CryFS asks back if a cipher without integrity is chosen
This commit is contained in:
parent
a9a5a5d04d
commit
a665e6cdd7
@ -10,6 +10,8 @@ using cpputils::make_unique_ref;
|
|||||||
using blockstore::BlockStore;
|
using blockstore::BlockStore;
|
||||||
using std::shared_ptr;
|
using std::shared_ptr;
|
||||||
using std::make_shared;
|
using std::make_shared;
|
||||||
|
using boost::optional;
|
||||||
|
using boost::none;
|
||||||
|
|
||||||
using namespace cryfs;
|
using namespace cryfs;
|
||||||
using namespace blockstore::encrypted;
|
using namespace blockstore::encrypted;
|
||||||
@ -19,13 +21,17 @@ class CryCipherInstance: public CryCipher {
|
|||||||
public:
|
public:
|
||||||
BOOST_CONCEPT_ASSERT((CipherConcept<Cipher>));
|
BOOST_CONCEPT_ASSERT((CipherConcept<Cipher>));
|
||||||
|
|
||||||
CryCipherInstance(const std::string &cipherName): _cipherName(cipherName) {
|
CryCipherInstance(const std::string &cipherName, const optional<string> warning = none): _cipherName(cipherName), _warning(warning) {
|
||||||
}
|
}
|
||||||
|
|
||||||
string cipherName() const override {
|
const string &cipherName() const override {
|
||||||
return _cipherName;
|
return _cipherName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const optional<string> &warning() const override {
|
||||||
|
return _warning;
|
||||||
|
}
|
||||||
|
|
||||||
unique_ref<BlockStore> createEncryptedBlockstore(unique_ref<BlockStore> baseBlockStore, const string &encKey) const override {
|
unique_ref<BlockStore> createEncryptedBlockstore(unique_ref<BlockStore> baseBlockStore, const string &encKey) const override {
|
||||||
return make_unique_ref<EncryptedBlockStore<Cipher>>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(encKey));
|
return make_unique_ref<EncryptedBlockStore<Cipher>>(std::move(baseBlockStore), Cipher::EncryptionKey::FromString(encKey));
|
||||||
}
|
}
|
||||||
@ -36,30 +42,33 @@ public:
|
|||||||
|
|
||||||
private:
|
private:
|
||||||
string _cipherName;
|
string _cipherName;
|
||||||
|
optional<string> _warning;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const string INTEGRITY_WARNING = "This cipher does not ensure integrity.";
|
||||||
|
|
||||||
//We have to use shared_ptr instead of unique_ref, because c++ initializer_list needs copyable values
|
//We have to use shared_ptr instead of unique_ref, because c++ initializer_list needs copyable values
|
||||||
const vector<shared_ptr<CryCipher>> CryCiphers::SUPPORTED_CIPHERS = {
|
const vector<shared_ptr<CryCipher>> CryCiphers::SUPPORTED_CIPHERS = {
|
||||||
make_shared<CryCipherInstance<AES256_GCM>>("aes-256-gcm"),
|
make_shared<CryCipherInstance<AES256_GCM>>("aes-256-gcm"),
|
||||||
make_shared<CryCipherInstance<AES256_CFB>>("aes-256-cfb"),
|
make_shared<CryCipherInstance<AES256_CFB>>("aes-256-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<AES128_GCM>>("aes-128-gcm"),
|
make_shared<CryCipherInstance<AES128_GCM>>("aes-128-gcm"),
|
||||||
make_shared<CryCipherInstance<AES128_CFB>>("aes-128-cfb"),
|
make_shared<CryCipherInstance<AES128_CFB>>("aes-128-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Twofish256_GCM>>("twofish-256-gcm"),
|
make_shared<CryCipherInstance<Twofish256_GCM>>("twofish-256-gcm"),
|
||||||
make_shared<CryCipherInstance<Twofish256_CFB>>("twofish-256-cfb"),
|
make_shared<CryCipherInstance<Twofish256_CFB>>("twofish-256-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Twofish128_GCM>>("twofish-128-gcm"),
|
make_shared<CryCipherInstance<Twofish128_GCM>>("twofish-128-gcm"),
|
||||||
make_shared<CryCipherInstance<Twofish128_CFB>>("twofish-128-cfb"),
|
make_shared<CryCipherInstance<Twofish128_CFB>>("twofish-128-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Serpent256_GCM>>("serpent-256-gcm"),
|
make_shared<CryCipherInstance<Serpent256_GCM>>("serpent-256-gcm"),
|
||||||
make_shared<CryCipherInstance<Serpent256_CFB>>("serpent-256-cfb"),
|
make_shared<CryCipherInstance<Serpent256_CFB>>("serpent-256-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Serpent128_GCM>>("serpent-128-gcm"),
|
make_shared<CryCipherInstance<Serpent128_GCM>>("serpent-128-gcm"),
|
||||||
make_shared<CryCipherInstance<Serpent128_CFB>>("serpent-128-cfb"),
|
make_shared<CryCipherInstance<Serpent128_CFB>>("serpent-128-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Cast256_GCM>>("cast-256-gcm"),
|
make_shared<CryCipherInstance<Cast256_GCM>>("cast-256-gcm"),
|
||||||
make_shared<CryCipherInstance<Cast256_CFB>>("cast-256-cfb"),
|
make_shared<CryCipherInstance<Cast256_CFB>>("cast-256-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Mars448_GCM>>("mars-448-gcm"),
|
