Added the option to restore corrupted vault config files

Author: d2dyno1

src/Core/SecureFolderFS.Core.Cryptography/Constants.cs

@@ -9,10 +9,10 @@ public static class KeyTraits
             public const int DEK_KEY_LENGTH = 32;
             public const int MAC_KEY_LENGTH = 32;
             public const int ARGON2_KEK_LENGTH = 32;
-            public const int CHALLENGE_KEY_PART_LENGTH_32 = 32;
-            public const int CHALLENGE_KEY_PART_LENGTH_64 = 64;
-            public const int CHALLENGE_KEY_PART_LENGTH_128 = 128;
-            public const int ECIES_SHA256_AESGCM_STDX963_KEY_LENGTH = CHALLENGE_KEY_PART_LENGTH_32;
+            public const int KEY_PART_LENGTH_32 = 32;
+            public const int KEY_PART_LENGTH_64 = 64;
+            public const int KEY_PART_LENGTH_128 = 128;
+            public const int ECIES_SHA256_AESGCM_STDX963_KEY_LENGTH = KEY_PART_LENGTH_32;
             public const int HMAC_SHA1_HASH_LENGTH = 20;
         }
 

src/Core/SecureFolderFS.Core.Cryptography/Helpers/CryptHelpers.cs

@@ -10,7 +10,7 @@ namespace SecureFolderFS.Core.Cryptography.Helpers
 {
     public static class CryptHelpers
     {
-        public static IKeyBytes GenerateChallenge(string vaultId, int challengeSize = Constants.KeyTraits.CHALLENGE_KEY_PART_LENGTH_128)
+        public static IKeyBytes GenerateChallenge(string vaultId, int challengeSize = Constants.KeyTraits.KEY_PART_LENGTH_128)
         {
             var encodedVaultIdLength = Encoding.ASCII.GetByteCount(vaultId);
             var challenge = new byte[challengeSize + encodedVaultIdLength];

src/Core/SecureFolderFS.Core.Cryptography/NameCrypt/BaseNameCrypt.cs

@@ -10,11 +10,13 @@ namespace SecureFolderFS.Core.Cryptography.NameCrypt
     internal abstract class BaseNameCrypt : INameCrypt
     {
         protected const NormalizationForm NORMALIZATION = NormalizationForm.FormC;
-        protected readonly string fileNameEncodingId;
+
+        /// <inheritdoc/>
+        public virtual string EncodingId { get; }
 
         protected BaseNameCrypt(string fileNameEncodingId)
         {
-            this.fileNameEncodingId = fileNameEncodingId;
+            EncodingId = fileNameEncodingId;
         }
 
         /// <inheritdoc/>
@@ -32,11 +34,11 @@ public virtual string EncryptName(ReadOnlySpan<char> plaintextName, ReadOnlySpan
             var ciphertextNameBuffer = EncryptFileName(bytes.Slice(0, count), directoryId);
 
             // Encode string
-            return fileNameEncodingId switch
+            return EncodingId switch
             {
                 Constants.CipherId.ENCODING_BASE64URL => Base64Url.EncodeToString(ciphertextNameBuffer),
                 Constants.CipherId.ENCODING_BASE4K => SecombaBase4K.Encode(ciphertextNameBuffer).Normalize(NORMALIZATION),
-                _ => throw new ArgumentOutOfRangeException(nameof(fileNameEncodingId))
+                _ => throw new ArgumentOutOfRangeException(nameof(EncodingId))
             };
         }
 
@@ -46,7 +48,7 @@ public virtual string EncryptName(ReadOnlySpan<char> plaintextName, ReadOnlySpan
         {
             try
             {
-                if (fileNameEncodingId == Constants.CipherId.ENCODING_BASE4K && !ciphertextName.IsNormalized(NORMALIZATION))
+                if (EncodingId == Constants.CipherId.ENCODING_BASE4K && !ciphertextName.IsNormalized(NORMALIZATION))
                 {
                     var normalizedLength = ciphertextName.GetNormalizedLength(NORMALIZATION);
                     var destination = normalizedLength < 256 ? stackalloc char[normalizedLength] : new char[normalizedLength];
@@ -70,11 +72,11 @@ public virtual string EncryptName(ReadOnlySpan<char> plaintextName, ReadOnlySpan
             string? Decode(ReadOnlySpan<char> name, ReadOnlySpan<byte> associatedData)
             {
                 // Decode buffer
-                var decoded = fileNameEncodingId switch
+                var decoded = EncodingId switch
                 {
                     Constants.CipherId.ENCODING_BASE64URL => Base64Url.DecodeFromChars(name),
                     Constants.CipherId.ENCODING_BASE4K => SecombaBase4K.Decode(name),
-                    _ => throw new ArgumentOutOfRangeException(nameof(fileNameEncodingId))
+                    _ => throw new ArgumentOutOfRangeException(nameof(EncodingId))
                 };
 
