diff --git a/Cargo.lock b/Cargo.lock index b70646e..a7ff70f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -178,7 +178,7 @@ checksum = "e0b121a9fe0df916e362fb3271088d071159cdf11db0e4182d02152850756eff" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -289,7 +289,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -409,7 +409,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -453,7 +453,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -515,7 +515,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -1049,9 +1049,9 @@ dependencies = [ [[package]] name = "pcsc" -version = "2.8.1" +version = "2.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb13eef52331b39f46e7002447566fc04e976f4600a6246962851b10b3a4da5a" +checksum = "45ed9d7f816b7d9ce9ddb0062dd2f393b3af31411a95a35411809b4b9116ea08" dependencies = [ "bitflags 1.3.2", "pcsc-sys", @@ -1098,9 +1098,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" [[package]] name = "platforms" @@ -1204,9 +1204,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "75cb1540fadbd5b8fbccc4dddad2734eba435053f725621c070711a14bb5f4b8" dependencies = [ "unicode-ident", ] @@ -1513,7 +1513,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -1625,9 +1625,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.41" +version = "2.0.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44c8b28c477cc3bf0e7966561e3460130e1255f7a1cf71931075f1c5e7a7e269" +checksum = "5b7d0a2c048d661a1a59fcd7355baa232f7ed34e0ee4df2eef3c1c1c0d3852d8" dependencies = [ "proc-macro2", "quote", @@ -1708,7 +1708,7 @@ checksum = "01742297787513b79cf8e29d1056ede1313e2420b7b3b15d0a768b4921f549df" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] [[package]] @@ -1753,7 +1753,7 @@ dependencies = [ [[package]] name = "tiny-encrypt" -version = "1.6.0" +version = "1.6.1" dependencies = [ "aes-gcm-stream", "base64", @@ -1788,6 +1788,27 @@ dependencies = [ "zeroize", ] +[[package]] +name = "tls_codec" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d38a1d5fcfa859f0ec2b5e111dc903890bd7dac7f34713232bf9aa4fd7cad7b2" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8e00e3e7a54e0f1c8834ce72ed49c8487fbd3f801d8cfe1a0ad0640382f8e15" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.42", +] + [[package]] name = "typenum" version = "1.17.0" @@ -1882,7 +1903,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", "wasm-bindgen-shared", ] @@ -1904,7 +1925,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2158,15 +2179,16 @@ dependencies = [ [[package]] name = "x509-cert" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", "der", "sha1", "signature", "spki", + "tls_codec", ] [[package]] @@ -2236,5 +2258,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.41", + "syn 2.0.42", ] diff --git a/Cargo.toml b/Cargo.toml index 313cdb9..be4bf0a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tiny-encrypt" -version = "1.6.0" +version = "1.6.1" edition = "2021" license = "MIT" description = "A simple and tiny file encrypt tool" diff --git a/src/cmd_config.rs b/src/cmd_config.rs index c334f67..b52fcac 100644 --- a/src/cmd_config.rs +++ b/src/cmd_config.rs @@ -72,7 +72,7 @@ fn config_key_filter(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XRe let mut config_envelops = vec![]; for envelop in envelops { config_envelops.push(ConfigEnvelop { - r#type: envelop.r#type.get_name().to_string(), + r#type: format!("{}{}", envelop.r#type.get_name(), iff!(envelop.r#type.is_hardware_security(), " *", "")), sid: strip_field(&envelop.sid.as_ref().map(ToString::to_string).unwrap_or_else(|| "-".to_string()), 25), kid: strip_field(&envelop.kid, 40), desc: strip_field(&envelop.desc.as_ref().map(ToString::to_string).unwrap_or_else(|| "-".to_string()), 40), @@ -82,6 +82,7 @@ fn config_key_filter(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XRe let mut table = Table::new(config_envelops); table.with(Style::sharp()); println!("{}", table); + println!