Changes for armor_max_size and tty_max_size.

covert/cli.py

@@ -14,9 +14,7 @@
 from covert import lazyexec, passphrase, pubkey, tty, util
 from covert.archive import Archive
 from covert.blockstream import decrypt_file, encrypt_file
-
-ARMOR_MAX_SIZE = 32 << 20  # If output is a file (limit our memory usage)
-TTY_MAX_SIZE = 100 << 10  # If output is a tty (limit too lengthy spam)
+from covert.util import ARMOR_MAX_SIZE, TTY_MAX_SIZE
 
 
 def run_decryption(infile, args, auth):
@@ -269,7 +267,7 @@ def main_dec(args):
     infile = BytesIO(data)
     total_size = len(data)
     del data
-  elif 40 <= total_size <= ARMOR_MAX_SIZE:
+  elif 40 <= total_size <= 2 * ARMOR_MAX_SIZE:
     # Try reading the file as armored text rather than binary
     with infile:
       data = infile.read()

covert/gui/app.py

@@ -11,7 +11,7 @@
 from covert import passphrase, pubkey, util
 from covert.archive import Archive
 from covert.blockstream import BlockStream, encrypt_file
-from covert.cli import ARMOR_MAX_SIZE, TTY_MAX_SIZE
+from covert.util import ARMOR_MAX_SIZE, TTY_MAX_SIZE
 from covert.gui.encrypt import AuthInput
 from covert.gui.util import datafile, setup_interrupt_handling
 from covert.gui.widgets import DecryptWidget, EncryptToolbar, MethodsWidget
@@ -170,7 +170,7 @@ def decrypt_file(self):
     # TODO: Implement in a thread using mmap instead
     with open(file, "rb") as f:
       data = f.read()
-    if 40 <= len(data) <= ARMOR_MAX_SIZE:
+    if 40 <= len(data) <= 2 * ARMOR_MAX_SIZE:
       # Try reading the file as armored text rather than binary
       with suppress(ValueError):
         data = util.armor_decode(data.decode())

covert/util.py

@@ -5,6 +5,8 @@
 from secrets import choice, token_bytes
 
 ARMOR_MAX_SINGLELINE = 4000  # Safe limit for line input, where 4096 may be the limit
+ARMOR_MAX_SIZE = 32 << 20  # If output is a file (limit our memory usage)
+TTY_MAX_SIZE = 100 << 10  # If output is a tty (limit too lengthy spam)
 B64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
 IS_APPLE = platform.system() == "Darwin"
 

tests/test_cli.py

@@ -98,3 +98,76 @@ def test_end_to_end_multiple(capsys, tmp_path):
   assert not cap.out
   assert "foo.txt" in cap.err
   assert "Key[827bc3b2:EdPK] Signature verified" in cap.err
+
+
+def test_end_to_end_shortargs_armored(capsys, tmp_path):
+  from covert.__main__ import main
+  import sys
+  fname = tmp_path / "crypto.covert"
+
+  # Encrypt foo.txt into crypto.covert
+  sys.argv = "covert -eRao tests/keys/ssh_ed25519.pub".split() + [ str(fname) ] + [ 'tests/data/foo.txt' ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+  assert "foo" in cap.err
+
+  # Decrypt with key
+  sys.argv = "covert -di tests/keys/ssh_ed25519".split() + [ str(fname) ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+  assert "foo.txt" in cap.err
+
+
+def test_end_to_end_armormaxsize(capsys, tmp_path):
+  from covert.__main__ import main
+  import sys
+  fname = tmp_path / "test.dat"
+  outfname = tmp_path / "crypto.covert"
+
+  # Write 31 MiB on test.dat
+  f = open(f"{str(fname)}", "wb")
+  f.seek(32505855)
+  f.write(b"\0")
+  f.close()
+
+  # Encrypt test.dat with armor and padding
+  sys.argv = f"covert -e --password verytestysecret --pad 0 -ao".split() + [ str(outfname), str(fname) ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+
+  # Decrypt crypto.covert with passphrase
+  sys.argv = "covert -d --password verytestysecret".split() + [ str(outfname) ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+
+
+
+  # Write file with size too large for --armor
+  f = open(f"{str(fname)}", "wb")
+  f.seek(42505855)
+  f.write(b"\0")
+  f.close()
+
+  # Try encrypting without -o
+  sys.argv = f"covert -ea --password verytestysecret".split() + [ str(fname) ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+  assert "Too much data for console. How about -o FILE to write a file?" in cap.err
+
+  # Try encrypting with -o
+  sys.argv = f"covert -e --password verytestysecret -ao".split() + [ str(outfname), str(fname) ]
+  ret = main()
+  cap = capsys.readouterr()
+  assert not ret
+  assert not cap.out
+  assert "The data is too large for --armor." in cap.err