port some more global variables

Author: schiele

git-incrypt

@@ -46,8 +46,9 @@ plugin.decryptrefname.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
 plugin.set_option.argtypes = [ctypes.c_char_p, ctypes.c_size_t,
                               ctypes.c_char_p]
 plugin.geturl.restype = ctypes.c_char_p
+plugin.getprefix.restype = ctypes.c_char_p
 plugin.hashdata.argtypes = [ctypes.c_void_p, ctypes.c_size_t, ctypes.c_void_p]
-plugin.hashdatahex.argtypes = [ctypes.c_void_p, ctypes.c_size_t]
+plugin.hashdatahex.argtypes = [ctypes.c_void_p, ctypes.c_size_t, ctypes.c_char_p]
 plugin.hashdatahex.restype = ctypes.c_char_p
 plugin.globalinit.argtypes = [ctypes.c_char_p]
 
@@ -72,14 +73,6 @@ if not hasattr(pygit2.enums, 'ObjectType'):
         TAG = pygit2._pygit2.GIT_OBJ_TAG
     pygit2.enums.ObjectType = ObjectType
 
-CRYPTREADME = '''# 401 Unauthorized
-
-This is an encrypted git repository.  You can clone it, but you will not be
-able to see the contents of the commits.  If you have the right key, you can
-decrypt the repository using
-[git-incrypt](https://github.com/schiele/git-incrypt).
-'''
-
 
 def encryptdata(data: bytes, key: bytes) -> (bytes, bytes):
     'encrypt raw data'
@@ -132,7 +125,9 @@ def sha1(data):
 
 def sha1hex(data):
     'sha1 hash of data'
-    return plugin.hashdatahex(data, len(data)).decode('utf-8')
+    output = ctypes.create_string_buffer(41)
+    poutput = ctypes.c_char_p(ctypes.addressof(output))
+    return plugin.hashdatahex(data, len(data), poutput).decode('utf-8')
 
 
 # pylint: disable=pointless-string-statement
@@ -163,18 +158,17 @@ class CryptRepo:
     def __init__(self, clearname, url, init=None, forcetrust=False):
         assert clearname, 'This does not work yet outside a git repository'
         plugin.globalinit(url.encode('utf-8'))
-        self.prefix = f'refs/incrypt/{sha1hex(plugin.geturl())}/'
         if init:
             self.repo = pygit2.init_repository(clearname, bare=True)
             template = self._mktemplate(init.name, init.email,
                                         init.date, init.m)
-            self.meta = MetaData(self.repo, self.prefix + '1/').init(
+            self.meta = MetaData(self.repo).init(
                 init.keys, template, 'refs/heads/master')
             self.trust(force=True, sign=True)
         else:
             self.repo = pygit2.Repository(clearname)
             self._fetch('_')
-            self.meta = MetaData(self.repo, self.prefix + '1/').read()
+            self.meta = MetaData(self.repo).read()
             if forcetrust:
                 self.trust(force=forcetrust)
 
@@ -250,7 +244,7 @@ class CryptRepo:
              CryptRepo.verbosityflags[plugin.getverbosity()],
              '--progress' if plugin.getprogress() else '--no-progress',
              '--no-write-fetch-head', '-p', plugin.geturl().decode('utf-8'),
-             f'+refs/heads/{pattern}:{self.prefix}1/{pattern}'],
+             f'+refs/heads/{pattern}:{plugin.getprefix().decode("utf-8")}1/{pattern}'],
             cwd=self.repo.path, check=True, stdout=sys.stderr)
 
     def trust(self, force=False, sign=False):
@@ -260,7 +254,7 @@ class CryptRepo:
         else:
             try:
                 expectedhash = self.repo.revparse_single(
-                    self.prefix +
+                    plugin.getprefix().decode('utf-8') +
                     'keyhash').tree['_'].read_raw().decode('utf-8')
             except KeyError:
                 expectedhash = None
@@ -279,7 +273,8 @@ class CryptRepo:
         colid = collector.write()
         commit = self.meta.secretcommit(
                 colid, [])
-        self.repo.create_reference(self.prefix + 'keyhash', commit, force=True)
+        self.repo.create_reference(
+            plugin.getprefix().decode('utf-8') + 'keyhash', commit, force=True)
 
