hardcoresushi/libcryfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'next' into newblockstore

Browse Source
This commit is contained in:
Sebastian Messmer 2017-08-19 11:54:01 +01:00
commit ff34049787
13 changed files with 85 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.txt
View File

@ -9,6 +9,9 @@ Improvements:
Version 0.9.8 (unreleased) Version 0.9.8 (unreleased)
-------------- --------------
Compatibility:
* Works with Crypto++ 6.0
Fixed bugs: Fixed bugs:
* `du` shows correct file system size * `du` shows correct file system size

4
src/blockstore/implementations/compressing/CompressedBlock.h
View File

@ -2,6 +2,8 @@
#ifndef MESSMER_BLOCKSTORE_IMPLEMENTATIONS_COMPRESSING_COMPRESSEDBLOCK_H_ #ifndef MESSMER_BLOCKSTORE_IMPLEMENTATIONS_COMPRESSING_COMPRESSEDBLOCK_H_
#define MESSMER_BLOCKSTORE_IMPLEMENTATIONS_COMPRESSING_COMPRESSEDBLOCK_H_ #define MESSMER_BLOCKSTORE_IMPLEMENTATIONS_COMPRESSING_COMPRESSEDBLOCK_H_
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "../../interface/Block.h" #include "../../interface/Block.h"
#include "../../interface/BlockStore.h" #include "../../interface/BlockStore.h"
#include <cpp-utils/data/DataUtils.h> #include <cpp-utils/data/DataUtils.h>
@ -66,7 +68,7 @@ cpputils::unique_ref<CompressedBlock<Compressor>> CompressedBlock<Compressor>::O
template<class Compressor> template<class Compressor>
cpputils::unique_ref<CompressedBlock<Compressor>> CompressedBlock<Compressor>::Decompress(cpputils::unique_ref<Block> baseBlock) { cpputils::unique_ref<CompressedBlock<Compressor>> CompressedBlock<Compressor>::Decompress(cpputils::unique_ref<Block> baseBlock) {
cpputils::Data decompressed = Compressor::Decompress((byte*)baseBlock->data(), baseBlock->size()); cpputils::Data decompressed = Compressor::Decompress((CryptoPP::byte*)baseBlock->data(), baseBlock->size());
return cpputils::make_unique_ref<CompressedBlock<Compressor>>(std::move(baseBlock), std::move(decompressed)); return cpputils::make_unique_ref<CompressedBlock<Compressor>>(std::move(baseBlock), std::move(decompressed));
} }

11
src/blockstore/implementations/compressing/compressors/Gzip.cpp
View File

@ -1,3 +1,4 @@
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "Gzip.h" #include "Gzip.h"
#include <cryptopp/gzip.h> #include <cryptopp/gzip.h>
@ -8,22 +9,22 @@ namespace blockstore {
Data Gzip::Compress(const Data &data) { Data Gzip::Compress(const Data &data) {
CryptoPP::Gzip zipper; CryptoPP::Gzip zipper;
zipper.Put((byte *) data.data(), data.size()); zipper.Put((CryptoPP::byte *) data.data(), data.size());
zipper.MessageEnd(); zipper.MessageEnd();
Data compressed(zipper.MaxRetrievable()); Data compressed(zipper.MaxRetrievable());
zipper.Get((byte *) compressed.data(), compressed.size()); zipper.Get((CryptoPP::byte *) compressed.data(), compressed.size());
return compressed; return compressed;
} }
Data Gzip::Decompress(const void *data, size_t size) { Data Gzip::Decompress(const void *data, size_t size) {
//TODO Change interface to taking cpputils::Data objects (needs changing blockstore so we can read their "class Data", because this is called from CompressedBlock::Decompress()). //TODO Change interface to taking cpputils::Data objects (needs changing blockstore so we can read their "class Data", because this is called from CompressedBlock::Decompress()).
CryptoPP::Gunzip zipper; CryptoPP::Gunzip zipper;
zipper.Put((byte *) data, size); zipper.Put((CryptoPP::byte *) data, size);
zipper.MessageEnd(); zipper.MessageEnd();
Data decompressed(zipper.MaxRetrievable()); Data decompressed(zipper.MaxRetrievable());
zipper.Get((byte *) decompressed.data(), decompressed.size()); zipper.Get((CryptoPP::byte *) decompressed.data(), decompressed.size());
return decompressed; return decompressed;
} }
} }
} }

