diff options
| author | Bram Moolenaar <Bram@vim.org> | 2010-06-21 06:15:46 +0200 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2010-06-21 06:15:46 +0200 |
| commit | a8ffcbbf5d6070380e41b3d0841c3944396a27c0 (patch) | |
| tree | b8608922fc9956be229912f1323b0d0a94de526c | |
| parent | 191e0a2bc7cb4787e19aa1f8c6958b47e05d7882 (diff) | |
Crypt the swapfile.
| -rw-r--r-- | runtime/doc/editing.txt | 10 | ||||
| -rw-r--r-- | runtime/doc/helphelp.txt | 22 | ||||
| -rw-r--r-- | runtime/doc/recover.txt | 39 | ||||
| -rw-r--r-- | runtime/doc/tags | 4 | ||||
| -rw-r--r-- | runtime/doc/todo.txt | 22 | ||||
| -rw-r--r-- | runtime/doc/usr_11.txt | 2 | ||||
| -rw-r--r-- | runtime/syntax/c.vim | 2 | ||||
| -rw-r--r-- | src/blowfish.c | 42 | ||||
| -rw-r--r-- | src/fileio.c | 43 | ||||
| -rw-r--r-- | src/globals.h | 4 | ||||
| -rw-r--r-- | src/main.c | 2 | ||||
| -rw-r--r-- | src/memfile.c | 54 | ||||
| -rw-r--r-- | src/memline.c | 599 | ||||
| -rw-r--r-- | src/misc2.c | 55 | ||||
| -rw-r--r-- | src/option.c | 17 | ||||
| -rw-r--r-- | src/proto/blowfish.pro | 2 | ||||
| -rw-r--r-- | src/proto/memline.pro | 5 | ||||
| -rw-r--r-- | src/proto/misc2.pro | 2 | ||||
| -rw-r--r-- | src/sha256.c | 8 | ||||
| -rw-r--r-- | src/structs.h | 17 | ||||
| -rw-r--r-- | src/testdir/test72.in | 2 | ||||
| -rw-r--r-- | src/undo.c | 22 | ||||
| -rw-r--r-- | src/workshop.c | 4 |
23 files changed, 824 insertions, 155 deletions
diff --git a/runtime/doc/editing.txt b/runtime/doc/editing.txt index a10e8220a7..a89d8bb8de 100644 --- a/runtime/doc/editing.txt +++ b/runtime/doc/editing.txt @@ -1332,10 +1332,12 @@ There are a few things to remember when editing binary files: Vim is able to write files encrypted, and read them back. The encrypted text cannot be read without the right key. -Note: The swapfile and text in memory is not encrypted. A system -administrator will be able to see your text while you are editing it. -When filtering text with ":!filter" or using ":w !command" the text is not -encrypted, this may reveal it to others. +The text in the swap file and the undo file is also encrypted. + +Note: The text in memory is not encrypted. A system administrator may be able +to see your text while you are editing it. When filtering text with +":!filter" or using ":w !command" the text is not encrypted, this may reveal +it to others. The 'viminfo' file is not encrypted. WARNING: If you make a typo when entering the key and then write the file and exit, the text will be lost! diff --git a/runtime/doc/helphelp.txt b/runtime/doc/helphelp.txt index eea639fd21..8fa0a2ddc4 100644 --- a/runtime/doc/helphelp.txt +++ b/runtime/doc/helphelp.txt @@ -119,9 +119,9 @@ Help on help files *helphelp* *:lh* *:lhelpgrep* :lh[elpgrep] {pattern}[@xx] Same as ":helpgrep", except the location list is used - instead of the quickfix list. If the help window is + instead of the quickfix list. If the help window is already opened, then the location list for that window - is used. Otherwise, a new help window is opened and + is used. Otherwise, a new help window is opened and the location list for that window is set. The location list for the current window is not changed. @@ -281,9 +281,9 @@ The first line in a help file should have the following format: *helpfile_name.txt* For Vim version 7.3 Last change: 2010 June 4 -The first field is a link to the help file name. The second field describes -the applicable Vim version. The last field specifies the last modification -date of the file. Each field is separated by a tab. +The first field is a link to the help file name. The second field describes +the applicable Vim version. The last field specifies the last modification +date of the file. Each field is separated by a tab. At the