Normalize Base4K names on the INameCrypt level

Author: d2dyno1

src/Core/SecureFolderFS.Core.Cryptography/NameCrypt/BaseNameCrypt.cs

@@ -9,6 +9,7 @@ namespace SecureFolderFS.Core.Cryptography.NameCrypt
     /// <inheritdoc cref="INameCrypt"/>
     internal abstract class BaseNameCrypt : INameCrypt
     {
+        protected const NormalizationForm NORMALIZATION = NormalizationForm.FormC;
         protected readonly string fileNameEncodingId;
 
         protected BaseNameCrypt(string fileNameEncodingId)
@@ -40,30 +41,50 @@ public virtual string EncryptName(ReadOnlySpan<char> plaintextName, ReadOnlySpan
         }
 
         /// <inheritdoc/>
+        [SkipLocalsInit]
         public virtual string? DecryptName(ReadOnlySpan<char> ciphertextName, ReadOnlySpan<byte> directoryId)
         {
             try
+            {
+                if (!ciphertextName.IsNormalized(NORMALIZATION))
+                {
+                    var normalizedLength = ciphertextName.GetNormalizedLength(NORMALIZATION);
+                    var destination = normalizedLength < 256 ? stackalloc char[normalizedLength] : new char[normalizedLength];
+
+                    // Try to normalize
+                    if (!ciphertextName.TryNormalize(destination, out var written, NORMALIZATION))
+                        return null;
+
+                    // Decode
+                    return Decode(destination.Slice(0, written), directoryId);
+                }
+
+                // Skip normalization and decode directly
+                return Decode(ciphertextName, directoryId);
+            }
+            catch (Exception)
+            {
+                return null;
+            }
+
+            string? Decode(ReadOnlySpan<char> name, ReadOnlySpan<byte> associatedData)
             {
                 // Decode buffer
-                var ciphertextNameBuffer = fileNameEncodingId switch
+                var decoded = fileNameEncodingId switch
                 {
-                    Constants.CipherId.ENCODING_BASE64URL => Base64Url.DecodeFromChars(ciphertextName),
-                    Constants.CipherId.ENCODING_BASE4K => Base4K.DecodeChainToNewBuffer(ciphertextName),
+                    Constants.CipherId.ENCODING_BASE64URL => Base64Url.DecodeFromChars(name),
+                    Constants.CipherId.ENCODING_BASE4K => Base4K.DecodeChainToNewBuffer(name),
                     _ => throw new ArgumentOutOfRangeException(nameof(fileNameEncodingId))
                 };
 
                 // Decrypt
-                var plaintextNameBuffer = DecryptFileName(ciphertextNameBuffer, directoryId);
+                var plaintextNameBuffer = DecryptFileName(decoded, associatedData);
                 if (plaintextNameBuffer is null)
                     return null;
 
                 // Get string from plaintext buffer
                 return Encoding.UTF8.GetString(plaintextNameBuffer);
             }
-            catch (Exception)
-            {
-                return null;
-            }
         }
 
         protected abstract byte[] EncryptFileName(ReadOnlySpan<byte> plaintextFileNameBuffer, ReadOnlySpan<byte> directoryId);

src/Core/SecureFolderFS.Core.FileSystem/Helpers/Paths/Abstract/AbstractPathHelpers.cs

@@ -21,34 +21,23 @@ public static byte[] AllocateDirectoryId(Security security, string? path = null)
             return new byte[Constants.DIRECTORY_ID_SIZE];
         }
 
+        /// <summary>
+        /// Removes the ciphertext file extension from the specified filename if it exists.
+        /// This method ensures that the extension is stripped manually to avoid issues with
+        /// path parsers that could misinterpret characters in the filename.
+        /// </summary>
+        /// <param name="ciphertextName">The filename with an optional ciphertext extension.</param>
+        /// <returns>
+        /// A <see cref="ReadOnlySpan{T}"/> representing the filename without the ciphertext extension.</returns>
         public static ReadOnlySpan<char> RemoveCiphertextExtension(string ciphertextName)
         {
             // Do NOT use Path.GetFileNameWithoutExtension - after APFS NFD-decomposes Base4K
             // codepoints, the string may contain spurious dot-like characters that confuse the
             // path parser, causing it to truncate mid-ciphertext.
             // Strip the known extension manually instead.
-            var nameWithoutExtension = ciphertextName.EndsWith(Constants.Names.ENCRYPTED_FILE_EXTENSION, StringComparison.Ordinal)
+            return ciphertextName.EndsWith(Constants.Names.ENCRYPTED_FILE_EXTENSION, StringComparison.Ordinal)
                 ? ciphertextName.AsSpan(0, ciphertextName.Length - Constants.Names.ENCRYPTED_FILE_EXTENSION.Length)
                 : ciphertextName.AsSpan();
-
-            // Only normalize if needed. APFS layers NFD-decompose Base4K codepoints,
-            // but Dokany/WinFsp deliver names in a form where NFC recomposition breaks lookup.
-            if (OperatingSystem.IsIOS() || OperatingSystem.IsMacOS() || OperatingSystem.IsMacCatalyst())
-            {
-                // IsNormalized() lets the string itself determine whether normalization is safe.
-                // TODO: Fix normalization in Vault V4
-                if (!nameWithoutExtension.IsNormalized(NormalizationForm.FormC))
-                {
-                    var normalizedLength = nameWithoutExtension.GetNormalizedLength(NormalizationForm.FormC);
-                    var normalized = new char[normalizedLength];
-
-                    // NFC-normalize before decoding
-                    if (nameWithoutExtension.TryNormalize(normalized, out var written, NormalizationForm.FormC))
-                        return normalized.AsSpan(0, written);
-                }
-            }
-
-            return nameWithoutExtension;
         }
     }
 }

src/Platforms/SecureFolderFS.Maui/Platforms/iOS/Storage/IOSFolder.cs

@@ -125,6 +125,15 @@ public async Task<IChildFolder> CreateFolderAsync(string name, bool overwrite =
                 var path = Path.Combine(Id, name);
                 NSFileAttributes? attributes = null;
 
