コード例 #1
0
ファイル: FileUtils.cpp プロジェクト: bentolor/encfs
CipherKey decryptKey(const EncfsConfig &config, const char *password, int passwdLen)
{
  const EncryptedKey &key = config.key();
  CipherKey userKey;
  shared_ptr<CipherV1> cipher = getCipher(config.cipher(), 8 * key.size());

  if(!key.salt().empty())
  {
    int iterations = key.kdf_iterations();
    userKey = cipher->newKey(password, passwdLen,
                             &iterations, key.kdf_duration(), 
                             (const byte *)key.salt().data(),
                             key.salt().size());

    if (iterations != key.kdf_iterations()) 
    {
      LOG(ERROR) << "Error in KDF, iteration mismatch";
      return userKey;
    }
  } else
  {
    // old KDF, no salt..
    userKey = cipher->newKey( password, passwdLen );
  }

  return userKey;
}
コード例 #2
0
ファイル: FileUtils.cpp プロジェクト: bentolor/encfs
RootPtr initFS( EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts )
{
  RootPtr rootInfo;
  EncfsConfig config;

  if(readConfig( opts->rootDir, config ) != Config_None)
  {
    if(opts->reverseEncryption)
    {
      if (config.block_mac_bytes() != 0 || config.block_mac_rand_bytes() != 0
          || config.unique_iv() || config.external_iv()
          || config.chained_iv() )
      {  
        cout << _("The configuration loaded is not compatible with --reverse\n");
        return rootInfo;
      }
    }

    // first, instanciate the cipher.
    shared_ptr<CipherV1> cipher = getCipher(config);
    if(!cipher)
    {
      Interface iface = config.cipher();
      LOG(ERROR) << "Unable to find cipher " << iface.name()
          << ", version " << iface.major()
          << ":" << iface.minor() << ":" << iface.age();
      // xgroup(diag)
      cout << _("The requested cipher interface is not available\n");
      return rootInfo;
    }

    // get user key
    CipherKey userKey;

    if(opts->passwordProgram.empty())
    {
      if (opts->annotate)
        cerr << "$PROMPT$ passwd" << endl;
      userKey = getUserKey( config, opts->useStdin );
    } else
      userKey = getUserKey( config, opts->passwordProgram, opts->rootDir );

    if(!userKey.valid())
      return rootInfo;

    cipher->setKey(userKey); 

    VLOG(1) << "cipher encoded key size = " << cipher->encodedKeySize();
    // decode volume key..
    CipherKey volumeKey = cipher->readKey(
        (const unsigned char *)config.key().ciphertext().data(), opts->checkKey);
    userKey.reset();

    if(!volumeKey.valid())
    {
      // xgroup(diag)
      cout << _("Error decoding volume key, password incorrect\n");
      return rootInfo;
    }

    cipher->setKey(volumeKey);

    shared_ptr<NameIO> nameCoder = NameIO::New( config.naming(), cipher );
    if(!nameCoder)
    {
      Interface iface = config.naming();
      LOG(ERROR) << "Unable to find nameio interface " << iface.name()
          << ", version " << iface.major()
          << ":" << iface.minor() << ":" << iface.age();
      // xgroup(diag)
      cout << _("The requested filename coding interface is "
          "not available\n");
      return rootInfo;
    }

    nameCoder->setChainedNameIV( config.chained_iv() );
    nameCoder->setReverseEncryption( opts->reverseEncryption );

    FSConfigPtr fsConfig( new FSConfig );
    fsConfig->cipher = cipher;
    fsConfig->key = volumeKey;
    fsConfig->nameCoding = nameCoder;
    fsConfig->config = shared_ptr<EncfsConfig>(new EncfsConfig(config));
    fsConfig->forceDecode = opts->forceDecode;
    fsConfig->reverseEncryption = opts->reverseEncryption;
    fsConfig->opts = opts;

    rootInfo = RootPtr( new EncFS_Root );
    rootInfo->cipher = cipher;
    rootInfo->volumeKey = volumeKey;
    rootInfo->root = shared_ptr<DirNode>( 
        new DirNode( ctx, opts->rootDir, fsConfig ));
  } else
  {
    if(opts->createIfNotFound)
    {
      // creating a new encrypted filesystem
      rootInfo = createConfig( ctx, opts );
    }
  }

