Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
encfs
encfs-new-iv-initialization.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File encfs-new-iv-initialization.patch of Package encfs
--- encfs/SSL_Cipher.cpp | 60 +++++++++++++++++++++++++++++++++++---------------- encfs/SSL_Cipher.h | 6 ++++- 2 files changed, 47 insertions(+), 19 deletions(-) Index: encfs-1.6.0/encfs/SSL_Cipher.h =================================================================== --- encfs-1.6.0.orig/encfs/SSL_Cipher.h 2010-12-03 17:09:12.290131785 +0100 +++ encfs-1.6.0/encfs/SSL_Cipher.h 2010-12-03 17:10:43.482131783 +0100 @@ -137,8 +137,12 @@ class SSL_Cipher : public Cipher // hack to help with static builds static bool Enabled(); private: - void setIVec( unsigned char *ivec, unsigned int seed, + void setIVec( unsigned char *ivec, uint64_t seed, const shared_ptr<SSLKey> &key ) const; + + // deprecated - for backward compatibility + void setIVec_old( unsigned char *ivec, unsigned int seed, + const shared_ptr<SSLKey> &key ) const; }; Index: encfs-1.6.0/encfs/SSL_Cipher.cpp =================================================================== --- encfs-1.6.0.orig/encfs/SSL_Cipher.cpp 2009-11-29 23:04:12.000000000 +0100 +++ encfs-1.6.0/encfs/SSL_Cipher.cpp 2010-12-03 17:10:43.482131783 +0100 @@ -173,8 +173,9 @@ int TimedPBKDF2(const char *pass, int pa // We support both 2:0 and 1:0, hence current:revision:age = 2:0:1 // - Version 2:1 adds support for Message Digest function interface // - Version 2:2 adds PBKDF2 for password derivation -static Interface BlowfishInterface( "ssl/blowfish", 2, 2, 1 ); -static Interface AESInterface( "ssl/aes", 2, 2, 1 ); +// - Version 3:0 adds a new IV mechanism +static Interface BlowfishInterface( "ssl/blowfish", 3, 0, 2 ); +static Interface AESInterface( "ssl/aes", 3, 0, 2 ); #if defined(HAVE_EVP_BF) @@ -399,13 +400,6 @@ CipherKey SSL_Cipher::newKey(const char int &iterationCount, long desiredDuration, const unsigned char *salt, int saltLen) { - const EVP_MD *md = EVP_sha1(); - if(!md) - { - rError("Unknown digest SHA1"); - return CipherKey(); - } - shared_ptr<SSLKey> key( new SSLKey( _keySize, _ivLength) ); if(iterationCount == 0) @@ -441,13 +435,6 @@ CipherKey SSL_Cipher::newKey(const char CipherKey SSL_Cipher::newKey(const char *password, int passwdLength) { - const EVP_MD *md = EVP_sha1(); - if(!md) - { - rError("Unknown digest SHA1"); - return CipherKey(); - } - shared_ptr<SSLKey> key( new SSLKey( _keySize, _ivLength) ); int bytes = 0; @@ -545,7 +532,7 @@ static uint64_t _checksum_64( SSLKey *ke HMAC_Final( &key->mac_ctx, md, &mdLen ); - rAssert(mdLen != 0); + rAssert(mdLen >= 8); // chop this down to a 64bit value.. unsigned char h[8] = {0,0,0,0,0,0,0,0}; @@ -690,9 +677,46 @@ int SSL_Cipher::cipherBlockSize() const return EVP_CIPHER_block_size( _blockCipher ); } -void SSL_Cipher::setIVec( unsigned char *ivec, unsigned int seed, +void SSL_Cipher::setIVec( unsigned char *ivec, uint64_t seed, const shared_ptr<SSLKey> &key) const { + if (iface.current() >= 3) + { + memcpy( ivec, IVData(key), _ivLength ); + + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdLen = EVP_MAX_MD_SIZE; + + for(int i=0; i<8; ++i) + { + md[i] = (unsigned char)(seed & 0xff); + seed >>= 8; + } + + // combine ivec and seed with HMAC + HMAC_Init_ex( &key->mac_ctx, 0, 0, 0, 0 ); + HMAC_Update( &key->mac_ctx, ivec, _ivLength ); + HMAC_Update( &key->mac_ctx, md, 8 ); + HMAC_Final( &key->mac_ctx, md, &mdLen ); + rAssert(mdLen >= _ivLength); + + memcpy( ivec, md, _ivLength ); + } else + { + setIVec_old(ivec, seed, key); + } +} + +/** For backward compatibility. + A watermark attack was discovered against this IV setup. If an attacker + could get a victim to store a carefully crafted file, they could later + determine if the victim had the file in encrypted storage (without + decrypting the file). + */ +void SSL_Cipher::setIVec_old(unsigned char *ivec, + unsigned int seed, + const shared_ptr<SSLKey> &key) const +{ /* These multiplication constants chosen as they represent (non optimal) Golumb rulers, the idea being to spread around the information in the seed.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor