diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b4cc467..3d92bfd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -70,6 +70,9 @@ jobs:
codecov:
name: Code coverage
runs-on: ubuntu-latest
+ container:
+ image: xd009642/tarpaulin:develop-nightly
+ options: --security-opt seccomp=unconfined
steps:
- uses: actions/checkout@v4
@@ -77,14 +80,18 @@ jobs:
id: toolchain
- run: rustup override set ${{steps.toolchain.outputs.name}}
- name: Install linux build dependencies
- run: sudo apt update && sudo apt install libfuse-dev
+ run: apt update && apt -y install libfuse-dev
- name: Generate coverage report
- uses: actions-rs/tarpaulin@v0.1
- with:
- version: '0.19.1'
- args: --workspace --release --all-features --timeout 180 --out Xml
+ run: >
+ cargo tarpaulin
+ --engine llvm
+ --workspace
+ --release
+ --all-features
+ --timeout 180
+ --out xml
- name: Upload coverage to Codecov
- uses: codecov/codecov-action@v4.0.1
+ uses: codecov/codecov-action@v4.6.0
with:
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3a5ec77..d898e4f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,13 +11,25 @@ on:
required: true
default: 'true'
+permissions:
+ attestations: write
+ contents: write
+ id-token: write
+
jobs:
build:
name: Publish for ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
- name: [linux, armv7, arm64, windows, macos]
+ name:
+ - linux
+ - armv7
+ - arm64
+ - windows
+ - macos-arm64
+ - macos-x86_64
+
include:
- name: linux
os: ubuntu-20.04
@@ -56,9 +68,14 @@ jobs:
archive_name: rage.zip
asset_suffix: x86_64-windows.zip
- - name: macos
+ - name: macos-arm64
os: macos-latest
archive_name: rage.tar.gz
+ asset_suffix: arm64-darwin.tar.gz
+
+ - name: macos-x86_64
+ os: macos-13
+ archive_name: rage.tar.gz
asset_suffix: x86_64-darwin.tar.gz
steps:
@@ -101,6 +118,11 @@ jobs:
shell: bash
if: matrix.name == 'windows'
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-path: 'release/rage/*'
+
- name: Upload archive as artifact
uses: actions/upload-artifact@v4
with:
@@ -109,7 +131,7 @@ jobs:
if: github.event.inputs.test == 'true'
- name: Upload archive to release
- uses: svenstaro/upload-release-action@2.7.0
+ uses: svenstaro/upload-release-action@2.9.0
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ matrix.archive_name }}
@@ -129,11 +151,12 @@ jobs:
os:
- ubuntu-20.04
- ubuntu-22.04
+ - ubuntu-24.04
- windows-2019
- windows-2022
- - macos-11
- macos-12
- macos-13
+ - macos-14
include:
- os: ubuntu-20.04
@@ -146,6 +169,11 @@ jobs:
archive_name: rage.tar.gz
asset_suffix: x86_64-linux.tar.gz
+ - os: ubuntu-24.04
+ name: linux
+ archive_name: rage.tar.gz
+ asset_suffix: x86_64-linux.tar.gz
+
- os: windows-2019
name: windows
archive_name: rage.zip
@@ -156,11 +184,6 @@ jobs:
archive_name: rage.zip
asset_suffix: x86_64-windows.zip
- - os: macos-11
- name: macos
- archive_name: rage.tar.gz
- asset_suffix: x86_64-darwin.tar.gz
-
- os: macos-12
name: macos
archive_name: rage.tar.gz
@@ -171,6 +194,11 @@ jobs:
archive_name: rage.tar.gz
asset_suffix: x86_64-darwin.tar.gz
+ - os: macos-14
+ name: macos
+ archive_name: rage.tar.gz
+ asset_suffix: arm64-darwin.tar.gz
+
steps:
- name: Download archive
uses: actions/download-artifact@v4
@@ -281,6 +309,11 @@ jobs:
- name: cargo deb
run: cargo deb --package rage --no-build --target ${{ matrix.target }} ${{ matrix.deb_flags }}
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-path: 'target/${{ matrix.target }}/debian/*.deb'
+
- name: Upload Debian package as artifact
uses: actions/upload-artifact@v4
with:
@@ -289,7 +322,7 @@ jobs:
if: github.event.inputs.test == 'true'
- name: Upload Debian package to release
- uses: svenstaro/upload-release-action@2.7.0
+ uses: svenstaro/upload-release-action@2.9.0
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: target/${{ matrix.target }}/debian/*.deb
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..58dfc30
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+ "rust-analyzer.server.extraEnv": { "RUSTUP_TOOLCHAIN": "stable" }
+}
\ No newline at end of file
diff --git a/Cargo.lock b/Cargo.lock
index 09a06e1..72e9667 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4,9 +4,9 @@ version = 3
[[package]]
name = "addr2line"
-version = "0.21.0"
+version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
+checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678"
dependencies = [
"gimli",
]
@@ -17,6 +17,12 @@ version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+[[package]]
+name = "adler2"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
+
[[package]]
name = "aead"
version = "0.5.2"
@@ -29,9 +35,9 @@ dependencies = [
[[package]]
name = "aes"
-version = "0.8.3"
+version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2"
+checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
dependencies = [
"cfg-if",
"cipher",
@@ -54,7 +60,7 @@ dependencies = [
[[package]]
name = "age"
-version = "0.10.1"
+version = "0.11.1"
dependencies = [
"aes",
"aes-gcm",
@@ -104,7 +110,7 @@ dependencies = [
[[package]]
name = "age-core"
-version = "0.10.0"
+version = "0.11.0"
dependencies = [
"base64",
"chacha20poly1305",
@@ -120,7 +126,7 @@ dependencies = [
[[package]]
name = "age-plugin"
-version = "0.5.0"
+version = "0.6.0"
dependencies = [
"age-core",
"base64",
@@ -131,22 +137,22 @@ dependencies = [
[[package]]
name = "ahash"
-version = "0.8.7"
+version = "0.8.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01"
+checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
dependencies = [
"cfg-if",
"getrandom",
"once_cell",
"version_check",
- "zerocopy 0.7.32",
+ "zerocopy 0.7.35",
]
[[package]]
name = "aho-corasick"
-version = "1.1.2"
+version = "1.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0"
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
dependencies = [
"memchr",
]
@@ -223,42 +229,42 @@ dependencies = [
[[package]]
name = "arc-swap"
-version = "1.6.0"
+version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
+checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457"
[[package]]
name = "arrayvec"
-version = "0.7.4"
+version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
+checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
[[package]]
name = "autocfg"
-version = "1.1.0"
+version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
+checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
[[package]]
name = "backtrace"
-version = "0.3.69"
+version = "0.3.73"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837"
+checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a"
dependencies = [
"addr2line",
"cc",
"cfg-if",
"libc",
- "miniz_oxide",
+ "miniz_oxide 0.7.4",
"object",
"rustc-demangle",
]
[[package]]
name = "base64"
-version = "0.21.5"
+version = "0.21.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
+checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
[[package]]
name = "base64ct"
@@ -266,6 +272,15 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+[[package]]
+name = "basic-toml"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8"
+dependencies = [
+ "serde",
+]
+
[[package]]
name = "bcrypt-pbkdf"
version = "0.10.0"
@@ -306,9 +321,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitflags"
-version = "2.4.1"
+version = "2.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
+checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
[[package]]
name = "block"
@@ -352,9 +367,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec"
[[package]]
name = "bytemuck"
-version = "1.14.1"
+version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed2490600f404f2b94c167e31d3ed1d5f3c225a0f3b80230053b3e0b7b962bd9"
+checksum = "8334215b81e418a0a7bdb8ef0849474f40bb10c8b71f1c4ed315cff49f32494d"
[[package]]
name = "byteorder"
@@ -400,12 +415,13 @@ dependencies = [
[[package]]
name = "cc"
-version = "1.0.83"
+version = "1.1.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
+checksum = "67b9470d453346108f93a59222a9a1a5724db32d0a4727b7ab7ace4b4d822dc9"
dependencies = [
"jobserver",
"libc",
+ "shlex",
]
[[package]]
@@ -440,16 +456,16 @@ dependencies = [
[[package]]
name = "chrono"
-version = "0.4.33"
+version = "0.4.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f13690e35a5e4ace198e7beea2895d29f3a9cc55015fcebe6336bd2010af9eb"
+checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
dependencies = [
"android-tzdata",
"iana-time-zone",
"js-sys",
"num-traits",
"wasm-bindgen",
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
]
[[package]]
@@ -510,7 +526,7 @@ dependencies = [
"anstream",
"anstyle",
"clap_lex",
- "strsim",
+ "strsim 0.10.0",
]
[[package]]
@@ -531,7 +547,7 @@ dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -552,9 +568,9 @@ dependencies = [
[[package]]
name = "colorchoice"
-version = "1.0.0"
+version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"
+checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
[[package]]
name = "console"
@@ -591,9 +607,12 @@ dependencies = [
[[package]]
name = "cookie-factory"
-version = "0.3.2"
+version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b"
+checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2"