8
src/blockstore/implementations/encrypted/EncryptedBlock.h
View File

@ -2,6 +2,8 @@
#ifndef MESSMER_BLOCKSTORE_IMPLEMENTATIONS_ENCRYPTED_ENCRYPTEDBLOCK_H_ #ifndef MESSMER_BLOCKSTORE_IMPLEMENTATIONS_ENCRYPTED_ENCRYPTEDBLOCK_H_
#define MESSMER_BLOCKSTORE_IMPLEMENTATIONS_ENCRYPTED_ENCRYPTEDBLOCK_H_ #define MESSMER_BLOCKSTORE_IMPLEMENTATIONS_ENCRYPTED_ENCRYPTEDBLOCK_H_
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "../../interface/Block.h" #include "../../interface/Block.h"
#include <cpp-utils/data/Data.h> #include <cpp-utils/data/Data.h>
#include "../../interface/BlockStore.h" #include "../../interface/BlockStore.h"
@ -80,7 +82,7 @@ template<class Cipher>
boost::optional<cpputils::unique_ref<EncryptedBlock<Cipher>>> EncryptedBlock<Cipher>::TryCreateNew(BlockStore *baseBlockStore, const Key &key, cpputils::Data data, const typename Cipher::EncryptionKey &encKey) { boost::optional<cpputils::unique_ref<EncryptedBlock<Cipher>>> EncryptedBlock<Cipher>::TryCreateNew(BlockStore *baseBlockStore, const Key &key, cpputils::Data data, const typename Cipher::EncryptionKey &encKey) {
//TODO Is it possible to avoid copying the whole plaintext data into plaintextWithHeader? Maybe an encrypt() object that has an .addData() function and concatenates all data for encryption? Maybe Crypto++ offers this functionality already. //TODO Is it possible to avoid copying the whole plaintext data into plaintextWithHeader? Maybe an encrypt() object that has an .addData() function and concatenates all data for encryption? Maybe Crypto++ offers this functionality already.
cpputils::Data plaintextWithHeader = _prependKeyHeaderToData(key, std::move(data)); cpputils::Data plaintextWithHeader = _prependKeyHeaderToData(key, std::move(data));
cpputils::Data encrypted = Cipher::encrypt((byte*)plaintextWithHeader.data(), plaintextWithHeader.size(), encKey); cpputils::Data encrypted = Cipher::encrypt((CryptoPP::byte*)plaintextWithHeader.data(), plaintextWithHeader.size(), encKey);
//TODO Avoid copying the whole encrypted block into a encryptedWithFormatHeader by creating a Data object with full size and then giving it as an encryption target to Cipher::encrypt() //TODO Avoid copying the whole encrypted block into a encryptedWithFormatHeader by creating a Data object with full size and then giving it as an encryption target to Cipher::encrypt()
cpputils::Data encryptedWithFormatHeader = _prependFormatHeader(std::move(encrypted)); cpputils::Data encryptedWithFormatHeader = _prependFormatHeader(std::move(encrypted));
auto baseBlock = baseBlockStore->tryCreate(key, std::move(encryptedWithFormatHeader)); auto baseBlock = baseBlockStore->tryCreate(key, std::move(encryptedWithFormatHeader));
@ -114,7 +116,7 @@ cpputils::Data EncryptedBlock<Cipher>::_prependFormatHeader(const cpputils::Data
template<class Cipher> template<class Cipher>
boost::optional<cpputils::unique_ref<EncryptedBlock<Cipher>>> EncryptedBlock<Cipher>::TryDecrypt(cpputils::unique_ref<Block> baseBlock, const typename Cipher::EncryptionKey &encKey) { boost::optional<cpputils::unique_ref<EncryptedBlock<Cipher>>> EncryptedBlock<Cipher>::TryDecrypt(cpputils::unique_ref<Block> baseBlock, const typename Cipher::EncryptionKey &encKey) {
_checkFormatHeader(baseBlock->data()); _checkFormatHeader(baseBlock->data());
boost::optional<cpputils::Data> plaintextWithHeader = Cipher::decrypt((byte*)baseBlock->data() + sizeof(FORMAT_VERSION_HEADER), baseBlock->size() - sizeof(FORMAT_VERSION_HEADER), encKey); boost::optional<cpputils::Data> plaintextWithHeader = Cipher::decrypt((CryptoPP::byte*)baseBlock->data() + sizeof(FORMAT_VERSION_HEADER), baseBlock->size() - sizeof(FORMAT_VERSION_HEADER), encKey);
if(plaintextWithHeader == boost::none) { if(plaintextWithHeader == boost::none) {
//Decryption failed (e.g. an authenticated cipher detected modifications to the ciphertext) //Decryption failed (e.g. an authenticated cipher detected modifications to the ciphertext)
cpputils::logging::LOG(cpputils::logging::WARN, "Decrypting block {} failed. Was the block modified by an attacker?", baseBlock->key().ToString()); cpputils::logging::LOG(cpputils::logging::WARN, "Decrypting block {} failed. Was the block modified by an attacker?", baseBlock->key().ToString());
@ -198,7 +200,7 @@ void EncryptedBlock<Cipher>::resize(size_t newSize) {
template<class Cipher> template<class Cipher>
void EncryptedBlock<Cipher>::_encryptToBaseBlock() { void EncryptedBlock<Cipher>::_encryptToBaseBlock() {
if (_dataChanged) { if (_dataChanged) {
cpputils::Data encrypted = Cipher::encrypt((byte*)_plaintextWithHeader.data(), _plaintextWithHeader.size(), _encKey); cpputils::Data encrypted = Cipher::encrypt((CryptoPP::byte*)_plaintextWithHeader.data(), _plaintextWithHeader.size(), _encKey);
if (_baseBlock->size() != sizeof(FORMAT_VERSION_HEADER) + encrypted.size()) { if (_baseBlock->size() != sizeof(FORMAT_VERSION_HEADER) + encrypted.size()) {
_baseBlock->resize(sizeof(FORMAT_VERSION_HEADER) + encrypted.size()); _baseBlock->resize(sizeof(FORMAT_VERSION_HEADER) + encrypted.size());
} }

