Merge pull request #7 from puiterwijk/encrypt-decrypt-raw
fix: stop assuming the payload is utf8
This commit is contained in:
commit
7170369a14
1 changed files with 16 additions and 21 deletions
37
src/main.rs
37
src/main.rs
|
@ -44,6 +44,7 @@ enum PinError {
|
||||||
JWE(biscuit::errors::Error),
|
JWE(biscuit::errors::Error),
|
||||||
Base64Decoding(base64::DecodeError),
|
Base64Decoding(base64::DecodeError),
|
||||||
Utf8(std::str::Utf8Error),
|
Utf8(std::str::Utf8Error),
|
||||||
|
FromUtf8(std::string::FromUtf8Error),
|
||||||
PolicyError(tpm2_policy::Error),
|
PolicyError(tpm2_policy::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,6 +78,10 @@ impl fmt::Display for PinError {
|
||||||
write!(f, "UTF8 error: ")?;
|
write!(f, "UTF8 error: ")?;
|
||||||
err.fmt(f)
|
err.fmt(f)
|
||||||
}
|
}
|
||||||
|
PinError::FromUtf8(err) => {
|
||||||
|
write!(f, "UTF8 error: ")?;
|
||||||
|
err.fmt(f)
|
||||||
|
}
|
||||||
PinError::NoCommand => write!(f, "No command provided"),
|
PinError::NoCommand => write!(f, "No command provided"),
|
||||||
PinError::PolicyError(err) => {
|
PinError::PolicyError(err) => {
|
||||||
write!(f, "Policy Error: ")?;
|
write!(f, "Policy Error: ")?;
|
||||||
|
@ -136,7 +141,7 @@ impl From<std::str::Utf8Error> for PinError {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> {
|
fn perform_encrypt(cfg: TPM2Config, input: Vec<u8>) -> Result<(), PinError> {
|
||||||
let key_type = match &cfg.key {
|
let key_type = match &cfg.key {
|
||||||
None => "ecc",
|
None => "ecc",
|
||||||
Some(key_type) => key_type,
|
Some(key_type) => key_type,
|
||||||
|
@ -220,7 +225,7 @@ fn perform_encrypt(cfg: TPM2Config, input: &str) -> Result<(), PinError> {
|
||||||
nonce: rand_nonce.value().to_vec(),
|
nonce: rand_nonce.value().to_vec(),
|
||||||
};
|
};
|
||||||
|
|
||||||
let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input.as_bytes().to_vec());
|
let jwe_token = biscuit::jwe::Compact::new_decrypted(hdr, input);
|
||||||
let jwe_token_compact = jwe_token.encrypt(&jwk, &jwe_enc_options)?;
|
let jwe_token_compact = jwe_token.encrypt(&jwk, &jwe_enc_options)?;
|
||||||
let encoded_token = jwe_token_compact.encrypted()?.encode();
|
let encoded_token = jwe_token_compact.encrypted()?.encode();
|
||||||
io::stdout().write_all(encoded_token.as_bytes())?;
|
io::stdout().write_all(encoded_token.as_bytes())?;
|
||||||
|
@ -326,7 +331,8 @@ impl CompactJson for Tpm2Inner {}
|
||||||
impl CompactJson for ClevisHeader {}
|
impl CompactJson for ClevisHeader {}
|
||||||
impl CompactJson for ClevisInner {}
|
impl CompactJson for ClevisInner {}
|
||||||
|
|
||||||
fn perform_decrypt(input: &str) -> Result<(), PinError> {
|
fn perform_decrypt(input: Vec<u8>) -> Result<(), PinError> {
|
||||||
|
let input = String::from_utf8(input).map_err(PinError::FromUtf8)?;
|
||||||
let token = biscuit::Compact::decode(input.trim());
|
let token = biscuit::Compact::decode(input.trim());
|
||||||
let hdr: biscuit::jwe::Header<ClevisHeader> = token.part(0)?;
|
let hdr: biscuit::jwe::Header<ClevisHeader> = token.part(0)?;
|
||||||
|
|
||||||
|
@ -369,15 +375,6 @@ fn perform_decrypt(input: &str) -> Result<(), PinError> {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn read_input_token() -> Result<String, PinError> {
|
|
||||||
let mut buffer = String::new();
|
|
||||||
io::stdin().read_to_string(&mut buffer)?;
|
|
||||||
if buffer.is_empty() {
|
|
||||||
return Err(PinError::Text("No data provided"));
|
|
||||||
}
|
|
||||||
Ok(buffer)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn print_summary() {
|
fn print_summary() {
|
||||||
println!("Encrypts using a TPM2.0 chip binding policy");
|
println!("Encrypts using a TPM2.0 chip binding policy");
|
||||||
}
|
}
|
||||||
|
@ -429,17 +426,15 @@ fn main() {
|
||||||
_ => {}
|
_ => {}
|
||||||
};
|
};
|
||||||
|
|
||||||
let input = match read_input_token() {
|
let mut input = Vec::new();
|
||||||
Err(e) => {
|
if let Err(e) = io::stdin().read_to_end(&mut input) {
|
||||||
eprintln!("Error getting input token: {}", e);
|
eprintln!("Error getting input token: {}", e);
|
||||||
std::process::exit(1);
|
std::process::exit(1);
|
||||||
}
|
}
|
||||||
Ok(input) => input,
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Err(e) = match mode {
|
if let Err(e) = match mode {
|
||||||
cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), &input),
|
cli::ActionMode::Encrypt => perform_encrypt(cfg.unwrap(), input),
|
||||||
cli::ActionMode::Decrypt => perform_decrypt(&input),
|
cli::ActionMode::Decrypt => perform_decrypt(input),
|
||||||
cli::ActionMode::Summary => panic!("Summary was already handled supposedly"),
|
cli::ActionMode::Summary => panic!("Summary was already handled supposedly"),
|
||||||
cli::ActionMode::Help => panic!("Help was already handled supposedly"),
|
cli::ActionMode::Help => panic!("Help was already handled supposedly"),
|
||||||
} {
|
} {
|
||||||
|
|
Loading…
Reference in a new issue