From af7bf60869a0a74f78dd6512538e55b6ed2a03b1 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 9 Dec 2023 20:33:18 +0800 Subject: [PATCH] feat: v1.2.2, optimize codes --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/cmd_decrypt.rs | 6 ++--- src/cmd_encrypt.rs | 6 ++--- src/cmd_execenv.rs | 14 +++++------ ...initkeychainkey.rs => cmd_initkeychain.rs} | 22 ++++++++-------- src/lib.rs | 6 ++--- src/main.rs | 16 ++++++------ src/util_p256.rs | 25 +++---------------- 9 files changed, 41 insertions(+), 58 deletions(-) rename src/{cmd_initkeychainkey.rs => cmd_initkeychain.rs} (81%) diff --git a/Cargo.lock b/Cargo.lock index 80b5a29..7151661 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1700,7 +1700,7 @@ dependencies = [ [[package]] name = "tiny-encrypt" -version = "1.2.1" +version = "1.2.2" dependencies = [ "aes-gcm-stream", "base64", diff --git a/Cargo.toml b/Cargo.toml index 81a74a5..fd49e9f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tiny-encrypt" -version = "1.2.1" +version = "1.2.2" edition = "2021" license = "MIT" description = "A simple and tiny file encrypt tool" diff --git a/src/cmd_decrypt.rs b/src/cmd_decrypt.rs index 1ed625c..da02f60 100644 --- a/src/cmd_decrypt.rs +++ b/src/cmd_decrypt.rs @@ -41,13 +41,13 @@ use crate::wrap_key::WrapKey; pub struct CmdDecrypt { /// Files need to be decrypted pub paths: Vec, - /// PIN + /// PGP or PIV PIN #[arg(long, short = 'p')] pub pin: Option, /// KeyID #[arg(long, short = 'k')] pub key_id: Option, - /// Slot + /// PIV slot #[arg(long, short = 's')] pub slot: Option, /// Remove source file @@ -68,7 +68,7 @@ pub struct CmdDecrypt { /// Edit file #[arg(long, short = 'E')] pub edit_file: bool, - // Readonly + /// Readonly mode #[arg(long)] pub readonly: bool, /// Digest algorithm (sha1, sha256[default], sha384, sha512 ...) diff --git a/src/cmd_encrypt.rs b/src/cmd_encrypt.rs index e7db828..62e9973 100644 --- a/src/cmd_encrypt.rs +++ b/src/cmd_encrypt.rs @@ -52,8 +52,8 @@ pub struct CmdEncrypt { /// Remove source file #[arg(long, short = 'R')] pub remove_file: bool, - /// Create file - #[arg(long)] + /// Create file (create a empty encrypted file) + #[arg(long, short = 'a')] pub create: bool, /// Disable compress meta #[arg(long)] @@ -285,7 +285,7 @@ fn encrypt_envelops(cryptor: Cryptor, key: &[u8], envelops: &[&TinyEncryptConfig fn encrypt_envelop_ecdh(cryptor: Cryptor, key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult { let public_key_point_hex = &envelop.public_part; - let (shared_secret, ephemeral_spki) = util_p256::compute_shared_secret(public_key_point_hex)?; + let (shared_secret, ephemeral_spki) = util_p256::compute_p256_shared_secret(public_key_point_hex)?; let enc_type = match cryptor { Cryptor::Aes256Gcm => ENC_AES256_GCM_P256, Cryptor::ChaCha20Poly1305 => ENC_CHACHA20_POLY1305_P256, diff --git a/src/cmd_execenv.rs b/src/cmd_execenv.rs index c3683f9..247b4cd 100644 --- a/src/cmd_execenv.rs +++ b/src/cmd_execenv.rs @@ -18,19 +18,19 @@ use crate::util_enc_file; #[derive(Debug, Args)] pub struct CmdExecEnv { - /// PIN + /// PGP or PIV PIN #[arg(long, short = 'p')] pub pin: Option, /// KeyID #[arg(long, short = 'k')] pub key_id: Option, - /// Slot + /// PIV slot #[arg(long, short = 's')] pub slot: Option, - // Tiny encrypt file name + /// Tiny encrypt file name pub file_name: String, - // Arguments - pub arguments: Vec, + /// Command and arguments + pub command_arguments: Vec, } impl Drop for CmdExecEnv { @@ -43,7 +43,7 @@ pub fn exec_env(cmd_exec_env: CmdExecEnv) -> XResult<()> { util_msg::set_logger_std_out(false); debugging!("Cmd exec env: {:?}", cmd_exec_env); let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE).ok(); - if cmd_exec_env.arguments.is_empty() { + if cmd_exec_env.command_arguments.is_empty() { return simple_error!