From 801e0569fd52df9b41be70fb7cba8957f08e2c67 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Mon, 21 Nov 2016 18:11:50 +0000
Subject: [PATCH] Leading and trailing padding on stored passwords

To ensure that identical passwords have differing cyphertext
---
 src/freedombone-pass | 41 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-pass b/src/freedombone-pass
index 0cca78f37..55fc66bd0 100755
--- a/src/freedombone-pass
+++ b/src/freedombone-pass
@@ -48,6 +48,7 @@ REMOVE_USERNAME=
 CURR_APP=
 REMOVE_APP=
 CURR_PASSWORD=""
+TESTS=
 
 function get_backup_key_id {
     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | \
@@ -90,7 +91,35 @@ function pass_show_help {
 }
 
 function pad_string {
-    echo -n -e "$1" | sed -e :a -e 's/^.\{1,128\}$/& /;ta'
+    pass_string="$1"
+    str_length=${#pass_string}
+    total_padding=$((128 - str_length))
+    leading_padding=$((1 + RANDOM % $total_padding))
+    trailing_padding=$((total_padding - leading_padding))
+    leading=printf "%-${leading_padding}s"
+    trailing=printf "%-${trailing_padding}s"
+    echo "${leading}${pass_string}${trailing}"
+}
+
+function remove_padding {
+    padded_string="$1"
+    echo -e "${padded_string}" | tr -d '[:space:]'
+}
+
+function run_tests {
+    pass="SuperSecretPassword"
+    padded=$(pad_string "$pass")
+    echo "|${padded}|"
+    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
+    returned_pass=$(${PROJECT_NAME}-pass -u root -a tests)
+    if [[ "$pass" != "$returned_pass" ]]; then
+        echo "pass     :${pass}:"
+        echo "padded   :${padded}:"
+        echo "returned :${pass}:"
+        exit 73825
+    fi
+    ${PROJECT_NAME}-pass -u root --rmapp tests
+    echo "Tests passed"
 }
 
 while [[ $# > 1 ]]
@@ -101,6 +130,9 @@ do
         -h|--help)
             pass_show_help
             ;;
+        -t|--test)
+            TESTS=1
+            ;;
         -u|--user|--username)
             shift
             CURR_USERNAME="${1}"
@@ -140,6 +172,11 @@ get_backup_key_id
 # Use the backups private key as a symmetric passphrase
 MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID | sed '/---/d' | sed '/Version/d' | sed '/^$/d')
 
+if [ $TESTS ]; then
+    run_tests
+    exit 0
+fi
+
 if [ ! $CURR_USERNAME ]; then
     echo $'Error: No username given'
     exit 1
@@ -171,7 +208,7 @@ if [ ${#CURR_PASSWORD} -eq 0 ]; then
         exit 4
     else
         pass=$(gpg -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
-        echo "${pass}" | xargs
+        remove_padding "${pass}"
     fi
 else
     # store password
-- 
GitLab