Decryptor::{new_async, decrypt_async}

MSRV is bumped to 1.39.0 for async/await syntax.

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@v1
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.37.0
+          toolchain: 1.39.0
           override: true
 
       # Ensure all code has been formatted with rustfmt
@@ -39,7 +39,7 @@ jobs:
       - uses: actions/checkout@v1
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.37.0
+          toolchain: 1.39.0
           override: true
       - name: cargo fetch
         uses: actions-rs/cargo@v1
@@ -69,7 +69,7 @@ jobs:
       - uses: actions/checkout@v1
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.37.0
+          toolchain: 1.39.0
           override: true
       - name: Add target
         run: rustup target add ${{ matrix.target }}

README.md

@@ -106,7 +106,7 @@ brew install rage
 On Windows, Linux, and macOS, you can use the
 [pre-built binaries](https://github.com/str4d/rage/releases).
 
-If your system has Rust 1.37+ installed (either via `rustup` or a system
+If your system has Rust 1.39+ installed (either via `rustup` or a system
 package), you can build directly from source:
 
 ```

age/src/format.rs

@@ -8,6 +8,9 @@ use std::io::{self, Read, Write};
 
 use crate::primitives::HmacWriter;
 
+#[cfg(feature = "async")]
+use futures::io::{AsyncRead, AsyncReadExt};
+
 pub(crate) mod plugin;
 pub(crate) mod scrypt;
 pub(crate) mod ssh_ed25519;
@@ -150,6 +153,27 @@ impl Header {
         }
     }
 
+    #[cfg(feature = "async")]
+    pub(crate) async fn read_async<R: AsyncRead + Unpin>(mut input: R) -> io::Result<Self> {
+        let mut data = vec![];
+        loop {
+            match read::header(&data) {
+                Ok((_, header)) => break Ok(header),
+                Err(nom::Err::Incomplete(nom::Needed::Size(n))) => {
+                    // Read the needed additional bytes. We need to be careful how the
+                    // parser is constructed, because if we read more than we need, the
+                    // remainder of the input will be truncated.
+                    let m = data.len();
+                    data.resize(m + n, 0);
+                    input.read_exact(&mut data[m..m + n]).await?;
+                }
+                Err(_) => {
+                    break Err(io::Error::new(io::ErrorKind::InvalidData, "invalid header"));
+                }
+            }
+        }
+    }
+
     pub(crate) fn write<W: Write>(&self, mut output: W) -> io::Result<()> {
         cookie_factory::gen(write::header(self), &mut output)
             .map(|_| ())

age/src/protocol.rs

@@ -17,6 +17,9 @@ use crate::{
     Format,
 };
 
+#[cfg(feature = "async")]
+use futures::io::{AsyncRead, AsyncReadExt, BufReader as AsyncBufReader};
+
 pub mod decryptor;
 
 const HEADER_KEY_LABEL: &[u8] = b"header";
@@ -176,6 +179,42 @@ impl<R: Read> Decryptor<BufReader<R>> {
     }
 }
 
+#[cfg(feature = "async")]
+impl<R: AsyncRead + Unpin> Decryptor<AsyncBufReader<R>> {
+    /// Attempts to create a decryptor for an age file.
+    ///
+    /// Returns an error if the input does not contain a valid age file.
+    pub async fn new_async(input: R) -> Result<Self, Error> {
+        let mut input = ArmoredReader::from_async_reader(input);
+        let header = Header::read_async(&mut input).await?;
+
+        match &header {
+            Header::V1(v1_header) => {
+                let mut nonce = [0; 16];
+                input.read_exact(&mut nonce).await?;
+
+                // Enforce structural requirements on the v1 header.
+                let any_scrypt = v1_header.recipients.iter().any(|r| {
+                    if let RecipientStanza::Scrypt(_) = r {
+                        true
