Blocktree/TODO.txt

# Format: - <task ID>, <task points>, <created by user>, <created on commit>, <finished by user>, <finished on commit>

!- 0, 3, mdcarr941@gmail.com, 2ebb8a
Fix bug where writing to a block that already has a Writecap in its header using the creds of
a different node produces an invalid signature (a signature using the creds of the other node).

!- 1
Fix BufSectored so it doesn't have to write to the first sector every flush.

- 2
Track position and dirty-ness in Trailered.

- 4
Remove TryCompose?

!- 5, 1, mdcarr941@gmail.com, bd6904, mdcarr941@gmail.com, bd6904
Move crypto::{encrypt, decrypt} into corresponding {EncrypterExt, DecrypterExt}.

!- 7, 2, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356
Add a ser_sign_into method to SignerExt which serializes a value into a provided Vec<u8> and returns
a signature over this data. Update BlockStream::flush_integ to use this method.

!- 8
Convert all sector sizes to u32 for portability.
(I ended up using u64 but keeping usize as the return type for Sectored::sector_sz)

- 9
Create an extension trait for u64 with a method for adding an i64 to it. Use this in
SecretStream::seek, Trailered::seek and SectoredBuf::seek.

!- 10, 5, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356
Create a struct which digests data written to it before passing it to an underlying Write.

!- 11, 3, mdcarr941@gmail.com, bd6904, mdcarr941@gmail.com, bd6904
Create a struct called WritecapBody to contain the fields of Writecap which go into the signature
calculation so that WritecapSigInput is no longer required.

!- 12, 8, mdcarr941@gmail.com, 2ebb8a,
Create a struct for managing the directory used to store blocks in the file system. Design and
implement an API for creating, opening, moving, copying, deleting and linking blocks. This API must
be codified by a trait to allow the implementation to be changed in the future.

!- 13, 5, mdcarr941@gmail.com, ?, mdcarr941@gmail.com, fd4356
Change the Hash enum so it contains structs for each hash type. Unify these structs with the node
structs used in the VecMerkleTree.

!- 14, 13, mdcarr941@gmail.com, bd6904
Refactor btlib so that most of the types are in their own modules. This is
needed to encourage modularity and weak coupling, as it reduces the amount of code that fields
and helper functions are visible to.

!- 15, 13, mdcarr941@gmail.com, 58d1f6, 
Create a new crate which implements a FUSE daemon.

!- 16, 5, mdcarr941@gmail.com, 866533,
Add the inherit field, which contains the crypto link from the parent block key to the current
block key, to the block metadata.

- 17, 13, mdcarr941@gmail.com, 8665339,
SECURITY: Design and implement a mechanism to protect the keys in block's metadata dictionary from
being correlated with one another. This mechanism must allow a principal with a readcap to be able
to find their readcap and to rotate the block and create new readcaps for each of the principals in
the dictionary, but prevent an attacker from being able to identify when two blocks contain
readcaps for the same principal.

!- 18, 3, mdcarr941@gmail.com, 8665339, ???
SECURITY: Remove the path field from BlockMeta. It isn't needed as the block path should be
independently know by any verified. This will ensure that path names are not stored in cleartext.

- 19, 21, mdcarr941@gmail.com, 8665339,
Integrate with tokio and add async methods to all of the stream types.

- 20, 5, mdcarr941@gmail.com, ef1d43,
Rewrite BlockPath to be more efficient by ensuring that all characters in a path are contiguous
in memory.

!- 22, 8, mdcarr941@gmail.com, fe2ffc, mdcarr941@gmail.com, fe2ffc
Add a new fields to BlockMeta which stores data encrypted using the block key. This information must
include:
  * mode bits as u32
  * Unix timestamps
  * owner UID and GID
  * size of block data in bytes as u64
  * number of hardlinks to the block
Also include a dictionary for user data, which is indexed using a String and whose values are
Vec<u8> structs.

- 23, 5, mdcarr941@gmail.com, 7f33fa,
Manually implement the Serialize trait for BlockMetaBody so that the secrets field can be lazily
updated upon serialization if the secrets_struct field has been modified. In order to detect
modifications, a new field with the serde(skip) attribute needs to be added to BlockMetaBody to
store the hash of BlockMetaSecrets that was computed just after decryption. 

- 24, 3, mdcarr941@gmail.com, 7dbb358,
Move `BlockRecord.frags` into `BlockMetaSecrets`.

- 25, 2, mdcarr941@gmail.com, 02d8cb,
Implement `Blocktree::batch_forget`.

- 26, 13, mdcarr941@gmail.com, 44a6ef,
Implement a timeout mechanism in LocalFs which will purge handles and locks that have not been
accessed for a configured period of time.

- 27, 8, mdcarr941@gmail.com, 1c59d92
SECURITY: Reusing the IV for every sector in a block is a security risk. This is equivalent to using
ECB mode with a cipher whose block size equals the sector size, meaning that patterns in the cipher
text will be clearly visible. Design a method to avoid reusing the same IV for every sector.
(Maybe use the sector index as the IV? That's kind of like CTR mode. Ah, I could hash the IV with
the sector index, then use that as the IV for the sector.)

- 27, 3, mdcarr941@gmail.com, 1c59d92
SECURITY: Inode numbers a currently being exposed as the name of the file a block is stored in. This
should be  avoided by hashing the inodes along with a salt. Because this salt needs to be accessible
even before we've decrypted any data in the filesystem, we need to use data from the credentials.
(Perhaps the path in the writecap?)