mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-04 11:27:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

age: Merge RecipientsDecryptor into Decryptor

Browse source
This commit is contained in:
Jack Grigg 2024-07-29 01:38:45 +00:00
parent a1f16094b8
commit 219ac41b60
11 changed files with 197 additions and 290 deletions
Download patch file Download diff file Expand all files Collapse all files

8
age/CHANGELOG.md
View file

@ -10,17 +10,19 @@ to 1.0.0 are beta releases.
## [Unreleased]
### Added
- `age::decryptor::RecipientsDecryptor::is_scrypt`
- `age::Decryptor::{decrypt, decrypt_async, is_scrypt}`
- `age::scrypt`, providing recipient and identity types for passphrase-based
encryption.
- Partial French translation!
### Changed
- `age::Decryptor` no longer has a `Passphrase` variant.
- `age::Decryptor` is now an opaque struct instead of an enum with `Recipients`
and `Passphrase` variants.
### Removed
- `age::decryptor::PassphraseDecryptor` (use `RecipientsDecryptor` with
- `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with
`age::scrypt::Identity` instead).
- `age::decryptor::RecipientsDecryptor` (use `age::Decryptor` instead).
## [0.10.0] - 2024-02-04
### Added

5
age/benches/throughput.rs
View file

@ -70,10 +70,7 @@ fn bench(c: &mut Criterion_) {
output.finish().unwrap();
b.iter(|| {
let decryptor = match Decryptor::new_buffered(&ct_buf[..]).unwrap() {
Decryptor::Recipients(decryptor) => decryptor,
_ => panic!(),
};
let decryptor = Decryptor::new_buffered(&ct_buf[..]).unwrap();
let mut input = decryptor
.decrypt(iter::once(&identity as &dyn age::Identity))
.unwrap();

25
age/src/encrypted.rs
View file

@ -3,14 +3,13 @@
use std::{cell::Cell, io};
use crate::{
decryptor::RecipientsDecryptor, fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError,
IdentityFile, IdentityFileEntry,
fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile, IdentityFileEntry,
};
/// The state of the encrypted age identity.
enum IdentityState<R: io::Read> {
Encrypted {
decryptor: RecipientsDecryptor<R>,
decryptor: Decryptor<R>,
max_work_factor: Option<u8>,
},
Decrypted(Vec<IdentityFileEntry>),
@ -97,17 +96,15 @@ impl<R: io::Read, C: Callbacks> Identity<R, C> {
callbacks: C,
max_work_factor: Option<u8>,
) -> Result<Option<Self>, DecryptError> {
match Decryptor::new(data)? {
Decryptor::Recipients(decryptor) if !decryptor.is_scrypt() => Ok(None),
Decryptor::Recipients(decryptor) => Ok(Some(Identity {
state: Cell::new(IdentityState::Encrypted {
decryptor,
max_work_factor,
}),
filename,
callbacks,
})),
}
let decryptor = Decryptor::new(data)?;
Ok(decryptor.is_scrypt().then_some(Identity {
state: Cell::new(IdentityState::Encrypted {
decryptor,
max_work_factor,
}),
filename,
callbacks,
}))
}
/// Returns the recipients contained within this encrypted identity.