18
src/cpp-utils/crypto/cryptopp_byte.h Normal file
View File

@ -0,0 +1,18 @@
#pragma once
#ifndef _CPPUTILS_CRYPTO_CRYPTOPP_BYTE_H
#define _CPPUTILS_CRYPTO_CRYPTOPP_BYTE_H
#include <cryptopp/cryptlib.h>
// If we're running an older CryptoPP version, CryptoPP::byte isn't defined yet.
// Define it. Refer to "byte" type in the global namespace (placed by CryptoPP).
// Could also use CRYPTOPP_NO_GLOBAL_BYTE - but don't want to track when it was
// introduced. This way seems more reliable, as it is compatible with more of
// the Crypto++ versions.
#if CRYPTOPP_VERSION < 600
namespace CryptoPP {
using byte = ::byte;
}
#endif /* CRYPTOPP_VERSION < 600 */
#endif /* _CPPUTILS_CRYPTO_CRYPTOPP_BYTE_H */

19
src/cpp-utils/crypto/symmetric/CFB_Cipher.h
View File

@ -2,6 +2,7 @@
#ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CFBCIPHER_H_ #ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CFBCIPHER_H_
#define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CFBCIPHER_H_ #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CFBCIPHER_H_
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "../../data/FixedSizeData.h" #include "../../data/FixedSizeData.h"
#include "../../data/Data.h" #include "../../data/Data.h"
#include "../../random/Random.h" #include "../../random/Random.h"
@ -28,34 +29,34 @@ public:
return ciphertextBlockSize - IV_SIZE; return ciphertextBlockSize - IV_SIZE;
} }
static Data encrypt(const byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey); static Data encrypt(const CryptoPP::byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey);
static boost::optional<Data> decrypt(const byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey); static boost::optional<Data> decrypt(const CryptoPP::byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey);
private: private:
static constexpr unsigned int IV_SIZE = BlockCipher::BLOCKSIZE; static constexpr unsigned int IV_SIZE = BlockCipher::BLOCKSIZE;
}; };
template<typename BlockCipher, unsigned int KeySize> template<typename BlockCipher, unsigned int KeySize>
Data CFB_Cipher<BlockCipher, KeySize>::encrypt(const byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) { Data CFB_Cipher<BlockCipher, KeySize>::encrypt(const CryptoPP::byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) {
FixedSizeData<IV_SIZE> iv = Random::PseudoRandom().getFixedSize<IV_SIZE>(); FixedSizeData<IV_SIZE> iv = Random::PseudoRandom().getFixedSize<IV_SIZE>();
auto encryption = typename CryptoPP::CFB_Mode<BlockCipher>::Encryption(encKey.data(), encKey.BINARY_LENGTH, iv.data()); auto encryption = typename CryptoPP::CFB_Mode<BlockCipher>::Encryption(encKey.data(), encKey.BINARY_LENGTH, iv.data());
Data ciphertext(ciphertextSize(plaintextSize)); Data ciphertext(ciphertextSize(plaintextSize));
std::memcpy(ciphertext.data(), iv.data(), IV_SIZE); std::memcpy(ciphertext.data(), iv.data(), IV_SIZE);
encryption.ProcessData((byte*)ciphertext.data() + IV_SIZE, plaintext, plaintextSize); encryption.ProcessData((CryptoPP::byte*)ciphertext.data() + IV_SIZE, plaintext, plaintextSize);
return ciphertext; return ciphertext;
} }
template<typename BlockCipher, unsigned int KeySize> template<typename BlockCipher, unsigned int KeySize>
boost::optional<Data> CFB_Cipher<BlockCipher, KeySize>::decrypt(const byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey) { boost::optional<Data> CFB_Cipher<BlockCipher, KeySize>::decrypt(const CryptoPP::byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey) {
if (ciphertextSize < IV_SIZE) { if (ciphertextSize < IV_SIZE) {
return boost::none; return boost::none;
} }
const byte *ciphertextIV = ciphertext; const CryptoPP::byte *ciphertextIV = ciphertext;
const byte *ciphertextData = ciphertext + IV_SIZE; const CryptoPP::byte *ciphertextData = ciphertext + IV_SIZE;
auto decryption = typename CryptoPP::CFB_Mode<BlockCipher>::Decryption((byte*)encKey.data(), encKey.BINARY_LENGTH, ciphertextIV); auto decryption = typename CryptoPP::CFB_Mode<BlockCipher>::Decryption((CryptoPP::byte*)encKey.data(), encKey.BINARY_LENGTH, ciphertextIV);
Data plaintext(plaintextSize(ciphertextSize)); Data plaintext(plaintextSize(ciphertextSize));
decryption.ProcessData((byte*)plaintext.data(), ciphertextData, plaintext.size()); decryption.ProcessData((CryptoPP::byte*)plaintext.data(), ciphertextData, plaintext.size());
return std::move(plaintext); return std::move(plaintext);
} }

