dswd
/
zvault
mirror of https://github.com/dswd/zvault
1
0
Fork 0
Code Issues Releases Wiki Activity

Refactor crypto

This commit is contained in:
Dennis Schwerdel 2018-03-09 23:56:18 +01:00
parent ca1916145f
commit 048a48873a
7 changed files with 43 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cli/algotest.rs
View File

@ -187,7 +187,7 @@ pub fn run(
println!(); println!();
let (public, secret) = Crypto::gen_keypair(); let (public, secret) = Crypto::gen_keypair();
let mut crypto = Crypto::dummy(); let crypto = Crypto::dummy();
crypto.add_secret_key(public, secret); crypto.add_secret_key(public, secret);
let encryption = (EncryptionMethod::Sodium, public[..].to_vec().into()); let encryption = (EncryptionMethod::Sodium, public[..].to_vec().into());

8
src/repository/backup.rs
View File

@ -42,7 +42,7 @@ pub enum DiffType {
impl Repository { impl Repository {
pub fn get_all_backups(&self) -> Result<HashMap<String, Backup>, RepositoryError> { pub fn get_all_backups(&self) -> Result<HashMap<String, Backup>, RepositoryError> {
Ok(try!(Backup::get_all_from( Ok(try!(Backup::get_all_from(
&self.crypto.lock().unwrap(), &self.crypto,
self.layout.backups_path() self.layout.backups_path()
))) )))
} }
@ -52,7 +52,7 @@ impl Repository {
path: P, path: P,
) -> Result<HashMap<String, Backup>, RepositoryError> { ) -> Result<HashMap<String, Backup>, RepositoryError> {
Ok(try!(Backup::get_all_from( Ok(try!(Backup::get_all_from(
&self.crypto.lock().unwrap(), &self.crypto,
self.layout.backups_path().join(path) self.layout.backups_path().join(path)
))) )))
} }
@ -64,7 +64,7 @@ impl Repository {
pub fn get_backup(&self, name: &str) -> Result<Backup, RepositoryError> { pub fn get_backup(&self, name: &str) -> Result<Backup, RepositoryError> {
Ok(try!(Backup::read_from( Ok(try!(Backup::read_from(
&self.crypto.lock().unwrap(), &self.crypto,
self.layout.backup_path(name) self.layout.backup_path(name)
))) )))
} }
@ -74,7 +74,7 @@ impl Repository {
let path = self.layout.backup_path(name); let path = self.layout.backup_path(name);
try!(fs::create_dir_all(path.parent().unwrap())); try!(fs::create_dir_all(path.parent().unwrap()));
try!(backup.save_to( try!(backup.save_to(
&self.crypto.lock().unwrap(), &self.crypto,
self.config.encryption.clone(), self.config.encryption.clone(),
path path
)); ));

10
src/repository/bundledb/db.rs
View File

@ -4,7 +4,7 @@ use super::*;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use std::fs; use std::fs;
use std::sync::{Arc, Mutex}; use std::sync::Arc;
use std::io; use std::io;
use std::mem; use std::mem;
use std::cmp::min; use std::cmp::min;
@ -62,7 +62,7 @@ fn load_bundles(
path: &Path, path: &Path,
base: &Path, base: &Path,
bundles: &mut HashMap<BundleId, StoredBundle>, bundles: &mut HashMap<BundleId, StoredBundle>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
) -> Result<(Vec<StoredBundle>, Vec<StoredBundle>), BundleDbError> { ) -> Result<(Vec<StoredBundle>, Vec<StoredBundle>), BundleDbError> {
let mut paths = vec![path.to_path_buf()]; let mut paths = vec![path.to_path_buf()];
let mut bundle_paths = HashSet::new(); let mut bundle_paths = HashSet::new();
@ -119,7 +119,7 @@ fn load_bundles(
pub struct BundleDb { pub struct BundleDb {
pub layout: Arc<ChunkRepositoryLayout>, pub layout: Arc<ChunkRepositoryLayout>,
uploader: Option<Arc<BundleUploader>>, uploader: Option<Arc<BundleUploader>>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
local_bundles: HashMap<BundleId, StoredBundle>, local_bundles: HashMap<BundleId, StoredBundle>,
remote_bundles: HashMap<BundleId, StoredBundle>, remote_bundles: HashMap<BundleId, StoredBundle>,
bundle_cache: LruCache<BundleId, (BundleReader, Vec<u8>)> bundle_cache: LruCache<BundleId, (BundleReader, Vec<u8>)>
@ -127,7 +127,7 @@ pub struct BundleDb {
impl BundleDb { impl BundleDb {
fn new(layout: Arc<ChunkRepositoryLayout>, crypto: Arc<Mutex<Crypto>>) -> Self { fn new(layout: Arc<ChunkRepositoryLayout>, crypto: Arc<Crypto>) -> Self {
BundleDb { BundleDb {
layout, layout,
crypto, crypto,
@ -240,7 +240,7 @@ impl BundleDb {
pub fn open( pub fn open(
layout: Arc<ChunkRepositoryLayout>, layout: Arc<ChunkRepositoryLayout>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
online: bool online: bool
) -> Result<(Self, Vec<BundleInfo>, Vec<BundleInfo>), BundleDbError> { ) -> Result<(Self, Vec<BundleInfo>, Vec<BundleInfo>), BundleDbError> {
let mut self_ = Self::new(layout, crypto); let mut self_ = Self::new(layout, crypto);

