Exemplo n.º 1
0
void showFSInfo( const EncfsConfig &config )
{
  shared_ptr<CipherV1> cipher = CipherV1::New( config.cipher(), 
        config.key().size() );
  {
    cout << autosprintf(
        // xgroup(diag)
        _("Filesystem cipher: \"%s\", version %i:%i:%i"),
        config.cipher().name().c_str(), config.cipher().major(),
        config.cipher().minor(), config.cipher().age());
    // check if we support this interface..
    if(!cipher)
      cout << _(" (NOT supported)\n");
    else
    {
      // if we're using a newer interface, show the version number
      if( config.cipher() != cipher->interface() )
      {
        Interface iface = cipher->interface();
        // xgroup(diag)
        cout << autosprintf(_(" (using %i:%i:%i)\n"),
            iface.major(), iface.minor(), iface.age());
      } else
        cout << "\n";
    }
  }

  // xgroup(diag)
  cout << autosprintf(_("Filename encoding: \"%s\", version %i:%i:%i"),
          config.naming().name().c_str(), config.naming().major(),
          config.naming().minor(), config.naming().age());
    
  if (!cipher)
  {
      cout <<  "\n";
  } else
  {
    // check if we support the filename encoding interface..
    shared_ptr<NameIO> nameCoder = NameIO::New( config.naming(), cipher );
    if(!nameCoder)
    {
      // xgroup(diag)
      cout << _(" (NOT supported)\n");
    } else
    {
      // if we're using a newer interface, show the version number
      if( config.naming() != nameCoder->interface() )
      {
        Interface iface = nameCoder->interface();
        cout << autosprintf(_(" (using %i:%i:%i)\n"),
            iface.major(), iface.minor(), iface.age());
      } else
        cout << "\n";
    }
  }
  const EncryptedKey &key = config.key();
  {
    cout << autosprintf(_("Key Size: %i bits"), 8 * key.size());
    cipher = getCipher(config);
    if(!cipher)
    {
      // xgroup(diag)
      cout << _(" (NOT supported)\n");
    } else
      cout << "\n";
  }
  if(key.kdf_iterations() > 0 && key.salt().size() > 0)
  {
    cout << autosprintf(_("Using PBKDF2, with %i iterations"), 
        key.kdf_iterations()) << "\n";
    cout << autosprintf(_("Salt Size: %i bits"), 
        8*(int)key.salt().size()) << "\n";
  }
  if(config.block_mac_bytes() || config.block_mac_rand_bytes())
  {
    if(config.revision() < V5Latest)
    {
      cout << autosprintf(
          // xgroup(diag)
          _("Block Size: %i bytes + %i byte MAC header"),
          config.block_size(),
          config.block_mac_bytes() + config.block_mac_rand_bytes()) << endl;
    } else
    {
      // new version stores the header as part of that block size..
      cout << autosprintf(
          // xgroup(diag)
          _("Block Size: %i bytes, including %i byte MAC header"),
          config.block_size(),
          config.block_mac_bytes() + config.block_mac_rand_bytes()) << endl;
    }
  } else
  {
    // xgroup(diag)
    cout << autosprintf(_("Block Size: %i bytes"), config.block_size());
    cout << "\n";
  }

  if(config.unique_iv())
  {
    // xgroup(diag)
    cout << _("Each file contains 8 byte header with unique IV data.\n");
  }
  if(config.chained_iv())
  {
    // xgroup(diag)
    cout << _("Filenames encoded using IV chaining mode.\n");
  }
  if(config.external_iv())
  {
    // xgroup(diag)
    cout << _("File data IV is chained to filename IV.\n");
  }
  if(config.allow_holes())
  {
    // xgroup(diag)
    cout << _("File holes passed through to ciphertext.\n");
  }
  cout << "\n";
}
Exemplo n.º 2
0
bool runTests(const shared_ptr<Cipher> &cipher, bool verbose)
{
  // create a random key
  if(verbose)
    cerr << "Generating new key, output will be different on each run\n\n";
  CipherKey key = cipher->newRandomKey();

  if(verbose)
    cerr << "Testing key save / restore :";
  {
    CipherKey encodingKey = cipher->newRandomKey();
    int encodedKeySize = cipher->encodedKeySize();
    unsigned char *keyBuf = new unsigned char [ encodedKeySize ];

    cipher->writeKey( key, keyBuf, encodingKey );
    CipherKey key2 = cipher->readKey( keyBuf, encodingKey );
    if(!key2)
    {
      if(verbose)
        cerr << "   FAILED (decode error)\n";
      return false;
    }

    if(cipher->compareKey( key, key2 ))
    {
      if(verbose)
        cerr << "   OK\n";
    } else
    {
      if(verbose)
        cerr << "   FAILED\n";
      return false;
    }
  }

  if(verbose)
    cerr << "Testing Config interface load / store :";
  {
    CipherKey encodingKey = cipher->newRandomKey();
    int encodedKeySize = cipher->encodedKeySize();
    unsigned char *keyBuf = new unsigned char [ encodedKeySize ];

    cipher->writeKey( key, keyBuf, encodingKey );

    // store in config struct..
    EncfsConfig cfg;
    cfg.mutable_cipher()->MergeFrom(cipher->interface());
    EncryptedKey *encryptedKey = cfg.mutable_key();
    encryptedKey->set_size(8 * cipher->keySize());
    encryptedKey->set_ciphertext( keyBuf, encodedKeySize );
    cfg.set_block_size(FSBlockSize);

    // save config
    string data;
    google::protobuf::TextFormat::PrintToString(cfg, &data);

    // read back in and check everything..
    EncfsConfig cfg2;
    google::protobuf::TextFormat::ParseFromString(data, &cfg2);

    // check..
    rAssert( implements(cfg.cipher(),cfg2.cipher()) );
    rAssert( cfg.key().size() == cfg2.key().size() );
    rAssert( cfg.block_size() == cfg2.block_size() );

    // try decoding key..

