hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.2.2, optimize codes

Browse Source
This commit is contained in:
Hatter Jiang
2023-12-09 20:33:18 +08:00
parent 9b735f8e48
commit af7bf60869
9 changed files with 41 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -1700,7 +1700,7 @@ dependencies = [
[[package]] [[package]]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.2.1" version = "1.2.2"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"base64", "base64",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.2.1" version = "1.2.2"
edition = "2021" edition = "2021"
license = "MIT" license = "MIT"
description = "A simple and tiny file encrypt tool" description = "A simple and tiny file encrypt tool"

6
src/cmd_decrypt.rs
View File

@@ -41,13 +41,13 @@ use crate::wrap_key::WrapKey;
pub struct CmdDecrypt { pub struct CmdDecrypt {
/// Files need to be decrypted /// Files need to be decrypted
pub paths: Vec<PathBuf>, pub paths: Vec<PathBuf>,
/// PIN /// PGP or PIV PIN
#[arg(long, short = 'p')] #[arg(long, short = 'p')]
pub pin: Option<String>, pub pin: Option<String>,
/// KeyID /// KeyID
#[arg(long, short = 'k')] #[arg(long, short = 'k')]
pub key_id: Option<String>, pub key_id: Option<String>,
/// Slot /// PIV slot
#[arg(long, short = 's')] #[arg(long, short = 's')]
pub slot: Option<String>, pub slot: Option<String>,
/// Remove source file /// Remove source file
@@ -68,7 +68,7 @@ pub struct CmdDecrypt {
/// Edit file /// Edit file
#[arg(long, short = 'E')] #[arg(long, short = 'E')]
pub edit_file: bool, pub edit_file: bool,
// Readonly /// Readonly mode
#[arg(long)] #[arg(long)]
pub readonly: bool, pub readonly: bool,
/// Digest algorithm (sha1, sha256[default], sha384, sha512 ...) /// Digest algorithm (sha1, sha256[default], sha384, sha512 ...)

6
src/cmd_encrypt.rs
View File

@@ -52,8 +52,8 @@ pub struct CmdEncrypt {
/// Remove source file /// Remove source file
#[arg(long, short = 'R')] #[arg(long, short = 'R')]
pub remove_file: bool, pub remove_file: bool,
/// Create file /// Create file (create a empty encrypted file)
#[arg(long)] #[arg(long, short = 'a')]
pub create: bool, pub create: bool,
/// Disable compress meta /// Disable compress meta
#[arg(long)] #[arg(long)]
@@ -285,7 +285,7 @@ fn encrypt_envelops(cryptor: Cryptor, key: &[u8], envelops: &[&TinyEncryptConfig
fn encrypt_envelop_ecdh(cryptor: Cryptor, key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> { fn encrypt_envelop_ecdh(cryptor: Cryptor, key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
let public_key_point_hex = &envelop.public_part; let public_key_point_hex = &envelop.public_part;
let (shared_secret, ephemeral_spki) = util_p256::compute_shared_secret(public_key_point_hex)?; let (shared_secret, ephemeral_spki) = util_p256::compute_p256_shared_secret(public_key_point_hex)?;
let enc_type = match cryptor { let enc_type = match cryptor {
Cryptor::Aes256Gcm => ENC_AES256_GCM_P256, Cryptor::Aes256Gcm => ENC_AES256_GCM_P256,
Cryptor::ChaCha20Poly1305 => ENC_CHACHA20_POLY1305_P256, Cryptor::ChaCha20Poly1305 => ENC_CHACHA20_POLY1305_P256,

