From 5dc1927cc935dab19ab970a24c23178dbff0ffca Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sun, 22 Oct 2023 19:19:54 +0800
Subject: [PATCH] feat: v0.5.0, supports CahCha20/Poly1305

---
 src/cmd_decrypt.rs | 14 +++++---------
 src/cmd_encrypt.rs | 10 +++-------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/cmd_decrypt.rs b/src/cmd_decrypt.rs
index d99ca39..b6d8a53 100644
--- a/src/cmd_decrypt.rs
+++ b/src/cmd_decrypt.rs
@@ -14,7 +14,6 @@ use x509_parser::prelude::FromDer;
 use x509_parser::x509::SubjectPublicKeyInfo;
 use yubikey::piv::{AlgorithmId, decrypt_data};
 use yubikey::YubiKey;
-use zeroize::Zeroize;
 
 use crate::{consts, crypto_simple, util, util_enc_file, util_envelop, util_file, util_pgp, util_piv};
 use crate::compress::GzStreamDecoder;
@@ -143,7 +142,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
 
         let mut output: Vec<u8> = Vec::with_capacity(10 * 1024);
         let _ = decrypt_file(
-            &mut file_in, meta.file_length, &mut output, &key.0, &nonce.0, meta.compress,
+            &mut file_in, meta.file_length, &mut output, cryptor, &key.0, &nonce.0, meta.compress,
         )?;
         match String::from_utf8(output) {
             Err(_) => warning!("File is not UTF-8 content."),
@@ -156,7 +155,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
     if cmd_decrypt.digest_file {
         let mut digest_write = DigestWrite::from_algo(digest_algorithm)?;
         let _ = decrypt_file(
-            &mut file_in, meta.file_length, &mut digest_write, &key.0, &nonce.0, meta.compress,
+            &mut file_in, meta.file_length, &mut digest_write, cryptor, &key.0, &nonce.0, meta.compress,
         )?;
         let digest = digest_write.digest();
         success!("File digest {}: {}", digest_algorithm.to_uppercase(), hex::encode(digest));
@@ -174,7 +173,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
 
     let mut file_out = File::create(path_out)?;
     let _ = decrypt_file(
-        &mut file_in, meta.file_length, &mut file_out, &key.0, &nonce.0, meta.compress,
+        &mut file_in, meta.file_length, &mut file_out, cryptor, &key.0, &nonce.0, meta.compress,
     )?;
     drop(file_out);
     util_file::update_out_file_time(enc_meta, path_out);
@@ -187,12 +186,11 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
 }
 
 fn decrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
-                key: &[u8], nonce: &[u8], compress: bool) -> XResult<u64> {
+                cryptor: Cryptor, key: &[u8], nonce: &[u8], compress: bool) -> XResult<u64> {
     let mut total_len = 0_u64;
     let mut buffer = [0u8; 1024 * 8];
-    let key = opt_result!(key.try_into(), "Key is not 32 bytes: {}");
     let progress = Progress::new(file_len);
-    let mut decryptor = aes_gcm_stream::Aes256GcmStreamDecryptor::new(key, nonce);
+    let mut decryptor = cryptor.decryptor(key, nonce)?;
     let mut gz_decoder = GzStreamDecoder::new();
     loop {
         let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}");
@@ -222,8 +220,6 @@ fn decrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
             progress.position(total_len);
         }
     }
-    let mut key = key;
-    key.zeroize();
     Ok(total_len)
 }
 
diff --git a/src/cmd_encrypt.rs b/src/cmd_encrypt.rs
index 869b305..f27107c 100644
--- a/src/cmd_encrypt.rs
+++ b/src/cmd_encrypt.rs
@@ -9,7 +9,6 @@ use flate2::Compression;
 use rsa::Pkcs1v15Encrypt;
 use rust_util::{debugging, failure, iff, information, opt_result, simple_error, success, XResult};
 use rust_util::util_time::UnixEpochTime;
-use zeroize::Zeroize;
 
 use crate::{consts, crypto_simple, util, util_enc_file, util_p256, util_p384, util_x25519};
 use crate::compress::GzStreamEncoder;
@@ -186,7 +185,7 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
     let compress_desc = iff!(cmd_encrypt.compress, " [with compress]", "");
     let start = Instant::now();
     encrypt_file(
-        &mut file_in, file_metadata.len(), &mut file_out,
+        &mut file_in, file_metadata.len(), &mut file_out, cryptor,
         &key.0, &nonce.0, cmd_encrypt.compress, &cmd_encrypt.compress_level,
     )?;
     drop(file_out);
@@ -219,12 +218,11 @@ fn process_compatible_with_1_0(mut encrypt_meta: TinyEncryptMeta) -> XResult<Tin
     Ok(encrypt_meta)
 }
 
-fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
+fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write, cryptor: Cryptor,
                 key: &[u8], nonce: &[u8], compress: bool, compress_level: &Option<u32>) -> XResult<u64> {
     let mut total_len = 0_u64;
     let mut write_len = 0_u64;
     let mut buffer = [0u8; 1024 * 8];
-    let key = opt_result!(key.try_into(), "Key is not 32 bytes: {}");
     let mut gz_encoder = match compress_level {
         None => GzStreamEncoder::new_default(),
         Some(compress_level) => {
@@ -235,7 +233,7 @@ fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
         }
     };
     let progress = Progress::new(file_len);
-    let mut encryptor = aes_gcm_stream::Aes256GcmStreamEncryptor::new(key, nonce);
+    let mut encryptor = cryptor.encryptor(key, nonce)?;
     loop {
         let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}");
         if len == 0 {
@@ -275,8 +273,6 @@ fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
             progress.position(total_len);
         }
     }
-    let mut key = key;
-    key.zeroize();
     Ok(total_len)
 }