+dependencies = [
+ "futures",
+]
[[package]]
name = "core-foundation-sys"
@@ -612,18 +631,18 @@ dependencies = [
[[package]]
name = "cpufeatures"
-version = "0.2.11"
+version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0"
+checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504"
dependencies = [
"libc",
]
[[package]]
name = "crc32fast"
-version = "1.3.2"
+version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
+checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
dependencies = [
"cfg-if",
]
@@ -656,10 +675,11 @@ dependencies = [
[[package]]
name = "criterion-cycles-per-byte"
-version = "0.6.0"
+version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5281161544b8f2397e14942c2045efa3446470348121a65c37263f8e76c1e2ff"
+checksum = "1029452fa751c93f8834962dd74807d69f0a6c7624d5b06625b393aeb6a14fc2"
dependencies = [
+ "cfg-if",
"criterion",
]
@@ -675,34 +695,28 @@ dependencies = [
[[package]]
name = "crossbeam-deque"
-version = "0.8.4"
+version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751"
+checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d"
dependencies = [
- "cfg-if",
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
-version = "0.9.17"
+version = "0.9.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d"
+checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
dependencies = [
- "autocfg",
- "cfg-if",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-utils"
-version = "0.8.18"
+version = "0.8.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c"
-dependencies = [
- "cfg-if",
-]
+checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
[[package]]
name = "crunchy"
@@ -742,15 +756,14 @@ dependencies = [
[[package]]
name = "curve25519-dalek"
-version = "4.1.1"
+version = "4.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
dependencies = [
"cfg-if",
"cpufeatures",
"curve25519-dalek-derive",
"fiat-crypto",
- "platforms",
"rustc_version",
"subtle",
"zeroize",
@@ -764,17 +777,18 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "dashmap"
-version = "5.5.3"
+version = "6.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
dependencies = [
"cfg-if",
- "hashbrown",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
"lock_api",
"once_cell",
"parking_lot_core",
@@ -791,9 +805,9 @@ dependencies = [
[[package]]
name = "der"
-version = "0.7.8"
+version = "0.7.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c"
+checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
dependencies = [
"const-oid",
"zeroize",
@@ -813,26 +827,26 @@ dependencies = [
[[package]]
name = "displaydoc"
-version = "0.2.4"
+version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "dunce"
-version = "1.0.4"
+version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b"
+checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "either"
-version = "1.9.0"
+version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07"
+checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
[[package]]
name = "encode_unicode"
@@ -861,9 +875,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
[[package]]
name = "errno"
-version = "0.3.8"
+version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
+checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
dependencies = [
"libc",
"windows-sys 0.52.0",
@@ -871,26 +885,26 @@ dependencies = [
[[package]]
name = "fastrand"
-version = "2.0.1"
+version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"
+checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6"
[[package]]
name = "fiat-crypto"
-version = "0.2.5"
+version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
[[package]]
name = "filetime"
-version = "0.2.23"
+version = "0.2.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd"
+checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586"
dependencies = [
"cfg-if",
"libc",
- "redox_syscall",
- "windows-sys 0.52.0",
+ "libredox",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -899,7 +913,7 @@ version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59a98bbaacea1c0eb6a0876280051b892eb73594fd90cf3b20e9c817029c57d2"
dependencies = [
- "toml 0.5.11",
+ "toml",
]
[[package]]
@@ -916,19 +930,19 @@ dependencies = [
[[package]]
name = "flate2"
-version = "1.0.28"
+version = "1.0.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
+checksum = "a1b589b4dc103969ad3cf85c950899926ec64300a1a46d76c03a6072957036f0"
dependencies = [
"crc32fast",
- "miniz_oxide",
+ "miniz_oxide 0.8.0",
]
[[package]]
name = "fluent"
-version = "0.16.0"
+version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61f69378194459db76abd2ce3952b790db103ceb003008d3d50d97c41ff847a7"
+checksum = "bb74634707bebd0ce645a981148e8fb8c7bccd4c33c652aeffd28bf2f96d555a"
dependencies = [
"fluent-bundle",
"unic-langid",
@@ -936,9 +950,9 @@ dependencies = [
[[package]]
name = "fluent-bundle"
-version = "0.15.2"
+version = "0.15.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e242c601dec9711505f6d5bbff5bedd4b61b2469f2e8bb8e57ee7c9747a87ffd"
+checksum = "7fe0a21ee80050c678013f82edf4b705fe2f26f1f9877593d13198612503f493"
dependencies = [
"fluent-langneg",
"fluent-syntax",
@@ -961,9 +975,9 @@ dependencies = [
[[package]]
name = "fluent-syntax"
-version = "0.11.0"
+version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0abed97648395c902868fee9026de96483933faa54ea3b40d652f7dfe61ca78"
+checksum = "2a530c4694a6a8d528794ee9bbd8ba0122e779629ac908d15ad5a7ae7763a33d"
dependencies = [
"thiserror",
]
@@ -1057,7 +1071,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -1119,9 +1133,9 @@ dependencies = [
[[package]]
name = "getrandom"
-version = "0.2.12"
+version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
+checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
dependencies = [
"cfg-if",
"libc",
@@ -1130,9 +1144,9 @@ dependencies = [
[[package]]
name = "ghash"
-version = "0.5.0"
+version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40"
+checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1"
dependencies = [
"opaque-debug",
"polyval",
@@ -1140,9 +1154,9 @@ dependencies = [
[[package]]
name = "gimli"
-version = "0.28.1"
+version = "0.29.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
+checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd"
[[package]]
name = "glob"
@@ -1161,9 +1175,15 @@ dependencies = [
[[package]]
name = "hashbrown"
-version = "0.14.3"
+version = "0.14.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
+[[package]]
+name = "hashbrown"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb"
[[package]]
name = "heck"
@@ -1173,9 +1193,15 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
[[package]]
name = "hermit-abi"
-version = "0.3.4"
+version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f"
+checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
+
+[[package]]
+name = "hermit-abi"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc"
[[package]]
name = "hex"
@@ -1228,23 +1254,23 @@ dependencies = [
[[package]]
name = "i18n-config"
-version = "0.4.5"
+version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6691f16c6a35c1bb99a0f01aa39dd2b884d342b646689e9b8e4d51faf2cfdbd9"
+checksum = "8e88074831c0be5b89181b05e6748c4915f77769ecc9a4c372f88b169a8509c9"
dependencies = [
+ "basic-toml",
"log",
"serde",
"serde_derive",
"thiserror",
- "toml 0.7.6",
"unic-langid",
]
[[package]]
name = "i18n-embed"
-version = "0.14.1"
+version = "0.15.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c"
+checksum = "a7839d8c7bb8da7bd58c1112d3a1aeb7f178ff3df4ae87783e758ca3bfb750b7"
dependencies = [
"arc-swap",
"fluent",
@@ -1264,9 +1290,9 @@ dependencies = [
[[package]]
name = "i18n-embed-fl"
-version = "0.7.0"
+version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2"
+checksum = "f6e9571c3cba9eba538eaa5ee40031b26debe76f0c7e17bafc97ea57a76cd82e"
dependencies = [
"dashmap",
"find-crate",
@@ -1275,32 +1301,32 @@ dependencies = [
"i18n-config",
"i18n-embed",
"lazy_static",
- "proc-macro-error",
+ "proc-macro-error2",
"proc-macro2",
"quote",
- "strsim",
- "syn 2.0.46",
+ "strsim 0.11.1",
+ "syn",
"unic-langid",
]
[[package]]
name = "i18n-embed-impl"
-version = "0.8.3"
+version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81093c4701672f59416582fe3145676126fd23ba5db910acad0793c1108aaa58"
+checksum = "0f2cc0e0523d1fe6fc2c6f66e5038624ea8091b3e7748b5e8e0c84b1698db6c2"
dependencies = [
"find-crate",
"i18n-config",
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "iana-time-zone"
-version = "0.1.59"
+version = "0.1.61"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539"
+checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
dependencies = [
"android_system_properties",
"core-foundation-sys",
@@ -1321,12 +1347,12 @@ dependencies = [
[[package]]
name = "indexmap"
-version = "2.1.0"
+version = "2.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f"
+checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da"
dependencies = [
"equivalent",
- "hashbrown",
+ "hashbrown 0.15.0",
]
[[package]]
@@ -1359,9 +1385,9 @@ dependencies = [
[[package]]
name = "intl-memoizer"
-version = "0.5.1"
