extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2025-02-16 17:50:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make (stream|block)(Encode|Decode) return false

Browse Source
This commit is contained in:
benrubson 2017-03-17 23:40:50 +01:00
parent 6f4ff008bc
commit b88da06a08
4 changed files with 36 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
encfs/BlockNameIO.cpp
View File

@ -155,8 +155,11 @@ int BlockNameIO::encodeName(const char *plaintextName, int length, uint64_t *iv,
encodedName[0] = (mac >> 8) & 0xff; encodedName[0] = (mac >> 8) & 0xff;
encodedName[1] = (mac)&0xff; encodedName[1] = (mac)&0xff;
_cipher->blockEncode((unsigned char *)encodedName + 2, length + padding, bool ok;
(uint64_t)mac ^ tmpIV, _key); ok = _cipher->blockEncode((unsigned char *)encodedName + 2, length + padding,
(uint64_t)mac ^ tmpIV, _key);
if (!ok)
throw Error("block encode failed in filename encode");
// convert to base 64 ascii // convert to base 64 ascii
int encodedStreamLen = length + 2 + padding; int encodedStreamLen = length + 2 + padding;
@ -209,8 +212,11 @@ int BlockNameIO::decodeName(const char *encodedName, int length, uint64_t *iv,
uint64_t tmpIV = 0; uint64_t tmpIV = 0;
if (iv && _interface >= 3) tmpIV = *iv; if (iv && _interface >= 3) tmpIV = *iv;
_cipher->blockDecode((unsigned char *)tmpBuf + 2, decodedStreamLen, bool ok;
(uint64_t)mac ^ tmpIV, _key); ok = _cipher->blockDecode((unsigned char *)tmpBuf + 2, decodedStreamLen,
(uint64_t)mac ^ tmpIV, _key);
if (!ok)
throw Error("block decode failed in filename decode");
// find out true string length // find out true string length
int padding = (unsigned char)tmpBuf[2 + decodedStreamLen - 1]; int padding = (unsigned char)tmpBuf[2 + decodedStreamLen - 1];

19
encfs/CipherFileIO.cpp
View File

@ -186,7 +186,8 @@ int CipherFileIO::initHeader() {
req.dataLen = 8; req.dataLen = 8;
base->read(req); base->read(req);
cipher->streamDecode(buf, sizeof(buf), externalIV, key); if(!cipher->streamDecode(buf, sizeof(buf), externalIV, key))
return -EBADMSG;
fileIV = 0; fileIV = 0;
for (int i = 0; i < 8; ++i) fileIV = (fileIV << 8) | (uint64_t)buf[i]; for (int i = 0; i < 8; ++i) fileIV = (fileIV << 8) | (uint64_t)buf[i];
@ -210,7 +211,8 @@ int CipherFileIO::initHeader() {
} while (fileIV == 0); // don't accept 0 as an option.. } while (fileIV == 0); // don't accept 0 as an option..
if (base->isWritable()) { if (base->isWritable()) {
cipher->streamEncode(buf, sizeof(buf), externalIV, key); if(!cipher->streamEncode(buf, sizeof(buf), externalIV, key))
return -EBADMSG;
IORequest req; IORequest req;
req.offset = 0; req.offset = 0;
@ -247,7 +249,8 @@ bool CipherFileIO::writeHeader() {
fileIV >>= 8; fileIV >>= 8;
} }
cipher->streamEncode(buf, sizeof(buf), externalIV, key); if(!cipher->streamEncode(buf, sizeof(buf), externalIV, key))
return false;
IORequest req; IORequest req;
req.offset = 0; req.offset = 0;
@ -271,7 +274,7 @@ bool CipherFileIO::writeHeader() {
* the IV. This guarantees unpredictability and prevents watermarking * the IV. This guarantees unpredictability and prevents watermarking
* attacks. * attacks.
*/ */
void CipherFileIO::generateReverseHeader(unsigned char *headerBuf) { int CipherFileIO::generateReverseHeader(unsigned char *headerBuf) {
struct stat stbuf; struct stat stbuf;
int res = getAttr(&stbuf); int res = getAttr(&stbuf);
@ -305,7 +308,9 @@ void CipherFileIO::generateReverseHeader(unsigned char *headerBuf) {
VLOG(1) << "fileIV=" << fileIV; VLOG(1) << "fileIV=" << fileIV;
// Encrypt externally-visible header // Encrypt externally-visible header
cipher->streamEncode(headerBuf, HEADER_SIZE, externalIV, key); if(!cipher->streamEncode(headerBuf, HEADER_SIZE, externalIV, key))
return -EBADMSG;
return 0;
} }
/** /**
@ -481,7 +486,9 @@ ssize_t CipherFileIO::read(const IORequest &origReq) const {
// generate the file IV header // generate the file IV header
// this is needed in any case - without IV the file cannot be decoded // this is needed in any case - without IV the file cannot be decoded
unsigned char headerBuf[HEADER_SIZE]; unsigned char headerBuf[HEADER_SIZE];
const_cast<CipherFileIO *>(this)->generateReverseHeader(headerBuf); int res = const_cast<CipherFileIO *>(this)->generateReverseHeader(headerBuf);
if (res < 0)
return res;
// Copy the request so we can modify it without affecting the caller // Copy the request so we can modify it without affecting the caller
IORequest req = origReq; IORequest req = origReq;