14
src/cmd_execenv.rs
View File

@@ -18,19 +18,19 @@ use crate::util_enc_file;
#[derive(Debug, Args)] #[derive(Debug, Args)]
pub struct CmdExecEnv { pub struct CmdExecEnv {
/// PIN /// PGP or PIV PIN
#[arg(long, short = 'p')] #[arg(long, short = 'p')]
pub pin: Option<String>, pub pin: Option<String>,
/// KeyID /// KeyID
#[arg(long, short = 'k')] #[arg(long, short = 'k')]
pub key_id: Option<String>, pub key_id: Option<String>,
/// Slot /// PIV slot
#[arg(long, short = 's')] #[arg(long, short = 's')]
pub slot: Option<String>, pub slot: Option<String>,
// Tiny encrypt file name /// Tiny encrypt file name
pub file_name: String, pub file_name: String,
// Arguments /// Command and arguments
pub arguments: Vec<String>, pub command_arguments: Vec<String>,
} }
impl Drop for CmdExecEnv { impl Drop for CmdExecEnv {
@@ -43,7 +43,7 @@ pub fn exec_env(cmd_exec_env: CmdExecEnv) -> XResult<()> {
util_msg::set_logger_std_out(false); util_msg::set_logger_std_out(false);
debugging!("Cmd exec env: {:?}", cmd_exec_env); debugging!("Cmd exec env: {:?}", cmd_exec_env);
let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE).ok(); let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE).ok();
if cmd_exec_env.arguments.is_empty() { if cmd_exec_env.command_arguments.is_empty() {
return simple_error!("No commands assigned."); return simple_error!("No commands assigned.");
} }
@@ -75,7 +75,7 @@ pub fn exec_env(cmd_exec_env: CmdExecEnv) -> XResult<()> {
let decrypted_content = decrypt_limited_content_to_vec(&mut file_in, &meta, cryptor, &key_nonce)?; let decrypted_content = decrypt_limited_content_to_vec(&mut file_in, &meta, cryptor, &key_nonce)?;
let exit_code = if let Some(output) = decrypted_content { let exit_code = if let Some(output) = decrypted_content {
debugging!("Outputs: {}", output); debugging!("Outputs: {}", output);
let arguments = &cmd_exec_env.arguments; let arguments = &cmd_exec_env.command_arguments;
let envs = parse_output_to_env(&output); let envs = parse_output_to_env(&output);
let mut command = Command::new(&arguments[0]); let mut command = Command::new(&arguments[0]);

22
src/cmd_initkeychainkey.rs → src/cmd_initkeychain.rs
View File

@@ -9,14 +9,14 @@ use crate::util_keychainkey;
use crate::util_keychainstatic; use crate::util_keychainstatic;
#[derive(Debug, Args)] #[derive(Debug, Args)]
pub struct CmdKeychainKey { pub struct CmdInitKeychain {
/// Secure Enclave /// Secure Enclave
#[arg(long, short = 'S')] #[arg(long, short = 'S')]
pub secure_enclave: bool, pub secure_enclave: bool,
// /// Keychain name, or default // /// Keychain name, or default
// #[arg(long, short = 'c')] // #[arg(long, short = 'c')]
// pub keychain_name: Option<String>, // pub keychain_name: Option<String>,
/// Service name, or tiny-encrypt /// Service name, or default: tiny-encrypt
#[arg(long, short = 's')] #[arg(long, short = 's')]
pub server_name: Option<String>, pub server_name: Option<String>,
/// Key name /// Key name
@@ -27,19 +27,19 @@ pub struct CmdKeychainKey {
#[allow(dead_code)] #[allow(dead_code)]
const DEFAULT_SERVICE_NAME: &str = "tiny-encrypt"; const DEFAULT_SERVICE_NAME: &str = "tiny-encrypt";
pub fn keychain_key(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { pub fn keychain_key(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
if cmd_keychain_key.secure_enclave { if cmd_init_keychain.secure_enclave {
#[cfg(feature = "secure-enclave")] #[cfg(feature = "secure-enclave")]
return keychain_key_se(cmd_keychain_key); return keychain_key_se(cmd_init_keychain);
#[cfg(not(feature = "secure-enclave"))] #[cfg(not(feature = "secure-enclave"))]
return simple_error!("Feature secure-enclave is not built"); return simple_error!("Feature secure-enclave is not built");
} else { } else {
keychain_key_static(cmd_keychain_key) keychain_key_static(cmd_init_keychain)
} }
} }
#[cfg(feature = "secure-enclave")] #[cfg(feature = "secure-enclave")]
pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
if !util_keychainkey::is_support_se() { if !util_keychainkey::is_support_se() {
return simple_error!("Secure enclave is not supported."); return simple_error!("Secure enclave is not supported.");
} }
@@ -49,7 +49,7 @@ pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> {
let config_envelop = TinyEncryptConfigEnvelop { let config_envelop = TinyEncryptConfigEnvelop {
r#type: TinyEncryptEnvelopType::KeyP256, r#type: TinyEncryptEnvelopType::KeyP256,
sid: cmd_keychain_key.key_name.clone(), sid: cmd_init_keychain.key_name.clone(),
kid: format!("keychain:02{}", &public_key_compressed_hex), kid: format!("keychain:02{}", &public_key_compressed_hex),
desc: Some("Keychain Secure Enclave".to_string()), desc: Some("Keychain Secure Enclave".to_string()),
args: Some(vec![ args: Some(vec![
@@ -63,10 +63,10 @@ pub fn keychain_key_se(cmd_keychain_key: CmdKeychainKey) -> XResult<()> {
Ok(()) Ok(())
} }
pub fn keychain_key_static(cmd_keychain_key: CmdKeychainKey) -> XResult<()> { pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_keychain_key.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let sec_keychain = opt_result!(SecKeychain::default(), "Get keychain failed: {}"); let sec_keychain = opt_result!(SecKeychain::default(), "Get keychain failed: {}");
let key_name = opt_value_result!(&cmd_keychain_key.key_name, "Key name is required."); let key_name = opt_value_result!(&cmd_init_keychain.key_name, "Key name is required.");
if sec_keychain.find_generic_password(service_name, key_name).is_ok() { if sec_keychain.find_generic_password(service_name, key_name).is_ok() {
return simple_error!("Static x25519 exists: {}.{}", service_name, &key_name); return simple_error!("Static x25519 exists: {}.{}", service_name, &key_name);
} }

