Add a header to the inner config encryption so we can change the inner format later without changing the outer format

This commit is contained in:
Sebastian Messmer 2015-10-27 21:20:12 +01:00
parent 0ae9bb7fca
commit bb507ce241
4 changed files with 41 additions and 9 deletions

View File

@ -54,12 +54,13 @@ namespace cryfs {
boost::optional<cpputils::Data> ConcreteInnerEncryptor<Cipher>::_deserialize(const cpputils::Data &ciphertext) const { boost::optional<cpputils::Data> ConcreteInnerEncryptor<Cipher>::_deserialize(const cpputils::Data &ciphertext) const {
cpputils::Deserializer deserializer(&ciphertext); cpputils::Deserializer deserializer(&ciphertext);
try { try {
_checkHeader(&deserializer);
std::string readCipherName = deserializer.readString(); std::string readCipherName = deserializer.readString();
if (readCipherName != _cipherName) { if (readCipherName != _cipherName) {
cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used"; cpputils::logging::LOG(cpputils::logging::ERROR) << "Wrong inner cipher used";
return boost::none; return boost::none;
} }
auto result = deserializer.readData(); auto result = deserializer.readTailData();
deserializer.finished(); deserializer.finished();
return result; return result;
} catch (const std::exception &e) { } catch (const std::exception &e) {
@ -78,10 +79,12 @@ namespace cryfs {
template<class Cipher> template<class Cipher>
cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const { cpputils::Data ConcreteInnerEncryptor<Cipher>::_serialize(const cpputils::Data &ciphertext) const {
try { try {
cpputils::Serializer serializer(cpputils::Serializer::StringSize(_cipherName) cpputils::Serializer serializer(cpputils::Serializer::StringSize(HEADER)
+ cpputils::Serializer::DataSize(ciphertext)); + cpputils::Serializer::StringSize(_cipherName)
+ ciphertext.size());
serializer.writeString(HEADER);
serializer.writeString(_cipherName); serializer.writeString(_cipherName);
serializer.writeData(ciphertext); serializer.writeTailData(ciphertext);
return serializer.finished(); return serializer.finished();
} catch (const std::exception &e) { } catch (const std::exception &e) {
cpputils::logging::LOG(cpputils::logging::ERROR) << "Error serializing inner configuration: " << e.what(); cpputils::logging::LOG(cpputils::logging::ERROR) << "Error serializing inner configuration: " << e.what();

View File

@ -11,7 +11,7 @@ using boost::none;
using namespace cpputils::logging; using namespace cpputils::logging;
namespace cryfs { namespace cryfs {
const string CryConfigEncryptor::HEADER = "cryfs.config;0.8.1;scrypt"; const string CryConfigEncryptor::HEADER = "cryfs.config;0;scrypt";
CryConfigEncryptor::CryConfigEncryptor(unique_ref<InnerEncryptor> innerEncryptor, OuterCipher::EncryptionKey outerKey, DerivedKeyConfig keyConfig) CryConfigEncryptor::CryConfigEncryptor(unique_ref<InnerEncryptor> innerEncryptor, OuterCipher::EncryptionKey outerKey, DerivedKeyConfig keyConfig)
: _innerEncryptor(std::move(innerEncryptor)), _outerKey(std::move(outerKey)), _keyConfig(std::move(keyConfig)) { : _innerEncryptor(std::move(innerEncryptor)), _outerKey(std::move(outerKey)), _keyConfig(std::move(keyConfig)) {
@ -39,10 +39,10 @@ namespace cryfs {
try { try {
Serializer serializer(Serializer::StringSize(HEADER) Serializer serializer(Serializer::StringSize(HEADER)
+ _keyConfig.serializedSize() + _keyConfig.serializedSize()
+ Serializer::DataSize(ciphertext)); + ciphertext.size());
writeHeader(&serializer); writeHeader(&serializer);
_keyConfig.serialize(&serializer); _keyConfig.serialize(&serializer);
serializer.writeData(ciphertext); serializer.writeTailData(ciphertext);
return serializer.finished(); return serializer.finished();
} catch (const std::exception &e) { } catch (const std::exception &e) {
cpputils::logging::LOG(cpputils::logging::ERROR) << "Error serializing CryConfigEncryptor: " << e.what(); cpputils::logging::LOG(cpputils::logging::ERROR) << "Error serializing CryConfigEncryptor: " << e.what();
@ -69,7 +69,7 @@ namespace cryfs {
} }
optional<Data> CryConfigEncryptor::_loadAndDecryptConfigData(Deserializer *deserializer) { optional<Data> CryConfigEncryptor::_loadAndDecryptConfigData(Deserializer *deserializer) {
auto ciphertext = deserializer->readData(); auto ciphertext = deserializer->readTailData();
auto inner = OuterCipher::decrypt(static_cast<const uint8_t*>(ciphertext.data()), ciphertext.size(), _outerKey); auto inner = OuterCipher::decrypt(static_cast<const uint8_t*>(ciphertext.data()), ciphertext.size(), _outerKey);
if(inner == none) { if(inner == none) {
return none; return none;

View File

@ -1 +1,21 @@
#include "InnerEncryptor.h" #include "InnerEncryptor.h"
using std::string;
using cpputils::Deserializer;
using cpputils::Serializer;
namespace cryfs {
const string InnerEncryptor::HEADER = "cryfs.config.inner;0";
void InnerEncryptor::_checkHeader(Deserializer *deserializer) {
string header = deserializer->readString();
if (header != HEADER) {
throw std::runtime_error("Invalid header");
}
}
void InnerEncryptor::_writeHeader(Serializer *serializer) {
serializer->writeString(HEADER);
}
}

View File

@ -5,12 +5,21 @@
#include <messmer/cpp-utils/data/Data.h> #include <messmer/cpp-utils/data/Data.h>
#include <messmer/cpp-utils/pointer/unique_ref.h> #include <messmer/cpp-utils/pointer/unique_ref.h>
#include <boost/optional.hpp> #include <boost/optional.hpp>
#include <messmer/cpp-utils/data/Deserializer.h>
#include <messmer/cpp-utils/data/Serializer.h>
namespace cryfs { namespace cryfs {
class InnerEncryptor { class InnerEncryptor {
public: public:
virtual cpputils::Data encrypt(const cpputils::Data &plaintext) const = 0; virtual cpputils::Data encrypt(const cpputils::Data &plaintext) const = 0;
virtual boost::optional <cpputils::Data> decrypt(const cpputils::Data &plaintext) const = 0; virtual boost::optional <cpputils::Data> decrypt(const cpputils::Data &plaintext) const = 0;
protected:
static void _checkHeader(cpputils::Deserializer *deserializer);
static void _writeHeader(cpputils::Serializer *serializer);
private:
static const std::string HEADER;
}; };
} }