hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v0.5.0, supports CahCha20/Poly1305

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-22 19:19:54 +08:00
parent 1012b33f31
commit 5dc1927cc9
2 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/cmd_decrypt.rs
View File

@@ -14,7 +14,6 @@ use x509_parser::prelude::FromDer;
use x509_parser::x509::SubjectPublicKeyInfo; use x509_parser::x509::SubjectPublicKeyInfo;
use yubikey::piv::{AlgorithmId, decrypt_data}; use yubikey::piv::{AlgorithmId, decrypt_data};
use yubikey::YubiKey; use yubikey::YubiKey;
use zeroize::Zeroize;
use crate::{consts, crypto_simple, util, util_enc_file, util_envelop, util_file, util_pgp, util_piv}; use crate::{consts, crypto_simple, util, util_enc_file, util_envelop, util_file, util_pgp, util_piv};
use crate::compress::GzStreamDecoder; use crate::compress::GzStreamDecoder;
@@ -143,7 +142,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
let mut output: Vec<u8> = Vec::with_capacity(10 * 1024); let mut output: Vec<u8> = Vec::with_capacity(10 * 1024);
let _ = decrypt_file( let _ = decrypt_file(
&mut file_in, meta.file_length, &mut output, &key.0, &nonce.0, meta.compress, &mut file_in, meta.file_length, &mut output, cryptor, &key.0, &nonce.0, meta.compress,
)?; )?;
match String::from_utf8(output) { match String::from_utf8(output) {
Err(_) => warning!("File is not UTF-8 content."), Err(_) => warning!("File is not UTF-8 content."),
@@ -156,7 +155,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
if cmd_decrypt.digest_file { if cmd_decrypt.digest_file {
let mut digest_write = DigestWrite::from_algo(digest_algorithm)?; let mut digest_write = DigestWrite::from_algo(digest_algorithm)?;
let _ = decrypt_file( let _ = decrypt_file(
&mut file_in, meta.file_length, &mut digest_write, &key.0, &nonce.0, meta.compress, &mut file_in, meta.file_length, &mut digest_write, cryptor, &key.0, &nonce.0, meta.compress,
)?; )?;
let digest = digest_write.digest(); let digest = digest_write.digest();
success!("File digest {}: {}", digest_algorithm.to_uppercase(), hex::encode(digest)); success!("File digest {}: {}", digest_algorithm.to_uppercase(), hex::encode(digest));
@@ -174,7 +173,7 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
let mut file_out = File::create(path_out)?; let mut file_out = File::create(path_out)?;
let _ = decrypt_file( let _ = decrypt_file(
&mut file_in, meta.file_length, &mut file_out, &key.0, &nonce.0, meta.compress, &mut file_in, meta.file_length, &mut file_out, cryptor, &key.0, &nonce.0, meta.compress,
)?; )?;
drop(file_out); drop(file_out);
util_file::update_out_file_time(enc_meta, path_out); util_file::update_out_file_time(enc_meta, path_out);
@@ -187,12 +186,11 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
} }
fn decrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write, fn decrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
key: &[u8], nonce: &[u8], compress: bool) -> XResult<u64> { cryptor: Cryptor, key: &[u8], nonce: &[u8], compress: bool) -> XResult<u64> {
let mut total_len = 0_u64; let mut total_len = 0_u64;
let mut buffer = [0u8; 1024 * 8]; let mut buffer = [0u8; 1024 * 8];
let key = opt_result!(key.try_into(), "Key is not 32 bytes: {}");
let progress = Progress::new(file_len); let progress = Progress::new(file_len);
let mut decryptor = aes_gcm_stream::Aes256GcmStreamDecryptor::new(key, nonce); let mut decryptor = cryptor.decryptor(key, nonce)?;
let mut gz_decoder = GzStreamDecoder::new(); let mut gz_decoder = GzStreamDecoder::new();
loop { loop {
let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}"); let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}");
@@ -222,8 +220,6 @@ fn decrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
progress.position(total_len); progress.position(total_len);
} }
} }
let mut key = key;
key.zeroize();
Ok(total_len) Ok(total_len)
} }

10
src/cmd_encrypt.rs
View File

@@ -9,7 +9,6 @@ use flate2::Compression;
use rsa::Pkcs1v15Encrypt; use rsa::Pkcs1v15Encrypt;
use rust_util::{debugging, failure, iff, information, opt_result, simple_error, success, XResult}; use rust_util::{debugging, failure, iff, information, opt_result, simple_error, success, XResult};
use rust_util::util_time::UnixEpochTime; use rust_util::util_time::UnixEpochTime;
use zeroize::Zeroize;
use crate::{consts, crypto_simple, util, util_enc_file, util_p256, util_p384, util_x25519}; use crate::{consts, crypto_simple, util, util_enc_file, util_p256, util_p384, util_x25519};
use crate::compress::GzStreamEncoder; use crate::compress::GzStreamEncoder;
@@ -186,7 +185,7 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
let compress_desc = iff!(cmd_encrypt.compress, " [with compress]", ""); let compress_desc = iff!(cmd_encrypt.compress, " [with compress]", "");
let start = Instant::now(); let start = Instant::now();
encrypt_file( encrypt_file(
&mut file_in, file_metadata.len(), &mut file_out, &mut file_in, file_metadata.len(), &mut file_out, cryptor,
&key.0, &nonce.0, cmd_encrypt.compress, &cmd_encrypt.compress_level, &key.0, &nonce.0, cmd_encrypt.compress, &cmd_encrypt.compress_level,
)?; )?;
drop(file_out); drop(file_out);
@@ -219,12 +218,11 @@ fn process_compatible_with_1_0(mut encrypt_meta: TinyEncryptMeta) -> XResult<Tin
Ok(encrypt_meta) Ok(encrypt_meta)
} }
fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write, fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write, cryptor: Cryptor,
key: &[u8], nonce: &[u8], compress: bool, compress_level: &Option<u32>) -> XResult<u64> { key: &[u8], nonce: &[u8], compress: bool, compress_level: &Option<u32>) -> XResult<u64> {
let mut total_len = 0_u64; let mut total_len = 0_u64;
let mut write_len = 0_u64; let mut write_len = 0_u64;
let mut buffer = [0u8; 1024 * 8]; let mut buffer = [0u8; 1024 * 8];
let key = opt_result!(key.try_into(), "Key is not 32 bytes: {}");
let mut gz_encoder = match compress_level { let mut gz_encoder = match compress_level {
None => GzStreamEncoder::new_default(), None => GzStreamEncoder::new_default(),
Some(compress_level) => { Some(compress_level) => {
@@ -235,7 +233,7 @@ fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
} }
}; };
let progress = Progress::new(file_len); let progress = Progress::new(file_len);
let mut encryptor = aes_gcm_stream::Aes256GcmStreamEncryptor::new(key, nonce); let mut encryptor = cryptor.encryptor(key, nonce)?;
loop { loop {
let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}"); let len = opt_result!(file_in.read(&mut buffer), "Read file failed: {}");
if len == 0 { if len == 0 {
@@ -275,8 +273,6 @@ fn encrypt_file(file_in: &mut File, file_len: u64, file_out: &mut impl Write,
progress.position(total_len); progress.position(total_len);
} }
} }
let mut key = key;
key.zeroize();
Ok(total_len) Ok(total_len)
} }