bottom of the help file, place a Vim modeline to set the 'textwidth' and 'tabstop' options and the 'filetype' to 'help'. Never set a global option @@ -295,30 +295,30 @@ TAGS To define a help tag, place the name between asterisks (*tag-name*). The tag-name should be different from all the Vim help tag names and ideally -should begin with the name of the Vim plugin. The tag name is usually right +should begin with the name of the Vim plugin. The tag name is usually right aligned on a line. When referring to an existing help tag and to create a hot-link, place the name between two bars (|) eg. |help-writing|. When referring to a Vim option in the help file, place the option name between -two single quotes. eg. 'statusline' +two single quotes, eg. 'statusline' HIGHLIGHTING -To define a column heading, use a tilde character at the end of the line. This -will highlight the column heading in a different color. E.g. +To define a column heading, use a tilde character at the end of the line. +This will highlight the column heading in a different color. E.g. Column heading~ To separate sections in a help file, place a series of '=' characters in a -line starting from the first column. The section separator line is highlighted +line starting from the first column. The section separator line is highlighted differently. To quote a block of ex-commands verbatim, place a greater than (>) character at the end of the line before the block and a less than (<) character as the -first non-blank on a line following the block. Any line starting in column 1 +first non-blank on a line following the block. Any line starting in column 1 also implicitly stops the block of ex-commands before it. E.g. > function Example_Func() echo "Example" diff --git a/runtime/doc/recover.txt b/runtime/doc/recover.txt index fd960eb121..f088c0824c 100644 --- a/runtime/doc/recover.txt +++ b/runtime/doc/recover.txt @@ -188,4 +188,43 @@ will continue to get warning messages that the ".swp" file already exists. {Vi: recovers in another way and sends mail if there is something to recover} + +ENCRYPTION AND THE SWAP FILE *:recover-crypt* + +When the text file is encrypted the swap file is encrypted as well. This +makes recovery a bit more complicated. When recovering from a swap file and +encryption has been used, you will be asked to enter one or two crypt keys. + +If the text file does not exist you will only be asked to enter the crypt key +for the swap file. + +If the text file does exist, it may be encrypted in a different way than the +swap file. You will be asked for the crypt key twice: + + Need encryption key for "/tmp/tt" ~ + Enter encryption key: ****** ~ + "/tmp/tt" [crypted] 23200L, 522129C ~ + Using swap file "/tmp/.tt.swp" ~ + Original file "/tmp/tt" ~ + Swap file is encrypted: "/tmp/.tt.swp" ~ + If you entered a new crypt key but did not write the text file, ~ + enter the new crypt key. ~ + If you wrote the text file after changing the crypt key press enter ~ + to use the same key for text file and swap file ~ + Enter encryption key: ~ + +You can be in one of these two situations: + +1. The encryption key was not changed, or after changing the key the text file + was written. You will be prompted for the crypt key twice. The second + time you can simply press Enter. That means the same key is used for the + text file and the swap file. +2. You entered a new encryption key, but did not save the text file. Vim will + then use the new key for the swap file, and the text file will still be + encrypted with the old key. At the second prompt enter the new key. + +Note that after recovery the key of the swap file will be used for the text +file. Thus if you write the text file, you need to use that new key. + + vim:tw=78:ts=8:ft=help:norl: diff --git a/runtime/doc/tags b/runtime/doc/tags index ec4c8abc96..936cb5e386 100644 --- a/runtime/doc/tags +++ b/runtime/doc/tags @@ -2577,6 +2577,7 @@ $VIMRUNTIME starting.txt /*$VIMRUNTIME* :read! insert.txt /*:read!