mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-06 12:27:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

Read nonce for v1 format in Decryptor::new

Browse source 
A short input is now detected earlier, and no input reading is necessary
during the decryption process.
This commit is contained in:
Jack Grigg 2020-05-16 14:26:57 +12:00
parent 27a400a02f
commit 44e1884eac
2 changed files with 25 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
age/src/protocol.rs
View file

@ -151,6 +151,9 @@ impl<R: Read> Decryptor<R> {
match &header { match &header {
Header::V1(v1_header) => { Header::V1(v1_header) => {
let mut nonce = [0; 16];
input.read_exact(&mut nonce)?;
// Enforce structural requirements on the v1 header. // Enforce structural requirements on the v1 header.
let any_scrypt = v1_header.recipients.iter().any(|r| { let any_scrypt = v1_header.recipients.iter().any(|r| {
if let RecipientStanza::Scrypt(_) = r { if let RecipientStanza::Scrypt(_) = r {
@ -161,9 +164,9 @@ impl<R: Read> Decryptor<R> {
}); });
if any_scrypt && v1_header.recipients.len() == 1 { if any_scrypt && v1_header.recipients.len() == 1 {
Ok(decryptor::PassphraseDecryptor::new(input, header).into()) Ok(decryptor::PassphraseDecryptor::new(input, header, nonce).into())
} else if !any_scrypt { } else if !any_scrypt {
Ok(decryptor::RecipientsDecryptor::new(input, header).into()) Ok(decryptor::RecipientsDecryptor::new(input, header, nonce).into())
} else { } else {
Err(Error::InvalidHeader) Err(Error::InvalidHeader)
} }

35
age/src/protocol/decryptor.rs
View file

@ -19,6 +19,8 @@ struct BaseDecryptor<R: Read> {
input: ArmoredReader<R>, input: ArmoredReader<R>,
/// The age file's header. /// The age file's header.
header: Header, header: Header,
/// The age file's AEAD nonce
nonce: [u8; 16],
} }
impl<R: Read> BaseDecryptor<R> { impl<R: Read> BaseDecryptor<R> {
@ -27,17 +29,12 @@ impl<R: Read> BaseDecryptor<R> {
F: FnMut(&RecipientStanza) -> Option<Result<FileKey, Error>>, F: FnMut(&RecipientStanza) -> Option<Result<FileKey, Error>>,
{ {
match &self.header { match &self.header {
Header::V1(header) => { Header::V1(header) => header
let mut nonce = [0; 16]; .recipients
self.input.read_exact(&mut nonce)?; .iter()
.find_map(filter)
header .unwrap_or(Err(Error::NoMatchingKeys))
.recipients .and_then(|file_key| v1_payload_key(header, file_key, self.nonce)),
.iter()
.find_map(filter)
.unwrap_or(Err(Error::NoMatchingKeys))
.and_then(|file_key| v1_payload_key(header, file_key, nonce))
}
Header::Unknown(_) => unreachable!(), Header::Unknown(_) => unreachable!(),
} }
} }
@ -47,8 +44,12 @@ impl<R: Read> BaseDecryptor<R> {
pub struct RecipientsDecryptor<R: Read>(BaseDecryptor<R>); pub struct RecipientsDecryptor<R: Read>(BaseDecryptor<R>);
impl<R: Read> RecipientsDecryptor<R> { impl<R: Read> RecipientsDecryptor<R> {
pub(super) fn new(input: ArmoredReader<R>, header: Header) -> Self { pub(super) fn new(input: ArmoredReader<R>, header: Header, nonce: [u8; 16]) -> Self {
RecipientsDecryptor(BaseDecryptor { input, header }) RecipientsDecryptor(BaseDecryptor {
input,
header,
nonce,
})
} }
/// Attempts to decrypt the age file. /// Attempts to decrypt the age file.
@ -83,8 +84,12 @@ impl<R: Read> RecipientsDecryptor<R> {
pub struct PassphraseDecryptor<R: Read>(BaseDecryptor<R>); pub struct PassphraseDecryptor<R: Read>(BaseDecryptor<R>);
impl<R: Read> PassphraseDecryptor<R> { impl<R: Read> PassphraseDecryptor<R> {
pub(super) fn new(input: ArmoredReader<R>, header: Header) -> Self { pub(super) fn new(input: ArmoredReader<R>, header: Header, nonce: [u8; 16]) -> Self {
PassphraseDecryptor(BaseDecryptor { input, header }) PassphraseDecryptor(BaseDecryptor {
input,
header,
nonce,
})
} }
/// Attempts to decrypt the age file. /// Attempts to decrypt the age file.