Merge pull request #12 from chenkins/feature/uvf-draft

Update from cryptomator

Author: ylangisc

src/main/java/org/cryptomator/cryptolib/api/Cryptor.java

@@ -16,6 +16,14 @@ public interface Cryptor extends Destroyable, AutoCloseable {
 	 */
 	FileHeaderCryptor fileHeaderCryptor();
 
+	/**
+	 * Encryption and decryption of file headers.
+	 * @param revision The revision of the seed to {@link RevolvingMasterkey#subKey(int, int, byte[], String) derive subkeys}.
+	 * @return utility for encrypting and decrypting file headers
+	 * @apiNote Only relevant for Universal Vault Format, for Cryptomator Vault Format see {@link #fileHeaderCryptor()}
+	 */
+	FileHeaderCryptor fileHeaderCryptor(int revision);
+
 	/**
 	 * Encryption and decryption of file names in Cryptomator Vault Format.
 	 * @return utility for encrypting and decrypting file names
@@ -35,7 +43,7 @@ public interface Cryptor extends Destroyable, AutoCloseable {
 	 * High-Level API for file name encryption and decryption
 	 * @return utility for encryption and decryption of file names in the context of a directory
 	 */
-	default DirectoryContentCryptor<?> directoryContentCryptor() {
+	default DirectoryContentCryptor directoryContentCryptor() {
 		throw new UnsupportedOperationException("not implemented");
 	}
 

src/main/java/org/cryptomator/cryptolib/api/DirectoryContentCryptor.java

@@ -1,10 +1,10 @@
 package org.cryptomator.cryptolib.api;
 
-public interface DirectoryContentCryptor<T extends DirectoryMetadata> {
+public interface DirectoryContentCryptor {
 
-	T rootDirectoryMetadata(); // TODO required?
+	DirectoryMetadata rootDirectoryMetadata();
 
-	T newDirectoryMetadata();
+	DirectoryMetadata newDirectoryMetadata();
 
 	/**
 	 * Decrypts the given directory metadata.
@@ -13,19 +13,27 @@ public interface DirectoryContentCryptor<T extends DirectoryMetadata> {
 	 * @return The decrypted directory metadata.
 	 * @throws AuthenticationFailedException If the ciphertext is unauthentic.
 	 */
-	T decryptDirectoryMetadata(byte[] ciphertext) throws AuthenticationFailedException;
+	DirectoryMetadata decryptDirectoryMetadata(byte[] ciphertext) throws AuthenticationFailedException;
 
 	/**
 	 * Encrypts the given directory metadata.
 	 *
 	 * @param directoryMetadata The directory metadata to encrypt.
 	 * @return The encrypted directory metadata.
 	 */
-	byte[] encryptDirectoryMetadata(T directoryMetadata);
+	byte[] encryptDirectoryMetadata(DirectoryMetadata directoryMetadata);
 
-	Decrypting fileNameDecryptor(T directoryMetadata);
+	/**
+	 * Computes the directory path for the given directory metadata.
+	 * @param directoryMetadata The directory metadata.
+	 * @return A path relative to the vault's root (i.e. starting with `d/`).
+	 * @apiNote The path contains "/" as separator and does neither start nor end with a "/".
+	 */
+	String dirPath(DirectoryMetadata directoryMetadata);
+
+	Decrypting fileNameDecryptor(DirectoryMetadata directoryMetadata);
 
-	Encrypting fileNameEncryptor(T directoryMetadata);
+	Encrypting fileNameEncryptor(DirectoryMetadata directoryMetadata);
 
 	@FunctionalInterface
 	interface Decrypting {

src/main/java/org/cryptomator/cryptolib/api/Masterkey.java

@@ -32,6 +32,12 @@ static PerpetualMasterkey from(DestroyableSecretKey encKey, DestroyableSecretKey
 		}
 	}
 
+	/**
+	 * Returns the immutable directory ID of the root directory. This ID is unique for each vault and deterministically depends on the masterkey.
+	 * @return a unique but deterministic byte sequence
+	 */
+	byte[] rootDirId();
+
 	@Override
 	void destroy();
 

src/main/java/org/cryptomator/cryptolib/api/PerpetualMasterkey.java

@@ -68,6 +68,13 @@ public DestroyableSecretKey getMacKey() {
 		return new DestroyableSecretKey(key, SUBKEY_LEN_BYTES, SUBKEY_LEN_BYTES, MAC_ALG);
 	}
 