    CipherKey key2 = cipher->readKey( (unsigned char *)cfg2.key().ciphertext().data(), encodingKey );
    if(!key2)
    {
      if(verbose)
        cerr << "   FAILED (decode error)\n";
      return false;
    }

    if(cipher->compareKey( key, key2 ))
    {
      if(verbose)
        cerr << "   OK\n";
    } else
    {
      if(verbose)
        cerr << "   FAILED\n";
      return false;
    }
  }

  FSConfigPtr fsCfg = FSConfigPtr(new FSConfig);
  fsCfg->cipher = cipher;
  fsCfg->key = key;
  fsCfg->config.reset(new EncfsConfig);
  fsCfg->config->set_block_size(FSBlockSize);
  fsCfg->opts.reset(new EncFS_Opts);

  if(verbose)
    cerr << "Testing name encode/decode (stream coding w/ IV chaining)\n";
  if (cipher->hasStreamMode())
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);

    fsCfg->nameCoding.reset( new StreamNameIO(
          StreamNameIO::CurrentInterface(), cipher, key ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(verbose)
    cerr << "Testing name encode/decode (block coding w/ IV chaining)\n";
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);
    fsCfg->nameCoding.reset( new BlockNameIO(
          BlockNameIO::CurrentInterface(), cipher, key ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(verbose)
    cerr << "Testing name encode/decode (block coding w/ IV chaining, base32)\n";
  {
    fsCfg->opts->idleTracking = false;
    fsCfg->config->set_unique_iv(false);
    fsCfg->nameCoding.reset( new BlockNameIO(
          BlockNameIO::CurrentInterface(), cipher, key, true ) );
    fsCfg->nameCoding->setChainedNameIV( true );

    DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

    if(!testNameCoding( dirNode, verbose ))
      return false;
  }

  if(!verbose)
  {
    if (cipher->hasStreamMode())
    {
      // test stream mode, this time without IV chaining
      fsCfg->nameCoding =
        shared_ptr<NameIO>( new StreamNameIO( 
              StreamNameIO::CurrentInterface(), cipher, key ) );
      fsCfg->nameCoding->setChainedNameIV( false );

      DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

      if(!testNameCoding( dirNode, verbose ))
        return false;
    }

    {
      // test block mode, this time without IV chaining
      fsCfg->nameCoding = shared_ptr<NameIO>( new BlockNameIO(
            BlockNameIO::CurrentInterface(), cipher, key ) );
      fsCfg->nameCoding->setChainedNameIV( false );

      DirNode dirNode( NULL, TEST_ROOTDIR, fsCfg );

      if(!testNameCoding( dirNode, verbose ))
        return false;
    }
  }

  if(verbose)
    cerr << "Testing block encode/decode on full block -  ";
  {
    int numErrors = checkErrorPropogation( cipher,
        FSBlockSize, -1, key );
    if(numErrors)
    {
      if(verbose)
        cerr << " FAILED!\n";
      return false;
    } else
    {
      if(verbose)
        cerr << " OK\n";
    }
  }
  if(verbose)
    cerr << "Testing block encode/decode on partial block -  ";
  if (cipher->hasStreamMode())
  {
    int numErrors = checkErrorPropogation( cipher,
        FSBlockSize-1, -1, key );
    if(numErrors)
    {
      if(verbose)
        cerr << " FAILED!\n";
      return false;
    } else
    {
      if(verbose)
        cerr << " OK\n";
    }
  }

  if(verbose)
    cerr << "Checking error propogation in partial block:\n";
  if (cipher->hasStreamMode())
  {
    int minChanges = FSBlockSize-1;
    int maxChanges = 0;
    int minAt = 0;
    int maxAt = 0;
    for(int i=0; i<FSBlockSize-1; ++i)
    {
      int numErrors = checkErrorPropogation( cipher,
          FSBlockSize-1, i, key );

      if(numErrors < minChanges) 
      {
        minChanges = numErrors;
        minAt = i;
      }
      if(numErrors > maxChanges)
      {
        maxChanges = numErrors;
        maxAt = i;
      }
    }

    if(verbose)
    {
      cerr << "modification of 1 byte affected between " << minChanges
        << " and " << maxChanges << " decoded bytes\n";
      cerr << "minimum change at byte " << minAt
        << " and  maximum at byte " << maxAt << "\n";
    }
  }
  if(verbose)
    cerr << "Checking error propogation on full block:\n";
  {
    int minChanges = FSBlockSize;
    int maxChanges = 0;
    int minAt = 0;
    int maxAt = 0;
    for(int i=0; i<FSBlockSize; ++i)
    {
      int numErrors = checkErrorPropogation( cipher,
          FSBlockSize, i, key );

      if(numErrors < minChanges) 
      {
        minChanges = numErrors;
        minAt = i;
      }
      if(numErrors > maxChanges)
      {
        maxChanges = numErrors;
        maxAt = i;
      }
    }

    if(verbose)
    {
      cerr << "modification of 1 byte affected between " << minChanges
        << " and " << maxChanges << " decoded bytes\n";
      cerr << "minimum change at byte " << minAt
        << " and  maximum at byte " << maxAt << "\n";
    }
  }

  return true;
}