mirror of
https://github.com/AGWA/git-crypt.git
synced 2026-01-02 08:10:41 -08:00
Compare commits
2 Commits
0.7.0
...
skip_empty
| Author | SHA1 | Date | |
|---|---|---|---|
|
e4f73bf3b0 | ||
|
|
8ba75c4719 |
33
commands.cpp
33
commands.cpp
@@ -461,6 +461,25 @@ static std::pair<std::string, std::string> get_file_attributes (const std::strin
|
|||||||
return std::make_pair(filter_attr, diff_attr);
|
return std::make_pair(filter_attr, diff_attr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool check_if_blob_is_empty (const std::string& object_id)
|
||||||
|
{
|
||||||
|
// git cat-file blob object_id
|
||||||
|
|
||||||
|
std::vector<std::string> command;
|
||||||
|
command.push_back("git");
|
||||||
|
command.push_back("cat-file");
|
||||||
|
command.push_back("blob");
|
||||||
|
command.push_back(object_id);
|
||||||
|
|
||||||
|
// TODO: do this more efficiently - don't read entire command output into buffer, only read what we need
|
||||||
|
std::stringstream output;
|
||||||
|
if (!successful_exit(exec_command(command, output))) {
|
||||||
|
throw Error("'git cat-file' failed - is this a Git repository?");
|
||||||
|
}
|
||||||
|
|
||||||
|
return output.get() == std::stringstream::traits_type::eof();
|
||||||
|
}
|
||||||
|
|
||||||
static bool check_if_blob_is_encrypted (const std::string& object_id)
|
static bool check_if_blob_is_encrypted (const std::string& object_id)
|
||||||
{
|
{
|
||||||
// git cat-file blob object_id
|
// git cat-file blob object_id
|
||||||
@@ -770,6 +789,10 @@ int clean (int argc, const char** argv)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (file_size == 0 && key_file.get_skip_empty()) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
|
// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
|
||||||
// By using a hash of the file we ensure that the encryption is
|
// By using a hash of the file we ensure that the encryption is
|
||||||
// deterministic so git doesn't think the file has changed when it really
|
// deterministic so git doesn't think the file has changed when it really
|
||||||
@@ -887,6 +910,11 @@ int smudge (int argc, const char** argv)
|
|||||||
// Read the header to get the nonce and make sure it's actually encrypted
|
// Read the header to get the nonce and make sure it's actually encrypted
|
||||||
unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN];
|
unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN];
|
||||||
std::cin.read(reinterpret_cast<char*>(header), sizeof(header));
|
std::cin.read(reinterpret_cast<char*>(header), sizeof(header));
|
||||||
|
|
||||||
|
if (std::cin.gcount() == 0 && key_file.get_skip_empty()) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (std::cin.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
|
if (std::cin.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
|
||||||
// File not encrypted - just copy it out to stdout
|
// File not encrypted - just copy it out to stdout
|
||||||
std::clog << "git-crypt: Warning: file not encrypted" << std::endl;
|
std::clog << "git-crypt: Warning: file not encrypted" << std::endl;
|
||||||
@@ -991,6 +1019,7 @@ int init (int argc, const char** argv)
|
|||||||
std::clog << "Generating key..." << std::endl;
|
std::clog << "Generating key..." << std::endl;
|
||||||
Key_file key_file;
|
Key_file key_file;
|
||||||
key_file.set_key_name(key_name);
|
key_file.set_key_name(key_name);
|
||||||
|
key_file.set_skip_empty(true);
|
||||||
key_file.generate();
|
key_file.generate();
|
||||||
|
|
||||||
mkdir_parent(internal_key_path);
|
mkdir_parent(internal_key_path);
|
||||||
@@ -1425,6 +1454,7 @@ int keygen (int argc, const char** argv)
|
|||||||
|
|
||||||
std::clog << "Generating key..." << std::endl;
|
std::clog << "Generating key..." << std::endl;
|
||||||
Key_file key_file;
|
Key_file key_file;
|
||||||
|
key_file.set_skip_empty(true);
|
||||||
key_file.generate();
|
key_file.generate();
|
||||||
|
|
||||||
if (std::strcmp(key_file_name, "-") == 0) {
|
if (std::strcmp(key_file_name, "-") == 0) {
|
||||||
@@ -1629,7 +1659,8 @@ int status (int argc, const char** argv)
|
|||||||
|
|
||||||
if (file_attrs.first == "git-crypt" || std::strncmp(file_attrs.first.c_str(), "git-crypt-", 10) == 0) {
|
if (file_attrs.first == "git-crypt" || std::strncmp(file_attrs.first.c_str(), "git-crypt-", 10) == 0) {
|
||||||
// File is encrypted
|
// File is encrypted
|
||||||
const bool blob_is_unencrypted = !object_id.empty() && !check_if_blob_is_encrypted(object_id);
|
// If the file is empty, don't consider it unencrypted, because in newly-initialized repos (specifically those with keys with skip_empty set) we don't encrypt empty files. Unfortunately, we can't easily determine here if the key has skip_empty set, so just act like it is. This means we won't notice if an old repo has an empty unencrypted file that should be encrypted. Fortunately, this isn't really a big deal because empty files obviously don't contain anything sensitive in them.