18
src/repository/bundledb/reader.rs
View File

@ -6,7 +6,7 @@ use std::fs::{self, File};
use std::io::{self, Read, Seek, SeekFrom, BufReader}; use std::io::{self, Read, Seek, SeekFrom, BufReader};
use std::cmp::max; use std::cmp::max;
use std::fmt::{self, Debug}; use std::fmt::{self, Debug};
use std::sync::{Arc, Mutex}; use std::sync::Arc;
quick_error!{ quick_error!{
@ -60,7 +60,7 @@ pub struct BundleReader {
pub info: BundleInfo, pub info: BundleInfo,
pub version: u8, pub version: u8,
pub path: PathBuf, pub path: PathBuf,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
pub content_start: usize, pub content_start: usize,
pub chunks: Option<ChunkList>, pub chunks: Option<ChunkList>,
pub chunk_positions: Option<Vec<usize>> pub chunk_positions: Option<Vec<usize>>
@ -71,7 +71,7 @@ impl BundleReader {
path: PathBuf, path: PathBuf,
version: u8, version: u8,
content_start: usize, content_start: usize,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
info: BundleInfo, info: BundleInfo,
) -> Self { ) -> Self {
BundleReader { BundleReader {
@ -93,7 +93,7 @@ impl BundleReader {
#[allow(needless_pass_by_value)] #[allow(needless_pass_by_value)]
fn load_header<P: AsRef<Path>>( fn load_header<P: AsRef<Path>>(
path: P, path: P,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
) -> Result<(BundleInfo, u8, usize), BundleReaderError> { ) -> Result<(BundleInfo, u8, usize), BundleReaderError> {
let path = path.as_ref(); let path = path.as_ref();
let mut file = BufReader::new(try!(File::open(path).context(path))); let mut file = BufReader::new(try!(File::open(path).context(path)));
@ -116,8 +116,6 @@ impl BundleReader {
if let Some(ref encryption) = header.encryption { if let Some(ref encryption) = header.encryption {
info_data = try!( info_data = try!(
crypto crypto
.lock()
.unwrap()
.decrypt(encryption, &info_data) .decrypt(encryption, &info_data)
.context(path) .context(path)
); );
@ -133,13 +131,13 @@ impl BundleReader {
#[inline] #[inline]
pub fn load_info<P: AsRef<Path>>( pub fn load_info<P: AsRef<Path>>(
path: P, path: P,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
) -> Result<BundleInfo, BundleReaderError> { ) -> Result<BundleInfo, BundleReaderError> {
Self::load_header(path, crypto).map(|b| b.0) Self::load_header(path, crypto).map(|b| b.0)
} }
#[inline] #[inline]
pub fn load(path: PathBuf, crypto: Arc<Mutex<Crypto>>) -> Result<Self, BundleReaderError> { pub fn load(path: PathBuf, crypto: Arc<Crypto>) -> Result<Self, BundleReaderError> {
let (header, version, content_start) = try!(Self::load_header(&path, crypto.clone())); let (header, version, content_start) = try!(Self::load_header(&path, crypto.clone()));
Ok(BundleReader::new( Ok(BundleReader::new(
path, path,
@ -170,8 +168,6 @@ impl BundleReader {
if let Some(ref encryption) = self.info.encryption { if let Some(ref encryption) = self.info.encryption {
chunk_data = try!( chunk_data = try!(
self.crypto self.crypto
.lock()
.unwrap()
.decrypt(encryption, &chunk_data) .decrypt(encryption, &chunk_data)
.context(&self.path as &Path) .context(&self.path as &Path)
); );
@ -212,8 +208,6 @@ impl BundleReader {
if let Some(ref encryption) = self.info.encryption { if let Some(ref encryption) = self.info.encryption {
data = try!( data = try!(
self.crypto self.crypto
.lock()
.unwrap()
.decrypt(encryption, &data) .decrypt(encryption, &data)
.context(&self.path as &Path) .context(&self.path as &Path)
); );