     def getrefs(self):
         'list all cleartext references'
@@ -291,11 +286,11 @@ class CryptRepo:
         self.meta.read()
         self.trust()
         # [ dec(crypt) , prefdec(crypt), crypt ]
-        refs = [[r[0], self.prefix + '0/' + r[0],
+        refs = [[r[0], plugin.getprefix().decode('utf-8') + '0/' + r[0],
                  self.repo.revparse_single(r[1])]
                 for r in [[decryptrefname(r, self.meta.key), r] for r in
-                          filter(lambda r: len(r) > len(self.prefix)+3 and
-                                 r.startswith(self.prefix + '1/'),
+                          filter(lambda r: len(r) > len(plugin.getprefix().decode('utf-8'))+3 and
+                                 r.startswith(plugin.getprefix().decode('utf-8') + '1/'),
                                  self.repo.references)]]
         cryptmap = self.meta.readmap(reverse=True)
         self._progress_for(
@@ -310,9 +305,9 @@ class CryptRepo:
         expected = [r[1] for r in refs]
         result = [['HEAD', f'@{self.meta.defaultbranch}']]
         for r in self.repo.references:
-            if r.startswith(self.prefix + '0/'):
+            if r.startswith(plugin.getprefix().decode('utf-8') + '0/'):
                 if r in expected:
-                    result.append([r[len(self.prefix)+2:],
+                    result.append([r[len(plugin.getprefix().decode('utf-8'))+2:],
                                    self.repo.lookup_reference(r).target])
                 else:
                     self.repo.references.delete(r)
@@ -358,7 +353,7 @@ class CryptRepo:
                 else [cryptmap[str(obj.target)]])
 
         xrefs = [[r[0], r[1], r[3], ('+' if r[2] else '') +
-                  (self.prefix + '1/' + r[3] if r[0] else '') +
+                  (plugin.getprefix().decode('utf-8') + '1/' + r[3] if r[0] else '') +
                   ':refs/heads/' + r[3],
                   self.repo.revparse_single(r[0]) if r[0] else None]
                  for r in [[r[0], r[1], r[2],
@@ -377,11 +372,11 @@ class CryptRepo:
         for r in xrefs:
             if r[4]:
                 self.repo.create_reference(
-                    self.prefix + '1/' + r[2], cryptmap[str(r[4].id)],
+                    plugin.getprefix().decode('utf-8') + '1/' + r[2], cryptmap[str(r[4].id)],
                     force=True)
             else:
                 try:
-                    self.repo.references.delete(self.prefix + '1/' + r[2])
+                    self.repo.references.delete(plugin.getprefix().decode('utf-8') + '1/' + r[2])
                 except KeyError:
                     pass
         resdict = {}
@@ -393,7 +388,7 @@ class CryptRepo:
                     else '--no-progress', '--porcelain'] +
                 (['--atomic'] if plugin.getatomic() else []) +
                 [plugin.geturl().decode('utf-8'), '+' +
-                 self.prefix + '1/_:' + MetaData.REFNAME] +
+                 plugin.getprefix().decode('utf-8') + '1/_:' + MetaData.REFNAME] +
                 [r[3] for r in xrefs],
                 cwd=self.repo.path, check=False, text=True,
                 stdout=subprocess.PIPE,
@@ -470,9 +465,8 @@ class MetaData:
     KEYVER = b'AES-256-CBC+IV'
     REFNAME = 'refs/heads/_'
 