17
age/src/lib.rs
View file

@ -56,10 +56,7 @@
//! // ... and decrypt the obtained ciphertext to the plaintext again.
//! # fn decrypt(key: age::x25519::Identity, encrypted: Vec<u8>) -> Result<Vec<u8>, age::DecryptError> {
//! let decrypted = {
//! let decryptor = match age::Decryptor::new(&encrypted[..])? {
//! age::Decryptor::Recipients(d) => d,
//! _ => unreachable!(),
//! };
//! let decryptor = age::Decryptor::new(&encrypted[..])?;
//!
//! let mut decrypted = vec![];
//! let mut reader = decryptor.decrypt(iter::once(&key as &dyn age::Identity))?;
@ -109,9 +106,7 @@
//! // ... and decrypt the ciphertext to the plaintext again using the same passphrase.
//! # fn decrypt(passphrase: &str, encrypted: Vec<u8>) -> Result<Vec<u8>, age::DecryptError> {
//! let decrypted = {
//! let decryptor = match age::Decryptor::new(&encrypted[..])? {
//! age::Decryptor::Recipients(d) => d,
//! };
//! let decryptor = age::Decryptor::new(&encrypted[..])?;
//!
//! let mut decrypted = vec![];
//! let mut reader = decryptor.decrypt(
@ -154,7 +149,7 @@ mod util;
pub use error::{DecryptError, EncryptError};
pub use identity::{IdentityFile, IdentityFileEntry};
pub use primitives::stream;
pub use protocol::{decryptor, Decryptor, Encryptor};
pub use protocol::{Decryptor, Encryptor};
#[cfg(feature = "armor")]
pub use primitives::armor;
@ -194,7 +189,7 @@ pub trait Identity {
///
/// This method is part of the `Identity` trait to expose age's [one joint] for
/// external implementations. You should not need to call this directly; instead, pass
/// identities to [`RecipientsDecryptor::decrypt`].
/// identities to [`Decryptor::decrypt`].
///
/// Returns:
/// - `Some(Ok(file_key))` on success.
@ -202,7 +197,6 @@ pub trait Identity {
/// - `None` if the recipient stanza does not match this key.
///
/// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html
/// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt
fn unwrap_stanza(&self, stanza: &Stanza) -> Option<Result<FileKey, DecryptError>>;
/// Attempts to unwrap any of the given stanzas, which are assumed to come from the
@ -210,7 +204,7 @@ pub trait Identity {
///
/// This method is part of the `Identity` trait to expose age's [one joint] for
/// external implementations. You should not need to call this directly; instead, pass
/// identities to [`RecipientsDecryptor::decrypt`].
/// identities to [`Decryptor::decrypt`].
///
/// Returns:
/// - `Some(Ok(file_key))` on success.
@ -218,7 +212,6 @@ pub trait Identity {
/// - `None` if none of the recipient stanzas match this identity.
///
/// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html
/// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt
fn unwrap_stanzas(&self, stanzas: &[Stanza]) -> Option<Result<FileKey, DecryptError>> {
stanzas.iter().find_map(|stanza| self.unwrap_stanza(stanza))
}

14
age/src/primitives/armor.rs
View file

@ -321,12 +321,7 @@ enum ArmorIs<W> {
/// # }
/// # fn decrypt(identity: age::x25519::Identity, encrypted: Vec<u8>) -> Result<Vec<u8>, age::DecryptError> {
/// # let decrypted = {
/// # let decryptor = match age::Decryptor::new(
/// # age::armor::ArmoredReader::new(&encrypted[..])
/// # )? {
/// # age::Decryptor::Recipients(d) => d,
/// # _ => unreachable!(),
/// # };
/// # let decryptor = age::Decryptor::new(age::armor::ArmoredReader::new(&encrypted[..]))?;
/// # let mut decrypted = vec![];
/// # let mut reader = decryptor.decrypt(iter::once(&identity as &dyn age::Identity))?;
/// # reader.read_to_end(&mut decrypted);
@ -693,12 +688,7 @@ enum StartPos {
///
/// # fn decrypt(identity: age::x25519::Identity, encrypted: Vec<u8>) -> Result<Vec<u8>, age::DecryptError> {
/// let decrypted = {
/// let decryptor = match age::Decryptor::new(
/// age::armor::ArmoredReader::new(&encrypted[..])
/// )? {
/// age::Decryptor::Recipients(d) => d,
/// _ => unreachable!(),
/// };
/// let decryptor = age::Decryptor::new(age::armor::ArmoredReader::new(&encrypted[..]))?;
///
/// let mut decrypted = vec![];
/// let mut reader = decryptor.decrypt(iter::once(&identity as &dyn age::Identity))?;

