2.0.0-rc (#9)

### Issues

* \#1 \[bug\] Unable to mount S3 due to 'item_not_found' exception
* \#2 Require bucket name for S3 mounts
* \#3 \[bug\] File size is not being updated in S3 mount
* \#4 Upgrade to libfuse-3.x.x
* \#5 Switch to renterd for Sia support
* \#6 Switch to cpp-httplib to further reduce dependencies
* \#7 Remove global_data and calculate used disk space per provider
* \#8 Switch to libcurl for S3 mount support

### Changes from v1.x.x

* Added read-only encrypt provider
  * Pass-through mount point that transparently encrypts source data using `XChaCha20-Poly1305`
* Added S3 encryption support via `XChaCha20-Poly1305`
* Added replay protection to remote mounts
* Added support base64 writes in remote FUSE
* Created static linked Linux binaries for `amd64` and `aarch64` using `musl-libc`
* Removed legacy Sia renter support
* Removed Skynet support
* Fixed multiple remote mount WinFSP API issues on \*NIX servers
* Implemented chunked read and write
  * Writes for non-cached files are performed in chunks of 8Mib
* Removed `repertory-ui` support
* Removed `FreeBSD` support
* Switched to `libsodium` over `CryptoPP`
* Switched to `XChaCha20-Poly1305` for remote mounts
* Updated `GoogleTest` to v1.14.0
* Updated `JSON for Modern C++` to v3.11.2
* Updated `OpenSSL` to v1.1.1w
* Updated `RocksDB` to v8.5.3
* Updated `WinFSP` to 2023
* Updated `boost` to v1.78.0
* Updated `cURL` to v8.3.0
* Updated `zlib` to v1.3
* Use `upload_manager` for all providers
  * Adds a delay to uploads to prevent excessive API calls
  * Supports re-upload after mount restart for incomplete uploads
  * NOTE: Uploads for all providers are full file (no resume support)
    * Multipart upload support is planned for S3

Reviewed-on: #9

src/utils/encryption.cpp

@@ -1,91 +1,136 @@
 /*
-  Copyright <2018-2022> <scott.e.graves@protonmail.com>
+  Copyright <2018-2023> <scott.e.graves@protonmail.com>
 
-  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
-  associated documentation files (the "Software"), to deal in the Software without restriction,
-  including without limitation the rights to use, copy, modify, merge, publish, distribute,
-  sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
   furnished to do so, subject to the following conditions:
 
-  The above copyright notice and this permission notice shall be included in all copies or
-  substantial portions of the Software.
+  The above copyright notice and this permission notice shall be included in all
+  copies or substantial portions of the Software.
 
-  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
-  NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-  DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT
-  OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  SOFTWARE.
 */
 #include "utils/encryption.hpp"
-#include "events/events.hpp"
+
 #include "events/event_system.hpp"
+#include "events/events.hpp"
+#include "types/repertory.hpp"
 #include "utils/encrypting_reader.hpp"
 #include "utils/utils.hpp"
 
 namespace repertory::utils::encryption {
-api_error decrypt_file_name(const std::string &encryption_token, std::string &file_name) {
-  std::vector<char> buffer;
+auto decrypt_file_path(const std::string &encryption_token,
+                       std::string &file_path) -> api_error {
+  std::string decrypted_file_path{};
+  for (const auto &part : std::filesystem::path(file_path)) {
+    auto file_name = part.string();
+    if (file_name == "/") {
+      continue;
+    }
+
+    auto res = decrypt_file_name(encryption_token, file_name);
+    if (res != api_error::success) {
+      return res;
+    }
+
+    decrypted_file_path += '/' + file_name;
+  }
+
+  file_path = decrypted_file_path;
+  return api_error::success;
+}
+
+auto decrypt_file_name(const std::string &encryption_token,
+                       std::string &file_name) -> api_error {
+  data_buffer buffer;
   if (not utils::from_hex_string(file_name, buffer)) {
     return api_error::error;
   }
 
   file_name.clear();
-  if (not utils::encryption::decrypt_data(encryption_token, buffer, file_name)) {
+  if (not utils::encryption::decrypt_data(encryption_token, buffer,
+                                          file_name)) {
     return api_error::decryption_error;
   }
 