  return rootInfo;
}
コード例 #3
0
ファイル: FileUtils.cpp プロジェクト: bentolor/encfs
shared_ptr<CipherV1> getCipher(const EncfsConfig &config)
{
  return getCipher(config.cipher(), 8 * config.key().size());
}
コード例 #4
0
ファイル: FileUtils.cpp プロジェクト: bentolor/encfs
void showFSInfo( const EncfsConfig &config )
{
  shared_ptr<CipherV1> cipher = CipherV1::New( config.cipher(), 
        config.key().size() );
  {
    cout << autosprintf(
        // xgroup(diag)
        _("Filesystem cipher: \"%s\", version %i:%i:%i"),
        config.cipher().name().c_str(), config.cipher().major(),
        config.cipher().minor(), config.cipher().age());
    // check if we support this interface..
    if(!cipher)
      cout << _(" (NOT supported)\n");
    else
    {
      // if we're using a newer interface, show the version number
      if( config.cipher() != cipher->interface() )
      {
        Interface iface = cipher->interface();
        // xgroup(diag)
        cout << autosprintf(_(" (using %i:%i:%i)\n"),
            iface.major(), iface.minor(), iface.age());
      } else
        cout << "\n";
    }
  }

  // xgroup(diag)
  cout << autosprintf(_("Filename encoding: \"%s\", version %i:%i:%i"),
          config.naming().name().c_str(), config.naming().major(),
          config.naming().minor(), config.naming().age());
    
  if (!cipher)
  {
      cout <<  "\n";
  } else
  {
    // check if we support the filename encoding interface..
    shared_ptr<NameIO> nameCoder = NameIO::New( config.naming(), cipher );
    if(!nameCoder)
    {
      // xgroup(diag)
      cout << _(" (NOT supported)\n");
    } else
    {
      // if we're using a newer interface, show the version number
      if( config.naming() != nameCoder->interface() )
      {
        Interface iface = nameCoder->interface();
        cout << autosprintf(_(" (using %i:%i:%i)\n"),
            iface.major(), iface.minor(), iface.age());
      } else
        cout << "\n";
    }
  }
  const EncryptedKey &key = config.key();
  {
    cout << autosprintf(_("Key Size: %i bits"), 8 * key.size());
    cipher = getCipher(config);
    if(!cipher)
    {
      // xgroup(diag)
      cout << _(" (NOT supported)\n");
    } else
      cout << "\n";
  }
  if(key.kdf_iterations() > 0 && key.salt().size() > 0)
  {
    cout << autosprintf(_("Using PBKDF2, with %i iterations"), 
        key.kdf_iterations()) << "\n";
    cout << autosprintf(_("Salt Size: %i bits"), 
        8*(int)key.salt().size()) << "\n";
  }
  if(config.block_mac_bytes() || config.block_mac_rand_bytes())
  {
    if(config.revision() < V5Latest)
    {
      cout << autosprintf(
          // xgroup(diag)
          _("Block Size: %i bytes + %i byte MAC header"),
          config.block_size(),
          config.block_mac_bytes() + config.block_mac_rand_bytes()) << endl;
    } else
    {
      // new version stores the header as part of that block size..
      cout << autosprintf(
          // xgroup(diag)
          _("Block Size: %i bytes, including %i byte MAC header"),
          config.block_size(),
          config.block_mac_bytes() + config.block_mac_rand_bytes()) << endl;
    }
  } else
  {
    // xgroup(diag)
    cout << autosprintf(_("Block Size: %i bytes"), config.block_size());
    cout << "\n";
  }

  if(config.unique_iv())
  {
    // xgroup(diag)
    cout << _("Each file contains 8 byte header with unique IV data.\n");
  }
  if(config.chained_iv())
  {
    // xgroup(diag)
    cout << _("Filenames encoded using IV chaining mode.\n");
  }
  if(config.external_iv())
  {
    // xgroup(diag)
    cout << _("File data IV is chained to filename IV.\n");
  }
  if(config.allow_holes())
  {
    // xgroup(diag)
    cout << _("File holes passed through to ciphertext.\n");
  }
  cout << "\n";
}
コード例 #5
0
ファイル: test.cpp プロジェクト: tarruda/encfs
bool runTests(const shared_ptr<Cipher> &cipher, bool verbose)
{
  // create a random key
  if(verbose)
    cerr << "Generating new key, output will be different on each run\n\n";
  CipherKey key = cipher->newRandomKey();

  if(verbose)
    cerr << "Testing key save / restore :";
  {
    CipherKey encodingKey = cipher->newRandomKey();
    int encodedKeySize = cipher->encodedKeySize();
    unsigned char *keyBuf = new unsigned char [ encodedKeySize ];

