exa/codecrypt
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

prevent mangling user output by correct escapes

Browse source 
+ some code cleaning
This commit is contained in:
Mirek Kratochvil 2015-12-05 18:34:50 +01:00
parent 1d2197ca02
commit dabb8fe1a1
10 changed files with 103 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
src/actions.cpp
View file

@ -108,15 +108,20 @@ algspectable_t& algspectable()
static bool init = false;
if (!init) {
table["enc"] = "MCEQCMDPC128FO-CUBE256-CHACHA20";
table["enc-256"] = "MCEQCMDPC256FO-CUBE512-CHACHA20";
table["ENC"] = "MCEQCMDPC128FO-CUBE256-CHACHA20";
table["ENC-256"] = "MCEQCMDPC256FO-CUBE512-CHACHA20";
table["sig"] = "FMTSEQ128C-CUBE256-CUBE128";
table["sig-192"] = "FMTSEQ192C-CUBE384-CUBE192";
table["sig-256"] = "FMTSEQ256C-CUBE512-CUBE256";
table["SIG"] = "FMTSEQ128C-CUBE256-CUBE128";
table["SIG-192"] = "FMTSEQ192C-CUBE384-CUBE192";
table["SIG-256"] = "FMTSEQ256C-CUBE512-CUBE256";
table["sym"] = "chacha20,sha256";
table["sym-combined"] = "chacha20,xsynd,arcfour,cube512,sha512";
#if HAVE_CRYPTOPP==1
table["SYM"] = "CHACHA20,SHA256";
table["SYM-COMBINED"] = "CHACHA20,XSYND,ARCFOUR,CUBE512,SHA512";
#else
table["SYM"] = "CHACHA20,CUBE512";
table["SYM-COMBINED"] = "CHACHA20,XSYND,ARCFOUR,CUBE512";
#endif
init = true;
}
@ -128,7 +133,9 @@ int action_gen_key (const std::string& p_algspec, const std::string&name,
const std::string&symmetric, bool armor,
keyring&KR, algorithm_suite&AS)
{
if (p_algspec == "help") {
std::string algspec = to_unicase (p_algspec);
if (algspec == "HELP") {
//provide overview of algorithms available
err ("available algorithms: "
"([S]ig., [E]nc., sym. [C]ipher, [H]ash)");
@ -153,21 +160,25 @@ int action_gen_key (const std::string& p_algspec, const std::string&name,
i != hash_proc::suite().end(); ++i)
out (" H\t" << i->first);
err ("following aliases are available for convenience: ");
err ("\nfollowing aliases are available for convenience:");
for (algspectable_t::iterator i = algspectable().begin(),
e = algspectable().end();
i != e; ++i)
err (i->first << " = " << i->second);
err ("\nfollowing modifiers are available for symmetric keys:");
err ("SHORTBLOCK 1KiB blocks instead of default 1MiB"
" (for small files)");
err ("LONGBLOCK 64MiB blocks");
err ("LONGKEY 512B of key seed instead of default 64B"
" (paranoid)");
return 0;
}
//replace algorithm name on match with alias
std::string algspec;
if (algspectable().count (p_algspec))
algspec = algspectable() [p_algspec];
else
algspec = p_algspec;
if (algspectable().count (algspec))
algspec = algspectable() [algspec];
//handle symmetric operation
if (symmetric.length())
@ -182,8 +193,8 @@ int action_gen_key (const std::string& p_algspec, const std::string&name,
algname = i->first;
alg = i->second;
} else {
err ("error: algorithm name `" << algspec
<< "' matches multiple algorithms");
err ("error: algorithm name "
"matches multiple algorithms");
return 1;
}
}
@ -505,7 +516,7 @@ int action_decrypt (bool armor, const std::string&symmetric,
if ( (!AS.count (msg.alg_id))
|| (!AS[msg.alg_id]->provides_encryption())) {
err ("error: decryption algorithm unsupported");
err ("info: requires algorithm " << msg.alg_id
err ("info: requires algorithm " << escape_output (msg.alg_id)
<< " with encryption support");
return 1;
}
@ -525,9 +536,10 @@ int action_decrypt (bool armor, const std::string&symmetric,
//SEEMS OKAY, let's print some info.
err ("incoming encrypted message details:");
err (" algorithm: " << msg.alg_id);
err (" algorithm: " << escape_output (msg.alg_id));
err (" recipient: @" << msg.key_id);
err (" recipient local name: `" << kpe->pub.name << "'");
err (" recipient local name: `" <<
escape_output (kpe->pub.name) << "'");
/*
* because there's no possibility to distinguish encrypted from
@ -989,7 +1001,7 @@ int action_verify (bool armor, const std::string&detach,
if ( (!AS.count (msg.alg_id))
|| (!AS[msg.alg_id]->provides_signatures())) {
err ("error: verification algorithm unsupported");
err ("info: requires algorithm " << msg.alg_id
err ("info: requires algorithm " << escape_output (msg.alg_id)