+                var isDirectory = false;
+                if (overwrite && NSFileManager.DefaultManager.FileExists(path, ref isDirectory))
+                {
+                    if (!isDirectory)
+                        throw new InvalidOperationException("Tried to overwrite an existing file with a directory.");
+
+                    NSFileManager.DefaultManager.Remove(new NSUrl(path, true), out _);
+                }
+
                 if (NSFileManager.DefaultManager.CreateDirectory(path, false, attributes, out var error))
                     return new IOSFolder(new NSUrl(path, true), this, permissionRoot);
 

src/Platforms/SecureFolderFS.Maui/Resources/Styles/Converters.xaml

@@ -17,6 +17,7 @@
     <vc:DateTimeToStringConverter x:Key="DateTimeToStringConverter" />
     <vc:ThumbnailToAspectConverter x:Key="ThumbnailToAspectConverter" />
     <vc:SeverityHealthIconConverter x:Key="SeverityHealthIconConverter" />
+    <vc:ExpandedStateToIconConverter x:Key="ExpandedStateToIconConverter" />
     <vc:StringInterpolationConverter x:Key="StringInterpolationConverter" />
 
 </ResourceDictionary>

src/Platforms/SecureFolderFS.Maui/UserControls/ErrorControl.xaml

@@ -5,13 +5,8 @@
     xmlns:l="using:SecureFolderFS.Maui.Localization"
     xmlns:mi="http://www.aathifmahir.com/dotnet/2022/maui/icons"
     xmlns:mtk="http://schemas.microsoft.com/dotnet/2022/maui/toolkit"
-    xmlns:vc="clr-namespace:SecureFolderFS.Maui.ValueConverters"
     x:Name="ThisControl">
 
-    <ContentView.Resources>
-        <vc:ExpandedStateToIconConverter x:Key="ExpandedStateToIconConverter" />
-    </ContentView.Resources>
-
     <VerticalStackLayout Spacing="4">
         <Label
             FontSize="17"

src/Platforms/SecureFolderFS.Maui/Views/Modals/Wizard/CredentialsWizardPage.xaml

@@ -10,7 +10,6 @@
     xmlns:uc="clr-namespace:SecureFolderFS.Maui.UserControls"
     xmlns:ucc="clr-namespace:SecureFolderFS.Maui.UserControls.Common"
     xmlns:uco="clr-namespace:SecureFolderFS.Maui.UserControls.Options"
-    xmlns:vc="clr-namespace:SecureFolderFS.Maui.ValueConverters"
     xmlns:vm="clr-namespace:SecureFolderFS.Sdk.ViewModels.Controls.Authentication;assembly=SecureFolderFS.Sdk"
     xmlns:vm2="clr-namespace:SecureFolderFS.Sdk.ViewModels.Controls.Components;assembly=SecureFolderFS.Sdk"
     x:Name="ThisPage"
@@ -23,10 +22,6 @@
     PrimaryEnabled="{Binding ViewModel.CanContinue, Mode=OneWay}"
     PrimaryText="{Binding OverlayViewModel.PrimaryText, Mode=OneWay}">
 
-    <md:BaseModalPage.Resources>
-        <vc:ExpandedStateToIconConverter x:Key="ExpandedStateToIconConverter" />
-    </md:BaseModalPage.Resources>
-
     <md:BaseModalPage.ModalContent>
         <VerticalStackLayout Padding="16,0" Spacing="32">
             <VerticalStackLayout Spacing="16">

src/Platforms/SecureFolderFS.Maui/Views/Vault/HealthPage.xaml

@@ -10,15 +10,12 @@
     xmlns:ts="clr-namespace:SecureFolderFS.Maui.TemplateSelectors"
     xmlns:uc="clr-namespace:SecureFolderFS.Maui.UserControls"
     xmlns:uco="clr-namespace:SecureFolderFS.Maui.UserControls.Options"
-    xmlns:vc="clr-namespace:SecureFolderFS.Maui.ValueConverters"
     xmlns:vm="clr-namespace:SecureFolderFS.Sdk.ViewModels.Controls.Widgets.Health;assembly=SecureFolderFS.Sdk"
     xmlns:vm2="clr-namespace:SecureFolderFS.UI.ViewModels.Health;assembly=SecureFolderFS.UI"
     Title="{l:ResourceString Rid=HealthReport}"
     x:DataType="local:HealthPage">
 
     <ContentPage.Resources>
-        <vc:ExpandedStateToIconConverter x:Key="ExpandedStateToIconConverter" />
-
         <!--  Directory Issue  -->
         <DataTemplate x:Key="DirectoryIssueTemplate" x:DataType="vm2:HealthDirectoryIssueViewModel">
             <mtk:Expander x:Name="IssueExpander">