From 1d9187b9624a11b7152b174f9173e226dc632e22 Mon Sep 17 00:00:00 2001
From: "Paul C. Buetow (mars.fritz.box)" <paul@buetow.org>
Date: Sat, 21 Jun 2014 11:47:30 +0200
Subject: add package dependencies and implement openssl encryption

---
 debian/control |  2 +-
 src/netdiff    | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/debian/control b/debian/control
index 8ab91e5..e281c4c 100644
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,6 @@ Vcs-Browser: https://github.com/rantanplan/netdiff
 
 Package: netdiff
 Architecture: all
-Depends:
+Depends: coreutils, openssl, tar, bash
 Description: Small netdiff package
  This utility can be used to diff files accross the network
diff --git a/src/netdiff b/src/netdiff
index d6ade31..a202c07 100755
--- a/src/netdiff
+++ b/src/netdiff
@@ -31,24 +31,33 @@ declare -r BASENAME=$(basename "${WHAT}")
 
 cd $(dirname "${WHAT}")
 
+# An attacker does not know which file is diffed. So it's a shared secret
+# between the two hosts
+declare -r AESPASS=$(md5sum <<< "${SERVER}:${PORT}/${WHAT}" | cut -d' ' -f1)
+declare -r OPENSSL_OPTS="enc -aes-256-cbc -base64 -salt -pass pass:${AESPASS}"
+
 set -o pipefail
 
 if [[ "${SERVER}" == "$(hostname)" || 
   "${SERVER}" == "$(hostname --fqdn)" ]]; then
   tar -cf - "${BASENAME}" |
+  openssl ${OPENSSL_OPTS} |
   nc -l -p ${PORT} |
+  openssl ${OPENSSL_OPTS} -d |
   tar -xf - --directory ${TMPWHAT}
   RC=$?
 else
   sleep 0.1
   tar -cf - "${BASENAME}" |
+  openssl ${OPENSSL_OPTS} |
   nc ${SERVER} ${PORT} |
+  openssl ${OPENSSL_OPTS} -d |
   tar -xf - --directory ${TMPWHAT}
   RC=$?
 fi
 
 if [ ${RC} -ne 0 ]; then
-  echo 'Could not copy file via the network'
+  echo 'Something went wrong, could not diff'
   # Default trouble exit status of diff 
   RC=2 
 else
-- 
cgit v1.2.3