* :rec recover.txt /*:rec* :recover recover.txt /*:recover* +:recover-crypt recover.txt /*:recover-crypt* :red undo.txt /*:red* :redi various.txt /*:redi* :redir various.txt /*:redir* @@ -6914,7 +6915,6 @@ os_unix.txt os_unix.txt /*os_unix.txt* os_vms.txt os_vms.txt /*os_vms.txt* os_win32.txt os_win32.txt /*os_win32.txt* other-features vi_diff.txt /*other-features* -ownsyntax eval.txt /*ownsyntax* p change.txt /*p* page-down intro.txt /*page-down* page-up intro.txt /*page-up* @@ -8220,7 +8220,7 @@ vt100-cursor-keys term.txt /*vt100-cursor-keys* vt100-function-keys term.txt /*vt100-function-keys* w motion.txt /*w* w32-clientserver remote.txt /*w32-clientserver* -w:ownsyntax-variable eval.txt /*w:ownsyntax-variable* +w:current_syntax syntax.txt /*w:current_syntax* w:var eval.txt /*w:var* warningmsg-variable eval.txt /*warningmsg-variable* white-space pattern.txt /*white-space* diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt index 73f4d51d14..78ad818aec 100644 --- a/runtime/doc/todo.txt +++ b/runtime/doc/todo.txt @@ -1088,18 +1088,16 @@ Vim 7.3: - using NSIS 2.46: install on Windows 7 works, but no "Edit with Vim" menu. Use register_shell_extension()? (George Reilly, 2010 May 26) Ron's version: http://dev.ronware.org/p/vim/finfo?name=gvim.nsi -- Also crypt the swap file, each block separately. Change mf_write() and - mf_read(). - - How to get b_p_key to these functions? -> Store buf_T pointer in mfp. - - Generate a salt and seed for the swapfile, put it in block 0. - - For each block, use password + seed + byte offset to crypt/decrypt. - - When changing the password need to read back with the old password and - write again with the new one. - - Fill the gaps in the block with random bytes, otherwise it's easy to - check for correct password by finding NUL bytes. - - Verify recovery works. +- Also crypt the swap file, each block separately: + - When changing the password or 'cryptmethod' need to read back with the + old password and write again with the new one. + Problem: when the file is not written, key differs between text file and + swap file! +- Patch for :ownsyntax completion (Dominique Pelle, 2010 Jun 20) - Patch for conceal feature and 'foldcolumn'. (Dominique Pelle, 2010 Jun 10, second patch) + Also patch from Vince, 2010 Jun 15. And another June 16. + However: more generic patch on the way. - patch for conceal feature and 'modifiable'. (Dominique Pelle, 2010 Jun 9) - undofile: keep markers where the file was written/read, so that it's easy to go back to a saved version of the file: ":earlier 1f" (f for file)? @@ -1110,6 +1108,7 @@ Vim 7.3: dictionary: {'nr': 2, 'time': 1234, 'saved': 1} - Remove support for GTK 1? Patch by James Vega, Jun 11. Patches to include: +- Patch for X clibboard CurrentTime, (Fries, 2010 Jun 20) - Patch for Lisp support with ECL (Mikael Jansson, 2008 Oct 25) - Minor patches from Dominique Pelle, 2010 May 15 - Gvimext patch to support wide file names. (Szabolcs Horvat 2008 Sep 10) @@ -1117,8 +1116,9 @@ Patches to include: - Patch to support clipboard for Mac terminal. (Jjgod Jiang, 2009 Aug 1) - Patch to support :browse for more commands. (Lech Lorens, 2009 Jul 18) - Patch to improve javascript indenting. (Hari Kumar G, 2010 May 22) +- Patch to use return value of 'formatexpr'. (James Vega, 2010 Jun 16) - Patch to make CTRL-L work better with 'ignorecase' and 'smarcase'. (Martin - Toft, 2010 Jun 8) + Toft, 2010 Jun 8, Jun 16) - Patch to add diff functionality to 2html.vim. (Christian