<< " with signature support");
return 1;
}
@ -998,9 +1010,9 @@ int action_verify (bool armor, const std::string&detach,
int r = msg.verify (AS, KR);
err ("incoming signed message details:");
err (" algorithm: " << msg.alg_id);
err (" algorithm: " << escape_output (msg.alg_id));
err (" signed by: @" << msg.key_id);
err (" signed local name: `" << pke->name << "'");
err (" signed local name: `" << escape_output (pke->name) << "'");
err (" verification status: "
<< (r == 0 ?
"GOOD signature ;-)" :
@ -1200,7 +1212,7 @@ int action_decrypt_verify (bool armor, bool yes,
if ( (!AS.count (emsg.alg_id))
|| (!AS[emsg.alg_id]->provides_encryption())) {
err ("error: decryption algorithm unsupported");
err ("info: requires algorithm " << emsg.alg_id
err ("info: requires algorithm " << escape_output (emsg.alg_id)
<< " with encryption support");
return 1;
}
@ -1218,9 +1230,10 @@ int action_decrypt_verify (bool armor, bool yes,
//looks okay, print decryption status
err ("incoming encrypted message details:");
err (" algorithm: " << emsg.alg_id);
err (" algorithm: " << escape_output (emsg.alg_id));
err (" recipient: @" << emsg.key_id);
err (" recipient local name: `" << kpe->pub.name << "'");
err (" recipient local name: `" <<
escape_output (kpe->pub.name) << "'");
//continue with verification
M = sencode_decode (data);
@ -1262,7 +1275,7 @@ int action_decrypt_verify (bool armor, bool yes,
if ( (!AS.count (smsg.alg_id))
|| (!AS[smsg.alg_id]->provides_signatures())) {
err ("error: verification algorithm unsupported");
err ("info: requires algorithm " << smsg.alg_id
err ("info: requires algorithm " << escape_output (smsg.alg_id)
<< " with signature support");
return 1;
}
@ -1271,9 +1284,9 @@ int action_decrypt_verify (bool armor, bool yes,
int r = smsg.verify (AS, KR);
err ("incoming signed message details:");
err (" algorithm: " << smsg.alg_id);
err (" algorithm: " << escape_output (smsg.alg_id));
err (" signed by: @" << smsg.key_id);
err (" signed local name: `" << pke->name << "'");
err (" signed local name: `" << escape_output (pke->name) << "'");
err (" verification status: "
<< (r == 0 ?
"GOOD signature ;-)" :
@ -1302,61 +1315,20 @@ int action_decrypt_verify (bool armor, bool yes,
* keyring stuff
*/
static std::string escape_key_name (const std::string&s)
{
std::string r;
const char hex[] = "0123456789abcdef";
for (size_t i = 0; i < s.length(); ++i)
if (s[i] == '\\') r += "\\\\";
else if (s[i] < 0x20)
switch (s[i]) {
case '\a':
r += "\\a";
break;
case '\b':
r += "\\b";
break;
case '\x1b':
r += "\\e";
break;
case '\f':
r += "\\f";
break;
case '\n':
r += "\\n";
break;
case '\r':
r += "\\r";
break;
case '\t':
r += "\\t";
break;
case '\v':
r += "\\v";
break;
default:
r += "\\x";
r += hex[0xf & (s[i] >> 4)];
r += hex[0xf & s[i]];
}
else r += s[i];
return r;
}
static void output_key (bool fp,
const std::string& ident, const std::string&longid,
const std::string&alg, const std::string&keyid,
const std::string&name)
{
if (!fp)
out (ident << '\t' << alg << '\t'
out (ident << '\t' << escape_output (alg) << '\t'
<< '@' << keyid.substr (0, 22) << "...\t"
<< escape_key_name (name));
<< escape_output (name));
else {
out (longid << " with algorithm " << alg
<< ", name `" << escape_key_name (name) << "'");
out (longid << " with algorithm " << escape_output (alg)
<< ", name `" << escape_output (name) << "'");
std::cout << " fingerprint ";
std::cout << " fingerprint/keyid: ";
for (size_t j = 0; j < keyid.length(); ++j) {
std::cout << keyid[j];
if (! ( (j + 1) % 4) &&
@ -1621,7 +1593,7 @@ int action_rename (bool yes,
bool okay = false;
ask_for_yes (okay, "This will rename " << kc
<< " pubkeys from your keyring to `"
<< escape_key_name (name) << "'. Continue?");
<< escape_output (name) << "'. Continue?");
if (!okay) return 0;
}
@ -1878,7 +1850,7 @@ int action_rename_sec (bool yes,
bool okay = false;
ask_for_yes (okay, "This will rename " << kc
<< " secrets from your keyring to `"
<< escape_key_name (name) << "'. Continue?");
<< escape_output (name) << "'. Continue?");
if (!okay) return 0;
}