2
encfs/CipherFileIO.h
View File

@ -66,7 +66,7 @@ class CipherFileIO : public BlockFileIO {
private: private:
virtual ssize_t readOneBlock(const IORequest &req) const; virtual ssize_t readOneBlock(const IORequest &req) const;
virtual int writeOneBlock(const IORequest &req); virtual int writeOneBlock(const IORequest &req);
virtual void generateReverseHeader(unsigned char *data); virtual int generateReverseHeader(unsigned char *data);
int initHeader(); int initHeader();
bool writeHeader(); bool writeHeader();

16
encfs/SSL_Cipher.cpp
View File

@ -748,6 +748,7 @@ bool SSL_Cipher::streamEncode(unsigned char *buf, int size, uint64_t iv64,
if (dstLen != size) { if (dstLen != size) {
RLOG(ERROR) << "encoding " << size << " bytes, got back " << dstLen << " (" RLOG(ERROR) << "encoding " << size << " bytes, got back " << dstLen << " ("
<< tmpLen << " in final_ex)"; << tmpLen << " in final_ex)";
return false;
} }
return true; return true;
@ -784,6 +785,7 @@ bool SSL_Cipher::streamDecode(unsigned char *buf, int size, uint64_t iv64,
if (dstLen != size) { if (dstLen != size) {
RLOG(ERROR) << "decoding " << size << " bytes, got back " << dstLen << " (" RLOG(ERROR) << "decoding " << size << " bytes, got back " << dstLen << " ("
<< tmpLen << " in final_ex)"; << tmpLen << " in final_ex)";
return false;
} }
return true; return true;
@ -798,8 +800,10 @@ bool SSL_Cipher::blockEncode(unsigned char *buf, int size, uint64_t iv64,
// data must be integer number of blocks // data must be integer number of blocks
const int blockMod = size % EVP_CIPHER_CTX_block_size(key->block_enc); const int blockMod = size % EVP_CIPHER_CTX_block_size(key->block_enc);
if (blockMod != 0) if (blockMod != 0) {
throw Error("Invalid data size, not multiple of block size"); RLOG(ERROR) << "Invalid data size, not multiple of block size";
return false;
}
Lock lock(key->mutex); Lock lock(key->mutex);
@ -816,6 +820,7 @@ bool SSL_Cipher::blockEncode(unsigned char *buf, int size, uint64_t iv64,
if (dstLen != size) { if (dstLen != size) {
RLOG(ERROR) << "encoding " << size << " bytes, got back " << dstLen << " (" RLOG(ERROR) << "encoding " << size << " bytes, got back " << dstLen << " ("
<< tmpLen << " in final_ex)"; << tmpLen << " in final_ex)";
return false;
} }
return true; return true;
@ -830,8 +835,10 @@ bool SSL_Cipher::blockDecode(unsigned char *buf, int size, uint64_t iv64,
// data must be integer number of blocks // data must be integer number of blocks
const int blockMod = size % EVP_CIPHER_CTX_block_size(key->block_dec); const int blockMod = size % EVP_CIPHER_CTX_block_size(key->block_dec);
if (blockMod != 0) if (blockMod != 0) {
throw Error("Invalid data size, not multiple of block size"); RLOG(ERROR) << "Invalid data size, not multiple of block size";
return false;
}
Lock lock(key->mutex); Lock lock(key->mutex);
@ -848,6 +855,7 @@ bool SSL_Cipher::blockDecode(unsigned char *buf, int size, uint64_t iv64,
if (dstLen != size) { if (dstLen != size) {
RLOG(ERROR) << "decoding " << size << " bytes, got back " << dstLen << " (" RLOG(ERROR) << "decoding " << size << " bytes, got back " << dstLen << " ("
<< tmpLen << " in final_ex)"; << tmpLen << " in final_ex)";
return false;
} }
return true; return true;