fix encoding bug

Author: itn3000

DotNet.Ansible.Vault.Decoder.Test/CodecTest.cs

@@ -0,0 +1,32 @@
+using System;
+using System.Linq;
+using Xunit;
+using dotnet_ansible_vault_decoder;
+using System.Text;
+using System.IO;
+
+namespace DotNet.Ansible.Vault.Decoder.Test
+{
+    public class CodecTest
+    {
+        [Fact]
+        public void EncodeTest()
+        {
+            var codec = new AnsibleVaultCodec();
+            var data = new byte[128];
+            var salt = Enumerable.Range(0, 32).Select(i => (byte)((i * 2) & 0xff)).ToArray();
+            var pass = Enumerable.Range(0, 16).Select(i => (byte)(i & 0xff)).ToArray();
+            var sb = new StringBuilder();
+            using(var sw = new StringWriter(sb))
+            {
+                codec.Encode(data, pass, salt, sw, "moge", 80);
+            }
+            using(var sr = new StringReader(sb.ToString()))
+            using(var mstm = new MemoryStream())
+            {
+                codec.Decode(sr, pass, mstm);
+                Assert.Equal(data, mstm.ToArray());
+            }
+        }
+    }
+}

DotNet.Ansible.Vault.Decoder.Test/DotNet.Ansible.Vault.Decoder.Test.csproj

@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  
+  <PropertyGroup>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <LangVersion>7.3</LangVersion>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+  
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.0.1" />
+    <PackageReference Include="xunit" Version="2.4.0" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.0" />
+    <ProjectReference Include="../dotnet-ansible-vault-decoder/dotnet-ansible-vault-decoder.csproj" />
+    <PackageReference Include="Portable.BouncyCastle" Version="1.8.5" />
+  </ItemGroup>
+  
+</Project>

LICENSE.txt

@@ -0,0 +1,11 @@
+
+
+MIT License
+
+Copyright (c) 2019 itn3000
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

dotnet-ansible-vault-decoder/AnsibleVaultFile.cs

@@ -63,13 +63,15 @@ public static void Save(AnsibleVaultFile f, TextWriter output, string label, int
             {
                 output.WriteLine($"{AnsibleVaultSignature};{f.Version};{f.Algorithm};{f.Label}");
             }
-            var data = new byte[f.Salt.Length + f.ExpectedHMac.Length + f.EncryptedBytes.Length + 2];
+            var data = new byte[f.Salt.Length * 2 + f.ExpectedHMac.Length * 2 + f.EncryptedBytes.Length * 2 + 2];
             var dataSpan = data.AsSpan();
-            f.Salt.AsSpan().CopyTo(dataSpan);
-            dataSpan[f.Salt.Length] = 0x0a;
-            f.ExpectedHMac.AsSpan().CopyTo(dataSpan.Slice(f.Salt.Length + 1));
-            dataSpan[f.Salt.Length + 1 + f.ExpectedHMac.Length] = 0x0a;
-            f.EncryptedBytes.AsSpan().CopyTo(dataSpan.Slice(f.Salt.Length + f.ExpectedHMac.Length + 2));
+            Encoding.ASCII.GetBytes(ByteUtil.ConvertToHexString(f.Salt)).AsSpan().CopyTo(dataSpan);
+            dataSpan[f.Salt.Length * 2] = 0x0a;
+
+            Encoding.ASCII.GetBytes(ByteUtil.ConvertToHexString(f.ExpectedHMac)).AsSpan().CopyTo(dataSpan.Slice(f.Salt.Length * 2 + 1));
+            dataSpan[f.Salt.Length * 2 + 1 + f.ExpectedHMac.Length * 2] = 0x0a;
+
+            Encoding.ASCII.GetBytes(ByteUtil.ConvertToHexString(f.EncryptedBytes)).AsSpan().CopyTo(dataSpan.Slice(f.Salt.Length * 2 + f.ExpectedHMac.Length * 2 + 2));
             Span<char> buffer = stackalloc char[width];
             while (!dataSpan.IsEmpty)
             {

