hardcoresushi/libcryfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add --extpass command line option

Browse Source 
- Make test cases faster by specifying key random generator to use pseudorandom
This commit is contained in:
Sebastian Messmer 2015-11-03 12:22:35 -08:00
parent 9aee4b1657
commit a5ff0f45d6
10 changed files with 92 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.txt
View File

@ -6,4 +6,5 @@ Version 0.8.1
* Running in Background: Fixed daemonization. When CryFs is run without "-f" flag, it will run in background. * Running in Background: Fixed daemonization. When CryFs is run without "-f" flag, it will run in background.
* Better error messages when base directory is not existing, not readable or not writeable. * Better error messages when base directory is not existing, not readable or not writeable.
* Allow --cipher=xxx to specify cipher on command line. If cryfs is creating a new filesystem, it will use this cipher. If it is opening an existing filesystem, it will check whether this is the cipher used by it. * Allow --cipher=xxx to specify cipher on command line. If cryfs is creating a new filesystem, it will use this cipher. If it is opening an existing filesystem, it will check whether this is the cipher used by it.
* --show-ciphers shows a list of all supported ciphers * --show-ciphers shows a list of all supported ciphers
* --extpass allows using an external program for password input

24
src/Cli.cpp
View File

@ -10,6 +10,7 @@
#include "messmer/fspp/fuse/Fuse.h" #include "messmer/fspp/fuse/Fuse.h"
#include "messmer/fspp/impl/FilesystemImpl.h" #include "messmer/fspp/impl/FilesystemImpl.h"
#include <messmer/cpp-utils/process/subprocess.h>
#include "filesystem/CryDevice.h" #include "filesystem/CryDevice.h"
#include "config/CryConfigLoader.h" #include "config/CryConfigLoader.h"
#include "program_options/Parser.h" #include "program_options/Parser.h"
@ -55,6 +56,8 @@ using boost::none;
namespace cryfs { namespace cryfs {
Cli::Cli(cpputils::RandomGenerator &keyGenerator): _keyGenerator(keyGenerator) {}
void Cli::_showVersion() { void Cli::_showVersion() {
cout << "CryFS Version " << version::VERSION_STRING << endl; cout << "CryFS Version " << version::VERSION_STRING << endl;
if (version::IS_DEV_VERSION) { if (version::IS_DEV_VERSION) {
@ -80,6 +83,24 @@ namespace cryfs {
return true; return true;
} }
string Cli::_getPassword(const ProgramOptions &options) {
string password;
if (options.extPass() == none) {
password = _askPassword();
} else {
password = cpputils::Subprocess::call(*options.extPass());
}
//Remove trailing newline
if (password[password.size()-1] == '\n') {
password.resize(password.size()-1);
}
//Check that password is valid
if (!_checkPassword(password)) {
throw std::runtime_error("Password invalid.");
}
return password;
}
string Cli::_askPassword() { string Cli::_askPassword() {
string password = getpass("Password: "); string password = getpass("Password: ");
while (!_checkPassword(password)) { while (!_checkPassword(password)) {
@ -100,9 +121,8 @@ namespace cryfs {
try { try {
auto configFile = _determineConfigFile(options); auto configFile = _determineConfigFile(options);
auto console = make_unique_ref<IOStreamConsole>(); auto console = make_unique_ref<IOStreamConsole>();
auto &keyGenerator = Random::OSRandom();
std::cout << "Loading config file..." << std::endl; std::cout << "Loading config file..." << std::endl;
auto config = CryConfigLoader(std::move(console), keyGenerator, &Cli::_askPassword, options.cipher()).loadOrCreate(configFile); auto config = CryConfigLoader(std::move(console), _keyGenerator, std::bind(&Cli::_getPassword, this, std::cref(options)), options.cipher()).loadOrCreate(configFile);
std::cout << "Loading config file...done" << std::endl; std::cout << "Loading config file...done" << std::endl;
if (config == none) { if (config == none) {
std::cerr << "Could not load config file. Did you enter the correct password?" << std::endl; std::cerr << "Could not load config file. Did you enter the correct password?" << std::endl;

