Permalink
Browse files

Crypt the swapfile.

--HG--
branch : vim73
  • Loading branch information...
1 parent b89b824 commit 1a0457e4311ee1c222323d3be53f6fba607a8395 @brammool brammool committed Jun 21, 2010
@@ -1332,10 +1332,12 @@ There are a few things to remember when editing binary files:
Vim is able to write files encrypted, and read them back. The encrypted text
cannot be read without the right key.
-Note: The swapfile and text in memory is not encrypted. A system
-administrator will be able to see your text while you are editing it.
-When filtering text with ":!filter" or using ":w !command" the text is not
-encrypted, this may reveal it to others.
+The text in the swap file and the undo file is also encrypted.
+
+Note: The text in memory is not encrypted. A system administrator may be able
+to see your text while you are editing it. When filtering text with
+":!filter" or using ":w !command" the text is not encrypted, this may reveal
+it to others. The 'viminfo' file is not encrypted.
WARNING: If you make a typo when entering the key and then write the file and
exit, the text will be lost!
@@ -119,9 +119,9 @@ Help on help files *helphelp*
*:lh* *:lhelpgrep*
:lh[elpgrep] {pattern}[@xx]
Same as ":helpgrep", except the location list is used
- instead of the quickfix list. If the help window is
+ instead of the quickfix list. If the help window is
already opened, then the location list for that window
- is used. Otherwise, a new help window is opened and
+ is used. Otherwise, a new help window is opened and
the location list for that window is set. The
location list for the current window is not changed.
@@ -281,9 +281,9 @@ The first line in a help file should have the following format:
*helpfile_name.txt* For Vim version 7.3 Last change: 2010 June 4
-The first field is a link to the help file name. The second field describes
-the applicable Vim version. The last field specifies the last modification
-date of the file. Each field is separated by a tab.
+The first field is a link to the help file name. The second field describes
+the applicable Vim version. The last field specifies the last modification
+date of the file. Each field is separated by a tab.
At the bottom of the help file, place a Vim modeline to set the 'textwidth'
and 'tabstop' options and the 'filetype' to 'help'. Never set a global option
@@ -295,30 +295,30 @@ TAGS
To define a help tag, place the name between asterisks (*tag-name*). The
tag-name should be different from all the Vim help tag names and ideally
-should begin with the name of the Vim plugin. The tag name is usually right
+should begin with the name of the Vim plugin. The tag name is usually right
aligned on a line.
When referring to an existing help tag and to create a hot-link, place the
name between two bars (|) eg. |help-writing|.
When referring to a Vim option in the help file, place the option name between
-two single quotes. eg. 'statusline'
+two single quotes, eg. 'statusline'
HIGHLIGHTING
-To define a column heading, use a tilde character at the end of the line. This
-will highlight the column heading in a different color. E.g.
+To define a column heading, use a tilde character at the end of the line.
+This will highlight the column heading in a different color. E.g.
Column heading~
To separate sections in a help file, place a series of '=' characters in a
-line starting from the first column. The section separator line is highlighted
+line starting from the first column. The section separator line is highlighted
differently.
To quote a block of ex-commands verbatim, place a greater than (>) character
at the end of the line before the block and a less than (<) character as the
-first non-blank on a line following the block. Any line starting in column 1
+first non-blank on a line following the block. Any line starting in column 1
also implicitly stops the block of ex-commands before it. E.g. >
function Example_Func()
echo "Example"
@@ -188,4 +188,43 @@ will continue to get warning messages that the ".swp" file already exists.
{Vi: recovers in another way and sends mail if there is something to recover}
+
+ENCRYPTION AND THE SWAP FILE *:recover-crypt*
+
+When the text file is encrypted the swap file is encrypted as well. This
+makes recovery a bit more complicated. When recovering from a swap file and
+encryption has been used, you will be asked to enter one or two crypt keys.
+
+If the text file does not exist you will only be asked to enter the crypt key
+for the swap file.
