diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 42ea7c7..2e6e98e 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -12,6 +12,8 @@ to 1.0.0 are beta releases. ### Added - `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` - `age::IdentityFile::to_recipients` +- `age::IdentityFile::with_callbacks` +- `age::NoCallbacks` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. - Partial French translation! @@ -20,6 +22,8 @@ to 1.0.0 are beta releases. - Migrated to `i18n-embed 0.15`. - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. +- `age::IdentityFile` now has a `C: Callbacks` generic parameter, which defaults + to `NoCallbacks`. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients. diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index 4beeb54..6c5f3ac 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -74,7 +74,7 @@ pub(super) fn parse_identity_files + From>( crate::encrypted::Identity>, UiCallbacks>, ) -> Result<(), E>, #[cfg(feature = "ssh")] ssh_identity: impl Fn(&mut Ctx, &str, crate::ssh::Identity) -> Result<(), E>, - identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>, + identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>, ) -> Result<(), E> { for filename in filenames { #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))] @@ -137,7 +137,10 @@ pub(super) fn parse_identity_files + From>( reader.reset()?; // Try parsing as multiple single-line age identities. - identity_file(ctx, IdentityFile::from_buffer(reader)?)?; + identity_file( + ctx, + IdentityFile::from_buffer(reader)?.with_callbacks(UiCallbacks), + )?; } Ok(()) diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index 22ed945..95b59f5 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -5,12 +5,13 @@ use std::{cell::Cell, io}; use crate::{fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile}; /// The state of the encrypted age identity. -enum IdentityState { +enum IdentityState { Encrypted { decryptor: Decryptor, max_work_factor: Option, + callbacks: C, }, - Decrypted(IdentityFile), + Decrypted(IdentityFile), /// The file was not correctly encrypted, or did not contain age identities. We cache /// this error in case the caller tries to use this identity again. The `Option` is to @@ -19,26 +20,23 @@ enum IdentityState { Poisoned(Option), } -impl Default for IdentityState { +impl Default for IdentityState { fn default() -> Self { Self::Poisoned(None) } } -impl IdentityState { +impl IdentityState { /// Decrypts this encrypted identity if necessary. /// /// Returns the (possibly cached) identities, and a boolean marking if the identities /// were not cached (and we just asked the user for a passphrase). - fn decrypt( - self, - filename: Option<&str>, - callbacks: C, - ) -> Result<(IdentityFile, bool), DecryptError> { + fn decrypt(self, filename: Option<&str>) -> Result<(IdentityFile, bool), DecryptError> { match self { Self::Encrypted { decryptor, max_work_factor, + callbacks, } => { let passphrase = match callbacks.request_passphrase(&fl!( "encrypted-passphrase-prompt", @@ -63,7 +61,8 @@ impl IdentityState { } }) .and_then(|stream| { - let file = IdentityFile::from_buffer(io::BufReader::new(stream))?; + let file = IdentityFile::from_buffer(io::BufReader::new(stream))? + .with_callbacks(callbacks); Ok((file, true)) }) } @@ -76,9 +75,8 @@ impl IdentityState { /// An encrypted age identity file. pub struct Identity { - state: Cell>, + state: Cell>, filename: Option, - callbacks: C, } impl Identity { @@ -99,9 +97,9 @@ impl Identity { state: Cell::new(IdentityState::Encrypted { decryptor, max_work_factor, + callbacks, }), filename, - callbacks, })) } @@ -110,13 +108,9 @@ impl Identity { /// If this encrypted identity has not been decrypted yet, calling this method will /// trigger a passphrase request. pub fn recipients(&self) -> Result>, EncryptError> { - match self - .state - .take() - .decrypt(self.filename.as_deref(), self.callbacks.clone()) - { + match self.state.take().decrypt(self.filename.as_deref()) { Ok((identity_file, _)) => { - let recipients = identity_file.to_recipients(self.callbacks.clone()); + let recipients = identity_file.to_recipients(); self.state.set(IdentityState::Decrypted(identity_file)); recipients } @@ -147,20 +141,14 @@ impl Identity { Result, DecryptError>, ) -> Option>, { - match self - .state - .take() - .decrypt(self.filename.as_deref(), self.callbacks.clone()) - { + match self.state.take().decrypt(self.filename.as_deref()) { Ok((identity_file, requested_passphrase)) => { - let result = identity_file - .to_identities(self.callbacks.clone()) - .find_map(filter); + let result = identity_file.to_identities().find_map(filter); // If we requested a passphrase to decrypt, and none of the identities // matched, warn the user. if requested_passphrase && result.is_none() { - self.callbacks.display_message(&fl!