("No commands assigned."); } @@ -75,7 +75,7 @@ pub fn exec_env(cmd_exec_env: CmdExecEnv) -> XResult<()> { let decrypted_content = decrypt_limited_content_to_vec(&mut file_in, &meta, cryptor, &key_nonce)?; let exit_code = if let Some(output) = decrypted_content { debugging!("Outputs: {}", output); - let arguments = &cmd_exec_env.arguments; + let arguments = &cmd_exec_env.command_arguments; let envs = parse_output_to_env(&output); let mut command = Command::new(&arguments[0]); diff --git a/src/cmd_initkeychainkey.rs b/src/cmd_initkeychain.rs similarity index 81% rename from src/cmd_initkeychainkey.rs rename to src/cmd_initkeychain.rs index 54ab608..5cb66e6 100644 --- a/src/cmd_initkeychainkey.rs +++ b/src/cmd_initkeychain.rs @@ -9,14 +9,14 @@ use crate::util_keychainkey; use crate::util_keychainstatic; #[derive(Debug, Args)] -pub struct CmdKeychainKey { +pub struct CmdInitKeychain { /// Secure Enclave #[arg(long, short = 'S')] pub secure_enclave: bool, // /// Keychain name, or default // #[arg(long, short = 'c')] // pub keychain_name: Option, - /// Service name, or tiny-encrypt + /// Service name, or default: tiny-encrypt #[arg(long, short = 's')] pub server_name: Option, /// Key name @@ -27,19 +27,19 @@ pub struct CmdKeychainKey { #[allow(dead_code)] const DEFAULT_SERVICE_NAME: &str = "tiny-encrypt"; -pub fn keychain_key(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { - if cmd_keychain_key.secure_enclave { +pub fn keychain_key(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { + if cmd_init_keychain.secure_enclave { #[cfg(feature = "secure-enclave")] - return keychain_key_se(cmd_keychain_key); + return keychain_key_se(cmd_init_keychain); #[cfg(not(feature = "secure-enclave"))] return simple_error!("Feature secure-enclave is not built"); } else { - keychain_key_static(cmd_keychain_key) + keychain_key_static(cmd_init_keychain) } } #[cfg(feature = "secure-enclave")] -pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { +pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { if !util_keychainkey::is_support_se() { return simple_error!("Secure enclave is not supported."); } @@ -49,7 +49,7 @@ pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { let config_envelop = TinyEncryptConfigEnvelop { r#type: TinyEncryptEnvelopType::KeyP256, - sid: cmd_keychain_key.key_name.clone(), + sid: cmd_init_keychain.key_name.clone(), kid: format!("keychain:02{}", &public_key_compressed_hex), desc: Some("Keychain Secure Enclave".to_string()), args: Some(vec![ @@ -63,10 +63,10 @@ pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { Ok(()) } -pub fn keychain_key_static(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { - let service_name = cmd_keychain_key.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); +pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { + let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let sec_keychain = opt_result!(SecKeychain::default(), "Get keychain failed: {}"); - let key_name = opt_value_result!(&cmd_keychain_key.key_name, "Key name is required."); + let key_name = opt_value_result!(&cmd_init_keychain.key_name, "Key name is required."); if sec_keychain.find_generic_password(service_name, key_name).is_ok() { return simple_error!("Static x25519 exists: {}.