85
age/src/protocol.rs
View file

@ -8,15 +8,13 @@ use crate::{
error::{DecryptError, EncryptError},
format::{Header, HeaderV1},
keys::{mac_key, new_file_key, v1_payload_key},
primitives::stream::{PayloadKey, Stream, StreamWriter},
scrypt, Recipient,
primitives::stream::{PayloadKey, Stream, StreamReader, StreamWriter},
scrypt, Identity, Recipient,
};
#[cfg(feature = "async")]
use futures::io::{AsyncBufRead, AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
pub mod decryptor;
pub(crate) struct Nonce([u8; 16]);
impl AsRef<[u8]> for Nonce {
@ -140,26 +138,49 @@ impl Encryptor {
}
/// Decryptor for an age file.
pub enum Decryptor<R> {
/// Decryption with a list of identities.
Recipients(decryptor::RecipientsDecryptor<R>),
}
impl<R> From<decryptor::RecipientsDecryptor<R>> for Decryptor<R> {
fn from(decryptor: decryptor::RecipientsDecryptor<R>) -> Self {
Decryptor::Recipients(decryptor)
}
pub struct Decryptor<R> {
/// The age file.
input: R,
/// The age file's header.
header: Header,
/// The age file's AEAD nonce
nonce: Nonce,
}
impl<R> Decryptor<R> {
fn from_v1_header(input: R, header: HeaderV1, nonce: Nonce) -> Result<Self, DecryptError> {
// Enforce structural requirements on the v1 header.
if header.is_valid() {
Ok(decryptor::RecipientsDecryptor::new(input, Header::V1(header), nonce).into())
Ok(Self {
input,
header: Header::V1(header),
nonce,
})
} else {
Err(DecryptError::InvalidHeader)
}
}
/// Returns `true` if the age file is encrypted to a passphrase.
pub fn is_scrypt(&self) -> bool {
match &self.header {
Header::V1(header) => header.valid_scrypt(),
Header::Unknown(_) => false,
}
}
fn obtain_payload_key<'a>(
&self,
mut identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<PayloadKey, DecryptError> {
match &self.header {
Header::V1(header) => identities
.find_map(|key| key.unwrap_stanzas(&header.recipients))
.unwrap_or(Err(DecryptError::NoMatchingKeys))
.and_then(|file_key| v1_payload_key(&file_key, header, &self.nonce)),
Header::Unknown(_) => unreachable!(),
}
}
}
impl<R: Read> Decryptor<R> {
@ -184,6 +205,17 @@ impl<R: Read> Decryptor<R> {
Header::Unknown(_) => Err(DecryptError::UnknownFormat),
}
}
/// Attempts to decrypt the age file.
///
/// If successful, returns a reader that will provide the plaintext.
pub fn decrypt<'a>(
self,
identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<StreamReader<R>, DecryptError> {
self.obtain_payload_key(identities)
.map(|payload_key| Stream::decrypt(payload_key, self.input))
}
}
impl<R: BufRead> Decryptor<R> {
@ -232,6 +264,17 @@ impl<R: AsyncRead + Unpin> Decryptor<R> {
Header::Unknown(_) => Err(DecryptError::UnknownFormat),
}
}
/// Attempts to decrypt the age file.
///
/// If successful, returns a reader that will provide the plaintext.
pub fn decrypt_async<'a>(
self,
identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<StreamReader<R>, DecryptError> {
self.obtain_payload_key(identities)
.map(|payload_key| Stream::decrypt_async(payload_key, self.input))
}
}
#[cfg(feature = "async")]
@ -296,10 +339,7 @@ mod tests {
w.finish().unwrap();
}
let d = match Decryptor::new(&encrypted[..]) {
Ok(Decryptor::Recipients(d)) => d,
_ => panic!(),
};
let d = Decryptor::new(&encrypted[..]).unwrap();
let mut r = d.decrypt(identities).unwrap();
let mut decrypted = vec![];
r.read_to_end(&mut decrypted).unwrap();
@ -350,7 +390,7 @@ mod tests {
}
}
let d = match {
let d = {
let f = Decryptor::new_async(&encrypted[..]);
pin_mut!(f);
@ -361,8 +401,6 @@ mod tests {
Poll::Pending => panic!("Unexpected Pending"),
}
}
} {
Decryptor::Recipients(d) => d,
};
let decrypted = {
@ -427,10 +465,7 @@ mod tests {
w.finish().unwrap();
}
let d = match Decryptor::new(&encrypted[..]) {
Ok(Decryptor::Recipients(d)) => d,
_ => panic!(),
};
let d = Decryptor::new(&encrypted[..]).unwrap();
let mut r = d
.decrypt(
Some(&scrypt::Identity::new(SecretString::new("passphrase".to_string())) as _)