                 // Decrypt

src/Core/SecureFolderFS.Core.Cryptography/NameCrypt/INameCrypt.cs

@@ -7,6 +7,11 @@ namespace SecureFolderFS.Core.Cryptography.NameCrypt
     /// </summary>
     public interface INameCrypt : IDisposable
     {
+        /// <summary>
+        /// Gets the encoding identifier.
+        /// </summary>
+        string EncodingId { get; }
+
         /// <summary>
         /// Encrypts the <paramref name="plaintextName"/> using associated <paramref name="directoryId"/>.
         /// </summary>

src/Core/SecureFolderFS.Core.Cryptography/Security.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics.CodeAnalysis;
 using SecureFolderFS.Core.Cryptography.ContentCrypt;
 using SecureFolderFS.Core.Cryptography.HeaderCrypt;
 using SecureFolderFS.Core.Cryptography.NameCrypt;
@@ -48,35 +49,50 @@ private Security(KeyPair keyPair)
         public static Security CreateNew(KeyPair keyPair, string contentCipherId, string fileNameCipherId, string fileNameEncodingId)
         {
             // Initialize crypt implementation
-            IHeaderCrypt headerCrypt = contentCipherId switch
+            var headerCrypt = GetHeaderCrypt(keyPair, contentCipherId);
+            var contentCrypt = GetContentCrypt(contentCipherId, keyPair);
+            var nameCrypt = GetNameCrypt(keyPair, fileNameCipherId, fileNameEncodingId);
+
+            return new(keyPair)
+            {
+                ContentCrypt = contentCrypt,
+                HeaderCrypt = headerCrypt,
+                NameCrypt = nameCrypt
+            };
+        }
+
+        public static IHeaderCrypt GetHeaderCrypt(KeyPair keyPair, string contentCipherId)
+        {
+            return contentCipherId switch
             {
                 CipherId.AES_CTR_HMAC => new AesCtrHmacHeaderCrypt(keyPair),
                 CipherId.AES_GCM => new AesGcmHeaderCrypt(keyPair),
                 CipherId.XCHACHA20_POLY1305 => new XChaChaHeaderCrypt(keyPair),
                 CipherId.NONE => new NoHeaderCrypt(keyPair),
                 _ => throw new ArgumentOutOfRangeException(nameof(contentCipherId))
             };
-            IContentCrypt contentCrypt = contentCipherId switch
+        }
+
+        public static IContentCrypt GetContentCrypt(string contentCipherId, KeyPair keyPair)
+        {
+            return contentCipherId switch
             {
                 CipherId.AES_CTR_HMAC => new AesCtrHmacContentCrypt(keyPair.MacKey),
                 CipherId.AES_GCM => new AesGcmContentCrypt(),
                 CipherId.XCHACHA20_POLY1305 => new XChaChaContentCrypt(),
                 CipherId.NONE => new NoContentCrypt(),
                 _ => throw new ArgumentOutOfRangeException(nameof(contentCipherId))
             };
-            INameCrypt? nameCrypt = fileNameCipherId switch
+        }
+
+        public static INameCrypt? GetNameCrypt(KeyPair keyPair, string fileNameCipherId, string fileNameEncodingId)
+        {
+            return fileNameCipherId switch
             {
                 CipherId.AES_SIV => new AesSivNameCrypt(keyPair, fileNameEncodingId),
                 CipherId.NONE => null,
                 _ => throw new ArgumentOutOfRangeException(nameof(fileNameCipherId))
             };
-
-            return new(keyPair)
-            {
-                ContentCrypt = contentCrypt,
-                HeaderCrypt = headerCrypt,
-                NameCrypt = nameCrypt
-            };
         }
 
         /// <inheritdoc/>

src/Core/SecureFolderFS.Core.FileSystem/Extensions/FileHeaderExtensions.cs

@@ -1,16 +1,16 @@
 using System;
 using System.IO;
 using System.Runtime.CompilerServices;
-using SecureFolderFS.Core.Cryptography;
+using SecureFolderFS.Core.Cryptography.HeaderCrypt;
 using SecureFolderFS.Core.FileSystem.Buffers;
 using SecureFolderFS.Storage.VirtualFileSystem;
 
 namespace SecureFolderFS.Core.FileSystem.Extensions
 {
-    internal static class FileHeaderExtensions
+    public static class FileHeaderExtensions
     {
         [SkipLocalsInit]
-        public static bool ReadHeader(this HeaderBuffer headerBuffer, Stream ciphertextStream, Security security)
+        public static bool ReadHeader(this HeaderBuffer headerBuffer, Stream ciphertextStream, IHeaderCrypt headerCrypt)
         {
             if (headerBuffer.IsHeaderReady)
                 return true;
@@ -19,7 +19,7 @@ public static bool ReadHeader(this HeaderBuffer headerBuffer, Stream ciphertextS
                 throw FileSystemExceptions.StreamNotReadable;
 