Brabandt, 2009 Dec 15) - Win32: patch for better font scaling. (George Reilly, 2009 Mar 26) diff --git a/runtime/doc/usr_11.txt b/runtime/doc/usr_11.txt index c6c75b1bf9..4c40408057 100644 --- a/runtime/doc/usr_11.txt +++ b/runtime/doc/usr_11.txt @@ -283,6 +283,8 @@ machines. Therefore, don't rely on Vim always warning you. If you really don't want to see this message, you can add the 'A' flag to the 'shortmess' option. But it's very unusual that you need this. +For remarks about encryption and the swap file, see |:recover-crypt|. + ============================================================================== *11.4* Further reading diff --git a/runtime/syntax/c.vim b/runtime/syntax/c.vim index 94562127c2..a0b94ae973 100644 --- a/runtime/syntax/c.vim +++ b/runtime/syntax/c.vim @@ -270,7 +270,7 @@ if !exists("c_no_c99") " ISO C99 endif " Accept %: for # (C99) -syn region cPreCondit start="^\s*\(%:\|#\)\s*\(if\|ifdef\|ifndef\|elif\)\>" skip="\\$" end="$" contains=cComment,cCommentL,cCppString,cCharacter,cCppParen,cParenError,cNumbers,cCommentError,cSpaceError +syn region cPreCondit start="^\s*\(%:\|#\)\s*\(if\|ifdef\|ifndef\|elif\)\>" skip="\\$" end="$" keepend contains=cComment,cCommentL,cCppString,cCharacter,cCppParen,cParenError,cNumbers,cCommentError,cSpaceError syn match cPreCondit display "^\s*\(%:\|#\)\s*\(else\|endif\)\>" if !exists("c_no_if0") if !exists("c_no_if0_fold") diff --git a/src/blowfish.c b/src/blowfish.c index f0b97b7b90..c8e68d2244 100644 --- a/src/blowfish.c +++ b/src/blowfish.c @@ -436,13 +436,7 @@ bf_key_init(password, salt, salt_len) key[i] = j; } - for (i = 0; i < 256; ++i) - { - sbx[0][i] = sbi[0][i]; - sbx[1][i] = sbi[1][i]; - sbx[2][i] = sbi[2][i]; - sbx[3][i] = sbi[3][i]; - } + mch_memmove(sbx, sbi, 4 * 4 * 256); for (i = 0; i < 18; ++i) { @@ -655,6 +649,40 @@ bf_crypt_init_keys(passwd) } } +static int save_randbyte_offset; +static int save_update_offset; +static char_u save_ofb_buffer[BF_OFB_LEN]; +static UINT32_T save_pax[18]; +static UINT32_T save_sbx[4][256]; + +/* + * Save the current crypt state. Can only be used once before + * bf_crypt_restore(). + */ + void +bf_crypt_save() +{ + save_randbyte_offset = randbyte_offset; + save_update_offset = update_offset; + mch_memmove(save_ofb_buffer, ofb_buffer, BF_OFB_LEN); + mch_memmove(save_pax, pax, 4 * 18); + mch_memmove(save_sbx, sbx, 4 * 4 * 256); +} + +/* + * Restore the current crypt state. Can only be used after + * bf_crypt_save(). + */ + void +bf_crypt_restore() +{ + randbyte_offset = save_randbyte_offset; + update_offset = save_update_offset; + mch_memmove(ofb_buffer, save_ofb_buffer, BF_OFB_LEN); + mch_memmove(pax, save_pax, 4 * 18); + mch_memmove(sbx, save_sbx, 4 * 4 * 256); +} + /* * Run a test to check if the encryption works as expected. * Give an error and return FAIL when not. diff --git a/src/fileio.c b/src/fileio.c index aad76170ef..b099461675 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -64,7 +64,7 @@ static void check_marks_read __ARGS((void)); #endif #ifdef FEAT_CRYPT static int get_crypt_method __ARGS((char *ptr, int len)); -static char_u *check_for_cryptkey __ARGS((char_u *cryptkey, char_u *ptr, long *sizep, off_t *filesizep, int newfile, int *did_ask)); +static char_u *check_for_cryptkey __ARGS((char_u *cryptkey, char_u *ptr, long *sizep, off_t *filesizep, int newfile, char_u *fname, int *did_ask)); #endif #ifdef UNIX static void set_file_time __ARGS((char_u *fname, time_t atime, time_t mtime)); @@ -995,6 +995,13 @@ retry: #endif } +#ifdef FEAT_CRYPT + if (cryptkey != NULL) + /* Need to reset the state, but keep the key, don't want to ask for it + * again. */ + crypt_pop_state(); +#endif + /* * When retrying with another "fenc" and the first time "fileformat" * will