( + identity_file.callbacks.display_message(&fl!( "encrypted-warn-no-match", filename = self.filename.as_deref().unwrap_or_default() )); diff --git a/age/src/identity.rs b/age/src/identity.rs index 10c2f8b..8253893 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -1,7 +1,7 @@ use std::fs::File; use std::io; -use crate::{x25519, Callbacks, DecryptError, EncryptError}; +use crate::{x25519, Callbacks, DecryptError, EncryptError, NoCallbacks}; #[cfg(feature = "cli-common")] use crate::cli_common::file_io::InputReader; @@ -41,11 +41,12 @@ impl IdentityFileEntry { } /// A list of identities that has been parsed from some input file. -pub struct IdentityFile { +pub struct IdentityFile { identities: Vec, + pub(crate) callbacks: C, } -impl IdentityFile { +impl IdentityFile { /// Parses one or more identities from a file containing valid UTF-8. pub fn from_file(filename: String) -> io::Result { File::open(&filename) @@ -114,7 +115,21 @@ impl IdentityFile { } } - Ok(IdentityFile { identities }) + Ok(IdentityFile { + identities, + callbacks: NoCallbacks, + }) + } +} + +impl IdentityFile { + /// Sets the provided callbacks on this identity file, so that if this is an encrypted + /// identity, it can potentially be decrypted. + pub fn with_callbacks(self, callbacks: D) -> IdentityFile { + IdentityFile { + identities: self.identities, + callbacks, + } } /// Returns recipients for the identities in this file. @@ -122,26 +137,22 @@ impl IdentityFile { /// Plugin identities will be merged into one [`Recipient`] per unique plugin. /// /// [`Recipient`]: crate::Recipient - pub fn to_recipients( - &self, - callbacks: impl Callbacks, - ) -> Result>, EncryptError> { + pub fn to_recipients(&self) -> Result>, EncryptError> { let mut recipients = RecipientsAccumulator::new(); recipients.with_identities_ref(self); recipients.build( #[cfg(feature = "plugin")] - callbacks, + self.callbacks.clone(), ) } /// Returns the identities in this file. pub(crate) fn to_identities( &self, - callbacks: impl Callbacks, ) -> impl Iterator, DecryptError>> + '_ { self.identities .iter() - .map(|entry| entry.clone().into_identity(callbacks.clone())) + .map(|entry| entry.clone().into_identity(self.callbacks.clone())) } /// Returns the identities in this file. @@ -188,7 +199,7 @@ impl RecipientsAccumulator { } #[cfg(feature = "cli-common")] - pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) { + pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) { for entry in identity_file.identities { match entry { IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), @@ -198,7 +209,7 @@ impl RecipientsAccumulator { } } - pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) { + pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) { for entry in &identity_file.identities { match entry { IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), diff --git a/age/src/lib.rs b/age/src/lib.rs index f53d05b..11b5360 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -306,6 +306,29 @@ pub trait Callbacks: Clone + Send + Sync + 'static { fn request_passphrase(&self, description: &str) -> Option; } +/// An implementation of [`Callbacks`] that does not allow callbacks. +/// +/// No user interaction will occur; [`Recipient`] or [`Identity`] implementations will +/// receive `None` from the callbacks that return responses, and will act accordingly. +#[derive(Clone, Copy, Debug)] +pub struct NoCallbacks; + +impl Callbacks for NoCallbacks { + fn display_message(&self, _: &str) {} + + fn confirm(&self, _: &str, _: &str, _: Option<&str>) -> Option { + None + } + + fn request_public_string(&self, _: &str) -> Option { + None + } + + fn request_passphrase(&self, _: &str) -> Option { + None + } +} + /// Helper for fuzzing the Header parser and serializer. #[cfg(fuzzing)] pub fn fuzz_header(data: &[u8]) {