+version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c310433e4a310918d6ed9243542a6b83ec1183df95dff8f23f87bb88a264a66f"
+checksum = "fe22e020fce238ae18a6d5d8c502ee76a52a6e880d99477657e6acc30ec57bda"
dependencies = [
"type-map",
"unic-langid",
@@ -1384,12 +1410,12 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304"
[[package]]
name = "is-terminal"
-version = "0.4.10"
+version = "0.4.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455"
+checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b"
dependencies = [
- "hermit-abi",
- "rustix",
+ "hermit-abi 0.4.0",
+ "libc",
"windows-sys 0.52.0",
]
@@ -1404,42 +1430,42 @@ dependencies = [
[[package]]
name = "itoa"
-version = "1.0.10"
+version = "1.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
+checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
[[package]]
name = "jobserver"
-version = "0.1.26"
+version = "0.1.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2"
+checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
dependencies = [
"libc",
]
[[package]]
name = "js-sys"
-version = "0.3.66"
+version = "0.3.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca"
+checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d"
dependencies = [
"wasm-bindgen",
]
[[package]]
name = "lazy_static"
-version = "1.4.0"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
dependencies = [
"spin",
]
[[package]]
name = "libc"
-version = "0.2.153"
+version = "0.2.161"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"
+checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1"
[[package]]
name = "libm"
@@ -1448,10 +1474,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058"
[[package]]
-name = "linux-raw-sys"
-version = "0.4.13"
+name = "libredox"
+version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
+checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
+dependencies = [
+ "bitflags 2.6.0",
+ "libc",
+ "redox_syscall",
+]
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
[[package]]
name = "locale_config"
@@ -1468,9 +1505,9 @@ dependencies = [
[[package]]
name = "lock_api"
-version = "0.4.11"
+version = "0.4.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
+checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
dependencies = [
"autocfg",
"scopeguard",
@@ -1478,9 +1515,9 @@ dependencies = [
[[package]]
name = "log"
-version = "0.4.20"
+version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
+checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
[[package]]
name = "malloc_buf"
@@ -1493,9 +1530,9 @@ dependencies = [
[[package]]
name = "memchr"
-version = "2.7.1"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
[[package]]
name = "memmap2"
@@ -1514,13 +1551,22 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "miniz_oxide"
-version = "0.7.1"
+version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
+checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08"
dependencies = [
"adler",
]
+[[package]]
+name = "miniz_oxide"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
+dependencies = [
+ "adler2",
+]
+
[[package]]
name = "nix"
version = "0.26.4"
@@ -1538,7 +1584,7 @@ version = "0.27.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
dependencies = [
- "bitflags 2.4.1",
+ "bitflags 2.6.0",
"cfg-if",
"libc",
]
@@ -1588,19 +1634,18 @@ dependencies = [
[[package]]
name = "num-integer"
-version = "0.1.45"
+version = "0.1.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
dependencies = [
- "autocfg",
"num-traits",
]
[[package]]
name = "num-iter"
-version = "0.1.43"
+version = "0.1.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
dependencies = [
"autocfg",
"num-integer",
@@ -1609,9 +1654,9 @@ dependencies = [
[[package]]
name = "num-traits"
-version = "0.2.17"
+version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
dependencies = [
"autocfg",
"libm",
@@ -1623,7 +1668,7 @@ version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
dependencies = [
- "hermit-abi",
+ "hermit-abi 0.3.9",
"libc",
]
@@ -1658,39 +1703,39 @@ dependencies = [
[[package]]
name = "object"
-version = "0.32.2"
+version = "0.36.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
+checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e"
dependencies = [
"memchr",
]
[[package]]
name = "once_cell"
-version = "1.19.0"
+version = "1.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
+checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
[[package]]
name = "oorandom"
-version = "11.1.3"
+version = "11.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
+checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"
[[package]]
name = "opaque-debug"
-version = "0.3.0"
+version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
+checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
[[package]]
name = "os_pipe"
-version = "1.1.5"
+version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57119c3b893986491ec9aa85056780d3a0f3cf4da7cc09dd3650dbd6c6738fb9"
+checksum = "5ffd2b0a5634335b135d5728d84c5e0fd726954b87111f7506a61c502280d982"
dependencies = [
"libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -1705,9 +1750,9 @@ dependencies = [
[[package]]
name = "parking_lot"
-version = "0.12.1"
+version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
dependencies = [
"lock_api",
"parking_lot_core",
@@ -1715,15 +1760,15 @@ dependencies = [
[[package]]
name = "parking_lot_core"
-version = "0.9.9"
+version = "0.9.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
+checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
dependencies = [
"cfg-if",
"libc",
"redox_syscall",
"smallvec",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.6",
]
[[package]]
@@ -1767,29 +1812,29 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
[[package]]
name = "pin-project"
-version = "1.1.4"
+version = "1.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0302c4a0442c456bd56f841aee5c3bfd17967563f6fadc9ceb9f9c23cf3807e0"
+checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3"
dependencies = [
"pin-project-internal",
]
[[package]]
name = "pin-project-internal"
-version = "1.1.4"
+version = "1.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "266c042b60c9c76b8d53061e52b2e0d1116abc57cefc8c5cd671619a56ac3690"
+checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "pin-project-lite"
-version = "0.2.13"
+version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58"
+checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02"
[[package]]
name = "pin-utils"
@@ -1799,9 +1844,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "pinentry"
-version = "0.5.0"
+version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfa5b8bc68be6a5e2ba84ee86db53f816cba1905b94fcb7c236e606221cc8fc8"
+checksum = "c1ecb857a7b11a03e8872c704d0a1ae1efc20533b3be98338008527a1928ffa6"
dependencies = [
"log",
"nom",
@@ -1834,21 +1879,15 @@ dependencies = [
[[package]]
name = "pkg-config"
-version = "0.3.29"
+version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb"
-
-[[package]]
-name = "platforms"
-version = "3.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c"
+checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
[[package]]
name = "plotters"
-version = "0.3.5"
+version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45"
+checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747"
dependencies = [
"num-traits",
"plotters-backend",
@@ -1859,15 +1898,15 @@ dependencies = [
[[package]]
name = "plotters-backend"
-version = "0.3.5"
+version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609"
+checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a"
[[package]]
name = "plotters-svg"
-version = "0.3.5"
+version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab"
+checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705"
dependencies = [
"plotters-backend",
]
@@ -1885,9 +1924,9 @@ dependencies = [
[[package]]
name = "polyval"
-version = "0.6.1"
+version = "0.6.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb"
+checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25"
dependencies = [
"cfg-if",
"cpufeatures",
@@ -1919,52 +1958,53 @@ dependencies = [
[[package]]
name = "ppv-lite86"
-version = "0.2.17"
+version = "0.2.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
-
-[[package]]
-name = "proc-macro-error"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
+checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
dependencies = [
- "proc-macro-error-attr",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "version_check",
+ "zerocopy 0.7.35",
]
[[package]]
-name = "proc-macro-error-attr"
-version = "1.0.4"
+name = "proc-macro-error-attr2"
+version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
+checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
dependencies = [
"proc-macro2",
"quote",
- "version_check",
+]
+
+[[package]]
+name = "proc-macro-error2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
+dependencies = [
+ "proc-macro-error-attr2",
+ "proc-macro2",
+ "quote",
+ "syn",
]
[[package]]
name = "proc-macro2"
-version = "1.0.74"
+version = "1.0.89"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db"
+checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e"
dependencies = [
"unicode-ident",
]
[[package]]
name = "proptest"
-version = "1.4.0"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf"
+checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d"
dependencies = [
"bit-set",
"bit-vec",
- "bitflags 2.4.1",
+ "bitflags 2.6.0",
"lazy_static",
"num-traits",
"rand",
@@ -1993,16 +2033,16 @@ dependencies = [
[[package]]
name = "quote"
-version = "1.0.35"
+version = "1.0.37"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
+checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rage"
-version = "0.10.1"
+version = "0.11.1"
dependencies = [
"age",
"chrono",
@@ -2069,9 +2109,9 @@ dependencies = [
[[package]]
name = "rayon"
-version = "1.8.0"
+version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1"
+checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa"
dependencies = [
"either",
"rayon-core",
@@ -2079,9 +2119,9 @@ dependencies = [
[[package]]
name = "rayon-core"
-version = "1.12.0"
+version = "1.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed"
+checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2"
dependencies = [
"crossbeam-deque",
"crossbeam-utils",
@@ -2089,18 +2129,18 @@ dependencies = [
[[package]]
name = "redox_syscall"
-version = "0.4.1"
+version = "0.5.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f"
dependencies = [
- "bitflags 1.3.2",
+ "bitflags 2.6.0",
]
[[package]]
name = "regex"
-version = "1.10.2"
+version = "1.10.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
+checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f"
dependencies = [
"aho-corasick",
"memchr",
@@ -2110,9 +2150,9 @@ dependencies = [
[[package]]
name = "regex-automata"
-version = "0.4.3"
+version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
+checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
dependencies = [
"aho-corasick",
"memchr",
@@ -2121,15 +2161,15 @@ dependencies = [
[[package]]
name = "regex-syntax"
-version = "0.8.2"
+version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
+checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
[[package]]
name = "rgb"
-version = "0.8.37"
+version = "0.8.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8"
+checksum = "57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a"
dependencies = [
"bytemuck",
]
@@ -2183,9 +2223,9 @@ dependencies = [
[[package]]
name = "rust-embed"
-version = "8.2.0"
+version = "8.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f"
+checksum = "fb78f46d0066053d16d4ca7b898e9343bc3530f71c61d5ad84cd404ada068745"
dependencies = [
"rust-embed-impl",
"rust-embed-utils",
@@ -2194,22 +2234,22 @@ dependencies = [
[[package]]
name = "rust-embed-impl"
-version = "8.2.0"
+version = "8.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16"
+checksum = "b91ac2a3c6c0520a3fb3dd89321177c3c692937c4eb21893378219da10c44fc8"
dependencies = [
"proc-macro2",
"quote",
"rust-embed-utils",
- "syn 2.0.46",
+ "syn",
"walkdir",
]
[[package]]
name = "rust-embed-utils"
-version = "8.2.0"
+version = "8.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665"
+checksum = "86f69089032567ffff4eada41c573fc43ff466c7db7c5688b2e7969584345581"
dependencies = [
"sha2",
"walkdir",
@@ -2217,9 +2257,9 @@ dependencies = [
[[package]]
name = "rustc-demangle"
-version = "0.1.23"
+version = "0.1.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
[[package]]
name = "rustc-hash"
@@ -2229,20 +2269,20 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
name = "rustc_version"
-version = "0.4.0"
+version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
dependencies = [
"semver",
]
[[package]]
name = "rustix"
-version = "0.38.31"
+version = "0.38.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949"
+checksum = "aa260229e6538e52293eeb577aabd09945a09d6d9cc0fc550ed7529056c2e32a"
dependencies = [
- "bitflags 2.4.1",
+ "bitflags 2.6.0",
"errno",
"libc",
"linux-raw-sys",
@@ -2263,9 +2303,9 @@ dependencies = [
[[package]]
name = "ryu"
-version = "1.0.16"
+version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c"
+checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
[[package]]
name = "salsa20"
@@ -2304,9 +2344,9 @@ dependencies = [
[[package]]
name = "secrecy"
-version = "0.8.0"
+version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
+checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a"
dependencies = [
"zeroize",
]
@@ -2317,48 +2357,49 @@ version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14e4d63b804dc0c7ec4a1e52bcb63f02c7ac94476755aa579edac21e01f915d"
dependencies = [
- "self_cell 1.0.3",
+ "self_cell 1.0.4",
]
[[package]]
name = "self_cell"
-version = "1.0.3"
+version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba"
+checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a"
[[package]]
name = "semver"
-version = "1.0.21"
+version = "1.0.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0"
+checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
[[package]]
name = "serde"
-version = "1.0.194"
+version = "1.0.214"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773"
+checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
-version = "1.0.194"
+version = "1.0.214"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0"
+checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "serde_json"
-version = "1.0.110"
+version = "1.0.132"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257"
+checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
dependencies = [
"itoa",
+ "memchr",
"ryu",
"serde",
]
@@ -2412,9 +2453,9 @@ dependencies = [
[[package]]
name = "similar"
-version = "2.4.0"
+version = "2.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32fea41aca09ee824cc9724996433064c89f7777e60762749a4170a14abbfa21"
+checksum = "1de1d4f81173b03af4c0cbed3c898f6bff5b870e4a7f5d6f4057d62a7a4b686e"
[[package]]
name = "slab"
@@ -2427,9 +2468,9 @@ dependencies = [
[[package]]
name = "smallvec"
-version = "1.13.1"
+version = "1.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7"
+checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
[[package]]
name = "snapbox"
@@ -2464,9 +2505,9 @@ dependencies = [
[[package]]
name = "spin"
-version = "0.5.2"
+version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
[[package]]
name = "spki"
@@ -2497,16 +2538,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
-name = "subtle"
-version = "2.5.0"
+name = "strsim"
+version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]]
name = "symbolic-common"
-version = "12.8.0"
+version = "12.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1cccfffbc6bb3bb2d3a26cd2077f4d055f6808d266f9d4d158797a4c60510dfe"
+checksum = "366f1b4c6baf6cfefc234bbd4899535fca0b06c74443039a73f6dfb2fad88d77"
dependencies = [
"debugid",
"memmap2",
@@ -2516,9 +2563,9 @@ dependencies = [
[[package]]
name = "symbolic-demangle"
-version = "12.8.0"
+version = "12.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76a99812da4020a67e76c4eb41f08c87364c14170495ff780f30dd519c221a68"
+checksum = "aba05ba5b9962ea5617baf556293720a8b2d0a282aa14ee4bf10e22efc7da8c8"
dependencies = [
"cpp_demangle",
"rustc-demangle",
@@ -2527,19 +2574,9 @@ dependencies = [
[[package]]
name = "syn"
-version = "1.0.109"
+version = "2.0.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "unicode-ident",
-]
-
-[[package]]
-name = "syn"
-version = "2.0.46"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
dependencies = [
"proc-macro2",
"quote",
@@ -2548,9 +2585,9 @@ dependencies = [
[[package]]
name = "tar"
-version = "0.4.40"
+version = "0.4.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb"
+checksum = "c65998313f8e17d0d553d28f91a0df93e4dbbbf770279c7bc21ca0f09ea1a1f6"
dependencies = [
"filetime",
"libc",
@@ -2559,13 +2596,12 @@ dependencies = [
[[package]]
name = "tempfile"
-version = "3.9.0"
+version = "3.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa"
+checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1"
dependencies = [
"cfg-if",
"fastrand",
- "redox_syscall",
"rustix",
"windows-sys 0.52.0",
]
@@ -2597,7 +2633,7 @@ dependencies = [
"cfg-if",
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -2608,28 +2644,28 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
"test-case-core",
]
[[package]]
name = "thiserror"
-version = "1.0.56"
+version = "1.0.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad"
+checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
-version = "1.0.56"
+version = "1.0.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471"
+checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -2678,9 +2714,9 @@ dependencies = [
[[package]]
name = "tokio"
-version = "1.35.1"
+version = "1.38.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
+checksum = "eb2caba9f80616f438e09748d5acda951967e1ea58508ef53d9c6402485a46df"
dependencies = [
"backtrace",
"num_cpus",
@@ -2690,13 +2726,13 @@ dependencies = [
[[package]]
name = "tokio-macros"
-version = "2.2.0"
+version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
+checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -2708,18 +2744,6 @@ dependencies = [