|
||||||
|
const bool blob_is_unencrypted = !object_id.empty() && !check_if_blob_is_encrypted(object_id) && !check_if_blob_is_empty(object_id);
|
||||||
|
|
||||||
if (fix_problems && blob_is_unencrypted) {
|
if (fix_problems && blob_is_unencrypted) {
|
||||||
if (access(filename.c_str(), F_OK) != 0) {
|
if (access(filename.c_str(), F_OK) != 0) {
|
||||||
|
|||||||
9
key.cpp
9
key.cpp
@@ -232,6 +232,11 @@ void Key_file::load_header (std::istream& in)
|
|||||||
key_name.clear();
|
key_name.clear();
|
||||||
throw Malformed();
|
throw Malformed();
|
||||||
}
|
}
|
||||||
|
} else if (field_id == HEADER_FIELD_SKIP_EMPTY) {
|
||||||
|
if (field_len != 0) {
|
||||||
|
throw Malformed();
|
||||||
|
}
|
||||||
|
skip_empty = true;
|
||||||
} else if (field_id & 1) { // unknown critical field
|
} else if (field_id & 1) { // unknown critical field
|
||||||
throw Incompatible();
|
throw Incompatible();
|
||||||
} else {
|
} else {
|
||||||
@@ -256,6 +261,10 @@ void Key_file::store (std::ostream& out) const
|
|||||||
write_be32(out, key_name.size());
|
write_be32(out, key_name.size());
|
||||||
out.write(key_name.data(), key_name.size());
|
out.write(key_name.data(), key_name.size());
|
||||||
}
|
}
|
||||||
|
if (skip_empty) {
|
||||||
|
write_be32(out, HEADER_FIELD_SKIP_EMPTY);
|
||||||
|
write_be32(out, 0);
|
||||||
|
}
|
||||||
write_be32(out, HEADER_FIELD_END);
|
write_be32(out, HEADER_FIELD_END);
|
||||||
for (Map::const_iterator it(entries.begin()); it != entries.end(); ++it) {
|
for (Map::const_iterator it(entries.begin()); it != entries.end(); ++it) {
|
||||||
it->second.store(out);
|
it->second.store(out);
|
||||||
|
|||||||
7
key.hpp
7
key.hpp
@@ -83,18 +83,23 @@ public:
|
|||||||
|
|
||||||
void set_key_name (const char* k) { key_name = k ? k : ""; }
|
void set_key_name (const char* k) { key_name = k ? k : ""; }
|
||||||
const char* get_key_name () const { return key_name.empty() ? 0 : key_name.c_str(); }
|
const char* get_key_name () const { return key_name.empty() ? 0 : key_name.c_str(); }
|
||||||
|
|
||||||
|
void set_skip_empty (bool v) { skip_empty = v; }
|
||||||
|
bool get_skip_empty () const { return skip_empty; }
|
||||||
private:
|
private:
|
||||||
typedef std::map<uint32_t, Entry, std::greater<uint32_t> > Map;
|
typedef std::map<uint32_t, Entry, std::greater<uint32_t> > Map;
|
||||||
enum { FORMAT_VERSION = 2 };
|
enum { FORMAT_VERSION = 2 };
|
||||||
|
|
||||||
Map entries;
|
Map entries;
|
||||||
std::string key_name;
|
std::string key_name;
|
||||||
|
bool skip_empty = false;
|
||||||
|
|
||||||
void load_header (std::istream&);
|
void load_header (std::istream&);
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
HEADER_FIELD_END = 0,
|
HEADER_FIELD_END = 0,
|
||||||
HEADER_FIELD_KEY_NAME = 1
|
HEADER_FIELD_KEY_NAME = 1,
|
||||||
|
HEADER_FIELD_SKIP_EMPTY = 3 // If this field is present, empty files are left unencrypted (see issue #53)
|
||||||
};
|
};
|
||||||
enum {
|
enum {
|
||||||
KEY_FIELD_END = 0,
|
KEY_FIELD_END = 0,
|
||||||
|
|||||||
Reference in New Issue
Block a user