+
+If the text file does exist, it may be encrypted in a different way than the
+swap file. You will be asked for the crypt key twice:
+
+ Need encryption key for "/tmp/tt" ~
+ Enter encryption key: ****** ~
+ "/tmp/tt" [crypted] 23200L, 522129C ~
+ Using swap file "/tmp/.tt.swp" ~
+ Original file "/tmp/tt" ~
+ Swap file is encrypted: "/tmp/.tt.swp" ~
+ If you entered a new crypt key but did not write the text file, ~
+ enter the new crypt key. ~
+ If you wrote the text file after changing the crypt key press enter ~
+ to use the same key for text file and swap file ~
+ Enter encryption key: ~
+
+You can be in one of these two situations:
+
+1. The encryption key was not changed, or after changing the key the text file
+ was written. You will be prompted for the crypt key twice. The second
+ time you can simply press Enter. That means the same key is used for the
+ text file and the swap file.
+2. You entered a new encryption key, but did not save the text file. Vim will
+ then use the new key for the swap file, and the text file will still be
+ encrypted with the old key. At the second prompt enter the new key.
+
+Note that after recovery the key of the swap file will be used for the text
+file. Thus if you write the text file, you need to use that new key.
+
+
vim:tw=78:ts=8:ft=help:norl:
View
@@ -2577,6 +2577,7 @@ $VIMRUNTIME starting.txt /*$VIMRUNTIME*
:read! insert.txt /*:read!*
:rec recover.txt /*:rec*
:recover recover.txt /*:recover*
+:recover-crypt recover.txt /*:recover-crypt*
:red undo.txt /*:red*
:redi various.txt /*:redi*
:redir various.txt /*:redir*
@@ -6914,7 +6915,6 @@ os_unix.txt os_unix.txt /*os_unix.txt*
os_vms.txt os_vms.txt /*os_vms.txt*
os_win32.txt os_win32.txt /*os_win32.txt*
other-features vi_diff.txt /*other-features*
-ownsyntax eval.txt /*ownsyntax*
p change.txt /*p*
page-down intro.txt /*page-down*
page-up intro.txt /*page-up*
@@ -8220,7 +8220,7 @@ vt100-cursor-keys term.txt /*vt100-cursor-keys*
vt100-function-keys term.txt /*vt100-function-keys*
w motion.txt /*w*
w32-clientserver remote.txt /*w32-clientserver*
-w:ownsyntax-variable eval.txt /*w:ownsyntax-variable*
+w:current_syntax syntax.txt /*w:current_syntax*
w:var eval.txt /*w:var*
warningmsg-variable eval.txt /*warningmsg-variable*
white-space pattern.txt /*white-space*
View
@@ -1088,18 +1088,16 @@ Vim 7.3:
- using NSIS 2.46: install on Windows 7 works, but no "Edit with Vim" menu.
Use register_shell_extension()? (George Reilly, 2010 May 26)
Ron's version: http://dev.ronware.org/p/vim/finfo?name=gvim.nsi
-- Also crypt the swap file, each block separately. Change mf_write() and
- mf_read().
- - How to get b_p_key to these functions? -> Store buf_T pointer in mfp.
- - Generate a salt and seed for the swapfile, put it in block 0.
- - For each block, use password + seed + byte offset to crypt/decrypt.
- - When changing the password need to read back with the old password and
- write again with the new one.
- - Fill the gaps in the block with random bytes, otherwise it's easy to
- check for correct password by finding NUL bytes.
- - Verify recovery works.
+- Also crypt the swap file, each block separately:
+ - When changing the password or 'cryptmethod' need to read back with the
+ old password and write again with the new one.
+ Problem: when the file is not written, key differs between text file and
+ swap file!
+- Patch for :ownsyntax completion (Dominique Pelle, 2010 Jun 20)
- Patch for conceal feature and 'foldcolumn'. (Dominique Pelle, 2010 Jun 10,
second patch)
+ Also patch from Vince, 2010 Jun 15. And another June 16.
+ However: more generic patch on the way.
- patch for conceal feature and 'modifiable'. (Dominique Pelle, 2010 Jun 9)
- undofile: keep markers where the file was written/read, so that it's easy to
go back to a saved version of the file: ":earlier 1f" (f for file)?
@@ -1110,15 +1108,17 @@ Vim 7.3:
dictionary: {'nr': 2, 'time': 1234, 'saved': 1}
- Remove support for GTK 1? Patch by James Vega, Jun 11.
