age: Move scrypt structural requirement checks to HeaderV1

age/src/format.rs

@@ -6,6 +6,7 @@ use std::io::{self, BufRead, Read, Write};
 use crate::{
     error::DecryptError,
     primitives::{HmacKey, HmacWriter},
+    scrypt,
 };
 
 #[cfg(feature = "async")]
@@ -61,6 +62,28 @@ impl HeaderV1 {
         }
         mac.verify(&self.mac)
     }
+
+    fn any_scrypt(&self) -> bool {
+        self.recipients
+            .iter()
+            .any(|r| r.tag == scrypt::SCRYPT_RECIPIENT_TAG)
+    }
+
+    /// Checks whether the header contains a single recipient of type `scrypt`.
+    ///
+    /// This can be used along with [`Self::no_scrypt`] to enforce the structural
+    /// requirements on the v1 header.
+    pub(crate) fn valid_scrypt(&self) -> bool {
+        self.any_scrypt() && self.recipients.len() == 1
+    }
+
+    /// Checks whether the header contains no `scrypt` recipients.
+    ///
+    /// This can be used along with [`Self::valid_scrypt`] to enforce the structural
+    /// requirements on the v1 header.
+    pub(crate) fn no_scrypt(&self) -> bool {
+        !self.any_scrypt()
+    }
 }
 
 impl Header {

age/src/protocol.rs

@@ -162,14 +162,9 @@ impl<R> From<decryptor::PassphraseDecryptor<R>> for Decryptor<R> {
 impl<R> Decryptor<R> {
     fn from_v1_header(input: R, header: HeaderV1, nonce: Nonce) -> Result<Self, DecryptError> {
         // Enforce structural requirements on the v1 header.
-        let any_scrypt = header
+        if header.valid_scrypt() {
-            .recipients
-            .iter()
-            .any(|r| r.tag == scrypt::SCRYPT_RECIPIENT_TAG);
-
-        if any_scrypt && header.recipients.len() == 1 {
             Ok(decryptor::PassphraseDecryptor::new(input, Header::V1(header), nonce).into())
-        } else if !any_scrypt {
+        } else if header.no_scrypt() {
             Ok(decryptor::RecipientsDecryptor::new(input, Header::V1(header), nonce).into())
         } else {
             Err(DecryptError::InvalidHeader)