mirror of
https://github.com/vgough/encfs.git
synced 2024-11-22 07:53:31 +01:00
reverse mode: Disable unique IV by default
Commit 76424a58cb enabled unique IV
for reverse mode by default, to get more testing and to increase
security of reverse mode.
The downside is that all IVs change when the inode numbers change,
which means that all of the ciphertext changes.
This may bite people who copied the plaintext to a new filesystem
- they will find out that they have to rsync everything again.
This commit disables unique IV for reverse mode by default. It can
still be enabled through expert mode.
This commit is contained in:
Jakob Unterwurzacher
parent
d14bedfff6
commit
21b3811f86
@ -893,13 +893,13 @@ static void selectBlockMAC(int *macBytes, int *macRandBytes) {
|
||||
/**
|
||||
* Ask the user if per-file unique IVs should be used
|
||||
*/
|
||||
static bool selectUniqueIV() {
|
||||
static bool selectUniqueIV(bool default_answer) {
|
||||
// xgroup(setup)
|
||||
return boolDefaultYes(
|
||||
return boolDefault(
|
||||
_("Enable per-file initialization vectors?\n"
|
||||
"This adds about 8 bytes per file to the storage requirements.\n"
|
||||
"It should not affect performance except possibly with applications\n"
|
||||
"which rely on block-aligned file io for performance."));
|
||||
"which rely on block-aligned file io for performance."), default_answer);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -977,8 +977,8 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
Interface nameIOIface; // selectNameCoding()
|
||||
int blockMACBytes = 0; // selectBlockMAC()
|
||||
int blockMACRandBytes = 0; // selectBlockMAC()
|
||||
bool uniqueIV = false; // selectUniqueIV()
|
||||
bool chainedIV = false; // selectChainedIV()
|
||||
bool uniqueIV = true; // selectUniqueIV()
|
||||
bool chainedIV = true; // selectChainedIV()
|
||||
bool externalIV = false; // selectExternalChainedIV()
|
||||
bool allowHoles = true; // selectZeroBlockPassThrough()
|
||||
long desiredKDFDuration = NormalKDFDuration;
|
||||
@ -986,6 +986,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
if (reverseEncryption) {
|
||||
chainedIV = false;
|
||||
externalIV = false;
|
||||
uniqueIV = false;
|
||||
blockMACBytes = 0;
|
||||
blockMACRandBytes = 0;
|
||||
}
|
||||
@ -1009,8 +1010,6 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
nameIOIface = BlockNameIO::CurrentInterface();
|
||||
blockMACBytes = 8;
|
||||
blockMACRandBytes = 0; // using uniqueIV, so this isn't necessary
|
||||
uniqueIV = true;
|
||||
chainedIV = true;
|
||||
externalIV = true;
|
||||
desiredKDFDuration = ParanoiaKDFDuration;
|
||||
} else if (configMode == Config_Standard || answer[0] != 'x') {
|
||||
@ -1021,16 +1020,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
keySize = 192;
|
||||
blockSize = DefaultBlockSize;
|
||||
alg = findCipherAlgorithm("AES", keySize);
|
||||
blockMACBytes = 0;
|
||||
externalIV = false;
|
||||
nameIOIface = BlockNameIO::CurrentInterface();
|
||||
uniqueIV = true;
|
||||
|
||||
if (reverseEncryption) {
|
||||
cout << _("reverse encryption - chained IV disabled") << "\n";
|
||||
} else {
|
||||
chainedIV = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (answer[0] == 'x' || alg.name.empty()) {
|
||||
@ -1052,7 +1042,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
nameIOIface = selectNameCoding();
|
||||
if (reverseEncryption) {
|
||||
cout << _("reverse encryption - chained IV and MAC disabled") << "\n";
|
||||
uniqueIV = selectUniqueIV();
|
||||
uniqueIV = selectUniqueIV(false);
|
||||
/* Reverse mounts are read-only by default (set in main.cpp).
|
||||
* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten */
|
||||
@ -1060,7 +1050,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr<EncFS_Opts> &opts) {
|
||||
opts->readOnly = false;
|
||||
} else {
|
||||
chainedIV = selectChainedIV();
|
||||
uniqueIV = selectUniqueIV();
|
||||
uniqueIV = selectUniqueIV(true);
|
||||
if (chainedIV && uniqueIV)
|
||||
externalIV = selectExternalChainedIV();
|
||||
else {
|
||||
|
||||
@ -116,7 +116,7 @@ sub grow {
|
||||
# autoflush should make sure the write goes to the kernel
|
||||
# immediately. Just to be sure, check it here.
|
||||
sizeVerify($vfh, $i) or die("unexpected plain file size");
|
||||
sizeVerify($cfh, $i+8) or $ok = 0;
|
||||
sizeVerify($cfh, $i) or $ok = 0;
|
||||
sizeVerify($dfh, $i) or $ok = 0;
|
||||
|
||||
if(md5fh($vfh) ne md5fh($dfh))
|
||||
@ -137,7 +137,7 @@ sub largeRead {
|
||||
my $cname = encName("largeRead");
|
||||
# cfh ... ciphertext file handle
|
||||
ok(open(my $cfh, "<", "$ciphertext/$cname"), "open ciphertext largeRead file");
|
||||
ok(sizeVerify($cfh, 1024*1024+8), "1M file size");
|
||||
ok(sizeVerify($cfh, 1024*1024), "1M file size");
|
||||
}
|
||||
|
||||
# Check that the reverse mount is read-only
|
||||
|
||||
Loading…
Reference in New Issue
Block a user