extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2024-11-22 07:53:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow per-block rand bytes to be use independently from block MAC

Browse Source 
git-svn-id: http://encfs.googlecode.com/svn/trunk@62 db9cf616-1c43-0410-9cb8-a902689de0d6
This commit is contained in:
Valient Gough 2010-09-06 04:23:22 +00:00
parent 832d3da98b
commit 0d24e66ec9
3 changed files with 39 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
encfs/FileNode.cpp
View File

@ -80,7 +80,7 @@ FileNode::FileNode(DirNode *parent_, const FSConfigPtr &cfg,
shared_ptr<FileIO> rawIO( new RawFileIO( _cname ) );
io = shared_ptr<FileIO>( new CipherFileIO( rawIO, fsConfig ));
if(cfg->config->blockMACBytes)
if(cfg->config->blockMACBytes || cfg->config->blockMACRandBytes)
io = shared_ptr<FileIO>(new MACFileIO(io, fsConfig));
}

52
encfs/FileUtils.cpp
View File

@ -879,35 +879,31 @@ void selectBlockMAC(int *macBytes, int *macRandBytes)
"within a block will be caught and will cause a read error."));
if(addMAC)
{
*macBytes = 8;
// xgroup(setup)
cout << _("Add random bytes to each block header?\n"
"This adds a performance penalty, but ensures that blocks\n"
"have different authentication codes. Note that you can\n"
"have the same benefits by enabling per-file initialization\n"
"vectors, which does not come with as great of performance\n"
"penalty. \n"
"Select a number of bytes, from 0 (no random bytes) to 8: ");
char answer[10];
int randSize = 0;
char *res = fgets( answer, sizeof(answer), stdin );
cout << "\n";
randSize = (res == 0 ? 0 : atoi( answer ));
if(randSize < 0)
randSize = 0;
if(randSize > 8)
randSize = 8;
*macRandBytes = randSize;
} else
{
else
*macBytes = 0;
*macRandBytes = 0;
}
// xgroup(setup)
cout << _("Add random bytes to each block header?\n"
"This adds a performance penalty, but ensures that blocks\n"
"have different authentication codes. Note that you can\n"
"have the same benefits by enabling per-file initialization\n"
"vectors, which does not come with as great of performance\n"
"penalty. \n"
"Select a number of bytes, from 0 (no random bytes) to 8: ");
char answer[10];
int randSize = 0;
char *res = fgets( answer, sizeof(answer), stdin );
cout << "\n";
randSize = (res == 0 ? 0 : atoi( answer ));
if(randSize < 0)
randSize = 0;
if(randSize > 8)
randSize = 8;
*macRandBytes = randSize;
}
static
@ -1305,7 +1301,7 @@ void showFSInfo( const boost::shared_ptr<EncFSConfig> &config )
cout << autosprintf(_("Salt Size: %i bits"),
8*(int)config->salt.size()) << "\n";
}
if(config->blockMACBytes)
if(config->blockMACBytes || config->blockMACRandBytes)
{
if(config->subVersion < 20040813)
{

26
encfs/MACFileIO.cpp
View File

@ -66,7 +66,7 @@ MACFileIO::MACFileIO( const shared_ptr<FileIO> &_base,
, randBytes( cfg->config->blockMACRandBytes )
, warnOnly( cfg->opts->forceDecode )
{
rAssert( macBytes > 0 && macBytes <= 8 );
rAssert( macBytes >= 0 && macBytes <= 8 );
rAssert( randBytes >= 0 );
rLog(Info, "fs block size = %i, macBytes = %i, randBytes = %i",
cfg->config->blockSize,
@ -183,17 +183,16 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
ssize_t readSize = base->read( tmp );
// don't store zeros if configured for zero-block pass-through
bool skipBlock;
bool skipBlock = true;
if( _allowHoles )
{
skipBlock = true;
for(int i=0; i<readSize; ++i)
if(tmp.data[i] != 0)
{
skipBlock = false;
break;
}
} else
} else if(macBytes > 0)
skipBlock = false;
if(readSize > headerSize)
@ -257,20 +256,23 @@ bool MACFileIO::writeOneBlock( const IORequest &req )
memset( newReq.data, 0, headerSize );
memcpy( newReq.data + headerSize, req.data, req.dataLen );
if(randBytes)
if(randBytes > 0)
{
if(!cipher->randomize( newReq.data+macBytes, randBytes, false ))
return false;
}
// compute the mac (which includes the random data) and fill it in
uint64_t mac = cipher->MAC_64( newReq.data+macBytes,
req.dataLen + randBytes, key );
for(int i=0; i<macBytes; ++i)
if(macBytes > 0)
{
newReq.data[i] = mac & 0xff;
mac >>= 8;
// compute the mac (which includes the random data) and fill it in
uint64_t mac = cipher->MAC_64( newReq.data+macBytes,
req.dataLen + randBytes, key );
for(int i=0; i<macBytes; ++i)
{
newReq.data[i] = mac & 0xff;
mac >>= 8;
}
}
// now, we can let the next level have it..