31
src/Cli.h
View File

@ -6,26 +6,31 @@
#include "config/CryConfigFile.h" #include "config/CryConfigFile.h"
#include <boost/filesystem/path.hpp> #include <boost/filesystem/path.hpp>
#include <messmer/cpp-utils/tempfile/TempFile.h> #include <messmer/cpp-utils/tempfile/TempFile.h>
#include <messmer/cpp-utils/random/RandomGenerator.h>
namespace cryfs { namespace cryfs {
class Cli final { class Cli final {
public: public:
Cli(cpputils::RandomGenerator &keyGenerator);
int main(int argc, char *argv[]); int main(int argc, char *argv[]);
private: private:
static void _runFilesystem(const program_options::ProgramOptions &options); void _runFilesystem(const program_options::ProgramOptions &options);
static CryConfigFile _loadOrCreateConfig(const program_options::ProgramOptions &options); CryConfigFile _loadOrCreateConfig(const program_options::ProgramOptions &options);
static boost::filesystem::path _determineConfigFile(const program_options::ProgramOptions &options); boost::filesystem::path _determineConfigFile(const program_options::ProgramOptions &options);
static std::string _askPassword(); std::string _getPassword(const program_options::ProgramOptions &options);
static bool _checkPassword(const std::string &password); std::string _askPassword();
static void _showVersion(); bool _checkPassword(const std::string &password);
static void _initLogfile(const program_options::ProgramOptions &options); void _showVersion();
static void _sanityChecks(const program_options::ProgramOptions &options); void _initLogfile(const program_options::ProgramOptions &options);
static void _checkMountdirDoesntContainBasedir(const program_options::ProgramOptions &options); void _sanityChecks(const program_options::ProgramOptions &options);
static bool _pathContains(const boost::filesystem::path &parent, const boost::filesystem::path &child); void _checkMountdirDoesntContainBasedir(const program_options::ProgramOptions &options);
static void _checkDirAccessible(const boost::filesystem::path &dir, const std::string &name); bool _pathContains(const boost::filesystem::path &parent, const boost::filesystem::path &child);
static std::shared_ptr<cpputils::TempFile> _checkDirWriteable(const boost::filesystem::path &dir, const std::string &name); void _checkDirAccessible(const boost::filesystem::path &dir, const std::string &name);
static void _checkDirReadable(const boost::filesystem::path &dir, std::shared_ptr<cpputils::TempFile> tempfile, const std::string &name); std::shared_ptr<cpputils::TempFile> _checkDirWriteable(const boost::filesystem::path &dir, const std::string &name);
void _checkDirReadable(const boost::filesystem::path &dir, std::shared_ptr<cpputils::TempFile> tempfile, const std::string &name);
cpputils::RandomGenerator &_keyGenerator;
}; };
} }

4
src/main.cpp
View File

@ -1,7 +1,9 @@
#include "Cli.h" #include "Cli.h"
#include <messmer/cpp-utils/random/Random.h>
using namespace cryfs; using namespace cryfs;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
return Cli().main(argc, argv); auto &keyGenerator = cpputils::Random::OSRandom();
return Cli(keyGenerator).main(argc, argv);
} }

7
src/program_options/Parser.cpp
View File

@ -48,8 +48,12 @@ ProgramOptions Parser::parse(const vector<string> &supportedCiphers) const {
cipher = vm["cipher"].as<string>(); cipher = vm["cipher"].as<string>();
_checkValidCipher(*cipher, supportedCiphers); _checkValidCipher(*cipher, supportedCiphers);
} }
optional<string> extPass = none;
if (vm.count("extpass")) {
extPass = vm["extpass"].as<string>();
}
return ProgramOptions(baseDir, mountDir, configfile, foreground, logfile, cipher, options.second); return ProgramOptions(baseDir, mountDir, configfile, foreground, logfile, cipher, extPass, options.second);
} }
void Parser::_checkValidCipher(const string &cipher, const vector<string> &supportedCiphers) { void Parser::_checkValidCipher(const string &cipher, const vector<string> &supportedCiphers) {
@ -95,6 +99,7 @@ void Parser::_addAllowedOptions(po::options_description *desc) {
("foreground,f", "Run CryFS in foreground.") ("foreground,f", "Run CryFS in foreground.")
("cipher", po::value<string>(), "Cipher to use for encryption. See possible values by calling cryfs with --show-ciphers") ("cipher", po::value<string>(), "Cipher to use for encryption. See possible values by calling cryfs with --show-ciphers")
("show-ciphers", "Show list of supported ciphers.") ("show-ciphers", "Show list of supported ciphers.")
("extpass", po::value<string>(), "External program to use for password input")
("logfile", po::value<string>(), "Specify the file to write log messages to. If this is not specified, log messages will go to stdout, or syslog if CryFS is running in the background.") ("logfile", po::value<string>(), "Specify the file to write log messages to. If this is not specified, log messages will go to stdout, or syslog if CryFS is running in the background.")
; ;
desc->add(options); desc->add(options);

