First porting of Python to Rust - update docs and bug fixes

rust/myfsio-engine/crates/myfsio-crypto/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "myfsio-crypto"
-version = "0.1.0"
-edition = "2021"
+version.workspace = true
+edition.workspace = true
 
 [dependencies]
 myfsio-common = { path = "../myfsio-common" }

rust/myfsio-engine/crates/myfsio-crypto/src/aes_gcm.rs

@@ -193,7 +193,10 @@ mod tests {
         let decrypted = dir.path().join("decrypted.bin");
 
         let data = b"Hello, this is a test of AES-256-GCM chunked encryption!";
-        std::fs::File::create(&input).unwrap().write_all(data).unwrap();
+        std::fs::File::create(&input)
+            .unwrap()
+            .write_all(data)
+            .unwrap();
 
         let key = [0x42u8; 32];
         let nonce = [0x01u8; 12];
@@ -212,9 +215,18 @@ mod tests {
     fn test_invalid_key_size() {
         let dir = tempfile::tempdir().unwrap();
         let input = dir.path().join("input.bin");
-        std::fs::File::create(&input).unwrap().write_all(b"test").unwrap();
+        std::fs::File::create(&input)
+            .unwrap()
+            .write_all(b"test")
+            .unwrap();
 
-        let result = encrypt_stream_chunked(&input, &dir.path().join("out"), &[0u8; 16], &[0u8; 12], None);
+        let result = encrypt_stream_chunked(
+            &input,
+            &dir.path().join("out"),
+            &[0u8; 16],
+            &[0u8; 12],
+            None,
+        );
         assert!(matches!(result, Err(CryptoError::InvalidKeySize(16))));
     }
 
@@ -225,7 +237,10 @@ mod tests {
         let encrypted = dir.path().join("encrypted.bin");
         let decrypted = dir.path().join("decrypted.bin");
 
-        std::fs::File::create(&input).unwrap().write_all(b"secret data").unwrap();
+        std::fs::File::create(&input)
+            .unwrap()
+            .write_all(b"secret data")
+            .unwrap();
 
         let key = [0x42u8; 32];
         let nonce = [0x01u8; 12];

rust/myfsio-engine/crates/myfsio-crypto/src/encryption.rs

@@ -4,9 +4,7 @@ use rand::RngCore;
 use std::collections::HashMap;
 use std::path::Path;
 
-use crate::aes_gcm::{
-    encrypt_stream_chunked, decrypt_stream_chunked, CryptoError,
-};
+use crate::aes_gcm::{decrypt_stream_chunked, encrypt_stream_chunked, CryptoError};
 use crate::kms::KmsService;
 
 #[derive(Debug, Clone, PartialEq)]
@@ -172,15 +170,14 @@ impl EncryptionService {
                 let ciphertext = kms.encrypt_data(kid, &data_key).await?;
                 (Some(B64.encode(&ciphertext)), Some(kid.clone()))
             }
-            SseAlgorithm::CustomerProvided => {
-                (None, None)
-            }
+            SseAlgorithm::CustomerProvided => (None, None),
         };
 
         let actual_key = if ctx.algorithm == SseAlgorithm::CustomerProvided {
-            let ck = ctx.customer_key.as_ref().ok_or_else(|| {
-                CryptoError::EncryptionFailed("No customer key provided".into())
-            })?;
+            let ck = ctx
+                .customer_key
+                .as_ref()
+                .ok_or_else(|| CryptoError::EncryptionFailed("No customer key provided".into()))?;
             if ck.len() != 32 {
                 return Err(CryptoError::InvalidKeySize(ck.len()));
             }
@@ -195,11 +192,9 @@ impl EncryptionService {
         let op = output_path.to_owned();
         let ak = actual_key;
         let n = nonce;
-        tokio::task::spawn_blocking(move || {
-            encrypt_stream_chunked(&ip, &op, &ak, &n, None)
-        })
-        .await
-        .map_err(|e| CryptoError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))??;
+        tokio::task::spawn_blocking(move || encrypt_stream_chunked(&ip, &op, &ak, &n, None))
+            .await
+            .map_err(|e| CryptoError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))??;
 