dotnet-ansible-vault-decoder/ArgumentUtil.cs

@@ -0,0 +1,87 @@
+using System;
+using System.Text;
+using System.IO;
+
+namespace dotnet_ansible_vault_decoder
+{
+    static class ArgumentUtil
+    {
+        public static Stream GetInputStream(string filePath)
+        {
+            if (!string.IsNullOrEmpty(filePath))
+            {
+                return File.OpenRead(filePath);
+            }
+            else
+            {
+                return Console.OpenStandardInput();
+            }
+        }
+        public static Stream GetOutputStream(string filePath, bool truncate)
+        {
+            if (!string.IsNullOrEmpty(filePath))
+            {
+                if (truncate)
+                {
+                    return File.Create(filePath);
+                }
+                else
+                {
+                    var ret = File.OpenWrite(filePath);
+                    ret.Seek(0, SeekOrigin.End);
+                    return ret;
+                }
+            }
+            else
+            {
+                return Console.OpenStandardOutput();
+            }
+        }
+        public static byte[] GetPassword(string password, string passfile, string passenv)
+        {
+            if (!string.IsNullOrEmpty(password))
+            {
+                return Encoding.UTF8.GetBytes(password);
+            }
+            else if(!string.IsNullOrEmpty(passenv))
+            {
+                return Encoding.UTF8.GetBytes(Environment.GetEnvironmentVariable(passenv));
+            }
+            else if(!string.IsNullOrEmpty(passfile))
+            {
+                using(var sr = File.OpenText(passfile))
+                {
+                    var l = sr.ReadLine();
+                    return Encoding.UTF8.GetBytes(l.Trim());
+                }
+            }
+            else
+            {
+                throw new ArgumentException("you must set either password, passfile, passenv");
+            }
+        }
+        public static string EolOptionToEolString(string eol)
+        {
+            if (string.IsNullOrEmpty(eol))
+            {
+                return null;
+            }
+            if (eol.Equals("crlf", StringComparison.OrdinalIgnoreCase))
+            {
+                return "\r\n";
+            }
+            else if (eol.Equals("lf", StringComparison.OrdinalIgnoreCase))
+            {
+                return "\n";
+            }
+            else if (eol.Equals("cr", StringComparison.OrdinalIgnoreCase))
+            {
+                return "\r";
+            }
+            else
+            {
+                return null;
+            }
+        }
+    }
+}

dotnet-ansible-vault-decoder/ByteUtil.cs

@@ -21,7 +21,7 @@ public static byte ConvertToByte(char sp)
             }
             else
             {
-                throw new Exception($"invalid value:{sp}");
+                throw new Exception($"invalid value:{sp}({(int)sp})");
             }
         }
         public static byte[] ConvertToBytes(ArraySegment<string> lines)
@@ -63,7 +63,7 @@ static char ByteToHexChar(byte b)
             }
             else
             {
-                throw new ArgumentOutOfRangeException($"invalid byte value:{b}");
+                throw new ArgumentOutOfRangeException($"invalid byte value:{(int)b}");
             }
         }
         public static void ConvertToHexChars(ReadOnlySpan<byte> data, Span<char> dest)
@@ -78,5 +78,16 @@ public static void ConvertToHexChars(ReadOnlySpan<byte> data, Span<char> dest)
                 dest[i * 2 + 1] = ByteToHexChar((byte)(data[i] & 0xf));
             }
         }
+        public static string ConvertToHexString(ReadOnlySpan<byte> data)
+        {
+            return string.Create(data.Length * 2, data.ToArray(), (c, state) =>
+            {
+                for(int i = 0;i<state.Length;i++)
+                {
+                    c[i * 2] = ByteToHexChar((byte)(state[i] >> 4));
+                    c[i * 2 + 1] = ByteToHexChar((byte)(state[i] & 0xf));
+                }
+            });
+        }
     }
 }