96
age/src/protocol/decryptor.rs
View file

@ -1,96 +0,0 @@
//! Decryptors for age.
use age_core::format::{FileKey, Stanza};
use std::io::Read;
use super::Nonce;
use crate::{
error::DecryptError,
format::Header,
keys::v1_payload_key,
primitives::stream::{PayloadKey, Stream, StreamReader},
Identity,
};
#[cfg(feature = "async")]
use futures::io::AsyncRead;
struct BaseDecryptor<R> {
/// The age file.
input: R,
/// The age file's header.
header: Header,
/// The age file's AEAD nonce
nonce: Nonce,
}
impl<R> BaseDecryptor<R> {
fn obtain_payload_key<F>(&self, mut filter: F) -> Result<PayloadKey, DecryptError>
where
F: FnMut(&[Stanza]) -> Option<Result<FileKey, DecryptError>>,
{
match &self.header {
Header::V1(header) => filter(&header.recipients)
.unwrap_or(Err(DecryptError::NoMatchingKeys))
.and_then(|file_key| v1_payload_key(&file_key, header, &self.nonce)),
Header::Unknown(_) => unreachable!(),
}
}
}
/// Decryptor for an age file encrypted to a list of recipients.
pub struct RecipientsDecryptor<R>(BaseDecryptor<R>);
impl<R> RecipientsDecryptor<R> {
pub(super) fn new(input: R, header: Header, nonce: Nonce) -> Self {
RecipientsDecryptor(BaseDecryptor {
input,
header,
nonce,
})
}
/// Returns `true` if the age file is encrypted to a passphrase.
pub fn is_scrypt(&self) -> bool {
match &self.0.header {
Header::V1(header) => header.valid_scrypt(),
Header::Unknown(_) => false,
}
}
fn obtain_payload_key<'a>(
&self,
mut identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<PayloadKey, DecryptError> {
self.0
.obtain_payload_key(|r| identities.find_map(|key| key.unwrap_stanzas(r)))
}
}
impl<R: Read> RecipientsDecryptor<R> {
/// Attempts to decrypt the age file.
///
/// If successful, returns a reader that will provide the plaintext.
pub fn decrypt<'a>(
self,
identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<StreamReader<R>, DecryptError> {
self.obtain_payload_key(identities)
.map(|payload_key| Stream::decrypt(payload_key, self.0.input))
}
}
#[cfg(feature = "async")]
#[cfg_attr(docsrs, doc(cfg(feature = "async")))]
impl<R: AsyncRead + Unpin> RecipientsDecryptor<R> {
/// Attempts to decrypt the age file.
///
/// If successful, returns a reader that will provide the plaintext.
pub fn decrypt_async<'a>(
self,
identities: impl Iterator<Item = &'a dyn Identity>,
) -> Result<StreamReader<R>, DecryptError> {
self.obtain_payload_key(identities)
.map(|payload_key| Stream::decrypt_async(payload_key, self.0.input))
}
}

44
age/tests/test_vectors.rs
View file

@ -24,31 +24,29 @@ fn age_test_vectors() -> Result<(), Box<dyn std::error::Error>> {
let name = path.file_stem().unwrap().to_str().unwrap();
let expect_failure = name.starts_with("fail_");
let res = match age::Decryptor::new(fs::File::open(&path)?)? {
age::Decryptor::Recipients(d) if !d.is_scrypt() => {
let identities = age::cli_common::read_identities(
vec![format!(
"{}/{}_key.txt",
path.parent().unwrap().to_str().unwrap(),
name
)],
None,
&mut StdinGuard::new(false),
)?;
d.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity))
}
age::Decryptor::Recipients(d) => {
let mut passphrase = String::new();
fs::File::open(format!(
"{}/{}_password.txt",
let d = age::Decryptor::new(fs::File::open(&path)?)?;
let res = if !d.is_scrypt() {
let identities = age::cli_common::read_identities(
vec![format!(
"{}/{}_key.txt",
path.parent().unwrap().to_str().unwrap(),
name
))?
.read_to_string(&mut passphrase)?;
let passphrase = SecretString::new(passphrase);
let identity = scrypt::Identity::new(passphrase);
d.decrypt(Some(&identity as _).into_iter())
}
)],
None,
&mut StdinGuard::new(false),
)?;
d.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity))
} else {
let mut passphrase = String::new();
fs::File::open(format!(
"{}/{}_password.txt",
path.parent().unwrap().to_str().unwrap(),
name
))?
.read_to_string(&mut passphrase)?;
let passphrase = SecretString::new(passphrase);
let identity = scrypt::Identity::new(passphrase);
d.decrypt(Some(&identity as _).into_iter())
};
match (res, expect_failure) {