make_shared<CryCipherInstance<Mars448_GCM>>("mars-448-gcm"),
|
||||||
make_shared<CryCipherInstance<Mars448_CFB>>("mars-448-cfb"),
|
make_shared<CryCipherInstance<Mars448_CFB>>("mars-448-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Mars256_GCM>>("mars-256-gcm"),
|
make_shared<CryCipherInstance<Mars256_GCM>>("mars-256-gcm"),
|
||||||
make_shared<CryCipherInstance<Mars256_CFB>>("mars-256-cfb"),
|
make_shared<CryCipherInstance<Mars256_CFB>>("mars-256-cfb", INTEGRITY_WARNING),
|
||||||
make_shared<CryCipherInstance<Mars128_GCM>>("mars-128-gcm"),
|
make_shared<CryCipherInstance<Mars128_GCM>>("mars-128-gcm"),
|
||||||
make_shared<CryCipherInstance<Mars128_CFB>>("mars-128-cfb")
|
make_shared<CryCipherInstance<Mars128_CFB>>("mars-128-cfb", INTEGRITY_WARNING)
|
||||||
};
|
};
|
||||||
|
|
||||||
const CryCipher& CryCiphers::find(const string &cipherName) {
|
const CryCipher& CryCiphers::find(const string &cipherName) {
|
||||||
@ -71,7 +80,7 @@ const CryCipher& CryCiphers::find(const string &cipherName) {
|
|||||||
return **found;
|
return **found;
|
||||||
}
|
}
|
||||||
|
|
||||||
vector<string> CryCiphers::supportedCiphers() {
|
vector<string> CryCiphers::supportedCipherNames() {
|
||||||
vector<string> result;
|
vector<string> result;
|
||||||
for (const auto& cipher : CryCiphers::SUPPORTED_CIPHERS) {
|
for (const auto& cipher : CryCiphers::SUPPORTED_CIPHERS) {
|
||||||
result.push_back(cipher->cipherName());
|
result.push_back(cipher->cipherName());
|
||||||
|
@ -10,14 +10,15 @@ namespace cryfs {
|
|||||||
|
|
||||||
class CryCipher {
|
class CryCipher {
|
||||||
public:
|
public:
|
||||||
virtual std::string cipherName() const = 0;
|
virtual const std::string &cipherName() const = 0;
|
||||||
|
virtual const boost::optional<std::string> &warning() const = 0;
|
||||||
virtual cpputils::unique_ref<blockstore::BlockStore> createEncryptedBlockstore(cpputils::unique_ref<blockstore::BlockStore> baseBlockStore, const std::string &encKey) const = 0;
|
virtual cpputils::unique_ref<blockstore::BlockStore> createEncryptedBlockstore(cpputils::unique_ref<blockstore::BlockStore> baseBlockStore, const std::string &encKey) const = 0;
|
||||||
virtual std::string createKey() const = 0;
|
virtual std::string createKey() const = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
class CryCiphers {
|
class CryCiphers {
|
||||||
public:
|
public:
|
||||||
static std::vector<std::string> supportedCiphers();
|
static std::vector<std::string> supportedCipherNames();
|
||||||
|
|
||||||
static const CryCipher& find(const std::string &cipherName);
|
static const CryCipher& find(const std::string &cipherName);
|
||||||
|
|
||||||
|
@ -43,9 +43,23 @@ void CryConfigLoader::_initializeConfigWithWeakKey(CryConfig *config) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void CryConfigLoader::_generateCipher(CryConfig *config) {
|
void CryConfigLoader::_generateCipher(CryConfig *config) {
|
||||||
vector<string> ciphers = CryCiphers::supportedCiphers();
|
vector<string> ciphers = CryCiphers::supportedCipherNames();
|
||||||
|
string cipherName = "";
|
||||||
|
bool askAgain = true;
|
||||||
|
while(askAgain) {
|
||||||
int cipherIndex = _console->ask("Which block cipher do you want to use?", ciphers);
|
int cipherIndex = _console->ask("Which block cipher do you want to use?", ciphers);
|
||||||
config->SetCipher(ciphers[cipherIndex]);
|
cipherName = ciphers[cipherIndex];
|
||||||
|
askAgain = !_showWarningForCipherAndReturnIfOk(cipherName);
|
||||||
|
};
|
||||||
|
config->SetCipher(cipherName);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool CryConfigLoader::_showWarningForCipherAndReturnIfOk(const string &cipherName) {
|
||||||
|
auto warning = CryCiphers::find(cipherName).warning();
|
||||||
|
if (warning == boost::none) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return _console->askYesNo(string() + (*warning) + " Do you want to take this cipher nevertheless?");
|
||||||
}
|
}
|
||||||
|
|
||||||
void CryConfigLoader::_generateEncKey(CryConfig *config) {
|
void CryConfigLoader::_generateEncKey(CryConfig *config) {
|
||||||
|
@ -35,6 +35,8 @@ private:
|
|||||||
void _generateWeakEncKey(CryConfig *config); // TODO Rename to _generateTestEncKey
|
void _generateWeakEncKey(CryConfig *config); // TODO Rename to _generateTestEncKey
|
||||||
void _generateTestCipher(CryConfig *config);
|
void _generateTestCipher(CryConfig *config);
|
||||||
|
|
||||||
|
bool _showWarningForCipherAndReturnIfOk(const std::string &cipherName);
|
||||||
|
|
||||||
cpputils::unique_ref<Console> _console;
|
cpputils::unique_ref<Console> _console;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user