"serde",
]
-[[package]]
-name = "toml"
-version = "0.7.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542"
-dependencies = [
- "serde",
- "serde_spanned",
- "toml_datetime",
- "toml_edit",
-]
-
[[package]]
name = "toml_datetime"
version = "0.6.3"
@@ -2760,9 +2784,9 @@ dependencies = [
[[package]]
name = "type-map"
-version = "0.4.0"
+version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6d3364c5e96cb2ad1603037ab253ddd34d7fb72a58bdddf4b7350760fc69a46"
+checksum = "deb68604048ff8fa93347f02441e4487594adc20bb8a084f9e564d2b827a0a9f"
dependencies = [
"rustc-hash",
]
@@ -2781,18 +2805,18 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
[[package]]
name = "unic-langid"
-version = "0.9.4"
+version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "238722e6d794ed130f91f4ea33e01fcff4f188d92337a21297892521c72df516"
+checksum = "23dd9d1e72a73b25e07123a80776aae3e7b0ec461ef94f9151eed6ec88005a44"
dependencies = [
"unic-langid-impl",
]
[[package]]
name = "unic-langid-impl"
-version = "0.9.4"
+version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4bd55a2063fdea4ef1f8633243a7b0524cbeef1905ae04c31a1c9b9775c55bc6"
+checksum = "0a5422c1f65949306c99240b81de9f3f15929f5a8bfe05bb44b034cc8bf593e5"
dependencies = [
"serde",
"tinystr",
@@ -2800,9 +2824,9 @@ dependencies = [
[[package]]
name = "unicode-ident"
-version = "1.0.12"
+version = "1.0.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"
[[package]]
name = "universal-hash"
@@ -2816,21 +2840,21 @@ dependencies = [
[[package]]
name = "utf8parse"
-version = "0.2.1"
+version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
[[package]]
name = "uuid"
-version = "1.7.0"
+version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a"
+checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a"
[[package]]
name = "version_check"
-version = "0.9.4"
+version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
[[package]]
name = "wait-timeout"
@@ -2843,9 +2867,9 @@ dependencies = [
[[package]]
name = "walkdir"
-version = "2.4.0"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee"
+checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
dependencies = [
"same-file",
"winapi-util",
@@ -2859,9 +2883,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
-version = "0.2.89"
+version = "0.2.92"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e"
+checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8"
dependencies = [
"cfg-if",
"wasm-bindgen-macro",
@@ -2869,24 +2893,24 @@ dependencies = [
[[package]]
name = "wasm-bindgen-backend"
-version = "0.2.89"
+version = "0.2.92"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826"
+checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da"
dependencies = [
"bumpalo",
"log",
"once_cell",
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
-version = "0.2.89"
+version = "0.2.92"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2"
+checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
@@ -2894,28 +2918,28 @@ dependencies = [
[[package]]
name = "wasm-bindgen-macro-support"
-version = "0.2.89"
+version = "0.2.92"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283"
+checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
-version = "0.2.89"
+version = "0.2.92"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"
+checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96"
[[package]]
name = "web-sys"
-version = "0.3.66"
+version = "0.3.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f"
+checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef"
dependencies = [
"js-sys",
"wasm-bindgen",
@@ -2951,11 +2975,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
-version = "0.1.6"
+version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596"
+checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [
- "winapi",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -2970,7 +2994,7 @@ version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
dependencies = [
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
]
[[package]]
@@ -2997,7 +3021,16 @@ version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
dependencies = [
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.59.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
+dependencies = [
+ "windows-targets 0.52.6",
]
[[package]]
@@ -3032,17 +3065,18 @@ dependencies = [
[[package]]
name = "windows-targets"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
dependencies = [
- "windows_aarch64_gnullvm 0.52.0",
- "windows_aarch64_msvc 0.52.0",
- "windows_i686_gnu 0.52.0",
- "windows_i686_msvc 0.52.0",
- "windows_x86_64_gnu 0.52.0",
- "windows_x86_64_gnullvm 0.52.0",
- "windows_x86_64_msvc 0.52.0",
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
]
[[package]]
@@ -3059,9 +3093,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
[[package]]
name = "windows_aarch64_gnullvm"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]]
name = "windows_aarch64_msvc"
@@ -3077,9 +3111,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
[[package]]
name = "windows_aarch64_msvc"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]]
name = "windows_i686_gnu"
@@ -3095,9 +3129,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
[[package]]
name = "windows_i686_gnu"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]]
name = "windows_i686_msvc"
@@ -3113,9 +3153,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
[[package]]
name = "windows_i686_msvc"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]]
name = "windows_x86_64_gnu"
@@ -3131,9 +3171,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
[[package]]
name = "windows_x86_64_gnu"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]]
name = "windows_x86_64_gnullvm"
@@ -3149,9 +3189,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
[[package]]
name = "windows_x86_64_gnullvm"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]]
name = "windows_x86_64_msvc"
@@ -3167,15 +3207,15 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
[[package]]
name = "windows_x86_64_msvc"
-version = "0.52.0"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "winnow"
-version = "0.5.37"
+version = "0.5.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7cad8365489051ae9f054164e459304af2e7e9bb407c958076c8bf4aef52da5"
+checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876"
dependencies = [
"memchr",
]
@@ -3188,9 +3228,9 @@ checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4"
[[package]]
name = "x25519-dalek"
-version = "2.0.0"
+version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96"
+checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"
dependencies = [
"curve25519-dalek",
"rand_core",
@@ -3221,11 +3261,12 @@ dependencies = [
[[package]]
name = "zerocopy"
-version = "0.7.32"
+version = "0.7.35"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be"
+checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
dependencies = [
- "zerocopy-derive 0.7.32",
+ "byteorder",
+ "zerocopy-derive 0.7.35",
]
[[package]]
@@ -3236,25 +3277,25 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "zerocopy-derive"
-version = "0.7.32"
+version = "0.7.35"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6"
+checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
name = "zeroize"
-version = "1.7.0"
+version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
dependencies = [
"zeroize_derive",
]
@@ -3267,7 +3308,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.46",
+ "syn",
]
[[package]]
@@ -3311,9 +3352,9 @@ dependencies = [
[[package]]
name = "zstd-sys"
-version = "2.0.9+zstd.1.5.5"
+version = "2.0.13+zstd.1.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e16efa8a874a0481a574084d34cc26fdb3b99627480f785888deb6386506656"
+checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa"
dependencies = [
"cc",
"pkg-config",
diff --git a/Cargo.toml b/Cargo.toml
index c086a94..8468db4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,8 +15,8 @@ repository = "https://github.com/str4d/rage"
license = "MIT OR Apache-2.0"
[workspace.dependencies]
-age = { version = "0.10.1", path = "age" }
-age-core = { version = "0.10.0", path = "age-core" }
+age = { version = "0.11.1", path = "age" }
+age-core = { version = "0.11.0", path = "age-core" }
# Dependencies required by the age specification:
# - Base64 from RFC 4648
@@ -48,14 +48,14 @@ cookie-factory = "0.3.1"
nom = { version = "7", default-features = false, features = ["alloc"] }
# Secret management
-pinentry = "0.5"
-secrecy = "0.8"
+pinentry = "0.6"
+secrecy = "0.10"
subtle = "2"
zeroize = "1"
# Localization
-i18n-embed = { version = "0.14", features = ["fluent-system"] }
-i18n-embed-fl = "0.7"
+i18n-embed = { version = "0.15", features = ["fluent-system"] }
+i18n-embed-fl = "0.9"
lazy_static = "1"
rust-embed = "8"
diff --git a/HomebrewFormula/rage.rb b/HomebrewFormula/rage.rb
deleted file mode 100644
index bf7f0dd..0000000
--- a/HomebrewFormula/rage.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-class Rage < Formula
- desc "[BETA] A simple, secure, and modern encryption tool."