             // Allocate ciphertext header
-            Span<byte> ciphertextHeader = stackalloc byte[security.HeaderCrypt.HeaderCiphertextSize];
+            Span<byte> ciphertextHeader = stackalloc byte[headerCrypt.HeaderCiphertextSize];
 
             // Read header
             int read;
@@ -43,7 +43,7 @@ public static bool ReadHeader(this HeaderBuffer headerBuffer, Stream ciphertextS
                 return false;
 
             // Decrypt header
-            headerBuffer.IsHeaderReady = security.HeaderCrypt.DecryptHeader(ciphertextHeader, headerBuffer);
+            headerBuffer.IsHeaderReady = headerCrypt.DecryptHeader(ciphertextHeader, headerBuffer);
 
             return headerBuffer.IsHeaderReady;
         }

src/Core/SecureFolderFS.Core.FileSystem/Helpers/Paths/Abstract/AbstractPathHelpers.Directory.cs

@@ -10,6 +10,26 @@ namespace SecureFolderFS.Core.FileSystem.Helpers.Paths.Abstract
 {
     public static partial class AbstractPathHelpers
     {
+        public static async Task<bool> GetDirectoryIdAsync(
+            IFolder folderOfDirectoryId,
+            IFolder contentFolder,
+            Memory<byte> directoryId,
+            CancellationToken cancellationToken)
+        {
+            if (folderOfDirectoryId.Id == contentFolder.Id)
+                return false;
+
+            var directoryIdFile = await folderOfDirectoryId.GetFileByNameAsync(Constants.Names.DIRECTORY_ID_FILENAME, cancellationToken).ConfigureAwait(false);
+            await using var directoryIdStream = await directoryIdFile.OpenStreamAsync(FileAccess.Read, FileShare.Read, cancellationToken).ConfigureAwait(false);
+
+            var read = await directoryIdStream.ReadAsync(directoryId, cancellationToken).ConfigureAwait(false);
+            if (read < Constants.DIRECTORY_ID_SIZE)
+                throw new IOException($"The data inside Directory ID file is of incorrect size: {read}.");
+
+            // The Directory ID is not empty - return true
+            return true;
+        }
+
         public static async Task<bool> GetDirectoryIdAsync(
             IFolder folderOfDirectoryId,
             FileSystemSpecifics specifics,

src/Core/SecureFolderFS.Core.FileSystem/Streams/PlaintextStream.cs

@@ -100,7 +100,7 @@ public override int Read(Span<byte> buffer)
             }
 
             // Read header if is not ready
-            if (!_headerBuffer.ReadHeader(Inner, _security))
+            if (!_headerBuffer.ReadHeader(Inner, _security.HeaderCrypt))
                 throw new CryptographicException("Could not read header.");
 
             var positionInBuffer = 0;
@@ -173,7 +173,7 @@ public override void SetLength(long value)
                 return;
 
             // Make sure the header is ready before we can read/modify chunks
-            if (!TryWriteHeader() && !_headerBuffer.ReadHeader(Inner, _security))
+            if (!TryWriteHeader() && !_headerBuffer.ReadHeader(Inner, _security.HeaderCrypt))
                 throw new CryptographicException();
 
             var plaintextChunkSize = _security.ContentCrypt.ChunkPlaintextSize;
@@ -274,7 +274,7 @@ public override void Flush()
 
         private void WriteInternal(ReadOnlySpan<byte> buffer, long position)
         {
-            if (!TryWriteHeader() && !_headerBuffer.ReadHeader(Inner, _security))
+            if (!TryWriteHeader() && !_headerBuffer.ReadHeader(Inner, _security.HeaderCrypt))
                 throw new CryptographicException("Could not write nor read the header.");
 
             var plaintextChunkSize = _security.ContentCrypt.ChunkPlaintextSize;

src/Core/SecureFolderFS.Core.FileSystem/Streams/StreamsAccess.cs

@@ -82,7 +82,7 @@ public Stream OpenPlaintextStream(string id, Stream wrappedStream, Stream? heade
                     // The header needs to be read at this point now as there is existing data in the wrapped stream,
                     // indicating overhead is present. Since the primary stream is write-only, we must
                     // use the dedicated read-only stream and store the header.
-                    if (!headerBuffer.ReadHeader(headerReadingStream, _security))
+                    if (!headerBuffer.ReadHeader(headerReadingStream, _security.HeaderCrypt))
                         throw new InvalidOperationException($"The {nameof(headerReadingStream)} cannot read the header.");
 
                     headerReadingStream.Dispose();

src/Core/SecureFolderFS.Core/Constants.cs

@@ -17,6 +17,7 @@ public static class Names
             public static class Authentication
             {
                 public const string AUTH_NONE = "none";
+                public const string AUTH_RECOVERY_KEY_REQUIREMENT = "recovery_key_requirement";
                 public const string AUTH_PASSWORD = "password";
                 public const string AUTH_KEYFILE = "key_file";
                 public const string AUTH_WINDOWS_HELLO = "windows_hello";