21
src/cpp-utils/crypto/symmetric/GCM_Cipher.h
View File

@ -2,6 +2,7 @@
#ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_ #ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_
#define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_ #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "../../data/FixedSizeData.h" #include "../../data/FixedSizeData.h"
#include "../../data/Data.h" #include "../../data/Data.h"
#include "../../random/Random.h" #include "../../random/Random.h"
@ -27,8 +28,8 @@ public:
return ciphertextBlockSize - IV_SIZE - TAG_SIZE; return ciphertextBlockSize - IV_SIZE - TAG_SIZE;
} }
static Data encrypt(const byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey); static Data encrypt(const CryptoPP::byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey);
static boost::optional<Data> decrypt(const byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey); static boost::optional<Data> decrypt(const CryptoPP::byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey);
private: private:
static constexpr unsigned int IV_SIZE = BlockCipher::BLOCKSIZE; static constexpr unsigned int IV_SIZE = BlockCipher::BLOCKSIZE;
@ -36,7 +37,7 @@ private:
}; };
template<typename BlockCipher, unsigned int KeySize> template<typename BlockCipher, unsigned int KeySize>
Data GCM_Cipher<BlockCipher, KeySize>::encrypt(const byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) { Data GCM_Cipher<BlockCipher, KeySize>::encrypt(const CryptoPP::byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) {
FixedSizeData<IV_SIZE> iv = Random::PseudoRandom().getFixedSize<IV_SIZE>(); FixedSizeData<IV_SIZE> iv = Random::PseudoRandom().getFixedSize<IV_SIZE>();
typename CryptoPP::GCM<BlockCipher, CryptoPP::GCM_64K_Tables>::Encryption encryption; typename CryptoPP::GCM<BlockCipher, CryptoPP::GCM_64K_Tables>::Encryption encryption;
encryption.SetKeyWithIV(encKey.data(), encKey.BINARY_LENGTH, iv.data(), IV_SIZE); encryption.SetKeyWithIV(encKey.data(), encKey.BINARY_LENGTH, iv.data(), IV_SIZE);
@ -45,7 +46,7 @@ Data GCM_Cipher<BlockCipher, KeySize>::encrypt(const byte *plaintext, unsigned i
std::memcpy(ciphertext.data(), iv.data(), IV_SIZE); std::memcpy(ciphertext.data(), iv.data(), IV_SIZE);
CryptoPP::ArraySource(plaintext, plaintextSize, true, CryptoPP::ArraySource(plaintext, plaintextSize, true,
new CryptoPP::AuthenticatedEncryptionFilter(encryption, new CryptoPP::AuthenticatedEncryptionFilter(encryption,
new CryptoPP::ArraySink((byte*)ciphertext.data() + IV_SIZE, ciphertext.size() - IV_SIZE), new CryptoPP::ArraySink((CryptoPP::byte*)ciphertext.data() + IV_SIZE, ciphertext.size() - IV_SIZE),
false, TAG_SIZE false, TAG_SIZE
) )
); );