   return api_error::success;
 }
 
-CryptoPP::SecByteBlock generate_key(const std::string &encryption_token) {
-  CryptoPP::SecByteBlock key(CryptoPP::SHA256::DIGESTSIZE);
-  CryptoPP::SHA256().CalculateDigest(
-      reinterpret_cast<CryptoPP::byte *>(&key[0u]),
-      reinterpret_cast<const CryptoPP::byte *>(encryption_token.c_str()),
-      strnlen(encryption_token.c_str(), encryption_token.size()));
+auto generate_key(const std::string &encryption_token) -> key_type {
+  crypto_hash_sha256_state state{};
+  auto res = crypto_hash_sha256_init(&state);
+  if (res != 0) {
+    throw std::runtime_error("failed to initialize sha256|" +
+                             std::to_string(res));
+  }
 
-  return key;
+  if ((res = crypto_hash_sha256_update(
+           &state,
+           reinterpret_cast<const unsigned char *>(encryption_token.c_str()),
+           strnlen(encryption_token.c_str(), encryption_token.size()))) != 0) {
+    throw std::runtime_error("failed to update sha256|" + std::to_string(res));
+  }
+
+  key_type ret{};
+  if ((res = crypto_hash_sha256_final(&state, ret.data())) != 0) {
+    throw std::runtime_error("failed to finalize sha256|" +
+                             std::to_string(res));
+  }
+
+  return ret;
 }
 
-api_error read_encrypted_range(
-    const http_range &range, const CryptoPP::SecByteBlock &key,
-    const std::function<api_error(std::vector<char> &ct, const std::uint64_t &start_offset,
-                                  const std::uint64_t &end_offset)> &reader,
-    const std::uint64_t &total_size, std::vector<char> &data) {
-  static constexpr const auto &encrypted_chunk_size =
+auto read_encrypted_range(
+    const http_range &range, const key_type &key,
+    const std::function<api_error(data_buffer &ct, std::uint64_t start_offset,
+                                  std::uint64_t end_offset)> &reader,
+    std::uint64_t total_size, data_buffer &data) -> api_error {
+  const auto encrypted_chunk_size =
       utils::encryption::encrypting_reader::get_encrypted_chunk_size();
-  static constexpr const auto &data_chunk_size =
+  const auto data_chunk_size =
       utils::encryption::encrypting_reader::get_data_chunk_size();
-  static constexpr const auto &header_size =
+  const auto header_size =
       utils::encryption::encrypting_reader::get_header_size();
 
-  const auto start_chunk = static_cast<std::size_t>(range.begin / data_chunk_size);
+  const auto start_chunk =
+      static_cast<std::size_t>(range.begin / data_chunk_size);
   const auto end_chunk = static_cast<std::size_t>(range.end / data_chunk_size);
   auto remain = range.end - range.begin + 1u;
   auto source_offset = static_cast<std::size_t>(range.begin % data_chunk_size);
 
   for (std::size_t chunk = start_chunk; chunk <= end_chunk; chunk++) {
-    std::vector<char> ct;
+    data_buffer ct;
     const auto start_offset = chunk * encrypted_chunk_size;
-    const auto end_offset =
-        std::min(start_offset + (total_size - (chunk * data_chunk_size)) + header_size - 1u,
-                 static_cast<std::uint64_t>(start_offset + encrypted_chunk_size - 1u));
+    const auto end_offset = std::min(
+        start_offset + (total_size - (chunk * data_chunk_size)) + header_size -
+            1u,
+        static_cast<std::uint64_t>(start_offset + encrypted_chunk_size - 1u));
 
     const auto result = reader(ct, start_offset, end_offset);
     if (result != api_error::success) {
       return result;
     }
 
-    std::vector<char> source_buffer;
+    data_buffer source_buffer;
     if (not utils::encryption::decrypt_data(key, ct, source_buffer)) {
       return api_error::decryption_error;
     }
     ct.clear();
 
-    const auto data_size = static_cast<std::size_t>(
-        std::min(remain, static_cast<std::uint64_t>(data_chunk_size - source_offset)));
+    const auto data_size = static_cast<std::size_t>(std::min(
+        remain, static_cast<std::uint64_t>(data_chunk_size - source_offset)));
     std::copy(source_buffer.begin() + source_offset,
-              source_buffer.begin() + source_offset + data_size, std::back_inserter(data));
+              source_buffer.begin() + source_offset + data_size,
+              std::back_inserter(data));
     remain -= data_size;
     source_offset = 0u;
   }