6
src/lib.rs
View File

@@ -20,9 +20,9 @@ pub use cmd_info::CmdInfo;
pub use cmd_info::info; pub use cmd_info::info;
pub use cmd_info::info_single; pub use cmd_info::info_single;
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
pub use cmd_initkeychainkey::CmdKeychainKey; pub use cmd_initkeychain::CmdInitKeychain;
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
pub use cmd_initkeychainkey::keychain_key; pub use cmd_initkeychain::keychain_key;
pub use cmd_version::CmdVersion; pub use cmd_version::CmdVersion;
pub use cmd_version::version; pub use cmd_version::version;
@@ -56,7 +56,7 @@ mod cmd_decrypt;
mod cmd_encrypt; mod cmd_encrypt;
mod cmd_directdecrypt; mod cmd_directdecrypt;
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
mod cmd_initkeychainkey; mod cmd_initkeychain;
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
mod util_keychainstatic; mod util_keychainstatic;
#[cfg(feature = "decrypt")] #[cfg(feature = "decrypt")]

16
src/main.rs
View File

@@ -9,7 +9,7 @@ use tiny_encrypt::CmdDecrypt;
#[cfg(feature = "decrypt")] #[cfg(feature = "decrypt")]
use tiny_encrypt::CmdExecEnv; use tiny_encrypt::CmdExecEnv;
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
use tiny_encrypt::CmdKeychainKey; use tiny_encrypt::CmdInitKeychain;
#[derive(Debug, Parser)] #[derive(Debug, Parser)]
#[command(name = "tiny-encrypt-rs")] #[command(name = "tiny-encrypt-rs")]
@@ -31,21 +31,21 @@ enum Commands {
/// Direct decrypt file(s) /// Direct decrypt file(s)
#[command(arg_required_else_help = true)] #[command(arg_required_else_help = true)]
DirectDecrypt(CmdDirectDecrypt), DirectDecrypt(CmdDirectDecrypt),
/// Show file info /// Show tiny encrypt file info
#[command(arg_required_else_help = true, short_flag = 'I')] #[command(arg_required_else_help = true, short_flag = 'I')]
Info(CmdInfo), Info(CmdInfo),
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
/// Keychain Key [pending implementation] /// Init Keychain (Secure Enclave or Static)
#[command(arg_required_else_help = true, short_flag = 'k')] #[command(arg_required_else_help = true, short_flag = 'K')]
KeychainKey(CmdKeychainKey), InitKeychain(CmdInitKeychain),
#[cfg(feature = "decrypt")] #[cfg(feature = "decrypt")]
/// Execute env /// Execute environment
#[command(arg_required_else_help = true, short_flag = 'X')] #[command(arg_required_else_help = true, short_flag = 'X')]
ExecEnv(CmdExecEnv), ExecEnv(CmdExecEnv),
/// Show version /// Show version
#[command(short_flag = 'v')] #[command(short_flag = 'v')]
Version(CmdVersion), Version(CmdVersion),
/// Show Config /// Show configuration
#[command(short_flag = 'c')] #[command(short_flag = 'c')]
Config(CmdConfig), Config(CmdConfig),
} }