12
src/repository/bundledb/writer.rs
View File

@ -4,7 +4,7 @@ use super::*;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::fs::File; use std::fs::File;
use std::io::{self, Write, BufWriter}; use std::io::{self, Write, BufWriter};
use std::sync::{Arc, Mutex}; use std::sync::Arc;
use chrono::prelude::*; use chrono::prelude::*;
@ -51,7 +51,7 @@ pub struct BundleWriter {
compression: Option<Compression>, compression: Option<Compression>,
compression_stream: Option<CompressionStream>, compression_stream: Option<CompressionStream>,
encryption: Option<Encryption>, encryption: Option<Encryption>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
raw_size: usize, raw_size: usize,
chunk_count: usize, chunk_count: usize,
chunks: ChunkList chunks: ChunkList
@ -63,7 +63,7 @@ impl BundleWriter {
hash_method: HashMethod, hash_method: HashMethod,
compression: Option<Compression>, compression: Option<Compression>,
encryption: Option<Encryption>, encryption: Option<Encryption>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
) -> Result<Self, BundleWriterError> { ) -> Result<Self, BundleWriterError> {
let compression_stream = match compression { let compression_stream = match compression {
Some(ref compression) => Some(try!(compression.compress_stream().map_err( Some(ref compression) => Some(try!(compression.compress_stream().map_err(
@ -106,14 +106,14 @@ impl BundleWriter {
)) ))
} }
if let Some(ref encryption) = self.encryption { if let Some(ref encryption) = self.encryption {
self.data = try!(self.crypto.lock().unwrap().encrypt(encryption, &self.data)); self.data = try!(self.crypto.encrypt(encryption, &self.data));
} }
let encoded_size = self.data.len(); let encoded_size = self.data.len();
let mut chunk_data = Vec::with_capacity(self.chunks.encoded_size()); let mut chunk_data = Vec::with_capacity(self.chunks.encoded_size());
self.chunks.write_to(&mut chunk_data).unwrap(); self.chunks.write_to(&mut chunk_data).unwrap();
let id = BundleId(self.hash_method.hash(&chunk_data)); let id = BundleId(self.hash_method.hash(&chunk_data));
if let Some(ref encryption) = self.encryption { if let Some(ref encryption) = self.encryption {
chunk_data = try!(self.crypto.lock().unwrap().encrypt(encryption, &chunk_data)); chunk_data = try!(self.crypto.encrypt(encryption, &chunk_data));
} }
let mut path = db.layout.temp_bundle_path(); let mut path = db.layout.temp_bundle_path();
let mut file = BufWriter::new(try!(File::create(&path).context(&path as &Path))); let mut file = BufWriter::new(try!(File::create(&path).context(&path as &Path)));
@ -133,7 +133,7 @@ impl BundleWriter {
}; };
let mut info_data = try!(msgpack::encode(&info).context(&path as &Path)); let mut info_data = try!(msgpack::encode(&info).context(&path as &Path));
if let Some(ref encryption) = self.encryption { if let Some(ref encryption) = self.encryption {
info_data = try!(self.crypto.lock().unwrap().encrypt(encryption, &info_data)); info_data = try!(self.crypto.encrypt(encryption, &info_data));
} }
let header = BundleHeader { let header = BundleHeader {
encryption: self.encryption, encryption: self.encryption,

