diff options
author | Joey Hess <joeyh@joeyh.name> | 2015-03-04 11:16:03 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2015-03-04 12:54:30 -0400 |
commit | 05697fe62116181511084a2eba28c5220e8a0363 (patch) | |
tree | 6965f56f5648d6dfa6c5e7d6e31e32eb3975b073 /Remote/Helper | |
parent | 0c3570844cf60428808d01a73c808e4f7232f082 (diff) |
metadata: Fix encoding problem that led to mojibake when storing metadata strings that contained both unicode characters and a space (or '!') character.
The fix is to stop using w82s, which does not properly reconstitute unicode
strings. Instrad, use utf8 bytestring to get the [Word8] to base64. This
passes unicode through perfectly, including any invalid filesystem encoded
characters.
Note that toB64 / fromB64 are also used for creds and cipher
embedding. It would be unfortunate if this change broke those uses.
For cipher embedding, note that ciphers can contain arbitrary bytes (should
really be using ByteString.Char8 there). Testing indicated it's not safe to
use the new fromB64 there; I think that characters were incorrectly
combined.
For credpair embedding, the username or password could contain unicode.
Before, that unicode would fail to round-trip through the b64.
So, I guess this is not going to break any embedded creds that worked
before.
This bug may have affected some creds before, and if so,
this change will not fix old ones, but should fix new ones at least.
Diffstat (limited to 'Remote/Helper')
-rw-r--r-- | Remote/Helper/Encryptable.hs | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index c1243a518..2c1935ba9 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -20,13 +20,14 @@ module Remote.Helper.Encryptable ( ) where import qualified Data.Map as M +import qualified "dataenc" Codec.Binary.Base64 as B64 +import Data.Bits.Utils import Common.Annex import Types.Remote import Crypto import Types.Crypto import qualified Annex -import Utility.Base64 -- Used to ensure that encryption has been set up before trying to -- eg, store creds in the remote config that would need to use the @@ -137,9 +138,9 @@ cipherKey c = fmap make <$> remoteCipher c {- Stores an StorableCipher in a remote's configuration. -} storeCipher :: RemoteConfig -> StorableCipher -> RemoteConfig -storeCipher c (SharedCipher t) = M.insert "cipher" (toB64 t) c +storeCipher c (SharedCipher t) = M.insert "cipher" (toB64bs t) c storeCipher c (EncryptedCipher t _ ks) = - M.insert "cipher" (toB64 t) $ M.insert "cipherkeys" (showkeys ks) c + M.insert "cipher" (toB64bs t) $ M.insert "cipherkeys" (showkeys ks) c where showkeys (KeyIds l) = intercalate "," l @@ -149,11 +150,11 @@ extractCipher c = case (M.lookup "cipher" c, M.lookup "cipherkeys" c, M.lookup "encryption" c) of (Just t, Just ks, encryption) | maybe True (== "hybrid") encryption -> - Just $ EncryptedCipher (fromB64 t) Hybrid (readkeys ks) + Just $ EncryptedCipher (fromB64bs t) Hybrid (readkeys ks) (Just t, Just ks, Just "pubkey") -> - Just $ EncryptedCipher (fromB64 t) PubKey (readkeys ks) + Just $ EncryptedCipher (fromB64bs t) PubKey (readkeys ks) (Just t, Nothing, encryption) | maybe True (== "shared") encryption -> - Just $ SharedCipher (fromB64 t) + Just $ SharedCipher (fromB64bs t) _ -> Nothing where readkeys = KeyIds . split "," @@ -169,3 +170,14 @@ describeEncryption c = case extractCipher c of PubKey -> Nothing Hybrid -> Just "(hybrid mode)" ] + +{- Not using Utility.Base64 because these "Strings" are really + - bags of bytes and that would convert to unicode and not roung-trip + - cleanly. -} +toB64bs :: String -> String +toB64bs = B64.encode . s2w8 + +fromB64bs :: String -> String +fromB64bs s = fromMaybe bad $ w82s <$> B64.decode s + where + bad = error "bad base64 encoded data" |