-    def __init__(self, repo, prefix):
+    def __init__(self, repo):
         self.repo = repo
-        self.prefix = prefix
         self.files = None
         self.key = None
         self.keyhash = None
@@ -518,7 +512,7 @@ class MetaData:
     def read(self):
         'read the metadata'
         self.files = {}
-        tree = self.repo.revparse_single(self.prefix + '_').tree
+        tree = self.repo.revparse_single(plugin.getprefix().decode('utf-8') + '1/_').tree
         obj = tree['ver']
         self.files['ver'] = obj.id
         data = obj.read_raw()
@@ -610,16 +604,16 @@ class MetaData:
         mapfile = self.repo.create_blob(encryptdata(
             sha1(rawdata) + rawdata, self.key))
         collector.insert('map', mapfile, pygit2.enums.FileMode.BLOB)
-        readmefile = self.repo.create_blob(CRYPTREADME.encode('utf-8'))
+        readmefile = self.repo.create_blob(ctypes.c_char_p.in_dll(plugin, 'CRYPTREADME').value)
         collector.insert('README.md', readmefile, pygit2.enums.FileMode.BLOB)
         colid = collector.write()
         commit = self.secretcommit(colid, [])
-        self.repo.create_reference(self.prefix + '_', commit, force=True)
+        self.repo.create_reference(plugin.getprefix().decode('utf-8') + '1/_', commit, force=True)
         return self
 
     def readmap(self, reverse=False):
         'read the mapping table'
-        tree = self.repo.revparse_single(self.prefix + '_').tree
+        tree = self.repo.revparse_single(plugin.getprefix().decode('utf-8') + '1/_').tree
         o = 20 if reverse else 0
         processed = {}
         rawdata = decryptdata(tree['map'].read_raw(), self.key)

incrypt-plugin.c

@@ -18,6 +18,7 @@ int getverbosity(void);
 int getprogress(void);
 int getatomic(void);
 const char* geturl(void);
+const char* getprefix(void);
 void setcryptkey(const unsigned char* k);
 unsigned char* encryptdata(const unsigned char* input, size_t inputlen,
 			   unsigned char* output, size_t* outputlen);
@@ -27,7 +28,14 @@ char* encryptrefname(const char* input, char* output);
 char* decryptrefname(const char* input, char* output);
 unsigned char* hashdata(const unsigned char* input, size_t inputlen,
 			unsigned char* output);
-char* hashdatahex(const unsigned char* input, size_t inputlen);
+char* hashdatahex(const unsigned char* input, size_t inputlen,
+		  char* output);
+
+/*static*/ const char* CRYPTREADME = "# 401 Unauthorized\n\n"
+"This is an encrypted git repository.  You can clone it, but you will not be\n"
+"able to see the contents of the commits.  If you have the right key, you can\n"
+"decrypt the repository using\n"
+"[git-incrypt](https://github.com/schiele/git-incrypt).\n";
 
 struct options {
 	int verbosity;
@@ -37,6 +45,7 @@ struct options {
 static struct options options;
 
 static char* url = NULL;
+static char prefix[] = "refs/incrypt/......................................../";
 
 void globalinit(const char* url_arg) {
 	size_t urllen = strlen(url_arg);
@@ -45,6 +54,8 @@ void globalinit(const char* url_arg) {
 	options.atomic = 0;
 	url = malloc(urllen + 1);
 	memcpy(url, url_arg, urllen + 1);
+	hashdatahex((const unsigned char*)url, urllen, prefix + 13);
+	prefix[13 + GIT_SHA1_HEXSZ] = '/';
 }
 
 /*static*/ int set_option(const char *name, size_t namelen, const char *value)
@@ -100,6 +111,10 @@ const char* geturl(void) {
 	return url;
 }
 
+const char* getprefix(void) {
+	return prefix;
+}
+
 static unsigned char key[48];
 
 void setcryptkey(const unsigned char* k) {
@@ -299,10 +314,10 @@ unsigned char* hashdata(const unsigned char* input, size_t inputlen,
 	return output;
 }
 
-char* hashdatahex(const unsigned char* input, size_t inputlen) {
+char* hashdatahex(const unsigned char* input, size_t inputlen, char* output) {
 	unsigned char hash[GIT_SHA1_RAWSZ];
 	hashdata(input, inputlen, hash);
-	return hash_to_hex_algop(hash, &hash_algos[GIT_HASH_SHA1]);
+	return hash_to_hex_algop_r(output, hash, &hash_algos[GIT_HASH_SHA1]);
 }
 
 int cmd_main(int argc, const char** argv) {