12
src/program_options/ProgramOptions.cpp
View File

@ -9,9 +9,9 @@ using boost::optional;
ProgramOptions::ProgramOptions(const string &baseDir, const string &mountDir, const optional<string> &configFile, ProgramOptions::ProgramOptions(const string &baseDir, const string &mountDir, const optional<string> &configFile,
bool foreground, const optional<string> &logFile, const optional<string> &cipher, bool foreground, const optional<string> &logFile, const optional<string> &cipher,
const vector<char*> &fuseOptions) const optional<string> &extPass, const vector<char*> &fuseOptions)
:_baseDir(baseDir), _mountDir(new char[mountDir.size()+1]), _configFile(configFile), _foreground(foreground), :_baseDir(baseDir), _mountDir(new char[mountDir.size()+1]), _configFile(configFile), _foreground(foreground),
_logFile(logFile), _cipher(cipher), _fuseOptions(fuseOptions) { _logFile(logFile), _cipher(cipher), _extPass(extPass), _fuseOptions(fuseOptions) {
std::memcpy(_mountDir, mountDir.c_str(), mountDir.size()+1); std::memcpy(_mountDir, mountDir.c_str(), mountDir.size()+1);
// Fuse needs the mountDir passed as first option (first option = position 1, since 0 is the executable name) // Fuse needs the mountDir passed as first option (first option = position 1, since 0 is the executable name)
ASSERT(_fuseOptions.size() >= 1, "There has to be one parameter at least for the executable name"); ASSERT(_fuseOptions.size() >= 1, "There has to be one parameter at least for the executable name");
@ -20,8 +20,8 @@ ProgramOptions::ProgramOptions(const string &baseDir, const string &mountDir, co
ProgramOptions::ProgramOptions(ProgramOptions &&rhs) ProgramOptions::ProgramOptions(ProgramOptions &&rhs)
:_baseDir(std::move(rhs._baseDir)), _mountDir(std::move(rhs._mountDir)), _configFile(std::move(rhs._configFile)), :_baseDir(std::move(rhs._baseDir)), _mountDir(std::move(rhs._mountDir)), _configFile(std::move(rhs._configFile)),
_foreground(std::move(rhs._foreground)), _logFile(std::move(rhs._logFile)), _foreground(std::move(rhs._foreground)), _logFile(std::move(rhs._logFile)), _cipher(std::move(rhs._cipher)),
_fuseOptions(std::move(rhs._fuseOptions)) { _extPass(std::move(rhs._extPass)), _fuseOptions(std::move(rhs._fuseOptions)) {
rhs._mountDir = nullptr; rhs._mountDir = nullptr;
} }
@ -55,6 +55,10 @@ const optional<string> &ProgramOptions::cipher() const {
return _cipher; return _cipher;
} }
const optional<string> &ProgramOptions::extPass() const {
return _extPass;
}
const vector<char *> &ProgramOptions::fuseOptions() const { const vector<char *> &ProgramOptions::fuseOptions() const {
return _fuseOptions; return _fuseOptions;
} }

4
src/program_options/ProgramOptions.h
View File

@ -13,7 +13,7 @@ namespace cryfs {
public: public:
ProgramOptions(const std::string &baseDir, const std::string &mountDir, const boost::optional<std::string> &configFile, ProgramOptions(const std::string &baseDir, const std::string &mountDir, const boost::optional<std::string> &configFile,
bool foreground, const boost::optional<std::string> &logFile, const boost::optional<std::string> &cipher, bool foreground, const boost::optional<std::string> &logFile, const boost::optional<std::string> &cipher,
const std::vector<char *> &fuseOptions); const boost::optional<std::string> &extPass, const std::vector<char *> &fuseOptions);
ProgramOptions(ProgramOptions &&rhs); ProgramOptions(ProgramOptions &&rhs);
~ProgramOptions(); ~ProgramOptions();
@ -23,6 +23,7 @@ namespace cryfs {
bool foreground() const; bool foreground() const;
const boost::optional<std::string> &logFile() const; const boost::optional<std::string> &logFile() const;
const boost::optional<std::string> &cipher() const; const boost::optional<std::string> &cipher() const;
const boost::optional<std::string> &extPass() const;
const std::vector<char *> &fuseOptions() const; const std::vector<char *> &fuseOptions() const;
private: private:
@ -32,6 +33,7 @@ namespace cryfs {
bool _foreground; bool _foreground;
boost::optional<std::string> _logFile; boost::optional<std::string> _logFile;
boost::optional<std::string> _cipher; boost::optional<std::string> _cipher;
boost::optional<std::string> _extPass;
std::vector<char *> _fuseOptions; std::vector<char *> _fuseOptions;
DISALLOW_COPY_AND_ASSIGN(ProgramOptions); DISALLOW_COPY_AND_ASSIGN(ProgramOptions);