+                    } else {
+                        false
+                    }
+                });
+
+                if any_scrypt && v1_header.recipients.len() == 1 {
+                    Ok(decryptor::PassphraseDecryptor::new_async(input, header, nonce).into())
+                } else if !any_scrypt {
+                    Ok(decryptor::RecipientsDecryptor::new_async(input, header, nonce).into())
+                } else {
+                    Err(Error::InvalidHeader)
+                }
+            }
+            Header::Unknown(_) => Err(Error::UnknownFormat),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use secrecy::SecretString;

age/src/protocol/decryptor.rs

@@ -14,6 +14,9 @@ use crate::{
     },
 };
 
+#[cfg(feature = "async")]
+use futures::io::AsyncBufRead;
+
 struct BaseDecryptor<R> {
     /// The age file.
     input: ArmoredReader<R>,
@@ -80,6 +83,44 @@ impl<R: BufRead> RecipientsDecryptor<R> {
     }
 }
 
+#[cfg(feature = "async")]
+impl<R: AsyncBufRead + Unpin> RecipientsDecryptor<R> {
+    pub(super) fn new_async(input: ArmoredReader<R>, header: Header, nonce: [u8; 16]) -> Self {
+        RecipientsDecryptor(BaseDecryptor {
+            input,
+            header,
+            nonce,
+        })
+    }
+
+    /// Attempts to decrypt the age file.
+    ///
+    /// The decryptor will have no callbacks registered, so it will be unable to use
+    /// identities that require e.g. a passphrase to decrypt.
+    ///
+    /// If successful, returns a reader that will provide the plaintext.
+    pub fn decrypt_async(self, identities: &[Identity]) -> Result<StreamReader<R>, Error> {
+        self.decrypt_async_with_callbacks(identities, &NoCallbacks)
+    }
+
+    /// Attempts to decrypt the age file.
+    ///
+    /// If successful, returns a reader that will provide the plaintext.
+    pub fn decrypt_async_with_callbacks(
+        mut self,
+        identities: &[Identity],
+        callbacks: &dyn Callbacks,
+    ) -> Result<StreamReader<R>, Error> {
+        self.0
+            .obtain_payload_key(|r| {
+                identities
+                    .iter()
+                    .find_map(|key| key.unwrap_file_key(r, callbacks))
+            })
+            .map(|payload_key| Stream::decrypt_async(&payload_key, self.0.input))
+    }
+}
+
 /// Decryptor for an age file encrypted with a passphrase.
 pub struct PassphraseDecryptor<R>(BaseDecryptor<R>);
 
@@ -114,3 +155,36 @@ impl<R: BufRead> PassphraseDecryptor<R> {
             .map(|payload_key| Stream::decrypt(&payload_key, self.0.input))
     }
 }
+
+#[cfg(feature = "async")]
+impl<R: AsyncBufRead + Unpin> PassphraseDecryptor<R> {
+    pub(super) fn new_async(input: ArmoredReader<R>, header: Header, nonce: [u8; 16]) -> Self {
+        PassphraseDecryptor(BaseDecryptor {
+            input,
+            header,
+            nonce,
+        })
+    }
+
+    /// Attempts to decrypt the age file.
+    ///
+    /// `max_work_factor` is the maximum accepted work factor. If `None`, the default
+    /// maximum is adjusted to around 16 seconds of work.
+    ///
+    /// If successful, returns a reader that will provide the plaintext.
+    pub fn decrypt_async(
+        mut self,
+        passphrase: &SecretString,
+        max_work_factor: Option<u8>,
+    ) -> Result<StreamReader<R>, Error> {
+        self.0
+            .obtain_payload_key(|r| {
+                if let RecipientStanza::Scrypt(s) = r {
+                    s.unwrap_file_key(passphrase, max_work_factor).transpose()
+                } else {
+                    None
+                }
+            })
+            .map(|payload_key| Stream::decrypt_async(&payload_key, self.0.input))
+    }
+}

rust-toolchain

@@ -1 +1 @@
-1.37.0
+1.39.0