obscure shard timestamps

3 files changed, 21 insertions, 0 deletions

diff --git a/Storage.hs b/Storage.hs
index 6b23c33..275f3fe 100644
--- a/Storage.hs
+++ b/Storage.hs
@@ -10,9 +10,14 @@ import Types
 data Storage = Storage
 	{ storeShard :: StorableObjectIdent -> Shard -> IO StoreResult
 	, retrieveShard :: ShardNum -> StorableObjectIdent -> IO RetrieveResult
+	, obscureShards :: IO ObscureResult
+	-- ^ run after making some changes, to avoid correlation attacks
 	}
 
 data StoreResult = StoreSuccess | StoreFailure String
 	deriving (Show)
 
 data RetrieveResult = RetrieveSuccess Shard | RetrieveFailure String
+
+data ObscureResult = ObscureSuccess | ObscureFailure String
+	deriving (Show)
diff --git a/Storage/LocalFiles.hs b/Storage/LocalFiles.hs
index d339774..083a74e 100644
--- a/Storage/LocalFiles.hs
+++ b/Storage/LocalFiles.hs
@@ -13,6 +13,7 @@ import Serialization ()
 import qualified Data.ByteString as B
 import qualified Data.ByteString.UTF8 as U8
 import Data.Monoid
+import Data.List
 import System.Posix.User
 import System.IO
 import System.Directory
@@ -26,6 +27,7 @@ localFiles :: Storage
 localFiles = Storage
 	{ storeShard = store
 	, retrieveShard = retrieve
+	, obscureShards = obscure
 	}
 
 store :: StorableObjectIdent -> Shard -> IO StoreResult
@@ -48,6 +50,19 @@ retrieve n i = onError (RetrieveFailure . show) $ do
 	b `deepseq` hClose h
 	return $ RetrieveSuccess $ Shard n (StorableObject b)
 
+-- | Set atime and mtime to epoch, to obscure access and modification
+-- patterns.
+--
+-- There is no way to set the ctime to the epoch, but setting the other
+-- times does at least set it to the current time, which makes all
+-- currently stored files look alike.
+obscure :: IO ObscureResult
+obscure = onError (ObscureFailure . show) $ do
+	dir <- shardDir
+	fs <- filter (ext `isSuffixOf`) <$> getDirectoryContents dir
+	mapM_ (\f -> setFileTimes (dir </> f) 0 0) fs
+	return ObscureSuccess
+
 onError :: (IOException -> a) -> IO a -> IO a
 onError f a = do
 	v <- try a
diff --git a/keysafe.hs b/keysafe.hs
index d73ff61..02dc18a 100644
--- a/keysafe.hs
+++ b/keysafe.hs
@@ -30,6 +30,7 @@ storedemo = do
 	let sis = shardIdents tunables name keyid
 	shards <- genShards esk tunables
 	print =<< mapM (uncurry (storeShard localFiles)) (zip (getIdents sis) shards)
+	print =<< obscureShards localFiles
   where
 	password = Password "correct horse battery staple"
 	name = Name "bar"