hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v0.5.3, fix compress issue, supports env TINY_ENCRYPT_DEFAULT_ALGORITHM

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-25 23:16:20 +08:00
parent d5cb25cc6a
commit c05cf1a7cf
9 changed files with 65 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/cmd_encrypt.rs
View File

@@ -10,7 +10,7 @@ use rsa::Pkcs1v15Encrypt;
use rust_util::{debugging, failure, iff, information, opt_result, simple_error, success, XResult};
use rust_util::util_time::UnixEpochTime;
use crate::{consts, crypto_simple, util, util_enc_file, util_p256, util_p384, util_x25519};
use crate::{crypto_cryptor, crypto_simple, util, util_enc_file, util_p256, util_p384, util_x25519};
use crate::compress::GzStreamEncoder;
use crate::config::{TinyEncryptConfig, TinyEncryptConfigEnvelop};
use crate::consts::{
@@ -119,14 +119,7 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
return Ok(0);
}
let encryption_algorithm = cmd_encrypt.encryption_algorithm.as_deref()
.unwrap_or(consts::TINY_ENC_AES_GCM)
.to_lowercase();
let cryptor = match encryption_algorithm.as_str() {
"aes" | "aes/gcm" => Cryptor::Aes256Gcm,
"chacha20" | "chacha20/poly1305" => Cryptor::ChaCha20Poly1305,
_ => return simple_error!("Unknown encryption algorithm: {}, should be AES or CHACHA20", encryption_algorithm),
};
let cryptor = crypto_cryptor::get_cryptor_by_encryption_algorithm(&cmd_encrypt.encryption_algorithm)?;
information!("Using encryption algorithm: {}", cryptor.get_name());
util::require_file_exists(path)?;
@@ -184,11 +177,13 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
let _ = util_enc_file::write_tiny_encrypt_meta(&mut file_out, &encrypt_meta, compress_meta)?;
let compress_desc = iff!(cmd_encrypt.compress, " [with compress]", "");
let compress_level = iff!(cmd_encrypt.compress, &cmd_encrypt.compress_level, &None);
let compress_level = iff!(cmd_encrypt.compress,
Some(cmd_encrypt.compress_level.unwrap_or_else(|| Compression::default().level())), None);
let start = Instant::now();
encrypt_file(
&mut file_in, file_metadata.len(), &mut file_out, cryptor,
&key.0, &nonce.0, compress_level,
&key.0, &nonce.0, &compress_level,
)?;
drop(file_out);
let encrypt_duration = start.elapsed();
@@ -338,14 +333,14 @@ fn encrypt_envelop_shared_secret(cryptor: Cryptor,
enc_type: &str,
envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
let shared_key = util::simple_kdf(shared_secret);
let (_, nonce) = util::make_key256_and_nonce();
let nonce = util::make_nonce();
let encrypted_key = crypto_simple::encrypt(
cryptor, &shared_key, &nonce.0, key)?;
let wrap_key = WrapKey {
header: WrapKeyHeader {
kid: None, // Some(envelop.kid.clone()),
kid: None,
enc: enc_type.to_string(),
e_pub_key: util::encode_base64_url_no_pad(ephemeral_spki),
},
@@ -357,7 +352,7 @@ fn encrypt_envelop_shared_secret(cryptor: Cryptor,
Ok(TinyEncryptEnvelop {
r#type: envelop.r#type,
kid: envelop.kid.clone(),
desc: None, // envelop.desc.clone(),
desc: None,
encrypted_key: encoded_wrap_key,
})
}
@@ -369,7 +364,7 @@ fn encrypt_envelop_pgp(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResul
Ok(TinyEncryptEnvelop {
r#type: envelop.r#type,
kid: envelop.kid.clone(),
desc: None, // envelop.desc.clone(),
desc: None,
encrypted_key: util::encode_base64(&encrypted_key),
})
}

1
src/consts.rs
View File

@@ -10,6 +10,7 @@ pub const ENC_CHACHA20_POLY1305_X25519: &str = "chacha20-poly1305-x25519";
pub const TINY_ENC_FILE_EXT: &str = ".tinyenc";
pub const TINY_ENC_CONFIG_FILE: &str = "~/.tinyencrypt/config-rs.json";
pub const TINY_ENCRYPT_ENV_DEFAULT_ALGORITHM: &str = "TINY_ENCRYPT_DEFAULT_ALGORITHM";
pub const TINY_ENC_AES_GCM: &str = "AES/GCM";
pub const TINY_ENC_CHACHA20_POLY1305: &str = "CHACHA20/POLY1305";

16
src/crypto_cryptor.rs
View File

@@ -3,7 +3,7 @@ use chacha20_poly1305_stream::{ChaCha20Poly1305StreamDecryptor, ChaCha20Poly1305
use rust_util::{opt_result, simple_error, XResult};
use zeroize::Zeroize;
use crate::consts;
use crate::{consts, util_env};
#[derive(Debug, Copy, Clone)]
pub enum Cryptor {
@@ -152,6 +152,20 @@ impl Decryptor for ChaCha20Poly1305Decryptor {
}
}
#[allow(clippy::redundant_closure)]
pub fn get_cryptor_by_encryption_algorithm(encryption_algorithm: &Option<String>) -> XResult<Cryptor> {
let encryption_algorithm = encryption_algorithm.as_deref()
.or_else(|| util_env::get_default_encryption_algorithm())
.unwrap_or(consts::TINY_ENC_AES_GCM)
.to_lowercase();
let cryptor = match encryption_algorithm.as_str() {
"aes" | "aes/gcm" => Cryptor::Aes256Gcm,
"chacha20" | "chacha20/poly1305" => Cryptor::ChaCha20Poly1305,
_ => return simple_error!("Unknown encryption algorithm: {}, should be AES or CHACHA20", encryption_algorithm),
};
Ok(cryptor)
}
#[test]
fn test_cryptor() {
let key = [0u8; 32];

1
src/main.rs
View File

@@ -11,6 +11,7 @@ use crate::cmd_version::CmdVersion;
mod consts;
mod util;
mod util_env;
mod util_digest;
mod util_progress;
mod util_piv;

5
src/util.rs
View File

@@ -76,6 +76,11 @@ pub fn require_file_not_exists(path: impl AsRef<Path>) -> XResult<()> {
}
}
pub fn make_nonce() -> SecVec {
let (_, nonce) = make_key256_and_nonce();
nonce
}
pub fn make_key256_and_nonce() -> (SecVec, SecVec) {
let key: [u8; 32] = random();
let nonce: [u8; 12] = random();

16
src/util_env.rs Normal file
View File

@@ -0,0 +1,16 @@
use std::env;
use crate::consts;
pub fn get_default_encryption_algorithm() -> Option<&'static str> {
let env_default_algorithm = env::var(consts::TINY_ENCRYPT_ENV_DEFAULT_ALGORITHM).ok();
if let Some(env_algorithm) = env_default_algorithm {
let lower_default_algorithm = env_algorithm.to_lowercase();
match lower_default_algorithm.as_str() {
"aes" | "aes/gcm" => return Some(consts::TINY_ENC_AES_GCM),
"chacha20" | "chacha20/poly1305" => return Some(consts::TINY_ENC_CHACHA20_POLY1305),
_ => {}
}
}
None
}