- homepage "https://str4d.xyz/rage"
- url "https://github.com/str4d/rage/archive/refs/tags/v0.9.2.tar.gz"
- sha256 "3bd287372eb6226b246459c1b5c39ecdb36b3495d7af4d2bee93bb3aad9ccf65"
- version "0.9.2"
-
- depends_on "rust" => :build
-
- def install
- system "cargo", "install", *std_cargo_args(path: './rage')
- end
-
- test do
- # Test key generation
- system "#{bin}/rage-keygen -o #{testpath}/output.txt"
- assert_predicate testpath/"output.txt", :exist?
-
- # Test encryption
- (testpath/"test.txt").write("Hello World!\n")
- system "#{bin}/rage -r age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm -o #{testpath}/test.txt.age #{testpath}/test.txt"
- assert_predicate testpath/"test.txt.age", :exist?
- assert File.read(testpath/"test.txt.age").start_with?("age-encryption.org")
-
- # Test decryption
- (testpath/"test.key").write("AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX")
- assert_equal "Hello World!", shell_output("#{bin}/rage -d -i #{testpath}/test.key #{testpath}/test.txt.age").strip
- end
-end
diff --git a/README.md b/README.md
index 59547a8..fd12040 100644
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@ format. It features small explicit keys, no config options, and UNIX-style
composability.
The format specification is at [age-encryption.org/v1](https://age-encryption.org/v1).
-age was designed by [@Benjojo12](https://twitter.com/Benjojo12) and
-[@FiloSottile](https://twitter.com/FiloSottile).
+age was designed by [@Benjojo](https://benjojo.co.uk/) and
+[@FiloSottile](https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl).
The reference interoperable Go implementation is available at
[filippo.io/age](https://filippo.io/age).
@@ -24,7 +24,8 @@ For more plugins, implementations, tools, and integrations, check out the
| Environment | CLI command |
|-------------|-------------|
| Cargo (Rust 1.65+) | `cargo install rage` |
-| Homebrew (macOS or Linux) | `brew tap str4d.xyz/rage https://str4d.xyz/rage`
`brew install rage` |
+| Homebrew (macOS or Linux) | `brew install rage` |
+| MacPorts | `port install rage` |
| Alpine Linux (edge) | `apk add rage` |
| Arch Linux | `pacman -S rage-encryption` |
| Debian | [Debian packages](https://github.com/str4d/rage/releases) |
diff --git a/age-core/CHANGELOG.md b/age-core/CHANGELOG.md
index b0147f2..bd5699d 100644
--- a/age-core/CHANGELOG.md
+++ b/age-core/CHANGELOG.md
@@ -8,6 +8,19 @@ to 1.0.0 are beta releases.
## [Unreleased]
+## [0.11.0] - 2024-11-03
+### Added
+- `age_core::format`:
+ - `FileKey::new`
+ - `FileKey::init_with_mut`
+ - `FileKey::try_init_with_mut`
+ - `is_arbitrary_string`
+
+### Changed
+- Migrated to `secrecy 0.10`.
+- `age::plugin::Connection::unidir_receive` now takes an additional argument to
+ enable handling an optional fourth command.
+
## [0.10.0] - 2024-02-04
### Added
- `impl Eq for age_core::format::Stanza`
diff --git a/age-core/Cargo.toml b/age-core/Cargo.toml
index 5bab42b..131a54d 100644
--- a/age-core/Cargo.toml
+++ b/age-core/Cargo.toml
@@ -1,7 +1,7 @@
[package]
name = "age-core"
description = "[BETA] Common functions used across the age crates"
-version = "0.10.0"
+version = "0.11.0"
authors.workspace = true
repository.workspace = true
readme = "README.md"
diff --git a/age-core/src/format.rs b/age-core/src/format.rs
index b374dfe..f8f97dc 100644
--- a/age-core/src/format.rs
+++ b/age-core/src/format.rs
@@ -5,7 +5,7 @@ use rand::{
distributions::{Distribution, Uniform},
thread_rng, RngCore,
};
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, ExposeSecretMut, SecretBox};
/// The prefix identifying an age stanza.
const STANZA_TAG: &str = "-> ";
@@ -14,11 +14,26 @@ const STANZA_TAG: &str = "-> ";
pub const FILE_KEY_BYTES: usize = 16;
/// A file key for encrypting or decrypting an age file.
-pub struct FileKey(Secret<[u8; FILE_KEY_BYTES]>);
+pub struct FileKey(SecretBox<[u8; FILE_KEY_BYTES]>);
-impl From<[u8; FILE_KEY_BYTES]> for FileKey {
- fn from(file_key: [u8; FILE_KEY_BYTES]) -> Self {
- FileKey(Secret::new(file_key))
+impl FileKey {
+ /// Creates a file key using a pre-boxed key.
+ pub fn new(file_key: Box<[u8; FILE_KEY_BYTES]>) -> Self {
+ Self(SecretBox::new(file_key))
+ }
+
+ /// Creates a file key using a function that can initialize the key in-place.
+ pub fn init_with_mut(ctr: impl FnOnce(&mut [u8; FILE_KEY_BYTES])) -> Self {
+ Self(SecretBox::init_with_mut(ctr))
+ }
+
+ /// Same as [`Self::init_with_mut`], but the constructor can be fallible.
+ pub fn try_init_with_mut(
+ ctr: impl FnOnce(&mut [u8; FILE_KEY_BYTES]) -> Result<(), E>,
+ ) -> Result {
+ let mut file_key = SecretBox::new(Box::new([0; FILE_KEY_BYTES]));
+ ctr(file_key.expose_secret_mut())?;
+ Ok(Self(file_key))
}
}
@@ -90,6 +105,16 @@ impl From> for Stanza {
}
}
+/// Checks whether the string is a valid age "arbitrary string" (`1*VCHAR` in ABNF).
+pub fn is_arbitrary_string>(s: &S) -> bool {
+ let s = s.as_ref();
+ !s.is_empty()
+ && s.chars().all(|c| match u8::try_from(c) {
+ Ok(u) => (33..=126).contains(&u),
+ Err(_) => false,
+ })
+}
+
/// Creates a random recipient stanza that exercises the joint in the age v1 format.
///
/// This function is guaranteed to return a valid stanza, but makes no other guarantees
diff --git a/age-core/src/plugin.rs b/age-core/src/plugin.rs
index 0c68c31..aa3e40c 100644
--- a/age-core/src/plugin.rs
+++ b/age-core/src/plugin.rs
@@ -4,7 +4,7 @@
//! implementations built around the `age-plugin` crate.
use rand::{thread_rng, Rng};
-use secrecy::Zeroize;
+use secrecy::zeroize::Zeroize;
use std::env;
use std::fmt;
use std::io::{self, BufRead, BufReader, Read, Write};
@@ -51,10 +51,11 @@ impl std::error::Error for Error {}
/// should explicitly handle.
pub type Result = io::Result>;
-type UnidirResult = io::Result<(
+type UnidirResult = io::Result<(
std::result::Result, Vec>,
std::result::Result, Vec>,
Option, Vec>>,
+ Option, Vec>>,
)>;
/// A connection to a plugin binary.
@@ -205,23 +206,26 @@ impl Connection {
///
/// # Arguments
///
- /// `command_a`, `command_b`, and (optionally) `command_c` are the known commands that
- /// are expected to be received. All other received commands (including grease) will
- /// be ignored.
- pub fn unidir_receive(
+ /// `command_a`, `command_b`, and (optionally) `command_c` and `command_d` are the
+ /// known commands that are expected to be received. All other received commands
+ /// (including grease) will be ignored.