5
test/cli/testutils/CliTest.h
View File

@ -27,7 +27,8 @@ public:
for (const char *arg : args) { for (const char *arg : args) {
_args.push_back(const_cast<char*>(arg)); _args.push_back(const_cast<char*>(arg));
} }
cryfs::Cli().main(_args.size(), _args.data()); auto &keyGenerator = cpputils::Random::PseudoRandom();
cryfs::Cli(keyGenerator).main(_args.size(), _args.data());
} }
void EXPECT_EXIT_WITH_HELP_MESSAGE(std::vector<const char*> args) { void EXPECT_EXIT_WITH_HELP_MESSAGE(std::vector<const char*> args) {
@ -46,7 +47,7 @@ public:
std::thread unmountThread([&mountDir] { std::thread unmountThread([&mountDir] {
int returncode = -1; int returncode = -1;
while (returncode != 0) { while (returncode != 0) {
returncode = system((std::string("fusermount -u ") + mountDir.c_str()).c_str()); returncode = system((std::string("fusermount -u ") + mountDir.c_str()).c_str()); //TODO Don't show the error messages from fusermount
std::this_thread::sleep_for(std::chrono::milliseconds(50)); // TODO Is this the test case duration? Does a shorter interval make the test case faster? std::this_thread::sleep_for(std::chrono::milliseconds(50)); // TODO Is this the test case duration? Does a shorter interval make the test case faster?
} }
}); });

5
test/program_options/ParserTest.cpp
View File

@ -83,6 +83,11 @@ TEST_F(ProgramOptionsParserTest, InvalidCipher) {
); );
} }
TEST_F(ProgramOptionsParserTest, ExtPassGiven) {
ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "--extpass", "echo mypassword", "/home/user/mountDir"});
EXPECT_EQ("echo mypassword", options.extPass().value());
}
TEST_F(ProgramOptionsParserTest, FuseOptionGiven) { TEST_F(ProgramOptionsParserTest, FuseOptionGiven) {
ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "/home/user/mountDir", "--", "-f"}); ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "/home/user/mountDir", "--", "-f"});
EXPECT_EQ("/home/user/baseDir", options.baseDir()); EXPECT_EQ("/home/user/baseDir", options.baseDir());