dotnet-ansible-vault-decoder/DecodeCommand.cs

@@ -0,0 +1,47 @@
+using System;
+using System.IO;
+using System.Collections.Generic;
+using McMaster.Extensions.CommandLineUtils;
+using System.Security.Cryptography;
+using System.Text;
+using System.Linq;
+
+namespace dotnet_ansible_vault_decoder
+{
+    [Command("decode", "decoding ansible vault data")]
+    class DecodeCommand
+    {
+        [Option("-i|--input", "input data file(default stdin)", CommandOptionType.SingleValue)]
+        public string FilePath { get; set; }
+        [Option("-o|--output", "output file path(default stdout)", CommandOptionType.SingleValue)]
+        public string OutputPath { get; set; }
+        [Option("-p|--password", "encryption password, if not set, input via prompt", CommandOptionType.SingleValue)]
+        public string Password { get; set; }
+        [Option("--passfile", "password file(using first line, trailing whitespace will be trimmed", CommandOptionType.SingleValue)]
+        public string Passfile { get; set; }
+        [Option("--passenv", "get password from environment variable", CommandOptionType.SingleValue)]
+        public string PassEnv { get; set; }
+        public int OnExecute()
+        {
+            try
+            {
+                var codec = new AnsibleVaultCodec();
+                using (var stm = ArgumentUtil.GetInputStream(FilePath))
+                using (var ostm = ArgumentUtil.GetOutputStream(OutputPath, true))
+                {
+                    using (var sr = new StreamReader(stm, Encoding.UTF8))
+                    {
+                        codec.Decode(sr, ArgumentUtil.GetPassword(Password, Passfile, PassEnv), ostm);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                Console.Error.WriteLine($"decoding error: {e}");
+                return 1;
+            }
+            return 0;
+        }
+
+    }
+}

dotnet-ansible-vault-decoder/EncodeCommand.cs

@@ -0,0 +1,76 @@
+using System;
+using System.IO;
+using System.Collections.Generic;
+using McMaster.Extensions.CommandLineUtils;
+using System.Security.Cryptography;
+using System.Text;
+using System.Linq;
+
+namespace dotnet_ansible_vault_decoder
+{
+    [Command("encode", "encoding to encrypted ansible vault")]
+    class EncodeCommand
+    {
+        [Option("-i|--input", "input data file(default stdin)", CommandOptionType.SingleValue)]
+        public string FilePath { get; set; }
+        [Option("-o|--output", "output file path(default stdout)", CommandOptionType.SingleValue)]
+        public string OutputPath { get; set; }
+        [Option("-e|--eol", "output end of line(cr, crlf, lf, if not set, using system default value)", CommandOptionType.SingleValue)]
+        public string EndOfLine { get; set; }
+        [Option("-p|--password", "encryption password, if not set, input via prompt", CommandOptionType.SingleValue)]
+        public string Password { get; set; }
+        [Option("--passfile", "password file(using first line, trailing whitespace will be trimmed", CommandOptionType.SingleValue)]
+        public string Passfile { get; set; }
+        [Option("--passenv", "get password from environment variable", CommandOptionType.SingleValue)]
+        public string PassEnv { get; set; }
+        [Option("-l|--label", "vault label", CommandOptionType.SingleValue)]
+        public string Label { get; set; }
+        public int OnExecute()
+        {
+            try
+            {
+                var codec = new AnsibleVaultCodec();
+                using (var stm = ArgumentUtil.GetInputStream(FilePath))
+                using (var ostm = ArgumentUtil.GetOutputStream(OutputPath, true))
+                {
+                    using (var sw = new StreamWriter(ostm, new UTF8Encoding(false)))
+                    {
+                        var lst = new List<byte>();
+                        var buf = new byte[4096];
+                        while (true)
+                        {
+                            var bytesread = stm.Read(buf, 0, 4096);
+                            if (bytesread <= 0)
+                            {
+                                break;
+                            }
+                            lst.AddRange(buf.Take(bytesread));
+                        }
+                        var eolString = ArgumentUtil.EolOptionToEolString(EndOfLine);
+                        if (eolString != null)
+                        {
+                            sw.NewLine = eolString;
+                        }
+                        codec.Encode(lst.ToArray(), ArgumentUtil.GetPassword(Password, Passfile, PassEnv), CreateSalt(), sw, Label, 80);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                Console.Error.WriteLine($"error in encoding: {e}");
+                return 1;
+            }
+            return 0;
+        }
+        byte[] CreateSalt()
+        {
+            using (var rng = RandomNumberGenerator.Create())
+            {
+                var data = new byte[32];
+                rng.GetBytes(data);
+                return data;
+            }
+        }
+    }
+
+}