@ -53,21 +54,21 @@ Data GCM_Cipher<BlockCipher, KeySize>::encrypt(const byte *plaintext, unsigned i
} }
template<typename BlockCipher, unsigned int KeySize> template<typename BlockCipher, unsigned int KeySize>
boost::optional<Data> GCM_Cipher<BlockCipher, KeySize>::decrypt(const byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey) { boost::optional<Data> GCM_Cipher<BlockCipher, KeySize>::decrypt(const CryptoPP::byte *ciphertext, unsigned int ciphertextSize, const EncryptionKey &encKey) {
if (ciphertextSize < IV_SIZE + TAG_SIZE) { if (ciphertextSize < IV_SIZE + TAG_SIZE) {
return boost::none; return boost::none;
} }
const byte *ciphertextIV = ciphertext; const CryptoPP::byte *ciphertextIV = ciphertext;
const byte *ciphertextData = ciphertext + IV_SIZE; const CryptoPP::byte *ciphertextData = ciphertext + IV_SIZE;
typename CryptoPP::GCM<BlockCipher, CryptoPP::GCM_64K_Tables>::Decryption decryption; typename CryptoPP::GCM<BlockCipher, CryptoPP::GCM_64K_Tables>::Decryption decryption;
decryption.SetKeyWithIV((byte*)encKey.data(), encKey.BINARY_LENGTH, ciphertextIV, IV_SIZE); decryption.SetKeyWithIV((CryptoPP::byte*)encKey.data(), encKey.BINARY_LENGTH, ciphertextIV, IV_SIZE);
Data plaintext(plaintextSize(ciphertextSize)); Data plaintext(plaintextSize(ciphertextSize));
try { try {
CryptoPP::ArraySource((byte*)ciphertextData, ciphertextSize - IV_SIZE, true, CryptoPP::ArraySource((CryptoPP::byte*)ciphertextData, ciphertextSize - IV_SIZE, true,
new CryptoPP::AuthenticatedDecryptionFilter(decryption, new CryptoPP::AuthenticatedDecryptionFilter(decryption,
new CryptoPP::ArraySink((byte*)plaintext.data(), plaintext.size()), new CryptoPP::ArraySink((CryptoPP::byte*)plaintext.data(), plaintext.size()),
CryptoPP::AuthenticatedDecryptionFilter::DEFAULT_FLAGS, TAG_SIZE CryptoPP::AuthenticatedDecryptionFilter::DEFAULT_FLAGS, TAG_SIZE
) )
); );

3
src/cpp-utils/random/OSRandomGenerator.h
View File

@ -2,6 +2,7 @@
#ifndef MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H #ifndef MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H
#define MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H #define MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "RandomGenerator.h" #include "RandomGenerator.h"
#include <cryptopp/osrng.h> #include <cryptopp/osrng.h>
@ -20,7 +21,7 @@ namespace cpputils {
inline OSRandomGenerator::OSRandomGenerator() {} inline OSRandomGenerator::OSRandomGenerator() {}
inline void OSRandomGenerator::_get(void *target, size_t bytes) { inline void OSRandomGenerator::_get(void *target, size_t bytes) {
CryptoPP::OS_GenerateRandomBlock(true, (byte*)target, bytes); CryptoPP::OS_GenerateRandomBlock(true, (CryptoPP::byte*)target, bytes);
} }
} }