{}", service_name, &key_name); } diff --git a/src/lib.rs b/src/lib.rs index 5f875ba..b12fe80 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -20,9 +20,9 @@ pub use cmd_info::CmdInfo; pub use cmd_info::info; pub use cmd_info::info_single; #[cfg(feature = "macos")] -pub use cmd_initkeychainkey::CmdKeychainKey; +pub use cmd_initkeychain::CmdInitKeychain; #[cfg(feature = "macos")] -pub use cmd_initkeychainkey::keychain_key; +pub use cmd_initkeychain::keychain_key; pub use cmd_version::CmdVersion; pub use cmd_version::version; @@ -56,7 +56,7 @@ mod cmd_decrypt; mod cmd_encrypt; mod cmd_directdecrypt; #[cfg(feature = "macos")] -mod cmd_initkeychainkey; +mod cmd_initkeychain; #[cfg(feature = "macos")] mod util_keychainstatic; #[cfg(feature = "decrypt")] diff --git a/src/main.rs b/src/main.rs index 68d982b..f2f4ed1 100644 --- a/src/main.rs +++ b/src/main.rs @@ -9,7 +9,7 @@ use tiny_encrypt::CmdDecrypt; #[cfg(feature = "decrypt")] use tiny_encrypt::CmdExecEnv; #[cfg(feature = "macos")] -use tiny_encrypt::CmdKeychainKey; +use tiny_encrypt::CmdInitKeychain; #[derive(Debug, Parser)] #[command(name = "tiny-encrypt-rs")] @@ -31,21 +31,21 @@ enum Commands { /// Direct decrypt file(s) #[command(arg_required_else_help = true)] DirectDecrypt(CmdDirectDecrypt), - /// Show file info + /// Show tiny encrypt file info #[command(arg_required_else_help = true, short_flag = 'I')] Info(CmdInfo), #[cfg(feature = "macos")] - /// Keychain Key [pending implementation] - #[command(arg_required_else_help = true, short_flag = 'k')] - KeychainKey(CmdKeychainKey), + /// Init Keychain (Secure Enclave or Static) + #[command(arg_required_else_help = true, short_flag = 'K')] + InitKeychain(CmdInitKeychain), #[cfg(feature = "decrypt")] - /// Execute env + /// Execute environment #[command(arg_required_else_help = true, short_flag = 'X')] ExecEnv(CmdExecEnv), /// Show version #[command(short_flag = 'v')] Version(CmdVersion), - /// Show Config + /// Show configuration #[command(short_flag = 'c')] Config(CmdConfig), } @@ -59,7 +59,7 @@ fn main() -> XResult<()> { Commands::DirectDecrypt(cmd_direct_decrypt) => tiny_encrypt::direct_decrypt(cmd_direct_decrypt), Commands::Info(cmd_info) => tiny_encrypt::info(cmd_info), #[cfg(feature = "macos")] - Commands::KeychainKey(cmd_keychain_key) => tiny_encrypt::keychain_key(cmd_keychain_key), + Commands::InitKeychain(cmd_keychain_key) => tiny_encrypt::keychain_key(cmd_keychain_key), #[cfg(feature = "decrypt")] Commands::ExecEnv(cmd_exec_env) => tiny_encrypt::exec_env(cmd_exec_env), Commands::Version(cmd_version) => tiny_encrypt::version(cmd_version), diff --git a/src/util_p256.rs b/src/util_p256.rs index deab2bd..3b49a3e 100644 --- a/src/util_p256.rs +++ b/src/util_p256.rs @@ -1,28 +1,11 @@ +use p256::{EncodedPoint, PublicKey}; use p256::ecdh::EphemeralSecret; +use p256::elliptic_curve::sec1::FromEncodedPoint; +use p256::pkcs8::EncodePublicKey; use rand::rngs::OsRng; use rust_util::{opt_result, XResult}; -use p256::pkcs8::EncodePublicKey; -use p256::{EncodedPoint, PublicKey}; -use p256::elliptic_curve::sec1::FromEncodedPoint; -// use p256::elliptic_curve::sec1::{FromEncodedPoint, ToEncodedPoint}; - -// #[derive(Debug)] -// pub struct EphemeralKeyBytes(EncodedPoint); -// -// impl EphemeralKeyBytes { -// pub fn from_public_key(epk: &PublicKey) -> Self { -// EphemeralKeyBytes(epk.to_encoded_point(true)) -// } -// -// pub fn decompress(&self) -> EncodedPoint { -// // EphemeralKeyBytes is a valid compressed encoding by construction. -// let p = PublicKey::from_encoded_point(&self.0).unwrap(); -// p.to_encoded_point(false) -// } -// } - -pub fn compute_shared_secret(public_key_point_hex: &str) -> XResult<(Vec, Vec)> { +pub fn compute_p256_shared_secret(public_key_point_hex: &str) -> XResult<(Vec, Vec)> { let public_key_point_bytes = opt_result!(hex::decode(public_key_point_hex), "Parse public key point hex failed: {}"); let encoded_point = opt_result!(EncodedPoint::from_bytes(public_key_point_bytes), "Parse public key point failed: {}"); let public_key = PublicKey::from_encoded_point(&encoded_point).unwrap();