         Ok(EncryptionMetadata {
             algorithm: ctx.algorithm.as_str().to_string(),
@@ -216,9 +211,9 @@ impl EncryptionService {
         enc_meta: &EncryptionMetadata,
         customer_key: Option<&[u8]>,
     ) -> Result<(), CryptoError> {
-        let nonce_bytes = B64.decode(&enc_meta.nonce).map_err(|e| {
-            CryptoError::EncryptionFailed(format!("Bad nonce encoding: {}", e))
-        })?;
+        let nonce_bytes = B64
+            .decode(&enc_meta.nonce)
+            .map_err(|e| CryptoError::EncryptionFailed(format!("Bad nonce encoding: {}", e)))?;
         if nonce_bytes.len() != 12 {
             return Err(CryptoError::InvalidNonceSize(nonce_bytes.len()));
         }
@@ -262,11 +257,9 @@ impl EncryptionService {
         let ip = input_path.to_owned();
         let op = output_path.to_owned();
         let nb: [u8; 12] = nonce_bytes.try_into().unwrap();
-        tokio::task::spawn_blocking(move || {
-            decrypt_stream_chunked(&ip, &op, &data_key, &nb)
-        })
-        .await
-        .map_err(|e| CryptoError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))??;
+        tokio::task::spawn_blocking(move || decrypt_stream_chunked(&ip, &op, &data_key, &nb))
+            .await
+            .map_err(|e| CryptoError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))??;
 
         Ok(())
     }
@@ -298,7 +291,10 @@ mod tests {
         let decrypted = dir.path().join("dec.bin");
 
         let data = b"SSE-S3 encrypted content for testing!";
-        std::fs::File::create(&input).unwrap().write_all(data).unwrap();
+        std::fs::File::create(&input)
+            .unwrap()
+            .write_all(data)
+            .unwrap();
 
         let svc = EncryptionService::new(test_master_key(), None);
 
@@ -328,7 +324,10 @@ mod tests {
         let decrypted = dir.path().join("dec.bin");
 
         let data = b"SSE-C encrypted content!";
-        std::fs::File::create(&input).unwrap().write_all(data).unwrap();
+        std::fs::File::create(&input)
+            .unwrap()
+            .write_all(data)
+            .unwrap();
 
         let customer_key = [0xBBu8; 32];
         let svc = EncryptionService::new(test_master_key(), None);
@@ -369,7 +368,10 @@ mod tests {
     fn test_is_encrypted() {
         let mut meta = HashMap::new();
         assert!(!EncryptionMetadata::is_encrypted(&meta));
-        meta.insert("x-amz-server-side-encryption".to_string(), "AES256".to_string());
+        meta.insert(
+            "x-amz-server-side-encryption".to_string(),
+            "AES256".to_string(),
+        );
         assert!(EncryptionMetadata::is_encrypted(&meta));
     }
 }

rust/myfsio-engine/crates/myfsio-crypto/src/hashing.rs

@@ -99,7 +99,10 @@ mod tests {
     #[test]
     fn test_sha256_bytes() {
         let hash = sha256_bytes(b"hello");
-        assert_eq!(hash, "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824");
+        assert_eq!(
+            hash,
+            "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"
+        );
     }
 
     #[test]
@@ -118,7 +121,10 @@ mod tests {
         tmp.flush().unwrap();
         let (md5, sha) = md5_sha256_file(tmp.path()).unwrap();
         assert_eq!(md5, "5d41402abc4b2a76b9719d911017c592");
-        assert_eq!(sha, "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824");
+        assert_eq!(
+            sha,
+            "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"
+        );
     }
 
     #[tokio::test]

rust/myfsio-engine/crates/myfsio-crypto/src/kms.rs

@@ -132,9 +132,7 @@ impl KmsService {
 
     async fn save(&self) -> Result<(), CryptoError> {
         let keys = self.keys.read().await;
-        let store = KmsStore {
-            keys: keys.clone(),
-        };
+        let store = KmsStore { keys: keys.clone() };
         let json = serde_json::to_string_pretty(&store)
             .map_err(|e| CryptoError::EncryptionFailed(e.to_string()))?;
         std::fs::write(&self.keys_path, json).map_err(CryptoError::Io)?;

rust/myfsio-engine/crates/myfsio-crypto/src/lib.rs

@@ -1,4 +1,4 @@
-pub mod hashing;
 pub mod aes_gcm;
-pub mod kms;
 pub mod encryption;
+pub mod hashing;
+pub mod kms;