+	@Override
+	public byte[] rootDirId() {
+		// root directory ID is specified to be the "empty string":
+		// https://docs.cryptomator.org/security/vault/#directory-ids
+		return new byte[0];
+	}
+
 	@Override
 	public boolean isDestroyed() {
 		return destroyed;

src/main/java/org/cryptomator/cryptolib/api/UVFMasterkey.java

@@ -69,6 +69,7 @@ public int currentRevision() {
 		return latestSeed;
 	}
 
+	@Override
 	public byte[] rootDirId() {
 		return HKDFHelper.hkdfSha512(kdfSalt, seeds.get(initialSeed), ROOT_DIRID_KDF_CONTEXT, 32);
 	}

src/main/java/org/cryptomator/cryptolib/v1/CryptorImpl.java

@@ -1,6 +1,7 @@
 package org.cryptomator.cryptolib.v1;
 
 import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.api.FileHeaderCryptor;
 import org.cryptomator.cryptolib.api.FileNameCryptor;
 import org.cryptomator.cryptolib.api.Masterkey;
 import org.cryptomator.cryptolib.api.PerpetualMasterkey;
@@ -37,6 +38,11 @@ public FileHeaderCryptorImpl fileHeaderCryptor() {
 		return fileHeaderCryptor;
 	}
 
+	@Override
+	public FileHeaderCryptor fileHeaderCryptor(int revision) {
+		throw new UnsupportedOperationException();
+	}
+
 	@Override
 	public FileNameCryptorImpl fileNameCryptor() {
 		assertNotDestroyed();

src/main/java/org/cryptomator/cryptolib/v2/CryptorImpl.java

@@ -1,6 +1,7 @@
 package org.cryptomator.cryptolib.v2;
 
 import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.api.FileHeaderCryptor;
 import org.cryptomator.cryptolib.api.FileNameCryptor;
 import org.cryptomator.cryptolib.api.Masterkey;
 import org.cryptomator.cryptolib.api.PerpetualMasterkey;
@@ -38,6 +39,11 @@ public FileHeaderCryptorImpl fileHeaderCryptor() {
 		return fileHeaderCryptor;
 	}
 
+	@Override
+	public FileHeaderCryptor fileHeaderCryptor(int revision) {
+		throw new UnsupportedOperationException();
+	}
+
 	@Override
 	public FileNameCryptorImpl fileNameCryptor() {
 		assertNotDestroyed();

src/main/java/org/cryptomator/cryptolib/v3/CryptorImpl.java

@@ -10,6 +10,7 @@
 
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.DirectoryContentCryptor;
+import org.cryptomator.cryptolib.api.FileHeaderCryptor;
 import org.cryptomator.cryptolib.api.FileNameCryptor;
 import org.cryptomator.cryptolib.api.Masterkey;
 import org.cryptomator.cryptolib.api.RevolvingMasterkey;
@@ -21,7 +22,6 @@ class CryptorImpl implements Cryptor {
 
 	private final RevolvingMasterkey masterkey;
 	private final FileContentCryptorImpl fileContentCryptor;
-	private final FileHeaderCryptorImpl fileHeaderCryptor;
 	private final SecureRandom random;
 
 	/**
@@ -30,7 +30,6 @@ class CryptorImpl implements Cryptor {
 	 */
 	CryptorImpl(RevolvingMasterkey masterkey, SecureRandom random) {
 		this.masterkey = masterkey;
-		this.fileHeaderCryptor = new FileHeaderCryptorImpl(masterkey, random);
 		this.fileContentCryptor = new FileContentCryptorImpl(random);
 		this.random = random;
 	}
@@ -43,8 +42,13 @@ public FileContentCryptorImpl fileContentCryptor() {
 
 	@Override
 	public FileHeaderCryptorImpl fileHeaderCryptor() {
+		return fileHeaderCryptor(masterkey.currentRevision());
+	}
+
+	@Override
+	public FileHeaderCryptorImpl fileHeaderCryptor(int revision) {
 		assertNotDestroyed();
-		return fileHeaderCryptor;
+		return new FileHeaderCryptorImpl(masterkey, random, revision);
 	}
 
 	@Override
@@ -53,7 +57,7 @@ public FileNameCryptorImpl fileNameCryptor() {
 	}
 
 	@Override
-	public FileNameCryptor fileNameCryptor(int revision) {
+	public FileNameCryptorImpl fileNameCryptor(int revision) {
 		assertNotDestroyed();
 		return new FileNameCryptorImpl(masterkey, revision);
 	}

src/main/java/org/cryptomator/cryptolib/v3/DirectoryContentCryptorImpl.java

@@ -3,6 +3,7 @@
 import com.google.common.io.BaseEncoding;
 import org.cryptomator.cryptolib.api.AuthenticationFailedException;
 import org.cryptomator.cryptolib.api.DirectoryContentCryptor;
+import org.cryptomator.cryptolib.api.DirectoryMetadata;
 import org.cryptomator.cryptolib.api.FileHeader;
 import org.cryptomator.cryptolib.api.RevolvingMasterkey;
 
@@ -11,7 +12,7 @@
 
 import static org.cryptomator.cryptolib.v3.Constants.UVF_FILE_EXT;
 
-class DirectoryContentCryptorImpl implements DirectoryContentCryptor<DirectoryMetadataImpl> {
+class DirectoryContentCryptorImpl implements DirectoryContentCryptor {
 
 	private final RevolvingMasterkey masterkey;
 	private final SecureRandom random;
@@ -27,8 +28,8 @@ public DirectoryContentCryptorImpl(RevolvingMasterkey masterkey, SecureRandom ra
 
