feat: optimize decrypt
This commit is contained in:
@@ -124,12 +124,12 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
|
||||
util::require_file_not_exists(path_out.as_str())?;
|
||||
|
||||
let (key, nonce) = util::make_key256_and_nonce();
|
||||
let envelops = encrypt_envelops(&key, envelops)?;
|
||||
let envelops = encrypt_envelops(&key.0, envelops)?;
|
||||
|
||||
let encrypted_comment = match &cmd_encrypt.encrypted_comment {
|
||||
None => None,
|
||||
Some(encrypted_comment) => Some(util::encode_base64(
|
||||
&aes_gcm_encrypt_with_salt(&key, &nonce, SALT_COMMENT, encrypted_comment.as_bytes())?))
|
||||
&aes_gcm_encrypt_with_salt(&key.0, &nonce.0, SALT_COMMENT, encrypted_comment.as_bytes())?))
|
||||
};
|
||||
|
||||
let file_metadata = opt_result!(fs::metadata(path), "Read file: {} meta failed: {}", path.display());
|
||||
@@ -138,7 +138,7 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
|
||||
c_time: file_metadata.created().ok().and_then(|t| t.to_millis()),
|
||||
m_time: file_metadata.modified().ok().and_then(|t| t.to_millis()),
|
||||
};
|
||||
let enc_encrypted_meta_bytes = opt_result!(enc_encrypted_meta.seal(&key, &nonce), "Seal enc-encrypted-meta failed: {}");
|
||||
let enc_encrypted_meta_bytes = opt_result!(enc_encrypted_meta.seal(&key.0, &nonce.0), "Seal enc-encrypted-meta failed: {}");
|
||||
|
||||
let enc_metadata = EncMetadata {
|
||||
comment: cmd_encrypt.comment.clone(),
|
||||
@@ -147,7 +147,7 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
|
||||
compress: cmd_encrypt.compress,
|
||||
};
|
||||
|
||||
let mut encrypt_meta = TinyEncryptMeta::new(&file_metadata, &enc_metadata, &nonce, envelops);
|
||||
let mut encrypt_meta = TinyEncryptMeta::new(&file_metadata, &enc_metadata, &nonce.0, envelops);
|
||||
debugging!("Encrypted meta: {:?}", encrypt_meta);
|
||||
|
||||
if cmd_encrypt.compatible_with_1_0 {
|
||||
@@ -162,15 +162,12 @@ fn encrypt_single(path: &PathBuf, envelops: &[&TinyEncryptConfigEnvelop], cmd_en
|
||||
let start = Instant::now();
|
||||
encrypt_file(
|
||||
&mut file_in, file_metadata.len(), &mut file_out,
|
||||
&key, &nonce, cmd_encrypt.compress, &cmd_encrypt.compress_level,
|
||||
&key.0, &nonce.0, cmd_encrypt.compress, &cmd_encrypt.compress_level,
|
||||
)?;
|
||||
drop(file_out);
|
||||
let encrypt_duration = start.elapsed();
|
||||
debugging!("Inner encrypt file{}: {} elapsed: {} ms", compress_desc, path_display, encrypt_duration.as_millis());
|
||||
|
||||
util::zeroize(key);
|
||||
util::zeroize(nonce);
|
||||
drop(file_in);
|
||||
drop(file_out);
|
||||
if cmd_encrypt.remove_file { util::remove_file_with_msg(path); }
|
||||
Ok(file_metadata.len())
|
||||
}
|
||||
@@ -303,7 +300,7 @@ fn encrypt_envelop_shared_secret(key: &[u8],
|
||||
let shared_key = util::simple_kdf(shared_secret);
|
||||
let (_, nonce) = util::make_key256_and_nonce();
|
||||
|
||||
let encrypted_key = aes_gcm_encrypt(&shared_key, &nonce, key)?;
|
||||
let encrypted_key = aes_gcm_encrypt(&shared_key, &nonce.0, key)?;
|
||||
|
||||
let wrap_key = WrapKey {
|
||||
header: WrapKeyHeader {
|
||||
@@ -311,7 +308,7 @@ fn encrypt_envelop_shared_secret(key: &[u8],
|
||||
enc: enc_type.to_string(),
|
||||
e_pub_key: util::encode_base64_url_no_pad(ephemeral_spki),
|
||||
},
|
||||
nonce,
|
||||
nonce: nonce.0.clone(),
|
||||
encrypted_data: encrypted_key,
|
||||
};
|
||||
let encoded_wrap_key = wrap_key.encode()?;
|
||||
|
||||
Reference in New Issue
Block a user