be reset. @@ -1426,7 +1433,8 @@ retry: */ if (filesize == 0) cryptkey = check_for_cryptkey(cryptkey, ptr, &size, - &filesize, newfile, &did_ask_for_key); + &filesize, newfile, sfname, + &did_ask_for_key); /* * Decrypt the read bytes. */ @@ -2277,8 +2285,14 @@ failed: save_file_ff(curbuf); /* remember the current file format */ #ifdef FEAT_CRYPT - if (cryptkey != curbuf->b_p_key) - free_crypt_key(cryptkey); + if (cryptkey != NULL) + { + crypt_pop_state(); + if (cryptkey != curbuf->b_p_key) + free_crypt_key(cryptkey); + /* don't set cryptkey to NULL, it's used below as a flag that + * encryption was used */ + } #endif #ifdef FEAT_MBYTE @@ -2869,12 +2883,13 @@ get_crypt_method(ptr, len) * Return the (new) encryption key, NULL for no encryption. */ static char_u * -check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, did_ask) +check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, fname, did_ask) char_u *cryptkey; /* previous encryption key or NULL */ char_u *ptr; /* pointer to read bytes */ long *sizep; /* length of read bytes */ off_t *filesizep; /* nr of bytes used from file */ int newfile; /* editing a new buffer */ + char_u *fname; /* file name to display */ int *did_ask; /* flag: whether already asked for key */ { int method = get_crypt_method((char *)ptr, *sizep); @@ -2882,7 +2897,6 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, did_ask) if (method >= 0) { curbuf->b_p_cm = method; - use_crypt_method = method; if (method > 0) (void)blowfish_self_test(); if (cryptkey == NULL && !*did_ask) @@ -2895,6 +2909,8 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, did_ask) * option and don't free it. bf needs hash of the key saved. * Don't ask for the key again when first time Enter was hit. * Happens when retrying to detect encoding. */ + smsg((char_u *)_(need_key_msg), fname); + msg_scroll = TRUE; cryptkey = get_crypt_key(newfile, FALSE); *did_ask = TRUE; @@ -2913,6 +2929,8 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, did_ask) int seed_len = crypt_seed_len[method]; int salt_len = crypt_salt_len[method]; + crypt_push_state(); + use_crypt_method = method; if (method == 0) crypt_init_keys(cryptkey); else @@ -2924,7 +2942,8 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, did_ask) /* Remove magic number from the text */ *filesizep += CRYPT_MAGIC_LEN + salt_len + seed_len; *sizep -= CRYPT_MAGIC_LEN + salt_len + seed_len; - mch_memmove(ptr, ptr + CRYPT_MAGIC_LEN + salt_len + seed_len, (size_t)*sizep); + mch_memmove(ptr, ptr + CRYPT_MAGIC_LEN + salt_len + seed_len, + (size_t)*sizep); } } /* When starting to edit a new file which does not have encryption, clear @@ -2956,6 +2975,7 @@ prepare_crypt_read(fp) if (method < 0 || method != curbuf->b_p_cm) return FAIL; + crypt_push_state(); if (method == 0) crypt_init_keys(curbuf->b_p_key); else @@ -2974,6 +2994,8 @@ prepare_crypt_read(fp) /* * Prepare for writing encrypted bytes for buffer "buf". * Returns a pointer to an allocated header of length "*lenp". + * When out of memory returns NULL. + * Otherwise calls crypt_push_state(), call crypt_pop_state() later. */ char_u * prepare_crypt_write(buf, lenp) @@ -2990,6 +3012,7 @@ prepare_crypt_write(buf, lenp) + CRYPT_SEED_LEN_MAX + 2); if (header != NULL) { + crypt_push_state(); use_crypt_method = buf->b_p_cm; /* select pkzip or blowfish */ vim_strncpy(header, (char_u *)crypt_magic[use_crypt_method], CRYPT_MAGIC_LEN); @@ -4404,7 +4427,7 @@ restore_backup: write_info.bw_fd = fd; #ifdef FEAT_CRYPT - if (*buf->b_p_key && !filtering) + if (*buf->b_p_key != NUL && !filtering) { char_u *header; int header_len; @@ -4674,6 +4697,10 @@ restore_backup: if (!backup_copy) mch_set_acl(wfname, acl); #endif +#ifdef FEAT_CRYPT + if (wb_flags & FIO_ENCRYPTED) + crypt_pop_state(); +#endif #if defined(FEAT_MBYTE) && defined(FEAT_EVAL) diff --git a/src/globals.h b/src/globals.h index f4ec25713c..c9bfc1fe87 100644 --- a/src/globals.h +++ b/src/globals.h @@ -1564,6 +1564,10 @@ EXTERN short disallow_gui INIT(= FALSE); EXTERN char top_bot_msg[] INIT(= N_("search hit TOP, continuing at BOTTOM")); EXTERN char bot_top_msg[] INIT(= N_("search hit BOTTOM, continuing at TOP")); +#ifdef FEAT_CRYPT +EXTERN char need_key_msg[] INIT(= N_("Need encryption key for \"%s\"")); +#endif + /* * Comms. with the session manager (XSMP) */ diff --git a/src/main.c b/src/main.c index f4e1fde195..0f29255864 100644 --- a/src/main.c +++ b/src/main.c @@ -595,7 +595,7 @@ main */ if (recoverymode && fname == NULL) { - recover_names(NULL, TRUE, 0); + recover_names(NULL, TRUE, 0, NULL); mch_exit(0); } diff --git a/src/memfile.c b/src/memfile.c index 5412a61456..c6f5fdf8d0 100644 --- a/src/memfile.c +++ b/src/memfile.c @@ -85,6 +85,7 @@ static void mf_ins_free __ARGS((memfile_T *, bhdr_T *)); static bhdr_T *mf_rem_free __ARGS((memfile_T *)); static int mf_read __ARGS((memfile_T *, bhdr_T *)); static int mf_write __ARGS((memfile_T *, bhdr_T *)); +static int mf_write_block __ARGS((memfile_T *mfp, bhdr_T *hp, off_t offset, unsigned size)); static int mf_trans_add __ARGS((memfile_T *, bhdr_T *)); static void mf_do_open __ARGS((memfile_T *, char_u *, int)); @@ -161,6 +162,9 @@ mf_open(fname, flags) mfp->mf_trans[i] = NULL; /* trans lists are empty */ } mfp->mf_page_size = MEMFILE_PAGE_SIZE; +#ifdef FEAT_CRYPT + mfp->mf_old_key = NULL; +#endif #ifdef USE_FSTATFS /* @@ -422,7 +426,7 @@ mf_new(mfp, negative, page_count) } /* - * get existing block 'nr' with 'page_count' pages + * Get existing block "nr" with "page_count" pages. * * Note: The caller should first check a negative nr with mf_trans_del() */ @@ -1050,6 +1054,13 @@ mf_read(mfp, hp) PERROR(_("E295: Read error in swap file")); return FAIL; } + +#ifdef FEAT_CRYPT + /* Decrypt if 'key' is set and this is a data block. */ + if (*mfp->mf_buffer->b_p_key != NUL) + ml_decrypt_data(mfp, hp->bh_data, offset, size); +#endif + return OK; } @@ -1107,8 +1118,7 @@ mf_write(mfp, hp) else page_count = hp2->bh_page_count; size = page_size * page_count; - if ((unsigned)vim_write(mfp->mf_fd, - (hp2 == NULL ? hp : hp2)->bh_data, size) != size) + if (mf_write_block(mfp, hp2 == NULL ? hp : hp2, offset, size) == FAIL) { /* * Avoid repeating the error message, this mostly happens when the @@ -1134,6 +1144,42 @@ mf_write(mfp, hp) } /* + * Write block "hp" with data size "size" to file "mfp->mf_fd". + * Takes care of encryption. + * Return FAIL or OK. + */ + static int +mf_write_block(mfp, hp, offset, size) + memfile_T *mfp; + bhdr_T *hp; + off_t offset UNUSED; + unsigned size; +{ + char_u *data = hp->bh_data; + int result = OK; + +#ifdef FEAT_CRYPT + /* Encrypt if 'key' is set and this is a data block. */ + if (*mfp->mf_buffer->b_p_key != NUL) + { + data = ml_encrypt_data(mfp, data, offset, size); + if (data == NULL) + return FAIL; + } +#endif + + if ((unsigned)vim_write(mfp->mf_fd, data, size) != size) + result = FAIL; + +#ifdef FEAT_CRYPT + if (data != hp->bh_data) + vim_free(data); +#endif + + return result; +} + +/* * Make block number for *hp positive and add it to the translation list * * Return FAIL for failure, OK otherwise @@ -1156,7 +1202,7 @@ mf_trans_add(mfp, hp) return FAIL; /* - * get a new number for the block. + * Get a new number for the block. * If the first item in the free list has sufficient pages, use its number * Otherwise use mf_blocknr_max. */ diff --git a/src/memline.c b/src/memline.c index d9043dce63..75800b15bd 100644 --- a/src/memline.c +++ b/src/memline.c @@ -65,10 +65,12 @@ typedef struct pointer_block