1
src/bvector.cpp
View file

@ -259,7 +259,6 @@ bvector bvector::ext_gcd (const bvector&b, bvector&s0, bvector&t0)
for (;;) {
int d0 = r0.degree();
int d1 = r1.degree();
//out ("r0" << r0 << "r1" << r1 << "s0" << s0 << "s1" << s1 << "t0" << t0 << "t1" << t1 << "d0=" << d0 << " d1=" << d1);
if (d0 < 0) {
s0.swap (s1);
t0.swap (t1);

2
src/hashfile.cpp
View file

@ -158,7 +158,7 @@ int hashfile::verify (istream&in)
i != e; ++i) {
if (!hm.count (i->first)) {
err ("hash verification: :-/ "
<< i->first << " not supported");
<< escape_output (i->first) << " not supported");
continue;
}
if (i->second == hm[i->first]->finish()) {

40
src/iohelpers.cpp
View file

@ -36,3 +36,43 @@ bool redirect_cout (const std::string& fn)
return true;
}
std::string escape_output (const std::string&s)
{
std::string r;
const char hex[] = "0123456789abcdef";
for (size_t i = 0; i < s.length(); ++i)
if (s[i] == '\\') r += "\\\\";
else if (s[i]>=0 && s[i] < 0x20) //utf-8 is "negative" here
switch (s[i]) {
case '\a':
r += "\\a";
break;
case '\b':
r += "\\b";
break;
case '\x1b':
r += "\\e";
break;
case '\f':
r += "\\f";
break;
case '\n':
r += "\\n";
break;
case '\r':
r += "\\r";
break;
case '\t':
r += "\\t";
break;
case '\v':
r += "\\v";
break;
default:
r += "\\x";
r += hex[0xf & (s[i] >> 4)];
r += hex[0xf & s[i]];
}
else r += s[i];
return r;
}