3
src/cpp-utils/random/RandomGeneratorThread.cpp
View File

@ -1,3 +1,4 @@
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "RandomGeneratorThread.h" #include "RandomGeneratorThread.h"
namespace cpputils { namespace cpputils {
@ -26,7 +27,7 @@ namespace cpputils {
Data RandomGeneratorThread::_generateRandomData(size_t size) { Data RandomGeneratorThread::_generateRandomData(size_t size) {
Data newRandom(size); Data newRandom(size);
_randomGenerator.GenerateBlock(static_cast<byte*>(newRandom.data()), size); _randomGenerator.GenerateBlock(static_cast<CryptoPP::byte*>(newRandom.data()), size);
return newRandom; return newRandom;
} }

3
test/blockstore/implementations/encrypted/EncryptedBlockStoreTest_Specific.cpp
View File

@ -1,3 +1,4 @@
#include "cpp-utils/crypto/cryptopp_byte.h"
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "../../../cpp-utils/crypto/symmetric/testutils/FakeAuthenticatedCipher.h" #include "../../../cpp-utils/crypto/symmetric/testutils/FakeAuthenticatedCipher.h"
#include "blockstore/implementations/encrypted/EncryptedBlockStore.h" #include "blockstore/implementations/encrypted/EncryptedBlockStore.h"
@ -45,7 +46,7 @@ public:
void ModifyBaseBlock(const blockstore::Key &key) { void ModifyBaseBlock(const blockstore::Key &key) {
auto block = baseBlockStore->load(key).value(); auto block = baseBlockStore->load(key).value();
uint8_t middle_byte = ((byte*)block->data())[10]; uint8_t middle_byte = ((CryptoPP::byte*)block->data())[10];
uint8_t new_middle_byte = middle_byte + 1; uint8_t new_middle_byte = middle_byte + 1;
block->write(&new_middle_byte, 10, 1); block->write(&new_middle_byte, 10, 1);
} }

