Skip to content

Commit

Permalink
Merge branch 'release/2.6.6'
Browse files Browse the repository at this point in the history
  • Loading branch information
infeo committed Jul 18, 2023
2 parents 6f462dd + 56fb7e0 commit 358362b
Show file tree
Hide file tree
Showing 5 changed files with 86 additions and 8 deletions.
13 changes: 9 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

### Security Architecture

For more information on the security details, visit [cryptomator.org](https://cryptomator.org/architecture/).
For more information on the security details, visit [docs.cryptomator.org](https://docs.cryptomator.org/en/latest/security/architecture/).

## Audits

Expand All @@ -33,9 +33,14 @@ For more information on the security details, visit [cryptomator.org](https://cr
```java
Path storageLocation = Paths.get("/home/cryptobot/vault");
Files.createDirectories(storageLocation);
CryptoFileSystemProvider.initialize(storageLocation, "masterkey.cryptomator", "password");
Masterkey masterkey = Masterkey.generate(csprng));
MasterkeyLoader loader = ignoredUri -> masterkey.copy(); //create a copy because the key handed over to init() method will be destroyed
CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withKeyLoader(loader).build();
CryptoFileSystemProvider.initialize(storageLocation, fsProps, "myKeyId");
```

The key material used for initialization and later de- & encryption is given by the [org.cryptomator.cryptolib.api.Masterkeyloader](https://github.com/cryptomator/cryptolib/blob/2.1.2/src/main/java/org/cryptomator/cryptolib/api/MasterkeyLoader.java) interface.

### Obtaining a FileSystem Instance

You have the option to use the convenience method `CryptoFileSystemProvider#newFileSystem` as follows:
Expand All @@ -44,7 +49,7 @@ You have the option to use the convenience method `CryptoFileSystemProvider#newF
FileSystem fileSystem = CryptoFileSystemProvider.newFileSystem(
storageLocation,
CryptoFileSystemProperties.cryptoFileSystemProperties()
.withPassphrase("password")
.withKeyLoader(ignoredUri -> masterkey.copy())
.withFlags(FileSystemFlags.READONLY) // readonly flag is optional of course
.build());
```
Expand All @@ -56,7 +61,7 @@ URI uri = CryptoFileSystemUri.create(storageLocation);
FileSystem fileSystem = FileSystems.newFileSystem(
uri,
CryptoFileSystemProperties.cryptoFileSystemProperties()
.withPassphrase("password")
.withKeyLoader(ignoredUri -> masterkey.copy())
.withFlags(FileSystemFlags.READONLY) // readonly flag is optional of course
.build());
```
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.cryptomator</groupId>
<artifactId>cryptofs</artifactId>
<version>2.6.5</version>
<version>2.6.6</version>
<name>Cryptomator Crypto Filesystem</name>
<description>This library provides the Java filesystem provider used by Cryptomator.</description>
<url>https://github.com/cryptomator/cryptofs</url>
Expand All @@ -19,7 +19,7 @@

<!-- dependencies -->
<cryptolib.version>2.1.2</cryptolib.version>
<jwt.version>4.3.0</jwt.version>
<jwt.version>4.4.0</jwt.version>
<dagger.version>2.44.2</dagger.version>
<guava.version>32.0.0-jre</guava.version>
<caffeine.version>3.1.4</caffeine.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,7 @@ private void moveFile(CryptoPath cleartextSource, CryptoPath cleartextTarget, Co
CiphertextFilePath ciphertextTarget = cryptoPathMapper.getCiphertextFilePath(cleartextTarget);
try (OpenCryptoFiles.TwoPhaseMove twoPhaseMove = openCryptoFiles.prepareMove(ciphertextSource.getRawPath(), ciphertextTarget.getRawPath())) {
if (ciphertextTarget.isShortened()) {
Files.createDirectory(ciphertextTarget.getRawPath());
Files.createDirectories(ciphertextTarget.getRawPath());
ciphertextTarget.persistLongFileName();
}
Files.move(ciphertextSource.getFilePath(), ciphertextTarget.getFilePath(), options);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,9 @@
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.DosFileAttributeView;
import java.util.Arrays;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Set;

import static java.nio.file.Files.readAllBytes;
import static java.nio.file.StandardCopyOption.REPLACE_EXISTING;
Expand Down Expand Up @@ -170,7 +172,7 @@ public void testCopyExceedingPathLengthLimit(String path) {
@Nested
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
public class InMemory {
public class InMemoryOrdered {

private FileSystem tmpFs;
private MasterkeyLoader keyLoader1;
Expand Down Expand Up @@ -587,6 +589,68 @@ public void testMoveFileFromOneCryptoFileSystemToAnother() throws IOException {

}


@Nested
public class InMemory {

private static FileSystem tmpFs;
private static Path pathToVault;

@BeforeAll
public static void beforeAll() {
tmpFs = Jimfs.newFileSystem(Configuration.unix());
pathToVault = tmpFs.getPath("/vault");
}

@BeforeEach
public void beforeEach() throws IOException {
Files.createDirectory(pathToVault);
}

@AfterEach
public void afterEach() throws IOException {
try (var paths = Files.walk(pathToVault)) {
var nodes = paths.sorted(Comparator.reverseOrder()).toList();
for (var node : nodes) {
Files.delete(node);
}
}
}

@AfterAll
public static void afterAll() throws IOException {
tmpFs.close();
}

@Test
@DisplayName("Replace an existing, shortened file")
public void testReplaceExistingShortenedFile() throws IOException {
try (var fs = setupCryptoFs(50, 100, false)) {
var fiftyCharName2 = "/50char2_50char2_50char2_50char2_50char2_50char.txt"; //since filename encryption increases filename length, 50 cleartext chars are sufficient
var source = fs.getPath("/source.txt");
var target = fs.getPath(fiftyCharName2);
Files.createFile(source);
Files.createFile(target);

Assertions.assertDoesNotThrow(() -> Files.move(source, target, REPLACE_EXISTING));
Assertions.assertTrue(Files.notExists(source));
Assertions.assertTrue(Files.exists(target));
}
}

private FileSystem setupCryptoFs(int ciphertextShorteningThreshold, int maxCleartextFilename, boolean readonly) throws IOException {
byte[] key = new byte[64];
Arrays.fill(key, (byte) 0x55);
var keyLoader = Mockito.mock(MasterkeyLoader.class);
Mockito.when(keyLoader.loadKey(Mockito.any())).thenAnswer(ignored -> new Masterkey(key));
var properties = CryptoFileSystemProperties.cryptoFileSystemProperties().withKeyLoader(keyLoader).withShorteningThreshold(ciphertextShorteningThreshold).withMaxCleartextNameLength(maxCleartextFilename).withFlags(readonly ? Set.of(CryptoFileSystemProperties.FileSystemFlags.READONLY) : Set.of()).build();
CryptoFileSystemProvider.initialize(pathToVault, properties, URI.create("test:key"));
URI fsUri = CryptoFileSystemUri.create(pathToVault);
return FileSystems.newFileSystem(fsUri, cryptoFileSystemProperties().withKeyLoader(keyLoader).build());
}

}

@Nested
@EnabledOnOs({OS.MAC, OS.LINUX})
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
Expand Down
9 changes: 9 additions & 0 deletions suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,13 @@
<cpe>cpe:/a:cryptomator:cryptomator</cpe>
<cve>CVE-2022-25366</cve>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: jackson-databind-2.14.2.jar
]]>
</notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
</suppressions>

0 comments on commit 358362b

Please sign in to comment.