@@ -59,7 +59,7 @@ fn main() -> XResult<()> {
Commands::DirectDecrypt(cmd_direct_decrypt) => tiny_encrypt::direct_decrypt(cmd_direct_decrypt), Commands::DirectDecrypt(cmd_direct_decrypt) => tiny_encrypt::direct_decrypt(cmd_direct_decrypt),
Commands::Info(cmd_info) => tiny_encrypt::info(cmd_info), Commands::Info(cmd_info) => tiny_encrypt::info(cmd_info),
#[cfg(feature = "macos")] #[cfg(feature = "macos")]
Commands::KeychainKey(cmd_keychain_key) => tiny_encrypt::keychain_key(cmd_keychain_key), Commands::InitKeychain(cmd_keychain_key) => tiny_encrypt::keychain_key(cmd_keychain_key),
#[cfg(feature = "decrypt")] #[cfg(feature = "decrypt")]
Commands::ExecEnv(cmd_exec_env) => tiny_encrypt::exec_env(cmd_exec_env), Commands::ExecEnv(cmd_exec_env) => tiny_encrypt::exec_env(cmd_exec_env),
Commands::Version(cmd_version) => tiny_encrypt::version(cmd_version), Commands::Version(cmd_version) => tiny_encrypt::version(cmd_version),

25
src/util_p256.rs
View File

@@ -1,28 +1,11 @@
use p256::{EncodedPoint, PublicKey};
use p256::ecdh::EphemeralSecret; use p256::ecdh::EphemeralSecret;
use p256::elliptic_curve::sec1::FromEncodedPoint;
use p256::pkcs8::EncodePublicKey;
use rand::rngs::OsRng; use rand::rngs::OsRng;
use rust_util::{opt_result, XResult}; use rust_util::{opt_result, XResult};
use p256::pkcs8::EncodePublicKey; pub fn compute_p256_shared_secret(public_key_point_hex: &str) -> XResult<(Vec<u8>, Vec<u8>)> {
use p256::{EncodedPoint, PublicKey};
use p256::elliptic_curve::sec1::FromEncodedPoint;
// use p256::elliptic_curve::sec1::{FromEncodedPoint, ToEncodedPoint};
// #[derive(Debug)]
// pub struct EphemeralKeyBytes(EncodedPoint);
//
// impl EphemeralKeyBytes {
// pub fn from_public_key(epk: &PublicKey) -> Self {
// EphemeralKeyBytes(epk.to_encoded_point(true))
// }
//
// pub fn decompress(&self) -> EncodedPoint {
// // EphemeralKeyBytes is a valid compressed encoding by construction.
// let p = PublicKey::from_encoded_point(&self.0).unwrap();
// p.to_encoded_point(false)
// }
// }
pub fn compute_shared_secret(public_key_point_hex: &str) -> XResult<(Vec<u8>, Vec<u8>)> {
let public_key_point_bytes = opt_result!(hex::decode(public_key_point_hex), "Parse public key point hex failed: {}"); let public_key_point_bytes = opt_result!(hex::decode(public_key_point_hex), "Parse public key point hex failed: {}");
let encoded_point = opt_result!(EncodedPoint::from_bytes(public_key_point_bytes), "Parse public key point failed: {}"); let encoded_point = opt_result!(EncodedPoint::from_bytes(public_key_point_bytes), "Parse public key point failed: {}");
let public_key = PublicKey::from_encoded_point(&encoded_point).unwrap(); let public_key = PublicKey::from_encoded_point(&encoded_point).unwrap();