# Format: - , , , , , !- 0, 3, mdcarr941@gmail.com, 2ebb8a Fix bug where writing to a block that already has a Writecap in its header using the creds of a different node produces an invalid signature (a signature using the creds of the other node). !- 1 Fix BufSectored so it doesn't have to write to the first sector every flush. - 2 Track position and dirty-ness in Trailered. - 4 Remove TryCompose? !- 5, 1, mdcarr941@gmail.com, bd6904, mdcarr941@gmail.com, bd6904 Move crypto::{encrypt, decrypt} into corresponding {EncrypterExt, DecrypterExt}. !- 7, 2, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356 Add a ser_sign_into method to SignerExt which serializes a value into a provided Vec and returns a signature over this data. Update BlockStream::flush_integ to use this method. !- 8 Convert all sector sizes to u32 for portability. (I ended up using u64 but keeping usize as the return type for Sectored::sector_sz) - 9 Create an extension trait for u64 with a method for adding an i64 to it. Use this in SecretStream::seek, Trailered::seek and SectoredBuf::seek. !- 10, 5, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356 Create a struct which digests data written to it before passing it to an underlying Write. !- 11, 3, mdcarr941@gmail.com, bd6904, mdcarr941@gmail.com, bd6904 Create a struct called WritecapBody to contain the fields of Writecap which go into the signature calculation so that WritecapSigInput is no longer required. !- 12, 8, mdcarr941@gmail.com, 2ebb8a, Create a struct for managing the directory used to store blocks in the file system. Design and implement an API for creating, opening, moving, copying, deleting and linking blocks. This API must be codified by a trait to allow the implementation to be changed in the future. !- 13, 5, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356 Change the Hash enum so it contains structs for each hash type. Unify these structs with the node structs used in the VecMerkleTree. !- 14, 13, mdcarr941@gmail.com, bd6904 Refactor btlib so that most of the types are in their own modules. This is needed to encourage modularity and weak coupling, as it reduces the amount of code that fields and helper functions are visible to. !- 15, 13, mdcarr941@gmail.com, 58d1f6, Create a new crate which implements a FUSE daemon. !- 16, 5, mdcarr941@gmail.com, 866533, Add the inherit field, which contains the crypto link from the parent block key to the current block key, to the block metadata. - 17, 13, mdcarr941@gmail.com, 8665339, SECURITY: Design and implement a mechanism to protect the keys in block's metadata dictionary from being correlated with one another. This mechanism must allow a principal with a readcap to be able to find their readcap and to rotate the block and create new readcaps for each of the principals in the dictionary, but prevent an attacker from being able to identify when two blocks contain readcaps for the same principal. !- 18, 3, mdcarr941@gmail.com, 8665339, ??? SECURITY: Remove the path field from BlockMeta. It isn't needed as the block path should be independently know by any verified. This will ensure that path names are not stored in cleartext. - 19, 21, mdcarr941@gmail.com, 8665339, Integrate with tokio and add async methods to all of the stream types. - 20, 5, mdcarr941@gmail.com, ef1d43, Rewrite BlockPath to be more efficient by ensuring that all characters in a path are contiguous in memory. !- 22, 8, mdcarr941@gmail.com, fe2ffc, mdcarr941@gmail.com, fe2ffc Add a new fields to BlockMeta which stores data encrypted using the block key. This information must include: * mode bits as u32 * Unix timestamps * owner UID and GID * size of block data in bytes as u64 * number of hardlinks to the block Also include a dictionary for user data, which is indexed using a String and whose values are Vec structs. - 23, 5, mdcarr941@gmail.com, 7f33fa, Manually implement the Serialize trait for BlockMetaBody so that the secrets field can be lazily updated upon serialization if the secrets_struct field has been modified. In order to detect modifications, a new field with the serde(skip) attribute needs to be added to BlockMetaBody to store the hash of BlockMetaSecrets that was computed just after decryption. - 24, 3, mdcarr941@gmail.com, 7dbb358, Move `BlockRecord.frags` into `BlockMetaSecrets`. - 25, 2, mdcarr941@gmail.com, 02d8cb, Implement `Blocktree::batch_forget`. - 26, 13, mdcarr941@gmail.com, 44a6ef, Implement a timeout mechanism in LocalFs which will purge handles and locks that have not been accessed for a configured period of time. - 27, 8, mdcarr941@gmail.com, 1c59d92 SECURITY: Reusing the IV for every sector in a block is a security risk. This is equivalent to using ECB mode with a cipher whose block size equals the sector size, meaning that patterns in the cipher text will be clearly visible. Design a method to avoid reusing the same IV for every sector. (Maybe use the sector index as the IV? That's kind of like CTR mode. Ah, I could hash the IV with the sector index, then use that as the IV for the sector.) - 27, 3, mdcarr941@gmail.com, 1c59d92 SECURITY: Inode numbers a currently being exposed as the name of the file a block is stored in. This should be avoided by hashing the inodes along with a salt. Because this salt needs to be accessible even before we've decrypted any data in the filesystem, we need to use data from the credentials. (Perhaps the path in the writecap?)