    cipher->writeKey( key, keyBuf, encodingKey );
    CipherKey key2 = cipher->readKey( keyBuf, encodingKey );
    if(!key2)
    {
      if(verbose)
        cerr << "   FAILED (decode error)\n";
      return false;
    }

    if(cipher->compareKey( key, key2 ))
    {
      if(verbose)
        cerr << "   OK\n";
    } else
    {
      if(verbose)
        cerr << "   FAILED\n";
      return false;
    }
  }

  if(verbose)
    cerr << "Testing Config interface load / store :";
  {
    CipherKey encodingKey = cipher->newRandomKey();
    int encodedKeySize = cipher->encodedKeySize();
    unsigned char *keyBuf = new unsigned char [ encodedKeySize ];

    cipher->writeKey( key, keyBuf, encodingKey );

    // store in config struct..
    EncfsConfig cfg;
    cfg.mutable_cipher()->MergeFrom(cipher->interface());
    EncryptedKey *encryptedKey = cfg.mutable_key();
    encryptedKey->set_size(8 * cipher->keySize());
    encryptedKey->set_ciphertext( keyBuf, encodedKeySize );
    cfg.set_block_size(FSBlockSize);

    // save config
    string data;
    google::protobuf::TextFormat::PrintToString(cfg, &data);

    // read back in and check everything..
    EncfsConfig cfg2;
    google::protobuf::TextFormat::ParseFromString(data, &cfg2);

    // check..
    rAssert( implements(cfg.cipher(),cfg2.cipher()) );
    rAssert( cfg.key().size() == cfg2.key().size() );
    rAssert( cfg.block_size() == cfg2.block_size() );

    // try decoding key..

    CipherKey key2 = cipher->readKey( (unsigned char *)cfg2.key().ciphertext().data(), encodingKey );
    if(!key2)
    {
      if(verbose)
        cerr << "   FAILED (decode error)\n";
      return false;
    }

    if(cipher->compareKey( key, key2 ))
    {
      if(verbose)
        cerr << "   OK\n";
    } else
    {
      if(verbose)
        cerr << "   FAILED\n";
      return false;
    }
  }

  FSConfigPtr fsCfg = FSConfigPtr(new FSConfig);
  fsCfg->cipher = cipher;
  fsCfg->key = key;
  fsCfg->config.reset(new EncfsConfig);
  fsCfg->config->set_block_size(FSBlockSize);
  fsCfg->opts.reset(new EncFS_Opts);

  if(verbose)
    cerr << "Testing name encode/decode (stream coding w/ IV chaining)\n";
  if (cipher->hasStreamMode())
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);

    fsCfg->nameCoding.reset( new StreamNameIO(
          StreamNameIO::CurrentInterface(), cipher, key ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(verbose)
    cerr << "Testing name encode/decode (block coding w/ IV chaining)\n";
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);
    fsCfg->nameCoding.reset( new BlockNameIO(
          BlockNameIO::CurrentInterface(), cipher, key ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(verbose)
    cerr << "Testing name encode/decode (block coding w/ IV chaining, base32)\n";
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);
    fsCfg->nameCoding.reset( new BlockNameIO(
          BlockNameIO::CurrentInterface(), cipher, key, true ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(!verbose)
  {
    if (cipher->hasStreamMode())
    {
      // test stream mode, this time without IV chaining
      fsCfg->nameCoding =
        shared_ptr<NameIO>( new StreamNameIO( 
              StreamNameIO::CurrentInterface(), cipher, key ) );
      fsCfg->nameCoding->setChainedNameIV( false );

      DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

      if(!testNameCoding( dirNode, verbose ))
        return false;
    }

    {
      // test block mode, this time without IV chaining
      fsCfg->nameCoding = shared_ptr<NameIO>( new BlockNameIO(
            BlockNameIO::CurrentInterface(), cipher, key ) );
      fsCfg->nameCoding->setChainedNameIV( false );

      DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

      if(!testNameCoding( dirNode, verbose ))
        return false;
    }
  }

  if(verbose)
    cerr << "Testing block encode/decode on full block -  ";
  {
    int numErrors = checkErrorPropogation( cipher,
        FSBlockSize, -1, key );
    if(numErrors)
    {
      if(verbose)
        cerr << " FAILED!\n";
      return false;
    } else
    {
      if(verbose)
        cerr << " OK\n";
    }
  }
  if(verbose)
    cerr << "Testing block encode/decode on partial block -  ";
  if (cipher->hasStreamMode())
  {
    int numErrors = checkErrorPropogation( cipher,
        FSBlockSize-1, -1, key );
    if(numErrors)
    {
      if(verbose)
        cerr << " FAILED!\n";
      return false;
    } else
    {
      if(verbose)
        cerr << " OK\n";
    }
  }