46
age/tests/testkit.rs
View file

@ -132,12 +132,11 @@ fn testkit(filename: &str) {
let testfile = TestFile::parse(filename);
let comment = format_testkit_comment(&testfile);
match Decryptor::new(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| match d {
Decryptor::Recipients(d) if !d.is_scrypt() => {
match Decryptor::new(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| {
if !d.is_scrypt() {
let identities = get_testkit_identities(filename, &testfile);
d.decrypt(identities.iter().map(|i| i as &dyn Identity))
}
Decryptor::Recipients(d) => {
} else {
let passphrase = get_testkit_passphrase(&testfile, &comment);
let mut identity = scrypt::Identity::new(passphrase);
identity.set_max_work_factor(16);
@ -271,20 +270,17 @@ fn testkit_buffered(filename: &str) {
let testfile = TestFile::parse(filename);
let comment = format_testkit_comment(&testfile);
match Decryptor::new_buffered(ArmoredReader::new(&testfile.age_file[..])).and_then(
|d| match d {
Decryptor::Recipients(d) if !d.is_scrypt() => {
let identities = get_testkit_identities(filename, &testfile);
d.decrypt(identities.iter().map(|i| i as &dyn Identity))
}
Decryptor::Recipients(d) => {
let passphrase = get_testkit_passphrase(&testfile, &comment);
let mut identity = scrypt::Identity::new(passphrase);
identity.set_max_work_factor(16);
d.decrypt(Some(&identity as _).into_iter())
}
},
) {
match Decryptor::new_buffered(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| {
if !d.is_scrypt() {
let identities = get_testkit_identities(filename, &testfile);
d.decrypt(identities.iter().map(|i| i as &dyn Identity))
} else {
let passphrase = get_testkit_passphrase(&testfile, &comment);
let mut identity = scrypt::Identity::new(passphrase);
identity.set_max_work_factor(16);
d.decrypt(Some(&identity as _).into_iter())
}
}) {
Ok(mut r) => {
let mut payload = vec![];
let res = io::Read::read_to_end(&mut r, &mut payload);
@ -415,12 +411,11 @@ async fn testkit_async(filename: &str) {
match Decryptor::new_async(ArmoredReader::from_async_reader(&testfile.age_file[..]))
.await
.and_then(|d| match d {
Decryptor::Recipients(d) if !d.is_scrypt() => {
.and_then(|d| {
if !d.is_scrypt() {
let identities = get_testkit_identities(filename, &testfile);
d.decrypt_async(identities.iter().map(|i| i as &dyn Identity))
}
Decryptor::Recipients(d) => {
} else {
let passphrase = get_testkit_passphrase(&testfile, &comment);
let mut identity = scrypt::Identity::new(passphrase);
identity.set_max_work_factor(16);
@ -557,12 +552,11 @@ async fn testkit_async_buffered(filename: &str) {
match Decryptor::new_async_buffered(ArmoredReader::from_async_reader(&testfile.age_file[..]))
.await
.and_then(|d| match d {
Decryptor::Recipients(d) if !d.is_scrypt() => {
.and_then(|d| {
if !d.is_scrypt() {
let identities = get_testkit_identities(filename, &testfile);
d.decrypt_async(identities.iter().map(|i| i as &dyn Identity))
}
Decryptor::Recipients(d) => {
} else {
let passphrase = get_testkit_passphrase(&testfile, &comment);
let mut identity = scrypt::Identity::new(passphrase);
identity.set_max_work_factor(16);

48
rage/src/bin/rage-mount/main.rs
View file

@ -210,35 +210,33 @@ fn main() -> Result<(), Error> {
let mut stdin_guard = StdinGuard::new(false);
match age::Decryptor::new_buffered(ArmoredReader::new(file))? {
age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => {
match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) {
Ok(passphrase) => {
let mut identity = scrypt::Identity::new(passphrase);
if let Some(max_work_factor) = opts.max_work_factor {
identity.set_max_work_factor(max_work_factor);
}
let decryptor = age::Decryptor::new_buffered(ArmoredReader::new(file))?;
decryptor
.decrypt(Some(&identity as _).into_iter())
.map_err(|e| e.into())
.and_then(|stream| mount_stream(stream, types, mountpoint))
if decryptor.is_scrypt() {
match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) {
Ok(passphrase) => {
let mut identity = scrypt::Identity::new(passphrase);
if let Some(max_work_factor) = opts.max_work_factor {
identity.set_max_work_factor(max_work_factor);
}
Err(_) => Ok(()),
}
}
age::Decryptor::Recipients(decryptor) => {
let identities =
read_identities(opts.identity, opts.max_work_factor, &mut stdin_guard)?;
if identities.is_empty() {
return Err(Error::MissingIdentities);
decryptor
.decrypt(Some(&identity as _).into_iter())
.map_err(|e| e.into())
.and_then(|stream| mount_stream(stream, types, mountpoint))
}
decryptor
.decrypt(identities.iter().map(|i| &**i))
.map_err(|e| e.into())
.and_then(|stream| mount_stream(stream, types, mountpoint))
Err(_) => Ok(()),
}
} else {
let identities = read_identities(opts.identity, opts.max_work_factor, &mut stdin_guard)?;
if identities.is_empty() {
return Err(Error::MissingIdentities);
}
decryptor
.decrypt(identities.iter().map(|i| &**i))
.map_err(|e| e.into())
.and_then(|stream| mount_stream(stream, types, mountpoint))
}
}