("> Type with * is hardware security"); Ok(()) } diff --git a/src/cmd_encrypt.rs b/src/cmd_encrypt.rs index 31ee92e..c2ff9ea 100644 --- a/src/cmd_encrypt.rs +++ b/src/cmd_encrypt.rs @@ -23,7 +23,7 @@ use crate::consts::{ SALT_COMMENT, TINY_ENC_CONFIG_FILE, TINY_ENC_FILE_EXT, }; use crate::crypto_cryptor::{Cryptor, KeyNonce}; -use crate::crypto_rsa; +use crate::util_rsa; use crate::spec::{ EncEncryptedMeta, EncMetadata, TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta, @@ -371,7 +371,7 @@ fn encrypt_envelop_shared_secret(cryptor: Cryptor, } fn encrypt_envelop_rsa(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult { - let rsa_public_key = opt_result!(crypto_rsa::parse_spki(&envelop.public_part), "Parse RSA public key failed: {}"); + let rsa_public_key = opt_result!(util_rsa::parse_spki(&envelop.public_part), "Parse RSA public key failed: {}"); let mut rng = rand::thread_rng(); let encrypted_key = opt_result!(rsa_public_key.encrypt(&mut rng, Pkcs1v15Encrypt, key), "RSA public key encrypt failed: {}"); Ok(TinyEncryptEnvelop { diff --git a/src/config.rs b/src/config.rs index 2c02e2a..7312003 100644 --- a/src/config.rs +++ b/src/config.rs @@ -177,10 +177,8 @@ impl TinyEncryptConfig { self.envelops.iter().for_each(|e| { key_ids.push(e.kid.to_string()); }); - } else { - if let Some(kids) = self.profiles.get(profile) { - kids.iter().for_each(|k| key_ids.push(k.to_string())); - } + } else if let Some(kids) = self.profiles.get(profile) { + kids.iter().for_each(|k| key_ids.push(k.to_string())); } } if let Some(key_filter) = key_filter { diff --git a/src/lib.rs b/src/lib.rs index b0fc50d..d5aa324 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -44,7 +44,7 @@ mod compress; mod config; mod spec; mod crypto_simple; -mod crypto_rsa; +mod util_rsa; mod crypto_cryptor; mod wrap_key; mod util_envelop; diff --git a/src/spec.rs b/src/spec.rs index af433d4..dbc3165 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -82,9 +82,6 @@ pub enum TinyEncryptEnvelopType { // Secure Enclave ECDH P256 #[serde(rename = "key-p256")] KeyP256, - // Age, tiny-encrypt-rs is not supported - #[serde(rename = "age")] - Age, // PIV ECDH P256 #[serde(rename = "piv-p256", alias = "ecdh")] PivP256, @@ -94,6 +91,9 @@ pub enum TinyEncryptEnvelopType { // PIV RSA #[serde(rename = "piv-rsa")] PivRsa, + // Age, tiny-encrypt-rs is not supported + #[serde(rename = "age")] + Age, // KMS, tiny-encrypt-rs is not supported #[serde(rename = "kms")] Kms, @@ -111,26 +111,41 @@ impl TinyEncryptEnvelopType { TinyEncryptEnvelopType::StaticX25519 => "static-x25519", TinyEncryptEnvelopType::StaticKyber1024 => "static-kyber1024", TinyEncryptEnvelopType::KeyP256 => "key-p256", - TinyEncryptEnvelopType::Age => "age", TinyEncryptEnvelopType::PivP256 => "piv-p256", TinyEncryptEnvelopType::PivP384 => "piv-p384", TinyEncryptEnvelopType::PivRsa => "piv-rsa", + TinyEncryptEnvelopType::Age => "age", TinyEncryptEnvelopType::Kms => "kms", } } pub fn auto_select(&self) -> bool { match self { - TinyEncryptEnvelopType::PgpRsa => false, - TinyEncryptEnvelopType::PgpX25519 => false, - TinyEncryptEnvelopType::StaticX25519 => true, - TinyEncryptEnvelopType::StaticKyber1024 => true, - TinyEncryptEnvelopType::KeyP256 => true, - TinyEncryptEnvelopType::Age => false, - TinyEncryptEnvelopType::PivP256 => false, - TinyEncryptEnvelopType::PivP384 => false, - TinyEncryptEnvelopType::PivRsa => false, - TinyEncryptEnvelopType::Kms => true, + TinyEncryptEnvelopType::StaticX25519 + | TinyEncryptEnvelopType::StaticKyber1024 + | TinyEncryptEnvelopType::KeyP256 + | TinyEncryptEnvelopType::Kms => true, + TinyEncryptEnvelopType::PgpRsa + | TinyEncryptEnvelopType::PgpX25519 + | TinyEncryptEnvelopType::PivP256 + | TinyEncryptEnvelopType::PivP384 + | TinyEncryptEnvelopType::PivRsa + | TinyEncryptEnvelopType::Age => false, + } + } + + pub fn is_hardware_security(&self) -> bool { + match self { + TinyEncryptEnvelopType::PgpRsa + | TinyEncryptEnvelopType::PgpX25519 + | TinyEncryptEnvelopType::KeyP256 + | TinyEncryptEnvelopType::PivP256 + | TinyEncryptEnvelopType::PivP384 + | TinyEncryptEnvelopType::PivRsa + | TinyEncryptEnvelopType::Age => true, + TinyEncryptEnvelopType::StaticX25519 + | TinyEncryptEnvelopType::StaticKyber1024 + | TinyEncryptEnvelopType::Kms => false, } } } diff --git a/src/crypto_rsa.rs b/src/util_rsa.rs similarity index 100% rename from src/crypto_rsa.rs rename to src/util_rsa.rs