14
src/repository/mod.rs
View File

@ -20,7 +20,7 @@ use std::mem;
use std::cmp::max; use std::cmp::max;
use std::path::Path; use std::path::Path;
use std::fs::{self, File}; use std::fs::{self, File};
use std::sync::{Arc, Mutex}; use std::sync::Arc;
use std::os::unix::fs::symlink; use std::os::unix::fs::symlink;
use std::io::Write; use std::io::Write;
@ -74,10 +74,10 @@ impl index::Key for Hash {
} }
pub struct Repository { pub struct Repository {
pub layout: Arc<ChunkRepositoryLayout>, layout: Arc<ChunkRepositoryLayout>,
pub config: Config, pub config: Config,
index: Index<Hash, Location>, index: Index<Hash, Location>,
crypto: Arc<Mutex<Crypto>>, crypto: Arc<Crypto>,
bundle_map: BundleMap, bundle_map: BundleMap,
next_data_bundle: u32, next_data_bundle: u32,
next_meta_bundle: u32, next_meta_bundle: u32,
@ -133,7 +133,7 @@ impl Repository {
try!(fs::create_dir_all(layout.local_locks_path())); // Added after v0.1.0 try!(fs::create_dir_all(layout.local_locks_path())); // Added after v0.1.0
let local_locks = LockFolder::new(layout.local_locks_path()); let local_locks = LockFolder::new(layout.local_locks_path());
let lock = try!(local_locks.lock(false)); let lock = try!(local_locks.lock(false));
let crypto = Arc::new(Mutex::new(try!(Crypto::open(layout.keys_path())))); let crypto = Arc::new(try!(Crypto::open(layout.keys_path())));
let (bundles, new, gone) = try!(BundleDb::open(layout.clone(), crypto.clone(), online)); let (bundles, new, gone) = try!(BundleDb::open(layout.clone(), crypto.clone(), online));
let (index, mut rebuild_index) = let (index, mut rebuild_index) =
match unsafe { Index::open(layout.index_path(), &INDEX_MAGIC, INDEX_VERSION) } { match unsafe { Index::open(layout.index_path(), &INDEX_MAGIC, INDEX_VERSION) } {
@ -225,7 +225,7 @@ impl Repository {
) -> Result<Self, RepositoryError> { ) -> Result<Self, RepositoryError> {
let mut repo = try!(Repository::create(layout.clone(), &Config::default(), remote)); let mut repo = try!(Repository::create(layout.clone(), &Config::default(), remote));
for file in key_files { for file in key_files {
try!(repo.crypto.lock().unwrap().register_keyfile(file)); try!(repo.crypto.register_keyfile(file));
} }
repo = try!(Repository::open(layout, true)); repo = try!(Repository::open(layout, true));
let mut backups: Vec<(String, Backup)> = try!(repo.get_all_backups()).into_iter().collect(); let mut backups: Vec<(String, Backup)> = try!(repo.get_all_backups()).into_iter().collect();
@ -249,7 +249,7 @@ impl Repository {
secret: SecretKey, secret: SecretKey,
) -> Result<(), RepositoryError> { ) -> Result<(), RepositoryError> {
try!(self.write_mode()); try!(self.write_mode());
try!(self.crypto.lock().unwrap().register_secret_key( try!(self.crypto.register_secret_key(
public, public,
secret secret
)); ));
@ -266,7 +266,7 @@ impl Repository {
#[inline] #[inline]
pub fn set_encryption(&mut self, public: Option<&PublicKey>) { pub fn set_encryption(&mut self, public: Option<&PublicKey>) {
if let Some(key) = public { if let Some(key) = public {
if !self.crypto.lock().unwrap().contains_secret_key(key) { if !self.crypto.contains_secret_key(key) {
tr_warn!("The secret key for that public key is not stored in the repository.") tr_warn!("The secret key for that public key is not stored in the repository.")
} }
let mut key_bytes = Vec::new(); let mut key_bytes = Vec::new();