23
test/cpp-utils/crypto/symmetric/CipherTest.cpp
View File

@ -1,3 +1,4 @@
#include "cpp-utils/crypto/cryptopp_byte.h"
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "cpp-utils/crypto/symmetric/Cipher.h" #include "cpp-utils/crypto/symmetric/Cipher.h"
#include "cpp-utils/crypto/symmetric/ciphers.h" #include "cpp-utils/crypto/symmetric/ciphers.h"
@ -39,16 +40,16 @@ public:
} }
void ExpectDoesntDecrypt(const Data &ciphertext) { void ExpectDoesntDecrypt(const Data &ciphertext) {
auto decrypted = Cipher::decrypt((byte*)ciphertext.data(), ciphertext.size(), this->encKey); auto decrypted = Cipher::decrypt((CryptoPP::byte*)ciphertext.data(), ciphertext.size(), this->encKey);
EXPECT_FALSE(decrypted); EXPECT_FALSE(decrypted);
} }
Data Encrypt(const Data &plaintext) { Data Encrypt(const Data &plaintext) {
return Cipher::encrypt((byte*)plaintext.data(), plaintext.size(), this->encKey); return Cipher::encrypt((CryptoPP::byte*)plaintext.data(), plaintext.size(), this->encKey);
} }
Data Decrypt(const Data &ciphertext) { Data Decrypt(const Data &ciphertext) {
return Cipher::decrypt((byte*)ciphertext.data(), ciphertext.size(), this->encKey).value(); return Cipher::decrypt((CryptoPP::byte*)ciphertext.data(), ciphertext.size(), this->encKey).value();
} }
static Data CreateZeroes(unsigned int size) { static Data CreateZeroes(unsigned int size) {
@ -148,49 +149,49 @@ TYPED_TEST_CASE_P(AuthenticatedCipherTest);
TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Zeroes_Size1) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Zeroes_Size1) {
Data ciphertext = this->Encrypt(this->zeroes1); Data ciphertext = this->Encrypt(this->zeroes1);
*(byte*)ciphertext.data() = *(byte*)ciphertext.data() + 1; *(CryptoPP::byte*)ciphertext.data() = *(CryptoPP::byte*)ciphertext.data() + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Data_Size1) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Data_Size1) {
Data ciphertext = this->Encrypt(this->plaintext1); Data ciphertext = this->Encrypt(this->plaintext1);
*(byte*)ciphertext.data() = *(byte*)ciphertext.data() + 1; *(CryptoPP::byte*)ciphertext.data() = *(CryptoPP::byte*)ciphertext.data() + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Zeroes) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Zeroes) {
Data ciphertext = this->Encrypt(this->zeroes2); Data ciphertext = this->Encrypt(this->zeroes2);
*(byte*)ciphertext.data() = *(byte*)ciphertext.data() + 1; *(CryptoPP::byte*)ciphertext.data() = *(CryptoPP::byte*)ciphertext.data() + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Data) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyFirstByte_Data) {
Data ciphertext = this->Encrypt(this->plaintext2); Data ciphertext = this->Encrypt(this->plaintext2);
*(byte*)ciphertext.data() = *(byte*)ciphertext.data() + 1; *(CryptoPP::byte*)ciphertext.data() = *(CryptoPP::byte*)ciphertext.data() + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyLastByte_Zeroes) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyLastByte_Zeroes) {
Data ciphertext = this->Encrypt(this->zeroes2); Data ciphertext = this->Encrypt(this->zeroes2);
((byte*)ciphertext.data())[ciphertext.size() - 1] = ((byte*)ciphertext.data())[ciphertext.size() - 1] + 1; ((CryptoPP::byte*)ciphertext.data())[ciphertext.size() - 1] = ((CryptoPP::byte*)ciphertext.data())[ciphertext.size() - 1] + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyLastByte_Data) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyLastByte_Data) {
Data ciphertext = this->Encrypt(this->plaintext2); Data ciphertext = this->Encrypt(this->plaintext2);
((byte*)ciphertext.data())[ciphertext.size() - 1] = ((byte*)ciphertext.data())[ciphertext.size() - 1] + 1; ((CryptoPP::byte*)ciphertext.data())[ciphertext.size() - 1] = ((CryptoPP::byte*)ciphertext.data())[ciphertext.size() - 1] + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyMiddleByte_Zeroes) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyMiddleByte_Zeroes) {
Data ciphertext = this->Encrypt(this->zeroes2); Data ciphertext = this->Encrypt(this->zeroes2);
((byte*)ciphertext.data())[ciphertext.size()/2] = ((byte*)ciphertext.data())[ciphertext.size()/2] + 1; ((CryptoPP::byte*)ciphertext.data())[ciphertext.size()/2] = ((CryptoPP::byte*)ciphertext.data())[ciphertext.size()/2] + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }
TYPED_TEST_P(AuthenticatedCipherTest, ModifyMiddleByte_Data) { TYPED_TEST_P(AuthenticatedCipherTest, ModifyMiddleByte_Data) {
Data ciphertext = this->Encrypt(this->plaintext2); Data ciphertext = this->Encrypt(this->plaintext2);
((byte*)ciphertext.data())[ciphertext.size()/2] = ((byte*)ciphertext.data())[ciphertext.size()/2] + 1; ((CryptoPP::byte*)ciphertext.data())[ciphertext.size()/2] = ((CryptoPP::byte*)ciphertext.data())[ciphertext.size()/2] + 1;
this->ExpectDoesntDecrypt(ciphertext); this->ExpectDoesntDecrypt(ciphertext);
} }