Patches to include:
+- Patch for X clibboard CurrentTime, (Fries, 2010 Jun 20)
- Patch for Lisp support with ECL (Mikael Jansson, 2008 Oct 25)
- Minor patches from Dominique Pelle, 2010 May 15
- Gvimext patch to support wide file names. (Szabolcs Horvat 2008 Sep 10)
- Patch to support netbeans for Mac. (Kazuki Sakamoto, 2009 Jun 25)
- Patch to support clipboard for Mac terminal. (Jjgod Jiang, 2009 Aug 1)
- Patch to support :browse for more commands. (Lech Lorens, 2009 Jul 18)
- Patch to improve javascript indenting. (Hari Kumar G, 2010 May 22)
+- Patch to use return value of 'formatexpr'. (James Vega, 2010 Jun 16)
- Patch to make CTRL-L work better with 'ignorecase' and 'smarcase'. (Martin
- Toft, 2010 Jun 8)
+ Toft, 2010 Jun 8, Jun 16)
- Patch to add diff functionality to 2html.vim. (Christian Brabandt, 2009 Dec
15)
- Win32: patch for better font scaling. (George Reilly, 2009 Mar 26)
@@ -283,6 +283,8 @@ machines. Therefore, don't rely on Vim always warning you.
If you really don't want to see this message, you can add the 'A' flag to the
'shortmess' option. But it's very unusual that you need this.
+For remarks about encryption and the swap file, see |:recover-crypt|.
+
==============================================================================
*11.4* Further reading
@@ -270,7 +270,7 @@ if !exists("c_no_c99") " ISO C99
endif
" Accept %: for # (C99)
-syn region cPreCondit start="^\s*\(%:\|#\)\s*\(if\|ifdef\|ifndef\|elif\)\>" skip="\\$" end="$" contains=cComment,cCommentL,cCppString,cCharacter,cCppParen,cParenError,cNumbers,cCommentError,cSpaceError
+syn region cPreCondit start="^\s*\(%:\|#\)\s*\(if\|ifdef\|ifndef\|elif\)\>" skip="\\$" end="$" keepend contains=cComment,cCommentL,cCppString,cCharacter,cCppParen,cParenError,cNumbers,cCommentError,cSpaceError
syn match cPreCondit display "^\s*\(%:\|#\)\s*\(else\|endif\)\>"
if !exists("c_no_if0")
if !exists("c_no_if0_fold")
View
@@ -436,13 +436,7 @@ bf_key_init(password, salt, salt_len)
key[i] = j;
}
- for (i = 0; i < 256; ++i)
- {
- sbx[0][i] = sbi[0][i];
- sbx[1][i] = sbi[1][i];
- sbx[2][i] = sbi[2][i];
- sbx[3][i] = sbi[3][i];
- }
+ mch_memmove(sbx, sbi, 4 * 4 * 256);
for (i = 0; i < 18; ++i)
{
@@ -655,6 +649,40 @@ bf_crypt_init_keys(passwd)
}
}
+static int save_randbyte_offset;
+static int save_update_offset;
+static char_u save_ofb_buffer[BF_OFB_LEN];
+static UINT32_T save_pax[18];
+static UINT32_T save_sbx[4][256];
+
+/*
+ * Save the current crypt state. Can only be used once before
+ * bf_crypt_restore().
+ */
+ void
+bf_crypt_save()
+{
+ save_randbyte_offset = randbyte_offset;
+ save_update_offset = update_offset;
+ mch_memmove(save_ofb_buffer, ofb_buffer, BF_OFB_LEN);
+ mch_memmove(save_pax, pax, 4 * 18);
+ mch_memmove(save_sbx, sbx, 4 * 4 * 256);
+}
+
+/*
+ * Restore the current crypt state. Can only be used after
+ * bf_crypt_save().
+ */
+ void
+bf_crypt_restore()
+{
+ randbyte_offset = save_randbyte_offset;
+ update_offset = save_update_offset;
+ mch_memmove(ofb_buffer, save_ofb_buffer, BF_OFB_LEN);
+ mch_memmove(pax, save_pax, 4 * 18);
+ mch_memmove(sbx, save_sbx, 4 * 4 * 256);
+}
+
/*
* Run a test to check if the encryption works as expected.
* Give an error and return FAIL when not.
Oops, something went wrong.

0 comments on commit 1a0457e

Please sign in to comment.