fix: stop assuming the payload is utf8
Previously, we were expecting that the input is always utf8 encoded text. Since we just convert it to bytes, and print it back out as bytes, we can just skip the unicode parsing, and accept any provided input. Fixes: #5 Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
7d211518c1
commit
3465c80729
37
src/main.rs
37
src/main.rs
|
@ -44,6 +44,7 @@ enum PinError {
|
|||
JWE(biscuit::errors::Error),
|
||||
Base64Decoding(base64::DecodeError),
|
||||
Utf8(std::str::Utf8Error),
|
||||
FromUtf8(std::string::FromUtf8Error),
|
||||
PolicyError(tpm2_policy::Error),
|
||||
}
|
||||
|
||||
|
@ -77,6 +78,10 @@ impl fmt::Display for PinError {
|
|||
write!(f, "UTF8 error: ")?;
|
||||
err.fmt(f)
|
||||
}
|
||||
PinError::FromUtf8(err) => {
|
||||
write!(f, "UTF8 error: ")?;
|
||||
err.fmt(f)
|
||||
}
|
||||
PinError::NoCommand => write!(f, "No command provided"),
|
||||
PinError::PolicyError(err) => {
|
||||
write!(f, "Policy Error: ")?;
|
||||
|
@ -136,7 +141,7 @@ impl From<std::str::Utf8Error> for PinError {
|
|||
}
|
||||
}
|
||||
|
||||
fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> {
|
||||
fn perform_encrypt(cfg: TPM2Config, input: Vec<u8>) -> Result<(), PinError> {
|
||||
let key_type = match &cfg.key {
|
||||
None => "ecc",
|
||||
Some(key_type) => key_type,
|
||||
|
@ -220,7 +225,7 @@ fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> {
|
|||
nonce: rand_nonce.value().to_vec(),
|
||||
};
|
||||
|
||||
let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input.as_bytes().to_vec());
|
||||
let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input);
|
||||
let jwe_token_compact = jwe_token.encrypt(&jwk, &jwe_enc_options)?;
|
||||
let encoded_token = jwe_token_compact.encrypted()?.encode();
|
||||
io::stdout().write_all(encoded_token.as_bytes())?;
|
||||
|
@ -326,7 +331,8 @@ impl CompactJson for Tpm2Inner {}
|
|||
impl CompactJson for ClevisHeader {}
|
||||
impl CompactJson for ClevisInner {}
|
||||
|
||||
fn perform_decrypt(input: &str) -> Result<(), PinError> {
|
||||
fn perform_decrypt(input: Vec<u8>) -> Result<(), PinError> {
|
||||
let input = String::from_utf8(input).map_err(PinError::FromUtf8)?;
|
||||
let token = biscuit::Compact::decode(input.trim());
|
||||
let hdr: biscuit::jwe::Header<ClevisHeader> = token.part(0)?;
|
||||
|
||||
|
@ -369,15 +375,6 @@ fn perform_decrypt(input: &str) -> Result<(), PinError> {
|
|||
Ok(())
|
||||
}
|
||||
|
||||
fn read_input_token() -> Result<String, PinError> {
|
||||
let mut buffer = String::new();
|
||||
io::stdin().read_to_string(&mut buffer)?;
|
||||
if buffer.is_empty() {
|
||||
return Err(PinError::Text("No data provided"));
|
||||
}
|
||||
Ok(buffer)
|
||||
}
|
||||
|
||||
fn print_summary() {
|
||||
println!("Encrypts using a TPM2.0 chip binding policy");
|
||||
}
|
||||
|
@ -429,17 +426,15 @@ fn main() {
|
|||
_ => {}
|
||||
};
|
||||
|
||||
let input = match read_input_token() {
|
||||
Err(e) => {
|
||||
eprintln!("Error getting input token: {}", e);
|
||||
std::process::exit(1);
|
||||
}
|
||||
Ok(input) => input,
|
||||
};
|
||||
let mut input = Vec::new();
|
||||
if let Err(e) = io::stdin().read_to_end(&mut input) {
|
||||
eprintln!("Error getting input token: {}", e);
|
||||
std::process::exit(1);
|
||||
}
|
||||
|
||||
if let Err(e) = match mode {
|
||||
cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), &input),
|
||||
cli::ActionMode::Decrypt => perform_decrypt(&input),
|
||||
cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), input),
|
||||
cli::ActionMode::Decrypt => perform_decrypt(input),
|
||||
cli::ActionMode::Summary => panic!("Summary was already handled supposedly"),
|
||||
cli::ActionMode::Help => panic!("Help was already handled supposedly"),
|
||||
} {
|
||||
|
|
Loading…
Reference in a new issue