extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2025-06-20 03:37:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow per-block rand bytes to be use independently from block MAC

Browse Source 
git-svn-id: http://encfs.googlecode.com/svn/trunk@62 db9cf616-1c43-0410-9cb8-a902689de0d6
This commit is contained in:
Valient Gough 2010-09-06 04:23:22 +00:00
parent 832d3da98b
commit 0d24e66ec9
3 changed files with 39 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
encfs/FileNode.cpp
View File

@ -80,7 +80,7 @@ FileNode::FileNode(DirNode *parent_, const FSConfigPtr &cfg,
shared_ptr<FileIO> rawIO( new RawFileIO( _cname ) ); shared_ptr<FileIO> rawIO( new RawFileIO( _cname ) );
io = shared_ptr<FileIO>( new CipherFileIO( rawIO, fsConfig )); io = shared_ptr<FileIO>( new CipherFileIO( rawIO, fsConfig ));
if(cfg->config->blockMACBytes) if(cfg->config->blockMACBytes || cfg->config->blockMACRandBytes)
io = shared_ptr<FileIO>(new MACFileIO(io, fsConfig)); io = shared_ptr<FileIO>(new MACFileIO(io, fsConfig));
} }

52
encfs/FileUtils.cpp
View File

@ -879,35 +879,31 @@ void selectBlockMAC(int *macBytes, int *macRandBytes)
"within a block will be caught and will cause a read error.")); "within a block will be caught and will cause a read error."));
if(addMAC) if(addMAC)
{
*macBytes = 8; *macBytes = 8;
else
// xgroup(setup)
cout << _("Add random bytes to each block header?\n"
"This adds a performance penalty, but ensures that blocks\n"
"have different authentication codes. Note that you can\n"
"have the same benefits by enabling per-file initialization\n"
"vectors, which does not come with as great of performance\n"
"penalty. \n"
"Select a number of bytes, from 0 (no random bytes) to 8: ");
char answer[10];
int randSize = 0;
char *res = fgets( answer, sizeof(answer), stdin );
cout << "\n";
randSize = (res == 0 ? 0 : atoi( answer ));
if(randSize < 0)
randSize = 0;
if(randSize > 8)
randSize = 8;
*macRandBytes = randSize;
} else
{
*macBytes = 0; *macBytes = 0;
*macRandBytes = 0;
} // xgroup(setup)
cout << _("Add random bytes to each block header?\n"
"This adds a performance penalty, but ensures that blocks\n"
"have different authentication codes. Note that you can\n"
"have the same benefits by enabling per-file initialization\n"
"vectors, which does not come with as great of performance\n"
"penalty. \n"
"Select a number of bytes, from 0 (no random bytes) to 8: ");
char answer[10];
int randSize = 0;
char *res = fgets( answer, sizeof(answer), stdin );
cout << "\n";
randSize = (res == 0 ? 0 : atoi( answer ));
if(randSize < 0)
randSize = 0;
if(randSize > 8)
randSize = 8;
*macRandBytes = randSize;
} }
static static
@ -1305,7 +1301,7 @@ void showFSInfo( const boost::shared_ptr<EncFSConfig> &config )
cout << autosprintf(_("Salt Size: %i bits"), cout << autosprintf(_("Salt Size: %i bits"),
8*(int)config->salt.size()) << "\n"; 8*(int)config->salt.size()) << "\n";
} }
if(config->blockMACBytes) if(config->blockMACBytes || config->blockMACRandBytes)
{ {
if(config->subVersion < 20040813) if(config->subVersion < 20040813)
{ {

26
encfs/MACFileIO.cpp
View File

@ -66,7 +66,7 @@ MACFileIO::MACFileIO( const shared_ptr<FileIO> &_base,
, randBytes( cfg->config->blockMACRandBytes ) , randBytes( cfg->config->blockMACRandBytes )
, warnOnly( cfg->opts->forceDecode ) , warnOnly( cfg->opts->forceDecode )
{ {
rAssert( macBytes > 0 && macBytes <= 8 ); rAssert( macBytes >= 0 && macBytes <= 8 );
rAssert( randBytes >= 0 ); rAssert( randBytes >= 0 );
rLog(Info, "fs block size = %i, macBytes = %i, randBytes = %i", rLog(Info, "fs block size = %i, macBytes = %i, randBytes = %i",
cfg->config->blockSize, cfg->config->blockSize,
@ -183,17 +183,16 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
ssize_t readSize = base->read( tmp ); ssize_t readSize = base->read( tmp );
// don't store zeros if configured for zero-block pass-through // don't store zeros if configured for zero-block pass-through
bool skipBlock; bool skipBlock = true;
if( _allowHoles ) if( _allowHoles )
{ {
skipBlock = true;
for(int i=0; i<readSize; ++i) for(int i=0; i<readSize; ++i)
if(tmp.data[i] != 0) if(tmp.data[i] != 0)
{ {
skipBlock = false; skipBlock = false;
break; break;
} }
} else } else if(macBytes > 0)
skipBlock = false; skipBlock = false;
if(readSize > headerSize) if(readSize > headerSize)
@ -257,20 +256,23 @@ bool MACFileIO::writeOneBlock( const IORequest &req )
memset( newReq.data, 0, headerSize ); memset( newReq.data, 0, headerSize );
memcpy( newReq.data + headerSize, req.data, req.dataLen ); memcpy( newReq.data + headerSize, req.data, req.dataLen );
if(randBytes) if(randBytes > 0)
{ {
if(!cipher->randomize( newReq.data+macBytes, randBytes, false )) if(!cipher->randomize( newReq.data+macBytes, randBytes, false ))
return false; return false;
} }
// compute the mac (which includes the random data) and fill it in if(macBytes > 0)
uint64_t mac = cipher->MAC_64( newReq.data+macBytes,
req.dataLen + randBytes, key );
for(int i=0; i<macBytes; ++i)
{ {
newReq.data[i] = mac & 0xff; // compute the mac (which includes the random data) and fill it in
mac >>= 8; uint64_t mac = cipher->MAC_64( newReq.data+macBytes,
req.dataLen + randBytes, key );
for(int i=0; i<macBytes; ++i)
{
newReq.data[i] = mac & 0xff;
mac >>= 8;
}
} }
// now, we can let the next level have it.. // now, we can let the next level have it..