- always check HMAC before decryption

- separating AES and CMAC key during SIV mode
2026-05-21 12:11:28 +00:00 · 2015-02-20 19:47:45 +01:00
parent 5569ecbfc7
commit b68cf71494
16 changed files with 107 additions and 157 deletions
--- a/main/ui/src/main/java/org/cryptomator/ui/UnlockController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/UnlockController.java
@@ -26,7 +26,6 @@ import javafx.event.ActionEvent;
 import javafx.fxml.FXML;
 import javafx.fxml.Initializable;
 import javafx.scene.control.Button;
-import javafx.scene.control.CheckBox;
 import javafx.scene.control.ComboBox;
 import javafx.scene.control.Label;
 import javafx.scene.control.ProgressIndicator;
@@ -63,9 +62,6 @@ public class UnlockController implements Initializable {
 	@FXML
 	private SecPasswordField passwordField;

-	@FXML
-	private CheckBox checkIntegrity;
-
 	@FXML
 	private TextField mountName;

@@ -127,7 +123,6 @@ public class UnlockController implements Initializable {
 		try {
 			progressIndicator.setVisible(true);
 			masterKeyInputStream = Files.newInputStream(masterKeyPath, StandardOpenOption.READ);
-			directory.setVerifyFileIntegrity(checkIntegrity.isSelected());
 			directory.getCryptor().decryptMasterKey(masterKeyInputStream, password);
 			if (!directory.startServer(server, closer)) {
 				messageLabel.setText(rb.getString("unlock.messageLabel.startServerFailed"));
@@ -166,7 +161,6 @@ public class UnlockController implements Initializable {
 	private void setControlsDisabled(boolean disable) {
 		usernameBox.setDisable(disable);
 		passwordField.setDisable(disable);
-		checkIntegrity.setDisable(disable);
 		unlockButton.setDisable(disable);
 	}

@@ -216,7 +210,6 @@ public class UnlockController implements Initializable {
 	public void setDirectory(Vault directory) {
 		this.directory = directory;
 		this.findExistingUsernames();
-		this.checkIntegrity.setSelected(directory.shouldVerifyFileIntegrity());
 		this.mountName.setText(directory.getMountName());
 	}

--- a/main/ui/src/main/java/org/cryptomator/ui/model/Vault.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/model/Vault.java
@@ -41,7 +41,6 @@ public class Vault implements Serializable {
 	private final Cryptor cryptor = SamplingDecorator.decorate(new Aes256Cryptor());
 	private final ObjectProperty<Boolean> unlocked = new SimpleObjectProperty<Boolean>(this, "unlocked", Boolean.FALSE);
 	private final Path path;
-	private boolean verifyFileIntegrity;
 	private String mountName;
 	private DeferredClosable<ServletLifeCycleAdapter> webDavServlet = DeferredClosable.empty();
 	private DeferredClosable<WebDavMount> webDavMount = DeferredClosable.empty();
@@ -68,7 +67,7 @@ public class Vault implements Serializable {
 		if (o.isPresent() && o.get().isRunning()) {
 			return false;
 		}
-		ServletLifeCycleAdapter servlet = server.createServlet(path, verifyFileIntegrity, cryptor, getMountName());
+		ServletLifeCycleAdapter servlet = server.createServlet(path, cryptor, getMountName());
 		if (servlet.start()) {
 			webDavServlet = closer.closeLater(servlet, ServletLifeCycleAdapter::stop);
 			return true;
@@ -106,14 +105,6 @@ public class Vault implements Serializable {
 		return path;
 	}

-	public boolean shouldVerifyFileIntegrity() {
-		return verifyFileIntegrity;
-	}
-
-	public void setVerifyFileIntegrity(boolean verifyFileIntegrity) {
-		this.verifyFileIntegrity = verifyFileIntegrity;
-	}
-
 	/**
 	 * @return Directory name without preceeding path components and file extension
 	 */
--- a/main/ui/src/main/java/org/cryptomator/ui/model/VaultDeserializer.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/model/VaultDeserializer.java
@@ -18,8 +18,6 @@ public class VaultDeserializer extends JsonDeserializer<Vault> {
 		final String pathStr = node.get("path").asText();
 		final Path path = FileSystems.getDefault().getPath(pathStr);
 		final Vault dir = new Vault(path);
-		final boolean verifyFileIntegrity = node.has("checkIntegrity") ? node.get("checkIntegrity").asBoolean() : false;
-		dir.setVerifyFileIntegrity(verifyFileIntegrity);
 		if (node.has("mountName")) {
 			dir.setMountName(node.get("mountName").asText());
 		}
--- a/main/ui/src/main/java/org/cryptomator/ui/model/VaultSerializer.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/model/VaultSerializer.java
@@ -13,7 +13,6 @@ public class VaultSerializer extends JsonSerializer<Vault> {
 	public void serialize(Vault value, JsonGenerator jgen, SerializerProvider provider) throws IOException, JsonProcessingException {
 		jgen.writeStartObject();
 		jgen.writeStringField("path", value.getPath().toString());
-		jgen.writeBooleanField("checkIntegrity", value.shouldVerifyFileIntegrity());
 		jgen.writeStringField("mountName", value.getMountName().toString());
 		jgen.writeEndObject();
 	}
--- a/main/ui/src/main/resources/fxml/unlock.fxml
+++ b/main/ui/src/main/resources/fxml/unlock.fxml
@@ -39,21 +39,17 @@
 		<SecPasswordField fx:id="passwordField" GridPane.rowIndex="1" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
 		
 		<!-- Row 2 -->
-		<Label text="%unlock.label.checkIntegrity" GridPane.rowIndex="2" GridPane.columnIndex="0" />
-		<CheckBox fx:id="checkIntegrity" wrapText="true" text="%unlock.checkbox.checkIntegrity" GridPane.rowIndex="2" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
+		<Label text="%unlock.label.mountName" GridPane.rowIndex="2" GridPane.columnIndex="0" />
+		<TextField fx:id="mountName" GridPane.rowIndex="2" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
 		
 		<!-- Row 3 -->
-		<Label text="%unlock.label.mountName" GridPane.rowIndex="3" GridPane.columnIndex="0" />
-		<TextField fx:id="mountName" GridPane.rowIndex="3" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
+		<Button fx:id="unlockButton" text="%unlock.button.unlock" defaultButton="true" GridPane.rowIndex="3" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" prefWidth="150.0" onAction="#didClickUnlockButton"/>
 		
-		<!-- Row 4 -->
-		<Button fx:id="unlockButton" text="%unlock.button.unlock" defaultButton="true" GridPane.rowIndex="4" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" prefWidth="150.0" onAction="#didClickUnlockButton"/>
+		<!-- Row 4-->
+		<ProgressIndicator progress="-1" fx:id="progressIndicator" GridPane.rowIndex="4" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="CENTER" visible="false"/>
 		
-		<!-- Row 5-->
-		<ProgressIndicator progress="-1" fx:id="progressIndicator" GridPane.rowIndex="5" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="CENTER" visible="false"/>
-		
-		<!-- Row 6 -->
-		<Label fx:id="messageLabel" GridPane.rowIndex="6" GridPane.columnIndex="0" GridPane.columnSpan="2" />
+		<!-- Row 5 -->
+		<Label fx:id="messageLabel" GridPane.rowIndex="5" GridPane.columnIndex="0" GridPane.columnSpan="2" />
 	</children>
 </GridPane>