From 3465c807298727344bfd4e4f87edae112e2d398d Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Sep 2021 13:45:02 +0200 Subject: [PATCH] fix: stop assuming the payload is utf8 Previously, we were expecting that the input is always utf8 encoded text. Since we just convert it to bytes, and print it back out as bytes, we can just skip the unicode parsing, and accept any provided input. Fixes: #5 Signed-off-by: Patrick Uiterwijk --- src/main.rs | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/src/main.rs b/src/main.rs index dd2fcb5..b32ef06 100644 --- a/src/main.rs +++ b/src/main.rs @@ -44,6 +44,7 @@ enum PinError { JWE(biscuit::errors::Error), Base64Decoding(base64::DecodeError), Utf8(std::str::Utf8Error), + FromUtf8(std::string::FromUtf8Error), PolicyError(tpm2_policy::Error), } @@ -77,6 +78,10 @@ impl fmt::Display for PinError { write!(f, "UTF8 error: ")?; err.fmt(f) } + PinError::FromUtf8(err) => { + write!(f, "UTF8 error: ")?; + err.fmt(f) + } PinError::NoCommand => write!(f, "No command provided"), PinError::PolicyError(err) => { write!(f, "Policy Error: ")?; @@ -136,7 +141,7 @@ impl From for PinError { } } -fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> { +fn perform_encrypt(cfg: TPM2Config, input: Vec) -> Result<(), PinError> { let key_type = match &cfg.key { None => "ecc", Some(key_type) => key_type, @@ -220,7 +225,7 @@ fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> { nonce: rand_nonce.value().to_vec(), }; - let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input.as_bytes().to_vec()); + let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input); let jwe_token_compact = jwe_token.encrypt(&jwk, &jwe_enc_options)?; let encoded_token = jwe_token_compact.encrypted()?.encode(); io::stdout().write_all(encoded_token.as_bytes())?; @@ -326,7 +331,8 @@ impl CompactJson for Tpm2Inner {} impl CompactJson for ClevisHeader {} impl CompactJson for ClevisInner {} -fn perform_decrypt(input: &str) -> Result<(), PinError> { +fn perform_decrypt(input: Vec) -> Result<(), PinError> { + let input = String::from_utf8(input).map_err(PinError::FromUtf8)?; let token = biscuit::Compact::decode(input.trim()); let hdr: biscuit::jwe::Header = token.part(0)?; @@ -369,15 +375,6 @@ fn perform_decrypt(input: &str) -> Result<(), PinError> { Ok(()) } -fn read_input_token() -> Result { - let mut buffer = String::new(); - io::stdin().read_to_string(&mut buffer)?; - if buffer.is_empty() { - return Err(PinError::Text("No data provided")); - } - Ok(buffer) -} - fn print_summary() { println!("Encrypts using a TPM2.0 chip binding policy"); } @@ -429,17 +426,15 @@ fn main() { _ => {} }; - let input = match read_input_token() { - Err(e) => { - eprintln!("Error getting input token: {}", e); - std::process::exit(1); - } - Ok(input) => input, - }; + let mut input = Vec::new(); + if let Err(e) = io::stdin().read_to_end(&mut input) { + eprintln!("Error getting input token: {}", e); + std::process::exit(1); + } if let Err(e) = match mode { - cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), &input), - cli::ActionMode::Decrypt => perform_decrypt(&input), + cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), input), + cli::ActionMode::Decrypt => perform_decrypt(input), cli::ActionMode::Summary => panic!("Summary was already handled supposedly"), cli::ActionMode::Help => panic!("Help was already handled supposedly"), } {