Skip to content
GitLab
Explore
Sign in
Stefan Schindler
encrypted_filesystem_storage
Compare revisions
4039ab2e9b584342aa5530f9de1bdc05fde588b5 to f334a39606aa537cf9eeb0d8458668c91a12da6f
Commits on Source (2)
Make the locking configurable with a feature flag
· 3b75792a
Stefan Schindler
authored
May 27, 2023
3b75792a
Expose SecureFileHandler and flush() on drop
· f334a396
Stefan Schindler
authored
May 29, 2023
f334a396
Show whitespace changes
Inline
Side-by-side
Cargo.toml
View file @
f334a396
[workspace]
members
=
[
"multi_key_manager"
,
"aead_vfs"
"aead_vfs"
,
"cli"
,
]
[workspace.package]
...
...
aead_vfs/Cargo.toml
View file @
f334a396
...
...
@@ -10,6 +10,10 @@ license.workspace = true
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[features]
default
=
[
"fs_locks"
]
fs_locks
=
[
"multi_key_manager/fs_locks"
]
[dependencies]
multi_key_manager
=
{
path
=
"../multi_key_manager"
,
features
=
[
"with_nonce"
]
}
...
...
aead_vfs/src/errors.rs
View file @
f334a396
...
...
@@ -12,6 +12,8 @@ pub enum CvfsErrors {
/// Std::io::Error
GeneralIO
(
String
),
/// Std::io::Error with a reason
ContextIO
(
&
'static
str
,
String
),
/// A constant time error occured in the `ring` crate
GeneralRingEncryptionError
,
MutexUnlockError
(
String
),
...
...
@@ -22,6 +24,16 @@ pub enum CvfsErrors {
RmpDecode
(
String
),
}
pub
fn
specify_io_error
<
O
>
(
r
:
Result
<
O
,
std
::
io
::
Error
>
,
reason
:
&
'static
str
)
->
CvfsResult
<
O
>
{
r
.map_err
(|
e
|
CvfsErrors
::
ContextIO
(
reason
,
format!
(
"{e:?}"
)))
}
pub
fn
specify_kme_error
<
O
>
(
r
:
Result
<
O
,
multi_key_manager
::
errors
::
KeyManagementError
>
,
reason
:
&
'static
str
,
)
->
CvfsResult
<
O
>
{
r
.map_err
(|
e
|
CvfsErrors
::
ContextIO
(
reason
,
format!
(
"{e:?}"
)))
}
impl
From
<
std
::
io
::
Error
>
for
CvfsErrors
{
fn
from
(
e
:
std
::
io
::
Error
)
->
Self
{
CvfsErrors
::
GeneralIO
(
format!
(
"{e:?}"
))
...
...
aead_vfs/src/lib.rs
View file @
f334a396
...
...
@@ -9,13 +9,14 @@ use std::{
};
pub
mod
errors
;
use
errors
::{
CvfsErrors
,
CvfsResult
};
use
errors
::{
specify_io_error
,
specify_kme_error
,
CvfsErrors
,
CvfsResult
};
mod
aead
;
use
aead
::{
decrypt_file_buffered
,
encrypt_file_buffered
};
pub
mod
metadata
;
use
metadata
::{
FileInfo
,
FileTag
,
Metadata
};
mod
secure_file
;
use
secure_file
::{
ActiveFile
,
SecureFileHandler
};
use
secure_file
::
ActiveFile
;
pub
use
secure_file
::
SecureFileHandler
;
const
SUPERBLOCK_PATH
:
&
str
=
"encfsstorage.superblock"
;
const
BLOCK_PATH
:
&
str
=
"blocks/"
;
...
...
@@ -26,7 +27,7 @@ pub fn open_dir<P: AsRef<Path>>(
directory_path
:
P
,
)
->
Result
<
CryptoVFS
,
CvfsErrors
>
{
let
directory_path
=
directory_path
.as_ref
()
.to_owned
();
create_dir_all
(
&
directory_path
)
?
;
specify_io_error
(
create_dir_all
(
&
directory_path
)
,
"unable to create_dir_all"
)
?