17
test/cpp-utils/crypto/symmetric/testutils/FakeAuthenticatedCipher.h
View File

@ -2,6 +2,7 @@
#ifndef MESSMER_CPPUTILS_TEST_CRYPTO_SYMMETRIC_TESTUTILS_FAKEAUTHENTICATEDCIPHER_H_ #ifndef MESSMER_CPPUTILS_TEST_CRYPTO_SYMMETRIC_TESTUTILS_FAKEAUTHENTICATEDCIPHER_H_
#define MESSMER_CPPUTILS_TEST_CRYPTO_SYMMETRIC_TESTUTILS_FAKEAUTHENTICATEDCIPHER_H_ #define MESSMER_CPPUTILS_TEST_CRYPTO_SYMMETRIC_TESTUTILS_FAKEAUTHENTICATEDCIPHER_H_
#include "cpp-utils/crypto/cryptopp_byte.h"
#include "cpp-utils/crypto/symmetric/Cipher.h" #include "cpp-utils/crypto/symmetric/Cipher.h"
#include "cpp-utils/data/FixedSizeData.h" #include "cpp-utils/data/FixedSizeData.h"
#include "cpp-utils/data/Data.h" #include "cpp-utils/data/Data.h"
@ -47,7 +48,7 @@ namespace cpputils {
return ciphertextBlockSize - 5; return ciphertextBlockSize - 5;
} }
static Data encrypt(const byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) { static Data encrypt(const CryptoPP::byte *plaintext, unsigned int plaintextSize, const EncryptionKey &encKey) {
Data result(ciphertextSize(plaintextSize)); Data result(ciphertextSize(plaintextSize));
//Add a random IV //Add a random IV
@ -55,16 +56,16 @@ namespace cpputils {
std::memcpy(result.data(), &iv, 1); std::memcpy(result.data(), &iv, 1);
//Use caesar chiffre on plaintext //Use caesar chiffre on plaintext
_caesar((byte *) result.data() + 1, plaintext, plaintextSize, encKey.value + iv); _caesar((CryptoPP::byte *) result.data() + 1, plaintext, plaintextSize, encKey.value + iv);
//Add parity information //Add parity information
int32_t parity = _parity((byte *) result.data(), plaintextSize + 1); int32_t parity = _parity((CryptoPP::byte *) result.data(), plaintextSize + 1);
std::memcpy((byte *) result.data() + plaintextSize + 1, &parity, 4); std::memcpy((CryptoPP::byte *) result.data() + plaintextSize + 1, &parity, 4);
return result; return result;
} }
static boost::optional <Data> decrypt(const byte *ciphertext, unsigned int ciphertextSize, static boost::optional <Data> decrypt(const CryptoPP::byte *ciphertext, unsigned int ciphertextSize,
const EncryptionKey &encKey) { const EncryptionKey &encKey) {
//We need at least 5 bytes (iv + parity) //We need at least 5 bytes (iv + parity)
if (ciphertextSize < 5) { if (ciphertextSize < 5) {
@ -81,14 +82,14 @@ namespace cpputils {
//Decrypt caesar chiffre from ciphertext //Decrypt caesar chiffre from ciphertext
int32_t iv = *(int32_t *) ciphertext; int32_t iv = *(int32_t *) ciphertext;
Data result(plaintextSize(ciphertextSize)); Data result(plaintextSize(ciphertextSize));
_caesar((byte *) result.data(), ciphertext + 1, plaintextSize(ciphertextSize), -(encKey.value + iv)); _caesar((CryptoPP::byte *) result.data(), ciphertext + 1, plaintextSize(ciphertextSize), -(encKey.value + iv));
return std::move(result); return std::move(result);
} }
static constexpr const char *NAME = "FakeAuthenticatedCipher"; static constexpr const char *NAME = "FakeAuthenticatedCipher";
private: private:
static int32_t _parity(const byte *data, unsigned int size) { static int32_t _parity(const CryptoPP::byte *data, unsigned int size) {
int32_t parity = 34343435; // some init value int32_t parity = 34343435; // some init value
const int32_t *intData = reinterpret_cast<const int32_t *>(data); const int32_t *intData = reinterpret_cast<const int32_t *>(data);
unsigned int intSize = size / sizeof(int32_t); unsigned int intSize = size / sizeof(int32_t);
@ -102,7 +103,7 @@ namespace cpputils {
return parity; return parity;
} }
static void _caesar(byte *dst, const byte *src, unsigned int size, uint8_t key) { static void _caesar(CryptoPP::byte *dst, const CryptoPP::byte *src, unsigned int size, uint8_t key) {
for (unsigned int i = 0; i < size; ++i) { for (unsigned int i = 0; i < size; ++i) {
dst[i] = src[i] + key; dst[i] = src[i] + key;
} }

3
test/cryfs/config/CompatibilityTest.cpp
View File

@ -1,3 +1,4 @@
#include "cpp-utils/crypto/cryptopp_byte.h"
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include <vector> #include <vector>
#include <boost/filesystem.hpp> #include <boost/filesystem.hpp>
@ -38,7 +39,7 @@ private:
Data result(hex.size()/2); Data result(hex.size()/2);
CryptoPP::StringSource(hex, true, CryptoPP::StringSource(hex, true,
new CryptoPP::HexDecoder( new CryptoPP::HexDecoder(
new CryptoPP::ArraySink((byte*)result.data(), result.size()) new CryptoPP::ArraySink((CryptoPP::byte*)result.data(), result.size())
) )
); );
return result; return result;