34
test/program_options/ProgramOptionsTest.cpp
View File

@ -10,63 +10,73 @@ using std::string;
class ProgramOptionsTest: public ProgramOptionsTestBase {}; class ProgramOptionsTest: public ProgramOptionsTestBase {};
TEST_F(ProgramOptionsTest, BaseDir) { TEST_F(ProgramOptionsTest, BaseDir) {
ProgramOptions testobj("/home/user/mydir", "", none, false, none, none, options({"./myExecutable"})); ProgramOptions testobj("/home/user/mydir", "", none, false, none, none, none, options({"./myExecutable"}));
EXPECT_EQ("/home/user/mydir", testobj.baseDir()); EXPECT_EQ("/home/user/mydir", testobj.baseDir());
} }
TEST_F(ProgramOptionsTest, MountDir) { TEST_F(ProgramOptionsTest, MountDir) {
ProgramOptions testobj("", "/home/user/mydir", none, false, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "/home/user/mydir", none, false, none, none, none, options({"./myExecutable"}));
EXPECT_EQ("/home/user/mydir", testobj.mountDir()); EXPECT_EQ("/home/user/mydir", testobj.mountDir());
} }
TEST_F(ProgramOptionsTest, ConfigfileNone) { TEST_F(ProgramOptionsTest, ConfigfileNone) {
ProgramOptions testobj("", "", none, true, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, none, none, none, options({"./myExecutable"}));
EXPECT_EQ(none, testobj.configFile()); EXPECT_EQ(none, testobj.configFile());
} }
TEST_F(ProgramOptionsTest, ConfigfileSome) { TEST_F(ProgramOptionsTest, ConfigfileSome) {
ProgramOptions testobj("", "", string("/home/user/configfile"), true, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", string("/home/user/configfile"), true, none, none, none, options({"./myExecutable"}));
EXPECT_EQ("/home/user/configfile", testobj.configFile().get()); EXPECT_EQ("/home/user/configfile", testobj.configFile().get());
} }
TEST_F(ProgramOptionsTest, ForegroundFalse) { TEST_F(ProgramOptionsTest, ForegroundFalse) {
ProgramOptions testobj("", "", none, false, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, false, none, none, none, options({"./myExecutable"}));
EXPECT_FALSE(testobj.foreground()); EXPECT_FALSE(testobj.foreground());
} }
TEST_F(ProgramOptionsTest, ForegroundTrue) { TEST_F(ProgramOptionsTest, ForegroundTrue) {
ProgramOptions testobj("", "", none, true, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, none, none, none, options({"./myExecutable"}));
EXPECT_TRUE(testobj.foreground()); EXPECT_TRUE(testobj.foreground());
} }
TEST_F(ProgramOptionsTest, LogfileNone) { TEST_F(ProgramOptionsTest, LogfileNone) {
ProgramOptions testobj("", "", none, true, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, none, none, none, options({"./myExecutable"}));
EXPECT_EQ(none, testobj.logFile()); EXPECT_EQ(none, testobj.logFile());
} }
TEST_F(ProgramOptionsTest, LogfileSome) { TEST_F(ProgramOptionsTest, LogfileSome) {
ProgramOptions testobj("", "", none, true, string("logfile"), none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, string("logfile"), none, none, options({"./myExecutable"}));
EXPECT_EQ("logfile", testobj.logFile().get()); EXPECT_EQ("logfile", testobj.logFile().get());
} }
TEST_F(ProgramOptionsTest, CipherNone) { TEST_F(ProgramOptionsTest, CipherNone) {
ProgramOptions testobj("", "", none, true, none, none, options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, none, none, none, options({"./myExecutable"}));
EXPECT_EQ(none, testobj.cipher()); EXPECT_EQ(none, testobj.cipher());
} }
TEST_F(ProgramOptionsTest, CipherSome) { TEST_F(ProgramOptionsTest, CipherSome) {
ProgramOptions testobj("", "", none, true, none, string("aes-256-gcm"), options({"./myExecutable"})); ProgramOptions testobj("", "", none, true, none, string("aes-256-gcm"), none, options({"./myExecutable"}));
EXPECT_EQ("aes-256-gcm", testobj.cipher().get()); EXPECT_EQ("aes-256-gcm", testobj.cipher().get());
} }
TEST_F(ProgramOptionsTest, ExtPassNone) {
ProgramOptions testobj("", "", none, true, none, none, none, options({"./myExecutable"}));
EXPECT_EQ(none, testobj.extPass());
}
TEST_F(ProgramOptionsTest, ExtPassSome) {
ProgramOptions testobj("", "", none, true, none, none, string("echo mypassword"), options({"./myExecutable"}));
EXPECT_EQ("echo mypassword", testobj.extPass().get());
}
TEST_F(ProgramOptionsTest, EmptyFuseOptions) { TEST_F(ProgramOptionsTest, EmptyFuseOptions) {
ProgramOptions testobj("/rootDir", "/home/user/mydir", none, false, none, none, options({"./myExecutable"})); ProgramOptions testobj("/rootDir", "/home/user/mydir", none, false, none, none, none, options({"./myExecutable"}));
//Fuse should have the mount dir as first parameter //Fuse should have the mount dir as first parameter
EXPECT_VECTOR_EQ({"./myExecutable", "/home/user/mydir"}, testobj.fuseOptions()); EXPECT_VECTOR_EQ({"./myExecutable", "/home/user/mydir"}, testobj.fuseOptions());
} }
TEST_F(ProgramOptionsTest, SomeFuseOptions) { TEST_F(ProgramOptionsTest, SomeFuseOptions) {
ProgramOptions testobj("/rootDir", "/home/user/mydir", none, false, none, none, options({"./myExecutable", "-f", "--longoption"})); ProgramOptions testobj("/rootDir", "/home/user/mydir", none, false, none, none, none, options({"./myExecutable", "-f", "--longoption"}));
//Fuse should have the mount dir as first parameter //Fuse should have the mount dir as first parameter
EXPECT_VECTOR_EQ({"./myExecutable", "/home/user/mydir", "-f", "--longoption"}, testobj.fuseOptions()); EXPECT_VECTOR_EQ({"./myExecutable", "/home/user/mydir", "-f", "--longoption"}, testobj.fuseOptions());
} }