PTR_BL; /* contents of a pointer block */ typedef struct data_block DATA_BL; /* contents of a data block */ typedef struct pointer_entry PTR_EN; /* block/line-count pair */ -#define DATA_ID (('d' << 8) + 'a') /* data block id */ -#define PTR_ID (('p' << 8) + 't') /* pointer block id */ -#define BLOCK0_ID0 'b' /* block 0 id 0 */ -#define BLOCK0_ID1 '0' /* block 0 id 1 */ +#define DATA_ID (('d' << 8) + 'a') /* data block id */ +#define PTR_ID (('p' << 8) + 't') /* pointer block id */ +#define BLOCK0_ID0 'b' /* block 0 id 0 */ +#define BLOCK0_ID1 '0' /* block 0 id 1 */ +#define BLOCK0_ID1_C0 'c' /* block 0 id 1 'cm' 0 */ +#define BLOCK0_ID1_C1 'C' /* block 0 id 1 'cm' 1 */ /* * pointer to a block, used in a pointer block @@ -128,7 +130,8 @@ struct data_block #define HEADER_SIZE (sizeof(DATA_BL) - INDEX_SIZE) /* size of data block header */ #define B0_FNAME_SIZE_ORG 900 /* what it was in older versions */ -#define B0_FNAME_SIZE 898 +#define B0_FNAME_SIZE_NOCRYPT 898 /* 2 bytes used for other things */ +#define B0_FNAME_SIZE_CRYPT 890 /* 10 bytes used for other things */ #define B0_UNAME_SIZE 40 #define B0_HNAME_SIZE 40 /* @@ -155,7 +158,8 @@ struct data_block */ struct block0 { - char_u b0_id[2]; /* id for block 0: BLOCK0_ID0 and BLOCK0_ID1 */ + char_u b0_id[2]; /* id for block 0: BLOCK0_ID0 and BLOCK0_ID1, + * BLOCK0_ID1_C0, BLOCK0_ID1_C1 */ char_u b0_version[10]; /* Vim version string */ char_u b0_page_size[4];/* number of bytes per page */ char_u b0_mtime[4]; /* last modification time of file */ @@ -177,12 +181,18 @@ struct block0 * when there is room, for very long file names it's omitted. */ #define B0_DIRTY 0x55 -#define b0_dirty b0_fname[B0_FNAME_SIZE_ORG-1] +#define b0_dirty b0_fname[B0_FNAME_SIZE_ORG - 1] /* * The b0_flags field is new in Vim 7.0. */ -#define b0_flags b0_fname[B0_FNAME_SIZE_ORG-2] +#define b0_flags b0_fname[B0_FNAME_SIZE_ORG - 2] + +/* + * Crypt seed goes here, 8 bytes. New in Vim 7.3. + * Without encryption these bytes may be used for 'fenc'. + */ +#define b0_seed b0_fname[B0_FNAME_SIZE_ORG - 2 - MF_SEED_LEN] /* The lowest two bits contain the fileformat. Zero means it's not set * (compatible with Vim 6.x), otherwise it's EOL_UNIX + 1, EOL_DOS + 1 or @@ -216,7 +226,18 @@ static linenr_T lowest_marked = 0; #define ML_FLUSH 0x02 /* flush locked block */ #define ML_SIMPLE(x) (x & 0x10) /* DEL, INS or FIND */ -static void ml_upd_block0 __ARGS((buf_T *buf, int set_fname)); +/* argument for ml_upd_block0() */ +typedef enum { + UB_FNAME = 0 /* update timestamp and filename */ + , UB_SAME_DIR /* update the B0_SAME_DIR flag */ + , UB_CRYPT /* update crypt key */ +} upd_block0_T; + +#ifdef FEAT_CRYPT +static void ml_set_b0_crypt __ARGS((buf_T *buf, ZERO_BL *b0p)); +#endif +static int ml_check_b0_id __ARGS((ZERO_BL *b0p)); +static void ml_upd_block0 __ARGS((buf_T *buf, upd_block0_T what)); static void set_b0_fname __ARGS((ZERO_BL *, buf_T *buf)); static void set_b0_dir_flag __ARGS((ZERO_BL *b0p, buf_T *buf)); #ifdef FEAT_MBYTE @@ -242,6 +263,9 @@ static long char_to_long __ARGS((char_u *)); #if defined(UNIX) || defined(WIN3264) static char_u *make_percent_swname __ARGS((char_u *dir, char_u *name)); #endif +#ifdef FEAT_CRYPT +static void ml_crypt_prepare __ARGS((memfile_T *mfp, off_t offset, int reading)); +#endif #ifdef FEAT_BYTEOFF static void ml_updatechunk __ARGS((buf_T *buf, long line, long len, int updtype)); #endif @@ -264,7 +288,7 @@ ml_open(buf) /* * init fields in memline struct */ - buf->b_ml.ml_stack_size = 0; /* no stack yet */ + buf->b_ml.ml_stack_size = 0; /* no stack yet */ buf->b_ml.ml_stack = NULL; /* no stack yet */ buf->b_ml.ml_stack_top = 0; /* nothing in the stack */ buf->b_ml.ml_locked = NULL; /* no cached block */ @@ -289,6 +313,9 @@ ml_open(buf) goto error; buf->b_ml.ml_mfp = mfp; +#ifdef FEAT_CRYPT + mfp->mf_buffer = buf; +#endif buf->b_ml.ml_flags = ML_EMPTY; buf->b_ml.ml_line_count = 1; #ifdef FEAT_LINEBREAK @@ -336,12 +363,16 @@ ml_open(buf) mch_get_host_name(b0p->b0_hname, B0_HNAME_SIZE); b0p->b0_hname[B0_HNAME_SIZE - 1] = NUL; long_to_char(mch_get_pid(), b0p->b0_pid); +#ifdef FEAT_CRYPT + if (*buf->b_p_key != NUL) + ml_set_b0_crypt(buf, b0p); +#endif } /* * Always sync block number 0 to disk, so we can check the file name in - * the swap file in findswapname(). Don't do this for help files though - * and spell buffer though. + * the swap file in findswapname(). Don't do this for a help files or + * a spell buffer though. * Only works when there's a swapfile, otherwise it's done when the file * is created. */ @@ -397,6 +428,165 @@ error: return FAIL; } +#if defined(FEAT_CRYPT) || defined(PROTO) +/* + * Prepare encryption for "buf" with block 0 "b0p". + */ + static void +ml_set_b0_crypt(buf, b0p) + buf_T *buf; + ZERO_BL *b0p; +{ + if (*buf->b_p_key == NUL) + b0p->b0_id[1] = BLOCK0_ID1; + else + { + if (buf->b_p_cm == 0) + b0p->b0_id[1] = BLOCK0_ID1_C0; + else + { + b0p->b0_id[1] = BLOCK0_ID1_C1; + /* Generate a seed and store it in block 0 and in the memfile. */ + sha2_seed(&b0p->b0_seed, MF_SEED_LEN, NULL, 0); + mch_memmove(buf->b_ml.ml_mfp->mf_seed, &b0p->b0_seed, MF_SEED_LEN); + } + } +} + +/* + * Called after the crypt key or 'cryptmethod' was changed for "buf". + * Will apply this to the swapfile. + * "old_key" is the previous key. It is equal to buf->b_p_key when + * 'cryptmethod' is changed. + * "old_cm" is the previous 'cryptmethod'. It is equal to buf->b_p_cm when + * 'key' is changed. + */ + void +ml_set_crypt_key(buf, old_key, old_cm) + buf_T *buf; + char_u *old_key; + int old_cm; +{ + memfile_T *mfp = buf->b_ml.ml_mfp; + bhdr_T *hp; + int page_count; + int idx; + long error; + infoptr_T *ip; + PTR_BL *pp; + DATA_BL *dp; + blocknr_T bnum; + int top; + + if (mfp == NULL || mfp->mf_fd < 0) + return; /* no memfile yet, nothing to do */ + + /* Set the key, method and seed to be used for reading, these must be the + * old values. */ + mfp->mf_old_key = old_key; + mfp->mf_old_cm = old_cm; + if (old_cm > 0) + mch_memmove(mfp->mf_old_seed, mfp->mf_seed, MF_SEED_LEN); + + /* Update block 0 with the crypt flag and may set a new seed. */ + ml_upd_block0(buf, UB_CRYPT); + + if (mfp->mf_infile_count > 2) + { + /* + * Need to read back all data blocks from disk, decrypt them with the + * old key/method and mark them to be written. The algorithm is + * similar to what happens in ml_recover(), but we skip negative block + * numbers. + */ + ml_flush_line(buf); /* flush buffered line */ + (void)ml_find_line(buf, (linenr_T)0, ML_FLUSH); /* flush locked block */ + + hp = NULL; + bnum = 1; /* start with block 1 */ + page_count = 1; /* which is 1 page */ + idx = 0; /* start with first index in block 1 */ + error = 0; + buf->b_ml.ml_stack_top = 0; + buf->b_ml.ml_stack = NULL; + buf->b_ml.ml_stack_size = 0; /* no stack yet */ + + for ( ; !got_int; line_breakcheck()) + { + if (hp != NULL) + mf_put(mfp, hp, FALSE, FALSE); /* release previous block */ + + /* get the block (pointer or data) */ + if ((hp = mf_get(mfp, (blocknr_T)bnum, page_count)) == NULL) + { + if (bnum == 1) + break; + ++error; + } + else + { + pp = (PTR_BL *)(hp->bh_data); + if (pp->pb_id == PTR_ID) /* it is a pointer block */ + { + if (pp->pb_count == 0) + { + /* empty block? */ + ++error; + } + else if (idx < (int)pp->pb_count) /* go a block deeper */ + { + if (pp->pb_pointer[idx].pe_bnum < 0) + { + /* Skip data block with negative block number. */ + ++idx; /* get same block again for next index */ + continue; + } + + /* going one b |