Stefan Schindler · Stefan Schindler · f334a396 · f334a396 · f334a396 · f334a396
--- a/Cargo.toml
+++ b/Cargo.toml
 [workspace]
 members = [
    "multi_key_manager",
-    "aead_vfs"
+    "aead_vfs",
+    "cli",
 ]

 [workspace.package]

--- a/aead_vfs/Cargo.toml
+++ b/aead_vfs/Cargo.toml
@@ -10,6 +10,10 @@ license.workspace = true

 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

+[features]
+default = [ "fs_locks" ]
+fs_locks = [ "multi_key_manager/fs_locks" ]
+
 [dependencies]
 multi_key_manager = { path = "../multi_key_manager", features = ["with_nonce"] }


--- a/aead_vfs/src/errors.rs
+++ b/aead_vfs/src/errors.rs
@@ -12,6 +12,8 @@ pub enum CvfsErrors {

    /// Std::io::Error
    GeneralIO(String),
+    /// Std::io::Error with a reason
+    ContextIO(&'static str, String),
    /// A constant time error occured in the `ring` crate
    GeneralRingEncryptionError,
    MutexUnlockError(String),
@@ -22,6 +24,16 @@ pub enum CvfsErrors {
    RmpDecode(String),
 }

+pub fn specify_io_error<O>(r: Result<O, std::io::Error>, reason: &'static str) -> CvfsResult<O> {
+    r.map_err(|e| CvfsErrors::ContextIO(reason, format!("{e:?}")))
+}
+pub fn specify_kme_error<O>(
+    r: Result<O, multi_key_manager::errors::KeyManagementError>,
+    reason: &'static str,
+) -> CvfsResult<O> {
+    r.map_err(|e| CvfsErrors::ContextIO(reason, format!("{e:?}")))
+}
+
 impl From<std::io::Error> for CvfsErrors {
    fn from(e: std::io::Error) -> Self {
        CvfsErrors::GeneralIO(format!("{e:?}"))

--- a/aead_vfs/src/lib.rs
+++ b/aead_vfs/src/lib.rs
@@ -9,13 +9,14 @@ use std::{
 };

 pub mod errors;
-use errors::{CvfsErrors, CvfsResult};
+use errors::{specify_io_error, specify_kme_error, CvfsErrors, CvfsResult};
 mod aead;
 use aead::{decrypt_file_buffered, encrypt_file_buffered};
 pub mod metadata;
 use metadata::{FileInfo, FileTag, Metadata};
 mod secure_file;
-use secure_file::{ActiveFile, SecureFileHandler};
+use secure_file::ActiveFile;
+pub use secure_file::SecureFileHandler;

 const SUPERBLOCK_PATH: &str = "encfsstorage.superblock";
 const BLOCK_PATH: &str = "blocks/";
@@ -26,7 +27,7 @@ pub fn open_dir<P: AsRef<Path>>(
    directory_path: P,
 ) -> Result<CryptoVFS, CvfsErrors> {
    let directory_path = directory_path.as_ref().to_owned();
-    create_dir_all(&directory_path)?;
+    specify_io_error(create_dir_all(&directory_path), "unable to create_dir_all")?;
    let keys_path = path_extend(&directory_path, SUPERBLOCK_PATH);
    if keys_path.is_dir() {
        return Err(CvfsErrors::GeneralIO(format!(
@@ -41,16 +42,26 @@ pub fn open_dir<P: AsRef<Path>>(
            metadata_path.display()
        )));
    }
-    let mut metadata_file = open_rwlocked(&metadata_path)?;
+    let mut metadata_file = specify_io_error(open_rwlocked(&metadata_path), {
+        #[cfg(feature = "fs_locks")]
+        {
+            "unable to lock the metadata"
+        }
+        #[cfg(not(feature = "fs_locks"))]
+        {
+            "unable to open the metadata"
+        }
+    })?;

    let blocks_path = path_extend(&directory_path, BLOCK_PATH);
-    create_dir_all(blocks_path)?;
+    specify_io_error(create_dir_all(blocks_path), "unable to create blocks_path")?;

-    let mut keys = if keys_path.is_file() {
+    let keys = if keys_path.is_file() {
        LiveKeys::read_from_disk(decryption_input, keys_path)
    } else {
        LiveKeys::generate_new(decryption_input, keys_path)
-    }?;
+    };
+    let mut keys = specify_kme_error(keys, "unable to read or generate master key")?;

    let metadata = if metadata_file.empty()? {
        Metadata::empty()

--- a/aead_vfs/src/secure_file.rs
+++ b/aead_vfs/src/secure_file.rs
@@ -248,6 +248,17 @@ impl Read for SecureFileHandler {
            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("{e:?}")))
    }
 }
+impl Drop for SecureFileHandler {
+    fn drop(&mut self) {
+        if let Err(error) = self.try_flush() {
+            if panicking() {
+                eprintln!("SecureFileHandler::drop() -> {error:?}");
+            } else {
+                panic!("SecureFileHandler::drop() -> {error:?}");
+            }
+        }
+    }
+}

 fn stdout_flush() -> std::io::Result<()> {
    std::io::stdout().flush()

--- a/multi_key_manager/Cargo.toml
+++ b/multi_key_manager/Cargo.toml
@@ -12,8 +12,9 @@ license.workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [features]
-default = []
+default = [ "fs_locks" ]
 with_nonce = []
+fs_locks = [ "fs4" ]

 [dependencies]
 argon2 = { version = "0.4.1", features = [ "rand" ] }
@@ -26,7 +27,7 @@ rmp-serde = "1.1.1"
 serde = { version = "1.0.152", features = ["derive"] }

 # lock the keys file while it is in use
-fs4 = "0.6.3"
+fs4 = { version = "0.6.3", features = ["sync"], optional = true }

 #[target.'cfg(unix)'.dependencies]
 #libc = "0.2.139"

--- a/multi_key_manager/src/file.rs
+++ b/multi_key_manager/src/file.rs
 use core::ops::{Deref, DerefMut};
+#[cfg(feature = "fs_locks")]
 use fs4::FileExt;
 use std::{
    fs::{File as StdFile, OpenOptions},
@@ -20,7 +21,10 @@ pub fn open_rwlocked<P: AsRef<Path>>(path: P) -> IoResult<File> {
    //println!("File::open_rwlocked(... {:?}) at {}",path.file_name(),file.stream_position()?);

    file.rewind()?;
-    file.lock_exclusive()?;
+    #[cfg(feature = "fs_locks")]
+    {
+        file.lock_exclusive()?;
+    }
    Ok(File(file))
 }