+ pub fn unidir_receive(
&mut self,
command_a: (&str, F),
command_b: (&str, G),
command_c: (Option<&str>, H),
- ) -> UnidirResult
+ command_d: (Option<&str>, I),
+ ) -> UnidirResult
where
F: Fn(Stanza) -> std::result::Result,
G: Fn(Stanza) -> std::result::Result,
H: Fn(Stanza) -> std::result::Result,
+ I: Fn(Stanza) -> std::result::Result,
{
let mut res_a = Ok(vec![]);
let mut res_b = Ok(vec![]);
let mut res_c = Ok(vec![]);
+ let mut res_d = Ok(vec![]);
for stanza in iter::repeat_with(|| self.receive()).take_while(|res| match res {
Ok(stanza) => stanza.tag != COMMAND_DONE,
@@ -251,14 +255,28 @@ impl Connection {
validate(command_a.1(stanza), &mut res_a)
} else if stanza.tag.as_str() == command_b.0 {
validate(command_b.1(stanza), &mut res_b)
- } else if let Some(tag) = command_c.0 {
- if stanza.tag.as_str() == tag {
- validate(command_c.1(stanza), &mut res_c)
+ } else {
+ if let Some(tag) = command_c.0 {
+ if stanza.tag.as_str() == tag {
+ validate(command_c.1(stanza), &mut res_c);
+ continue;
+ }
+ }
+ if let Some(tag) = command_d.0 {
+ if stanza.tag.as_str() == tag {
+ validate(command_d.1(stanza), &mut res_d);
+ continue;
+ }
}
}
}
- Ok((res_a, res_b, command_c.0.map(|_| res_c)))
+ Ok((
+ res_a,
+ res_b,
+ command_c.0.map(|_| res_c),
+ command_d.0.map(|_| res_d),
+ ))
}
/// Runs a bidirectional phase as the controller.
@@ -481,10 +499,11 @@ mod tests {
.unidir_send(|mut phase| phase.send("test", &["foo"], b"bar"))
.unwrap();
let stanza = plugin_conn
- .unidir_receive::<_, (), (), _, _, _, _>(
+ .unidir_receive::<_, (), (), (), _, _, _, _, _>(
("test", Ok),
("other", |_| Err(())),
(None, |_| Ok(())),
+ (None, |_| Ok(())),
)
.unwrap();
assert_eq!(
@@ -496,7 +515,8 @@ mod tests {
body: b"bar"[..].to_owned()
}]),
Ok(vec![]),
- None
+ None,
+ None,
)
);
}
diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md
index b5afbe4..34b0bba 100644
--- a/age-plugin/CHANGELOG.md
+++ b/age-plugin/CHANGELOG.md
@@ -10,6 +10,26 @@ to 1.0.0 are beta releases.
## [Unreleased]
+## [0.6.0] - 2024-11-03
+### Added
+- `age_plugin::PluginHandler`
+- `impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible`
+- `impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible`
+
+### Changed
+- Migrated to `age-core 0.11`.
+- `age_plugin::recipient::RecipientPluginV1` has a new `labels` method. Existing
+ implementations of the trait should either return `HashSet::new()` to maintain
+ existing compatibility, or return labels that apply the desired constraints.
+- `age_plugin::run_state_machine` now supports the `recipient-v1` labels
+ extension.
+
+### Fixed
+- `age_plugin::run_state_machine` now takes an `impl age_plugin::PluginHandler`
+ argument, instead of its previous arguments.
+ - This fixes the change from the previous release, because the type parameters
+ were basically impossible to set correctly when attempting to pass `None`.
+
## [0.5.0] - 2024-02-04
### Changed
- MSRV is now 1.65.0.
diff --git a/age-plugin/Cargo.toml b/age-plugin/Cargo.toml
index 30fe48d..023b3c5 100644
--- a/age-plugin/Cargo.toml
+++ b/age-plugin/Cargo.toml
@@ -1,7 +1,7 @@
[package]
name = "age-plugin"
description = "[BETA] API for writing age plugins."
-version = "0.5.0"
+version = "0.6.0"
authors.workspace = true
repository.workspace = true
readme = "README.md"
diff --git a/age-plugin/examples/age-plugin-unencrypted.rs b/age-plugin/examples/age-plugin-unencrypted.rs
index e287f28..f88018a 100644
--- a/age-plugin/examples/age-plugin-unencrypted.rs
+++ b/age-plugin/examples/age-plugin-unencrypted.rs
@@ -6,11 +6,12 @@ use age_plugin::{
identity::{self, IdentityPluginV1},
print_new_identity,
recipient::{self, RecipientPluginV1},
- run_state_machine, Callbacks,
+ run_state_machine, Callbacks, PluginHandler,
};
use clap::Parser;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
+use std::convert::Infallible;
use std::env;
use std::io;
@@ -25,6 +26,43 @@ fn explode(location: &str) {
}
}
+struct FullHandler;
+
+impl PluginHandler for FullHandler {
+ type RecipientV1 = RecipientPlugin;
+ type IdentityV1 = IdentityPlugin;
+
+ fn recipient_v1(self) -> io::Result {
+ Ok(RecipientPlugin)
+ }
+
+ fn identity_v1(self) -> io::Result {
+ Ok(IdentityPlugin)
+ }
+}
+
+struct RecipientHandler;
+
+impl PluginHandler for RecipientHandler {
+ type RecipientV1 = RecipientPlugin;
+ type IdentityV1 = Infallible;
+
+ fn recipient_v1(self) -> io::Result {
+ Ok(RecipientPlugin)
+ }
+}
+
+struct IdentityHandler;
+
+impl PluginHandler for IdentityHandler {
+ type RecipientV1 = Infallible;
+ type IdentityV1 = IdentityPlugin;
+
+ fn identity_v1(self) -> io::Result {
+ Ok(IdentityPlugin)
+ }
+}
+
struct RecipientPlugin;
impl RecipientPluginV1 for RecipientPlugin {
@@ -66,6 +104,16 @@ impl RecipientPluginV1 for RecipientPlugin {
}
}
+ fn labels(&mut self) -> HashSet {
+ let mut labels = HashSet::new();
+ if let Ok(s) = env::var("AGE_PLUGIN_LABELS") {
+ for label in s.split(',') {
+ labels.insert(label.into());
+ }
+ }
+ labels
+ }
+
fn wrap_file_keys(
&mut self,
file_keys: Vec,
@@ -127,9 +175,14 @@ impl IdentityPluginV1 for IdentityPlugin {
// identities.
let _ = callbacks.message("This identity does nothing!")?;
file_keys.entry(file_index).or_insert_with(|| {
- Ok(FileKey::from(
- TryInto::<[u8; 16]>::try_into(&stanza.body[..]).unwrap(),
- ))
+ FileKey::try_init_with_mut(|file_key| {
+ if stanza.body.len() == file_key.len() {
+ file_key.copy_from_slice(&stanza.body);
+ Ok(())
+ } else {
+ panic!("File key is wrong length")
+ }
+ })
});
break;
}
@@ -149,11 +202,15 @@ fn main() -> io::Result<()> {
let opts = PluginOptions::parse();
if let Some(state_machine) = opts.age_plugin {
- run_state_machine(
- &state_machine,
- Some(|| RecipientPlugin),
- Some(|| IdentityPlugin),
- )
+ if let Ok(s) = env::var("AGE_HALF_PLUGIN") {
+ match s.as_str() {
+ "recipient" => run_state_machine(&state_machine, RecipientHandler),
+ "identity" => run_state_machine(&state_machine, IdentityHandler),
+ _ => panic!("Env variable AGE_HALF_PLUGIN={s} has unknown value. Boom! 💥"),
+ }
+ } else {
+ run_state_machine(&state_machine, FullHandler)
+ }
} else {
// A real plugin would generate a new identity here.
print_new_identity(PLUGIN_NAME, &[], &[]);
diff --git a/age-plugin/src/identity.rs b/age-plugin/src/identity.rs
index 314e8a2..7431014 100644
--- a/age-plugin/src/identity.rs
+++ b/age-plugin/src/identity.rs
@@ -7,7 +7,9 @@ use age_core::{
};
use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine};
use bech32::FromBase32;
+
use std::collections::HashMap;
+use std::convert::Infallible;
use std::io;
use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX};
@@ -16,6 +18,10 @@ const ADD_IDENTITY: &str = "add-identity";
const RECIPIENT_STANZA: &str = "recipient-stanza";
/// The interface that age implementations will use to interact with an age plugin.
