2013-01-29 04:07:54 +01:00
|
|
|
/*****************************************************************************
|
|
|
|
* Author: Valient Gough <vgough@pobox.com>
|
|
|
|
*
|
|
|
|
*****************************************************************************
|
|
|
|
* Copyright (c) 2004, Valient Gough
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU Lesser General Public License as published by the
|
|
|
|
* Free Software Foundation, either version 3 of the License, or (at your
|
2013-10-20 00:35:26 +02:00
|
|
|
* option) any later version.
|
2013-01-29 04:07:54 +01:00
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
|
|
* for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "base/base64.h"
|
|
|
|
#include "base/Error.h"
|
|
|
|
#include "base/i18n.h"
|
2013-03-05 07:36:32 +01:00
|
|
|
#include "cipher/CipherV1.h"
|
2013-01-29 04:07:54 +01:00
|
|
|
#include "fs/StreamNameIO.h"
|
|
|
|
|
|
|
|
#include <glog/logging.h>
|
|
|
|
|
|
|
|
#include <cstring>
|
2013-10-21 07:38:27 +02:00
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-03-05 07:29:58 +01:00
|
|
|
namespace encfs {
|
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
using std::string;
|
|
|
|
using std::vector;
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
static shared_ptr<NameIO> NewStreamNameIO(const Interface &iface,
|
|
|
|
const shared_ptr<CipherV1> &cipher) {
|
|
|
|
return shared_ptr<NameIO>(new StreamNameIO(iface, cipher));
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
static bool StreamIO_registered = NameIO::Register(
|
|
|
|
"Stream",
|
2013-01-29 04:07:54 +01:00
|
|
|
gettext_noop("Stream encoding, keeps filenames as short as possible"),
|
2013-10-20 00:35:26 +02:00
|
|
|
StreamNameIO::CurrentInterface(), NewStreamNameIO, true);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
- Version 0.1 is for EncFS 0.x support. The difference to 1.0 is that 0.x
|
|
|
|
stores the file checksums at the end of the encoded name, where 1.0
|
|
|
|
stores them at the beginning.
|
|
|
|
|
|
|
|
- Version 1.0 is the basic stream encoding mode used since the beginning of
|
|
|
|
EncFS. There is a slight difference in filename encodings from EncFS 0.x
|
|
|
|
to 1.0.x. This implements just the 1.0.x method.
|
|
|
|
|
|
|
|
- Version 1.1 adds support for IV chaining. This is transparently
|
|
|
|
backward compatible, since older filesystems do not use IV chaining.
|
|
|
|
|
|
|
|
- Version 2.0 uses full 64 bit IV during IV chaining mode. Prior versions
|
|
|
|
used only the 16 bit output from MAC_16. This reduces the theoretical
|
|
|
|
possibility (unlikely to make any difference in practice) of two files
|
|
|
|
with the same name in different directories ending up with the same
|
|
|
|
encrypted name. Added because there is no good reason to chop to 16
|
|
|
|
bits.
|
|
|
|
|
|
|
|
- Version 2.1 adds support for version 0 for EncFS 0.x compatibility.
|
2013-10-21 07:38:27 +02:00
|
|
|
|
|
|
|
- Version 3.0 drops Encfs 0.x support.
|
2013-01-29 04:07:54 +01:00
|
|
|
*/
|
2013-10-20 00:35:26 +02:00
|
|
|
Interface StreamNameIO::CurrentInterface() {
|
2013-10-21 07:38:27 +02:00
|
|
|
// implements support for version 3, 2, and 1.