28
src/util/encryption.rs
View File

@ -2,7 +2,7 @@ use std::collections::HashMap;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::io; use std::io;
use std::fs::{self, File}; use std::fs::{self, File};
use std::sync::{Once, ONCE_INIT}; use std::sync::{RwLock, Once, ONCE_INIT};
use serde_yaml; use serde_yaml;
use serde_bytes::ByteBuf; use serde_bytes::ByteBuf;
@ -116,7 +116,7 @@ impl KeyfileYaml {
pub struct Crypto { pub struct Crypto {
path: Option<PathBuf>, path: Option<PathBuf>,
keys: HashMap<PublicKey, SecretKey> keys: RwLock<HashMap<PublicKey, SecretKey>>
} }
impl Crypto { impl Crypto {
@ -125,7 +125,7 @@ impl Crypto {
sodium_init(); sodium_init();
Crypto { Crypto {
path: None, path: None,
keys: HashMap::new() keys: RwLock::new(HashMap::new())
} }
} }
@ -152,17 +152,17 @@ impl Crypto {
} }
Ok(Crypto { Ok(Crypto {
path: Some(path), path: Some(path),
keys keys: RwLock::new(keys)
}) })
} }
#[inline] #[inline]
pub fn add_secret_key(&mut self, public: PublicKey, secret: SecretKey) { pub fn add_secret_key(&self, public: PublicKey, secret: SecretKey) {
self.keys.insert(public, secret); self.keys.write().expect("Lock poisoned").insert(public, secret);
} }
#[inline] #[inline]
pub fn register_keyfile<P: AsRef<Path>>(&mut self, path: P) -> Result<(), EncryptionError> { pub fn register_keyfile<P: AsRef<Path>>(&self, path: P) -> Result<(), EncryptionError> {
let (public, secret) = try!(Self::load_keypair_from_file(path)); let (public, secret) = try!(Self::load_keypair_from_file(path));
self.register_secret_key(public, secret) self.register_secret_key(public, secret)
} }
@ -211,7 +211,7 @@ impl Crypto {
#[inline] #[inline]
pub fn register_secret_key( pub fn register_secret_key(
&mut self, &self,
public: PublicKey, public: PublicKey,
secret: SecretKey, secret: SecretKey,
) -> Result<(), EncryptionError> { ) -> Result<(), EncryptionError> {
@ -219,17 +219,17 @@ impl Crypto {
let path = path.join(to_hex(&public[..]) + ".yaml"); let path = path.join(to_hex(&public[..]) + ".yaml");
try!(Self::save_keypair_to_file(&public, &secret, path)); try!(Self::save_keypair_to_file(&public, &secret, path));
} }
self.keys.insert(public, secret); self.keys.write().expect("Lock poisoned").insert(public, secret);
Ok(()) Ok(())
} }
#[inline] #[inline]
pub fn contains_secret_key(&mut self, public: &PublicKey) -> bool { pub fn contains_secret_key(&self, public: &PublicKey) -> bool {
self.keys.contains_key(public) self.keys.read().expect("Lock poisoned").contains_key(public)
} }
fn get_secret_key(&self, public: &PublicKey) -> Result<&SecretKey, EncryptionError> { fn get_secret_key(&self, public: &PublicKey) -> Result<SecretKey, EncryptionError> {
self.keys.get(public).ok_or_else( self.keys.read().expect("Lock poisoned").get(public).cloned().ok_or_else(
|| EncryptionError::MissingKey(*public) || EncryptionError::MissingKey(*public)
) )
} }
@ -254,7 +254,7 @@ impl Crypto {
let secret = try!(self.get_secret_key(&public)); let secret = try!(self.get_secret_key(&public));
match *method { match *method {
EncryptionMethod::Sodium => { EncryptionMethod::Sodium => {
sealedbox::open(data, &public, secret).map_err(|_| { sealedbox::open(data, &public, &secret).map_err(|_| {
EncryptionError::Operation(tr!("Decryption failed")) EncryptionError::Operation(tr!("Decryption failed"))
}) })
} }