  if(verbose)
    cerr << "Checking error propogation in partial block:\n";
  if (cipher->hasStreamMode())
  {
    int minChanges = FSBlockSize-1;
    int maxChanges = 0;
    int minAt = 0;
    int maxAt = 0;
    for(int i=0; i<FSBlockSize-1; ++i)
    {
      int numErrors = checkErrorPropogation( cipher,
          FSBlockSize-1, i, key );

      if(numErrors < minChanges) 
      {
        minChanges = numErrors;
        minAt = i;
      }
      if(numErrors > maxChanges)
      {
        maxChanges = numErrors;
        maxAt = i;
      }
    }

    if(verbose)
    {
      cerr << "modification of 1 byte affected between " << minChanges
        << " and " << maxChanges << " decoded bytes\n";
      cerr << "minimum change at byte " << minAt
        << " and  maximum at byte " << maxAt << "\n";
    }
  }
  if(verbose)
    cerr << "Checking error propogation on full block:\n";
  {
    int minChanges = FSBlockSize;
    int maxChanges = 0;
    int minAt = 0;
    int maxAt = 0;
    for(int i=0; i<FSBlockSize; ++i)
    {
      int numErrors = checkErrorPropogation( cipher,
          FSBlockSize, i, key );

      if(numErrors < minChanges) 
      {
        minChanges = numErrors;
        minAt = i;
      }
      if(numErrors > maxChanges)
      {
        maxChanges = numErrors;
        maxAt = i;
      }
    }

    if(verbose)
    {
      cerr << "modification of 1 byte affected between " << minChanges
        << " and " << maxChanges << " decoded bytes\n";
      cerr << "minimum change at byte " << minAt
        << " and  maximum at byte " << maxAt << "\n";
    }
  }

  return true;
}
コード例 #6
0
ファイル: encfsctl.cpp プロジェクト: AbbsFarshidi/cryptonite
static int do_chpasswd( bool useStdin, bool annotate, int argc, char **argv )
{
    (void)argc;
    string rootDir = argv[1];
    if( !checkDir( rootDir ))
	return EXIT_FAILURE;

    EncfsConfig config;
    ConfigType cfgType = readConfig( rootDir, config );

    if(cfgType == Config_None)
    {
	cout << _("Unable to load or parse config file\n");
	return EXIT_FAILURE;
    }

    // instanciate proper cipher
    shared_ptr<Cipher> cipher = getCipher(config);
    if(!cipher)
    {
	cout << autosprintf(_("Unable to find specified cipher \"%s\"\n"),
                config.cipher().name().c_str());
	return EXIT_FAILURE;
    }

    // ask for existing password
    cout << _("Enter current Encfs password\n");
    if (annotate)
        cerr << "$PROMPT$ passwd" << endl;
    CipherKey userKey = getUserKey( config, useStdin );
    if(!userKey)
	return EXIT_FAILURE;

    // decode volume key using user key -- at this point we detect an incorrect
    // password if the key checksum does not match (causing readKey to fail).
    CipherKey volumeKey = cipher->readKey( 
        (const unsigned char *)config.key().ciphertext().data(), userKey );

    if(!volumeKey)
    {
	cout << _("Invalid password\n");
	return EXIT_FAILURE;
    }

    // Now, get New user key..
    userKey.reset();
    cout << _("Enter new Encfs password\n");

    // create new key
    if( useStdin )
    {
        if (annotate)
            cerr << "$PROMPT$ new_passwd" << endl;
    }

    userKey = getNewUserKey( config, useStdin, string(), string() );

    // re-encode the volume key using the new user key and write it out..
    int result = EXIT_FAILURE;
    if(userKey)
    {
	int encodedKeySize = cipher->encodedKeySize();
	unsigned char *keyBuf = new unsigned char[ encodedKeySize ];

	// encode volume key with new user key
	cipher->writeKey( volumeKey, keyBuf, userKey );
	userKey.reset();

        EncryptedKey *key = config.mutable_key();
        key->set_ciphertext( keyBuf, encodedKeySize );
        delete[] keyBuf;

        if(saveConfig( rootDir, config ))
	{
	    // password modified -- changes volume key of filesystem..
	    cout << _("Volume Key successfully updated.\n");
	    result = EXIT_SUCCESS;
	} else
	{
	    cout << _("Error saving modified config file.\n");
	}
    } else
    {
        cout << _("Error creating key\n");
    }

    volumeKey.reset();

    return result;
}