 	@Override
 	public DirectoryMetadataImpl rootDirectoryMetadata() {
-		// TODO
-		return null;
+		byte[] dirId = masterkey.rootDirId();
+		return new DirectoryMetadataImpl(masterkey.firstRevision(), dirId);
 	}
 
 	@Override
@@ -58,9 +59,10 @@ public DirectoryMetadataImpl decryptDirectoryMetadata(byte[] ciphertext) throws
 	}
 
 	@Override
-	public byte[] encryptDirectoryMetadata(DirectoryMetadataImpl directoryMetadata) {
-		ByteBuffer cleartextBuf = ByteBuffer.wrap(directoryMetadata.dirId());
-		FileHeader header = cryptor.fileHeaderCryptor().create();
+	public byte[] encryptDirectoryMetadata(DirectoryMetadata directoryMetadata) {
+		DirectoryMetadataImpl metadataImpl = DirectoryMetadataImpl.cast(directoryMetadata);
+		ByteBuffer cleartextBuf = ByteBuffer.wrap(metadataImpl.dirId());
+		FileHeader header = cryptor.fileHeaderCryptor(metadataImpl.seedId()).create();
 		ByteBuffer headerBuf = cryptor.fileHeaderCryptor().encryptHeader(header);
 		ByteBuffer contentBuf = cryptor.fileContentCryptor().encryptChunk(cleartextBuf, 0, header);
 		byte[] result = new byte[headerBuf.remaining() + contentBuf.remaining()];
@@ -69,22 +71,35 @@ public byte[] encryptDirectoryMetadata(DirectoryMetadataImpl directoryMetadata)
 		return result;
 	}
 
+	// DIR PATH
+
+	@Override
+	public String dirPath(DirectoryMetadata directoryMetadata) {
+		DirectoryMetadataImpl metadataImpl = DirectoryMetadataImpl.cast(directoryMetadata);
+		FileNameCryptorImpl fileNameCryptor = cryptor.fileNameCryptor(metadataImpl.seedId());
+		String dirIdStr = fileNameCryptor.hashDirectoryId(metadataImpl.dirId());
+		assert dirIdStr.length() == 32;
+		return "d/" + dirIdStr.substring(0, 2) + "/" + dirIdStr.substring(2);
+	}
+
 	// FILE NAMES
 
 	@Override
-	public Decrypting fileNameDecryptor(DirectoryMetadataImpl directoryMetadata) {
-		byte[] dirId = directoryMetadata.dirId();
-		FileNameCryptorImpl fileNameCryptor = new FileNameCryptorImpl(masterkey, directoryMetadata.seedId());
+	public Decrypting fileNameDecryptor(DirectoryMetadata directoryMetadata) {
+		DirectoryMetadataImpl metadataImpl = DirectoryMetadataImpl.cast(directoryMetadata);
+		byte[] dirId = metadataImpl.dirId();
+		FileNameCryptorImpl fileNameCryptor = cryptor.fileNameCryptor(metadataImpl.seedId());
 		return ciphertextAndExt -> {
 			String ciphertext = removeExtension(ciphertextAndExt);
 			return fileNameCryptor.decryptFilename(BaseEncoding.base64Url(), ciphertext, dirId);
 		};
 	}
 
 	@Override
-	public Encrypting fileNameEncryptor(DirectoryMetadataImpl directoryMetadata) {
-		byte[] dirId = directoryMetadata.dirId();
-		FileNameCryptorImpl fileNameCryptor = new FileNameCryptorImpl(masterkey, directoryMetadata.seedId());
+	public Encrypting fileNameEncryptor(DirectoryMetadata directoryMetadata) {
+		DirectoryMetadataImpl metadataImpl = DirectoryMetadataImpl.cast(directoryMetadata);
+		byte[] dirId = metadataImpl.dirId();
+		FileNameCryptorImpl fileNameCryptor = cryptor.fileNameCryptor(metadataImpl.seedId());
 		return plaintext -> {
 			String ciphertext = fileNameCryptor.encryptFilename(BaseEncoding.base64Url(), plaintext, dirId);
 			return ciphertext + UVF_FILE_EXT;

src/main/java/org/cryptomator/cryptolib/v3/DirectoryMetadataImpl.java

@@ -12,6 +12,14 @@ public DirectoryMetadataImpl(int seedId, byte[] dirId) {
 		this.dirId = dirId;
 	}
 
+	static DirectoryMetadataImpl cast(DirectoryMetadata metadata) {
+		if (metadata instanceof DirectoryMetadataImpl) {
+			return (DirectoryMetadataImpl) metadata;
+		} else {
+			throw new IllegalArgumentException("Unsupported metadata type " + metadata.getClass());
+		}
+	}
+
 	public byte[] dirId() {
 		return dirId;
 	}