aerovault 0.6.3

Military-grade encrypted vault format and CLI: AES-256-GCM-SIV, Argon2id, AES-KW, HMAC-SHA512, plus detached Reed-Solomon .aerocorrect error-correction sidecars
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

//! Error types for AeroVault operations.
//!
//! All errors are organized by domain to aid debugging and programmatic handling.

use std::fmt;

/// Primary error type for all AeroVault operations.
#[derive(Debug)]
pub enum Error {
    /// Invalid or corrupted vault file format.
    Format(FormatError),
    /// Cryptographic operation failure (wrong password, tampered data, etc.).
    Crypto(CryptoError),
    /// Filesystem I/O error.
    Io(std::io::Error),
    /// Manifest parsing or validation error.
    Manifest(String),
    /// Entry not found in vault.
    EntryNotFound(String),
    /// Password policy violation.
    PasswordPolicy(String),
    /// Path validation failure (traversal, invalid characters, etc.).
    InvalidPath(String),
}

/// Errors related to the binary vault format.
#[derive(Debug)]
pub enum FormatError {
    /// File is too small to contain a valid header.
    TooSmall { actual: usize, expected: usize },
    /// Magic bytes do not match `AEROVAULT2`.
    InvalidMagic,
    /// Unsupported format version.
    UnsupportedVersion(u8),
    /// Manifest length exceeds `MAX_MANIFEST_SIZE`.
    ManifestTooLarge(usize),
    /// Manifest data is truncated.
    ManifestTruncated,
    /// Invalid chunk size in header.
    InvalidChunkSize(u32),
    /// Reserved header bytes must be zero.
    ReservedBytesNonZero,
}

/// Errors from cryptographic operations.
#[derive(Debug)]
pub enum CryptoError {
    /// Argon2id key derivation failed.
    KeyDerivation(String),
    /// AES-KW key unwrapping failed (wrong password).
    KeyUnwrap,
    /// HMAC-SHA512 header verification failed (tampered header).
    HeaderMacMismatch,
    /// AES-GCM-SIV chunk encryption failed.
    ChunkEncrypt { chunk_index: u32 },
    /// AES-GCM-SIV chunk decryption failed.
    ChunkDecrypt { chunk_index: u32 },
    /// AES-SIV encryption/decryption failed.
    SivOperation(String),
    /// ChaCha20-Poly1305 cascade encryption failed.
    CascadeEncrypt { chunk_index: u32 },
    /// ChaCha20-Poly1305 cascade decryption failed.
    CascadeDecrypt { chunk_index: u32 },
    /// Manifest encoding is not valid UTF-8.
    ManifestEncoding,
}

impl fmt::Display for Error {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Error::Format(e) => write!(f, "format error: {e}"),
            Error::Crypto(e) => write!(f, "crypto error: {e}"),
            Error::Io(e) => write!(f, "I/O error: {e}"),
            Error::Manifest(msg) => write!(f, "manifest error: {msg}"),
            Error::EntryNotFound(name) => write!(f, "entry not found: {name}"),
            Error::PasswordPolicy(msg) => write!(f, "password policy: {msg}"),
            Error::InvalidPath(msg) => write!(f, "invalid path: {msg}"),
        }
    }
}

impl fmt::Display for FormatError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            FormatError::TooSmall { actual, expected } => {
                write!(f, "file too small ({actual} bytes, need {expected})")
            }
            FormatError::InvalidMagic => {
                write!(f, "invalid magic bytes (not an AeroVault v2 file)")
            }
            FormatError::UnsupportedVersion(v) => write!(f, "unsupported version {v}"),
            FormatError::ManifestTooLarge(size) => {
                write!(f, "manifest too large ({size} bytes, max 64 MiB)")
            }
            FormatError::ManifestTruncated => write!(f, "manifest data truncated"),
            FormatError::InvalidChunkSize(size) => {
                write!(f, "invalid chunk size {size} (must be 4 KiB - 16 MiB)")
            }
            FormatError::ReservedBytesNonZero => {
                write!(f, "reserved header bytes must be zero")
            }
        }
    }
}

impl fmt::Display for CryptoError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            CryptoError::KeyDerivation(msg) => write!(f, "key derivation failed: {msg}"),
            CryptoError::KeyUnwrap => write!(f, "key unwrap failed (wrong password?)"),
            CryptoError::HeaderMacMismatch => {
                write!(f, "header MAC mismatch (tampered or wrong password)")
            }
            CryptoError::ChunkEncrypt { chunk_index } => {
                write!(f, "chunk {chunk_index} encryption failed")
            }
            CryptoError::ChunkDecrypt { chunk_index } => {
                write!(f, "chunk {chunk_index} decryption failed")
            }
            CryptoError::SivOperation(msg) => write!(f, "AES-SIV operation failed: {msg}"),
            CryptoError::CascadeEncrypt { chunk_index } => {
                write!(f, "cascade encryption failed at chunk {chunk_index}")
            }
            CryptoError::CascadeDecrypt { chunk_index } => {
                write!(f, "cascade decryption failed at chunk {chunk_index}")
            }
            CryptoError::ManifestEncoding => write!(f, "manifest is not valid UTF-8"),
        }
    }
}

impl std::error::Error for Error {
    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
        match self {
            Error::Io(e) => Some(e),
            Error::Format(e) => Some(e),
            Error::Crypto(e) => Some(e),
            _ => None,
        }
    }
}

impl std::error::Error for FormatError {}
impl std::error::Error for CryptoError {}

impl From<std::io::Error> for Error {
    fn from(e: std::io::Error) -> Self {
        Error::Io(e)
    }
}

impl From<FormatError> for Error {
    fn from(e: FormatError) -> Self {
        Error::Format(e)
    }
}

impl From<CryptoError> for Error {
    fn from(e: CryptoError) -> Self {
        Error::Crypto(e)
    }
}