKSIZE_BYTES;
 
 CryDevice::CryDevice(unique_ref<CryConfig> config, unique_ref<BlockStore> blockStore)
-: _blobStore(make_unique_ref<BlobStoreOnBlocks>(make_unique_ref<CachingBlockStore>(make_unique_ref<EncryptedBlockStore<Cipher>>(std::move(blockStore), GetEncryptionKey(config.get()))), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) {
+: _blobStore(make_unique_ref<BlobStoreOnBlocks>(make_unique_ref<CachingBlockStore>(CreateEncryptedBlockStore(*config, std::move(blockStore))), BLOCKSIZE_BYTES)), _rootKey(GetOrCreateRootKey(config.get())) {
-}
-
-Key CryDevice::GetOrCreateRootKey(CryConfig *config) {
-  string root_key = config->RootBlob();
-  if (root_key == "") {
-    auto new_key = CreateRootBlobAndReturnKey();
-    config->SetRootBlob(new_key.ToString());
-    config->save();
-    return new_key;
-  }
-
-  return Key::FromString(root_key);
-}
-
-CryDevice::Cipher::EncryptionKey CryDevice::GetEncryptionKey(CryConfig *config) {
-  return Cipher::EncryptionKey::FromString(config->EncryptionKey());
 }
 
 Key CryDevice::CreateRootBlobAndReturnKey() {
@@ -136,4 +120,31 @@ void CryDevice::RemoveBlob(const blockstore::Key &key) {
   }
 }
 
+Key CryDevice::GetOrCreateRootKey(CryConfig *config) {
+  string root_key = config->RootBlob();
+  if (root_key == "") {
+    auto new_key = CreateRootBlobAndReturnKey();
+    config->SetRootBlob(new_key.ToString());
+    config->save();
+    return new_key;
+  }
+
+  return Key::FromString(root_key);
+}
+
+cpputils::unique_ref<blockstore::BlockStore> CryDevice::CreateEncryptedBlockStore(const CryConfig &config, unique_ref<BlockStore> baseBlockStore) {
+  //TODO Can we somehow ensure that the if/else chain here doesn't forget a valid value?
+  //TODO Test that CryFS is using the specified cipher
+  std::string cipherName = config.Cipher();
+  if (cipherName == "aes-256-gcm") {
+    using Cipher = blockstore::encrypted::AES256_GCM;
+    return make_unique_ref<EncryptedBlockStore<Cipher>>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(config.EncryptionKey()));
+  } else if (cipherName == "aes-256-cfb") {
+    using Cipher = blockstore::encrypted::AES256_CFB;
+    return make_unique_ref<EncryptedBlockStore<Cipher>>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(config.EncryptionKey()));
+  } else {
+    ASSERT(false, "Unknown cipher");
+  }
+}
+
 }

src/CryDevice.h

@@ -18,8 +18,6 @@ class CryDevice: public fspp::Device {
 public:
   static constexpr uint32_t BLOCKSIZE_BYTES = 32 * 1024;
 
-  using Cipher = CryConfigLoader::Cipher;
-
   CryDevice(cpputils::unique_ref<CryConfig> config, cpputils::unique_ref<blockstore::BlockStore> blockStore);
   virtual ~CryDevice();
 
@@ -34,14 +32,15 @@ public:
   boost::optional<cpputils::unique_ref<DirBlob>> LoadDirBlob(const boost::filesystem::path &path);
 
 private:
-  blockstore::Key GetOrCreateRootKey(CryConfig *config);
-  Cipher::EncryptionKey GetEncryptionKey(CryConfig *config);
-  blockstore::Key CreateRootBlobAndReturnKey();
 
   cpputils::unique_ref<blobstore::BlobStore> _blobStore;
 
   blockstore::Key _rootKey;
 
+  blockstore::Key GetOrCreateRootKey(CryConfig *config);
+  blockstore::Key CreateRootBlobAndReturnKey();
+  static cpputils::unique_ref<blockstore::BlockStore> CreateEncryptedBlockStore(const CryConfig &config, cpputils::unique_ref<blockstore::BlockStore> baseBlockStore);
+
   DISALLOW_COPY_AND_ASSIGN(CryDevice);
 };