|
|
|
|
return makeInterface("nameio/stream", 3, 0, 2);
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
StreamNameIO::StreamNameIO(const Interface &iface,
|
|
|
|
const shared_ptr<CipherV1> &cipher)
|
|
|
|
: _interface(iface.major()), _cipher(cipher) {}
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
StreamNameIO::~StreamNameIO() {}
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
Interface StreamNameIO::interface() const { return CurrentInterface(); }
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
int StreamNameIO::maxEncodedNameLen(int plaintextStreamLen) const {
|
2013-01-29 04:07:54 +01:00
|
|
|
int encodedStreamLen = 2 + plaintextStreamLen;
|
2013-10-20 00:35:26 +02:00
|
|
|
return B256ToB64Bytes(encodedStreamLen);
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
int StreamNameIO::maxDecodedNameLen(int encodedStreamLen) const {
|
|
|
|
int decLen256 = B64ToB256Bytes(encodedStreamLen);
|
2013-01-29 04:07:54 +01:00
|
|
|
return decLen256 - 2;
|
|
|
|
}
|
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
string StreamNameIO::encodeName(const string &plaintextName,
|
|
|
|
uint64_t *iv) const {
|
2013-01-29 04:07:54 +01:00
|
|
|
uint64_t tmpIV = 0;
|
2013-10-21 07:38:27 +02:00
|
|
|
int length = plaintextName.length();
|
2013-10-20 00:35:26 +02:00
|
|
|
if (iv && _interface >= 2) tmpIV = *iv;
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
unsigned int mac = _cipher->reduceMac16(_cipher->MAC_64(
|
|
|
|
reinterpret_cast<const byte *>(plaintextName.data()), length, iv));
|
|
|
|
tmpIV ^= (uint64_t)mac;
|
|
|
|
|
|
|
|
int encodedStreamLen = length + 2;
|
|
|
|
int encLen64 = B256ToB64Bytes(encodedStreamLen);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// add on checksum bytes
|
2013-10-21 07:38:27 +02:00
|
|
|
vector<byte> encoded(encLen64);
|
|
|
|
encoded[0] = static_cast<byte>((mac >> 8) & 0xff);
|
|
|
|
encoded[1] = static_cast<byte>((mac) & 0xff);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// stream encode the plaintext bytes
|
2013-10-21 07:38:27 +02:00
|
|
|
memcpy(&encoded[2], plaintextName.data(), length);
|
|
|
|
_cipher->streamEncode(&encoded[2], length, tmpIV);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// convert the entire thing to base 64 ascii..
|
2013-10-21 07:38:27 +02:00
|
|
|
changeBase2Inline(encoded.data(), encodedStreamLen, 8, 6, true);
|
|
|
|
B64ToAscii(encoded.data(), encLen64);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
return string(encoded.begin(), encoded.end());
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
string StreamNameIO::decodeName(const string &encodedName,
|
|
|
|
uint64_t *iv) const {
|
|
|
|
int length = encodedName.length();
|
2013-01-29 04:07:54 +01:00
|
|
|
rAssert(length > 2);
|
2013-10-20 00:35:26 +02:00
|
|
|
int decLen256 = B64ToB256Bytes(length);
|
2013-01-29 04:07:54 +01:00
|
|
|
int decodedStreamLen = decLen256 - 2;
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
if (decodedStreamLen <= 0) throw Error("Filename too small to decode");
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
vector<byte> tmpBuf(length, 0);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// decode into tmpBuf, because this step produces more data then we can fit
|
|
|
|
// into the result buffer..
|
2013-10-21 07:38:27 +02:00
|
|
|
memcpy(tmpBuf.data(), encodedName.data(), length);
|
|
|
|
AsciiToB64(tmpBuf.data(), length);
|
|
|
|
changeBase2Inline(tmpBuf.data(), length, 6, 8, false);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// pull out the checksum value which is used as an initialization vector
|
|
|
|
uint64_t tmpIV = 0;
|
2013-10-21 07:38:27 +02:00
|
|
|
unsigned int mac = ((unsigned int)tmpBuf[0]) << 8 | ((unsigned int)tmpBuf[1]);
|
|
|
|
|
|
|
|
// version 2 adds support for IV chaining..
|
|
|
|
if (iv && _interface >= 2) tmpIV = *iv;
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
tmpIV ^= (uint64_t)mac;
|
|
|
|
_cipher->streamDecode(&tmpBuf.at(2), decodedStreamLen, tmpIV);
|
2013-01-29 04:07:54 +01:00
|
|
|
|
|
|
|
// compute MAC to check with stored value
|
2013-03-05 07:36:32 +01:00
|
|
|
unsigned int mac2 = _cipher->reduceMac16(
|
2013-10-21 07:38:27 +02:00
|
|
|
_cipher->MAC_64(&tmpBuf.at(2), decodedStreamLen, iv));
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
if (mac2 != mac) {
|
2013-01-29 04:07:54 +01:00
|
|
|
VLOG(1) << "checksum mismatch: expected " << mac << ", got " << mac2
|
2013-10-20 00:35:26 +02:00
|
|
|
<< "on decode of " << decodedStreamLen << " bytes";
|
|
|
|
throw Error("checksum mismatch in filename decode");
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-21 07:38:27 +02:00
|
|
|
return string(reinterpret_cast<char*>(&tmpBuf.at(2)), decodedStreamLen);
|
2013-01-29 04:07:54 +01:00
|
|
|
}
|
|
|
|
|
2013-10-20 00:35:26 +02:00
|
|
|
bool StreamNameIO::Enabled() { return true; }
|
2013-01-29 04:07:54 +01:00
|
|
|
|
2013-03-05 07:29:58 +01:00
|
|
|
} // namespace encfs
|