diff --git a/Cargo.lock b/Cargo.lock index 27aecfe8..3df21c8d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -585,7 +585,7 @@ checksum = "b7aa2ec04f5120b830272a481e8d9d8ba4dda140d2cda59b0f1110d5eb93c38e" dependencies = [ "getrandom", "hybrid-array", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -791,12 +791,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" -[[package]] -name = "fuchsia-cprng" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" - [[package]] name = "fuse3" version = "0.7.1" @@ -1370,7 +1364,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" dependencies = [ "base64ct", - "rand_core 0.6.4", + "rand_core", "subtle", ] @@ -1474,29 +1468,6 @@ dependencies = [ "proc-macro2", ] -[[package]] -name = "rand" -version = "0.3.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64ac302d8f83c0c1974bf758f6b041c6c8ada916fbb44a609158ca8b064cc76c" -dependencies = [ - "libc", - "rand 0.4.6", -] - -[[package]] -name = "rand" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293" -dependencies = [ - "fuchsia-cprng", - "libc", - "rand_core 0.3.1", - "rdrand", - "winapi", -] - [[package]] name = "rand" version = "0.8.5" @@ -1505,7 +1476,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -1515,24 +1486,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.4", + "rand_core", ] -[[package]] -name = "rand_core" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" -dependencies = [ - "rand_core 0.4.2", -] - -[[package]] -name = "rand_core" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" - [[package]] name = "rand_core" version = "0.6.4" @@ -1542,15 +1498,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "rdrand" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2" -dependencies = [ - "rand_core 0.3.1", -] - [[package]] name = "regex" version = "1.10.4" @@ -1597,7 +1544,7 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "rencfs" -version = "0.3.0" +version = "0.3.1" dependencies = [ "anyhow", "argon2", @@ -1614,7 +1561,7 @@ dependencies = [ "mio", "num-format", "openssl", - "rand 0.3.23", + "rand", "retainer", "rpassword", "secrecy", @@ -1639,7 +1586,7 @@ dependencies = [ "async-lock 2.8.0", "async-timer", "log", - "rand 0.8.5", + "rand", ] [[package]] @@ -1724,7 +1671,7 @@ dependencies = [ "hkdf", "num", "once_cell", - "rand 0.8.5", + "rand", "serde", "sha2 0.10.8", "zbus", @@ -2474,7 +2421,7 @@ dependencies = [ "nix 0.26.4", "once_cell", "ordered-stream", - "rand 0.8.5", + "rand", "serde", "serde_repr", "sha1", diff --git a/Cargo.toml b/Cargo.toml index 9bfded61..f97f19ca 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "rencfs" description = "An encrypted file system that mounts with FUSE on Linux. It can be used to create encrypted directories." -version = "0.3.0" +version = "0.3.1" edition = "2021" license = "Apache-2.0" authors = ["Radu Marias "] @@ -21,7 +21,7 @@ libc = "0.2.153" serde = { version = "1.0.197", features = ["derive"] } bincode = "1.3.3" thiserror = "1.0.58" -rand = "0.3" +rand = "0.8.5" base64 = "=0.13.1" openssl = "=0.10.64" fuse3 = { version = "0.7.1", features = ["tokio-runtime", "unprivileged"] } diff --git a/src/encryptedfs.rs b/src/encryptedfs.rs index 924d6446..2f20ac3e 100644 --- a/src/encryptedfs.rs +++ b/src/encryptedfs.rs @@ -11,12 +11,13 @@ use std::sync::Arc; use std::sync::atomic::AtomicU64; use std::time::{Duration, SystemTime}; +use argon2::password_hash::rand_core::RngCore; use cryptostream::read::Decryptor; use cryptostream::write::Encryptor; use futures_util::TryStreamExt; use num_format::{Locale, ToFormattedString}; use openssl::error::ErrorStack; -use rand::{OsRng, Rng}; +use rand::thread_rng; use secrecy::{ExposeSecret, SecretString, SecretVec}; use serde::{Deserialize, Deserializer, Serialize, Serializer}; use strum_macros::{Display, EnumIter, EnumString}; @@ -27,7 +28,7 @@ use tracing::{debug, error, instrument, warn}; use crate::arc_hashmap::{ArcHashMap, Guard}; use crate::expire_value; -use crate::expire_value::ExpireValue; +use crate::expire_value::{ExpireValue, Provider}; pub mod crypto_util; #[cfg(test)] @@ -603,18 +604,14 @@ impl EncryptedFs { pub async fn new(data_dir: &str, password_provider: Box, cipher: Cipher) -> FsResult { let path = PathBuf::from(&data_dir); - let password = password_provider.get_password().ok_or(FsError::InvalidPassword)?; - - ensure_structure_created(&path.clone()).await?; - check_password(&path, &password, &cipher)?; - let key_provider = KeyProvider { path: path.join(SECURITY_DIR).join(KEY_ENC_FILENAME), - // todo: read pass from pass provider field password_provider, cipher: cipher.clone(), }; + ensure_structure_created(&path.clone(), &key_provider).await?; + let fs = EncryptedFs { data_dir: path.clone(), write_handles: RwLock::new(HashMap::new()), @@ -1852,8 +1849,7 @@ impl EncryptedFs { fn generate_next_inode(&self) -> u64 { loop { - let mut rng = rand::thread_rng(); - let ino = rng.gen::(); + let ino = thread_rng().next_u64(); if ino <= ROOT_INODE { continue; @@ -1889,7 +1885,7 @@ impl EncryptedFs { Cipher::Aes256Gcm => 32, }; key.resize(key_len, 0); - OsRng::new()?.fill_bytes(&mut key); + thread_rng().fill_bytes(&mut key); let key = SecretVec::new(key); let key_store = KeyStore::new(key); let mut encryptor = crypto_util::create_encryptor(OpenOptions::new().read(true).write(true).create(true).open(path)?, @@ -1900,7 +1896,7 @@ impl EncryptedFs { } } -async fn ensure_structure_created(data_dir: &PathBuf) -> FsResult<()> { +async fn ensure_structure_created(data_dir: &PathBuf, key_provider: &KeyProvider) -> FsResult<()> { if data_dir.exists() { check_structure(data_dir, true).await?; } else { @@ -1916,6 +1912,9 @@ async fn ensure_structure_created(data_dir: &PathBuf) -> FsResult<()> { } } + // create encryption key + key_provider.provide()?; + Ok(()) } diff --git a/src/encryptedfs/crypto_util.rs b/src/encryptedfs/crypto_util.rs index 2135b43d..5ee9a595 100644 --- a/src/encryptedfs/crypto_util.rs +++ b/src/encryptedfs/crypto_util.rs @@ -1,11 +1,12 @@ use std::fs::File; use cryptostream::{read, write}; use std::os::unix::fs::MetadataExt; -use rand::Rng; +use rand::{thread_rng}; use std::io::{Read, Write}; use base64::decode; use std::io; use argon2::Argon2; +use argon2::password_hash::rand_core::RngCore; use cryptostream::read::Decryptor; use cryptostream::write::Encryptor; use openssl::sha::sha256; @@ -28,7 +29,7 @@ pub fn create_encryptor(mut file: File, cipher: &Cipher, key: &SecretVec) -> let mut iv: Vec = vec![0; iv_len]; if file.metadata().unwrap().size() == 0 { // generate random IV - rand::thread_rng().fill_bytes(&mut iv); + thread_rng().fill_bytes(&mut iv); file.write_all(&iv).unwrap(); } else { // read IV from file