2
src/iohelpers.h
View file

@ -62,4 +62,6 @@ bool read_all_input (output_seq&data, std::istream&input = std::cin)
}
}
std::string escape_output (const std::string&);
#endif

2
src/keyring.cpp
View file

@ -25,7 +25,7 @@ void keyring::clear()
}
/*
* KeyID is SHA256 of pubkey string representation. Also serves as a
* KeyID is CUBE256 of pubkey string representation. Also serves as a
* simple fingerprint.
*/

2
src/mce_qcmdpc.cpp
View file

@ -219,7 +219,7 @@ int privkey::decrypt (const bvector & in_orig, bvector & out, bvector & errors)
for (j = 0; j < bs; ++j) synd_diag[j] += Htmp[j] * tmp[j];
}
bvector (syndrome);
bvector syndrome;
fft (synd_diag, syndrome);
//precompute sparse matrix indexes

6
src/permutation.h
View file

@ -69,13 +69,13 @@ public:
r.resize (a.size());
uint i, t, x;
uint i;
for (i = 0; i < a.size(); ++i) {
r[sig] = a[i];
//flip the correct bit in signature
t = i + 1;
x = 1;
uint t = i + 1;
uint x = 1;
while (! (t & 1)) {
t >>= 1;
x <<= 1;

2
src/polynomial.cpp
View file

@ -224,7 +224,6 @@ void polynomial::ext_euclid (polynomial&a_out, polynomial&b_out,
{
//TODO: speed this up (spare degree calculations)
polynomial A, B, a, b, tmp;
int j;
uint h;
A = *this;
@ -239,6 +238,7 @@ void polynomial::ext_euclid (polynomial&a_out, polynomial&b_out,
A.swap (a);
B.swap (b);
int j;
while ( (j = A.degree() - a.degree()) >= 0) {
h = fld.div (A.head(), a.head());
tmp = a;

10
src/symkey.cpp
View file

@ -52,7 +52,7 @@ bool symkey::create (const std::string&in, prng&rng)
else if (hash_proc::suite().count (tok))
hashes.insert (tok);
else {
err ("symkey: unknown token: " << tok);
err ("symkey: unknown token: " << escape_output (tok));
return false;
}
}
@ -115,7 +115,7 @@ bool symkey::encrypt (std::istream&in, std::ostream&out, prng&rng)
i = ciphers.begin(), e = ciphers.end();
i != e; ++i) {
if (!streamcipher::suite().count (*i)) {
err ("symkey: unsupported cipher: " << *i);
err ("symkey: unsupported cipher: " << escape_output (*i));
return false;
}
scs.push_back (streamcipher::suite() [*i]->get());
@ -136,7 +136,7 @@ bool symkey::encrypt (std::istream&in, std::ostream&out, prng&rng)
i = hashes.begin(), e = hashes.end();
i != e; ++i) {
if (!hash_proc::suite().count (*i)) {
err ("symkey: unsupported hash function: " << *i);
err ("symkey: unsupported hash function: " << escape_output (*i));
return false;
}
hs.push_back (hash_proc::suite() [*i]->get());
@ -232,7 +232,7 @@ int symkey::decrypt (std::istream&in, std::ostream&out)
i = ciphers.begin(), e = ciphers.end();
i != e; ++i) {
if (!streamcipher::suite().count (*i)) {
err ("symkey: unsupported cipher: " << *i);
err ("symkey: unsupported cipher: " << escape_output (*i));
return 1;
}
scs.push_back (streamcipher::suite() [*i]->get());
@ -253,7 +253,7 @@ int symkey::decrypt (std::istream&in, std::ostream&out)
i = hashes.begin(), e = hashes.end();
i != e; ++i) {
if (!hash_proc::suite().count (*i)) {
err ("symkey: unsupported hash function: " << *i);
err ("symkey: unsupported hash function: " << escape_output (*i));
return 1;
}
hs.push_back (hash_proc::suite() [*i]->get());