;
let
keys_path
=
path_extend
(
&
directory_path
,
SUPERBLOCK_PATH
);
if
keys_path
.is_dir
()
{
return
Err
(
CvfsErrors
::
GeneralIO
(
format!
(
...
...
@@ -41,16 +42,26 @@ pub fn open_dir<P: AsRef<Path>>(
metadata_path
.display
()
)));
}
let
mut
metadata_file
=
open_rwlocked
(
&
metadata_path
)
?
;
let
mut
metadata_file
=
specify_io_error
(
open_rwlocked
(
&
metadata_path
),
{
#[cfg(feature
=
"fs_locks"
)]
{
"unable to lock the metadata"
}
#[cfg(not(feature
=
"fs_locks"
))]
{
"unable to open the metadata"
}
})
?
;
let
blocks_path
=
path_extend
(
&
directory_path
,
BLOCK_PATH
);
create_dir_all
(
blocks_path
)
?
;
specify_io_error
(
create_dir_all
(
blocks_path
)
,
"unable to create blocks_path"
)
?
;
let
mut
keys
=
if
keys_path
.is_file
()
{
let
keys
=
if
keys_path
.is_file
()
{
LiveKeys
::
read_from_disk
(
decryption_input
,
keys_path
)
}
else
{
LiveKeys
::
generate_new
(
decryption_input
,
keys_path
)
}
?
;
};
let
mut
keys
=
specify_kme_error
(
keys
,
"unable to read or generate master key"
)
?
;
let
metadata
=
if
metadata_file
.empty
()
?
{
Metadata
::
empty
()
...
...
aead_vfs/src/secure_file.rs
View file @
f334a396
...
...
@@ -248,6 +248,17 @@ impl Read for SecureFileHandler {
.map_err
(|
e
|
std
::
io
::
Error
::
new
(
std
::
io
::
ErrorKind
::
Other
,
format!
(
"{e:?}"
)))
}
}
impl
Drop
for
SecureFileHandler
{
fn
drop
(
&
mut
self
)
{
if
let
Err
(
error
)
=
self
.try_flush
()
{
if
panicking
()
{
eprintln!
(
"SecureFileHandler::drop() -> {error:?}"
);
}
else
{
panic!
(
"SecureFileHandler::drop() -> {error:?}"
);
}
}
}
}
fn
stdout_flush
()
->
std
::
io
::
Result
<
()
>
{
std
::
io
::
stdout
()
.flush
()
...
...
multi_key_manager/Cargo.toml
View file @
f334a396
...
...
@@ -12,8 +12,9 @@ license.workspace = true
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[features]
default
=
[]
default
=
[
"fs_locks"
]
with_nonce
=
[]
fs_locks
=
[
"fs4"
]
[dependencies]
argon2
=
{
version
=
"0.4.1"
,
features
=
[
"rand"
]
}
...
...
@@ -26,7 +27,7 @@ rmp-serde = "1.1.1"
serde
=
{
version
=
"1.0.152"
,
features
=
[
"derive"
]
}
# lock the keys file while it is in use
fs4
=
"0.6.3"
fs4
=
{
version
=
"0.6.3"
,
features
=
[
"sync"
],
optional
=
true
}
#[target.'cfg(unix)'.dependencies]
#libc = "0.2.139"
...
...
multi_key_manager/src/file.rs
View file @
f334a396
use
core
::
ops
::{
Deref
,
DerefMut
};
#[cfg(feature
=
"fs_locks"
)]
use
fs4
::
FileExt
;
use
std
::{
fs
::{
File
as
StdFile
,
OpenOptions
},
...
...
@@ -20,7 +21,10 @@ pub fn open_rwlocked<P: AsRef<Path>>(path: P) -> IoResult<File> {
//println!("File::open_rwlocked(... {:?}) at {}",path.file_name(),file.stream_position()?);
file
.rewind
()
?
;
#[cfg(feature
=
"fs_locks"
)]
{
file
.lock_exclusive
()
?
;
}
Ok
(
File
(
file
))
}
...
...