99
rage/src/bin/rage/main.rs
View file

@ -292,62 +292,61 @@ fn decrypt(opts: AgeOptions) -> Result<(), error::DecryptError> {
],
);
match age::Decryptor::new_buffered(ArmoredReader::new(input))? {
age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => {
if identities_were_provided {
return Err(error::DecryptError::MixedIdentityAndPassphrase);
}
let decryptor = age::Decryptor::new_buffered(ArmoredReader::new(input))?;
// The `rpassword` crate opens `/dev/tty` directly on Unix, so we don't have
// any conflict with stdin.
#[cfg(not(unix))]
{
if !has_file_argument {
return Err(error::DecryptError::PassphraseWithoutFileArgument);
}
}
if decryptor.is_scrypt() {
if identities_were_provided {
return Err(error::DecryptError::MixedIdentityAndPassphrase);
}
match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) {
Ok(passphrase) => {
let mut identity = scrypt::Identity::new(passphrase);
if let Some(max_work_factor) = opts.max_work_factor {
identity.set_max_work_factor(max_work_factor);
}
decryptor
.decrypt(Some(&identity as _).into_iter())
.map_err(|e| e.into())
.and_then(|input| write_output(input, output))
}
Err(pinentry::Error::Cancelled) => Ok(()),
Err(pinentry::Error::Timeout) => Err(error::DecryptError::PassphraseTimedOut),
Err(pinentry::Error::Encoding(e)) => {
// Pretend it is an I/O error
Err(error::DecryptError::Io(io::Error::new(
io::ErrorKind::InvalidData,
e,
)))
}
Err(pinentry::Error::Gpg(e)) => {
// Pretend it is an I/O error
Err(error::DecryptError::Io(io::Error::new(
io::ErrorKind::Other,
format!("{}", e),
)))
}
Err(pinentry::Error::Io(e)) => Err(error::DecryptError::Io(e)),
// The `rpassword` crate opens `/dev/tty` directly on Unix, so we don't have
// any conflict with stdin.
#[cfg(not(unix))]
{
if !has_file_argument {
return Err(error::DecryptError::PassphraseWithoutFileArgument);
}
}
age::Decryptor::Recipients(decryptor) => {
if identities.is_empty() {
return Err(error::DecryptError::MissingIdentities { stdin_identity });
}
decryptor
.decrypt(identities.iter().map(|i| i.as_ref() as &dyn Identity))
.map_err(|e| e.into())
.and_then(|input| write_output(input, output))
match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) {
Ok(passphrase) => {
let mut identity = scrypt::Identity::new(passphrase);
if let Some(max_work_factor) = opts.max_work_factor {
identity.set_max_work_factor(max_work_factor);
}
decryptor
.decrypt(Some(&identity as _).into_iter())
.map_err(|e| e.into())
.and_then(|input| write_output(input, output))
}
Err(pinentry::Error::Cancelled) => Ok(()),
Err(pinentry::Error::Timeout) => Err(error::DecryptError::PassphraseTimedOut),
Err(pinentry::Error::Encoding(e)) => {
// Pretend it is an I/O error
Err(error::DecryptError::Io(io::Error::new(
io::ErrorKind::InvalidData,
e,
)))
}
Err(pinentry::Error::Gpg(e)) => {
// Pretend it is an I/O error
Err(error::DecryptError::Io(io::Error::new(
io::ErrorKind::Other,
format!("{}", e),
)))
}
Err(pinentry::Error::Io(e)) => Err(error::DecryptError::Io(e)),
}
} else {
if identities.is_empty() {
return Err(error::DecryptError::MissingIdentities { stdin_identity });
}
decryptor
.decrypt(identities.iter().map(|i| i.as_ref() as &dyn Identity))
.map_err(|e| e.into())
.and_then(|input| write_output(input, output))
}
}