+///
+/// Implementations of this trait will be used within the [`identity-v1`] state machine.
+///
+/// [`identity-v1`]: https://c2sp.org/age-plugin#unwrapping-with-identity-v1
pub trait IdentityPluginV1 {
/// Stores an identity that the user would like to use for decrypting age files.
///
@@ -49,6 +55,22 @@ pub trait IdentityPluginV1 {
) -> io::Result>>>;
}
+impl IdentityPluginV1 for Infallible {
+ fn add_identity(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> {
+ // This is never executed.
+ Ok(())
+ }
+
+ fn unwrap_file_keys(
+ &mut self,
+ _: Vec>,
+ _: impl Callbacks,
+ ) -> io::Result>>> {
+ // This is never executed.
+ Ok(HashMap::new())
+ }
+}
+
/// The interface that age plugins can use to interact with an age implementation.
struct BidirCallbacks<'a, 'b, R: io::Read, W: io::Write>(&'b mut BidirSend<'a, R, W>);
@@ -113,7 +135,7 @@ impl<'a, 'b, R: io::Read, W: io::Write> Callbacks for BidirCallbacks<'a,
.and_then(|res| match res {
Ok(s) => String::from_utf8(s.body)
.map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "secret is not UTF-8"))
- .map(|s| Ok(SecretString::new(s))),
+ .map(|s| Ok(SecretString::from(s))),
Err(e) => Ok(Err(e)),
})
}
@@ -200,7 +222,7 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
// Phase 1: receive identities and stanzas
let (identities, recipient_stanzas) = {
- let (identities, stanzas, _) = conn.unidir_receive(
+ let (identities, stanzas, _, _) = conn.unidir_receive(
(ADD_IDENTITY, |s| match (&s.args[..], &s.body[..]) {
([identity], []) => Ok(identity.clone()),
_ => Err(Error::Internal {
@@ -233,6 +255,7 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
}
}),
(None, |_| Ok(())),
+ (None, |_| Ok(())),
)?;
// Now that we have the full list of identities, parse them as Bech32 and add them
diff --git a/age-plugin/src/lib.rs b/age-plugin/src/lib.rs
index fedd725..93b8c61 100644
--- a/age-plugin/src/lib.rs
+++ b/age-plugin/src/lib.rs
@@ -74,13 +74,28 @@
//! identity::{self, IdentityPluginV1},
//! print_new_identity,
//! recipient::{self, RecipientPluginV1},
-//! Callbacks, run_state_machine,
+//! Callbacks, PluginHandler, run_state_machine,
//! };
//! use clap::Parser;
//!
-//! use std::collections::HashMap;
+//! use std::collections::{HashMap, HashSet};
//! use std::io;
//!
+//! struct Handler;
+//!
+//! impl PluginHandler for Handler {
+//! type RecipientV1 = RecipientPlugin;
+//! type IdentityV1 = IdentityPlugin;
+//!
+//! fn recipient_v1(self) -> io::Result {
+//! Ok(RecipientPlugin)
+//! }
+//!
+//! fn identity_v1(self) -> io::Result {
+//! Ok(IdentityPlugin)
+//! }
+//! }
+//!
//! struct RecipientPlugin;
//!
//! impl RecipientPluginV1 for RecipientPlugin {
@@ -102,6 +117,10 @@
//! todo!()
//! }
//!
+//! fn labels(&mut self) -> HashSet {
+//! todo!()
+//! }
+//!
//! fn wrap_file_keys(
//! &mut self,
//! file_keys: Vec,
@@ -143,11 +162,7 @@
//!
//! if let Some(state_machine) = opts.age_plugin {
//! // The plugin was started by an age client; run the state machine.
-//! run_state_machine(
-//! &state_machine,
-//! Some(|| RecipientPlugin),
-//! Some(|| IdentityPlugin),
-//! )?;
+//! run_state_machine(&state_machine, Handler)?;
//! return Ok(());
//! }
//!
@@ -209,34 +224,12 @@ pub fn print_new_identity(plugin_name: &str, identity: &[u8], recipient: &[u8])
///
/// This should be triggered if the `--age-plugin=state_machine` flag is provided as an
/// argument when starting the plugin.
-pub fn run_state_machine(
- state_machine: &str,
- recipient_v1: Option R>,
- identity_v1: Option I>,
-) -> io::Result<()> {
+pub fn run_state_machine(state_machine: &str, handler: impl PluginHandler) -> io::Result<()> {
use age_core::plugin::{IDENTITY_V1, RECIPIENT_V1};
match state_machine {
- RECIPIENT_V1 => {
- if let Some(plugin) = recipient_v1 {
- recipient::run_v1(plugin())
- } else {
- Err(io::Error::new(
- io::ErrorKind::InvalidInput,
- "plugin doesn't support recipient-v1 state machine",
- ))
- }
- }
- IDENTITY_V1 => {
- if let Some(plugin) = identity_v1 {
- identity::run_v1(plugin())
- } else {
- Err(io::Error::new(
- io::ErrorKind::InvalidInput,
- "plugin doesn't support identity-v1 state machine",
- ))
- }
- }
+ RECIPIENT_V1 => recipient::run_v1(handler.recipient_v1()?),
+ IDENTITY_V1 => identity::run_v1(handler.identity_v1()?),
_ => Err(io::Error::new(
io::ErrorKind::InvalidInput,
"unknown plugin state machine",
@@ -244,6 +237,63 @@ pub fn run_state_machine io::Result {
+ Err(io::Error::new(
+ io::ErrorKind::InvalidInput,
+ "plugin doesn't support recipient-v1 state machine",
+ ))
+ }
+
+ /// Returns an instance of the plugin's [`identity-v1`] implementation.
+ ///
+ /// [`identity-v1`]: https://c2sp.org/age-plugin#unwrapping-with-identity-v1
+ fn identity_v1(self) -> io::Result {
+ Err(io::Error::new(
+ io::ErrorKind::InvalidInput,
+ "plugin doesn't support identity-v1 state machine",
+ ))
+ }
+}
+
/// The interface that age plugins can use to interact with an age implementation.
pub trait Callbacks {
/// Shows a message to the user.
diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs
index 6f55704..0370c2d 100644
--- a/age-plugin/src/recipient.rs
+++ b/age-plugin/src/recipient.rs
@@ -1,12 +1,15 @@
//! Recipient plugin helpers.
use age_core::{
- format::{FileKey, Stanza, FILE_KEY_BYTES},
+ format::{is_arbitrary_string, FileKey, Stanza},
plugin::{self, BidirSend, Connection},
secrecy::SecretString,
};
use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine};
use bech32::FromBase32;
+
+use std::collections::HashSet;
+use std::convert::Infallible;
use std::io;
use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX, PLUGIN_RECIPIENT_PREFIX};
@@ -14,9 +17,21 @@ use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX, PLUGIN_RECIPIENT_PREFIX};
const ADD_RECIPIENT: &str = "add-recipient";
const ADD_IDENTITY: &str = "add-identity";
const WRAP_FILE_KEY: &str = "wrap-file-key";
+const EXTENSION_LABELS: &str = "extension-labels";
const RECIPIENT_STANZA: &str = "recipient-stanza";
+const LABELS: &str = "labels";
/// The interface that age implementations will use to interact with an age plugin.
+///
+/// Implementations of this trait will be used within the [`recipient-v1`] state machine.
+///
+/// The trait methods are always called in this order:
+/// - [`Self::add_recipient`] / [`Self::add_identity`] (in any order, including
+/// potentially interleaved).
+/// - [`Self::labels`] (once all recipients and identities have been added).
+/// - [`Self::wrap_file_keys`]
+///
+/// [`recipient-v1`]: https://c2sp.org/age-plugin#wrapping-with-recipient-v1
pub trait RecipientPluginV1 {
/// Stores a recipient that the user would like to encrypt age files to.
///
@@ -33,11 +48,45 @@ pub trait RecipientPluginV1 {
/// Returns an error if the identity is unknown or invalid.
fn add_identity(&mut self, index: usize, plugin_name: &str, bytes: &[u8]) -> Result<(), Error>;
+ /// Returns labels that constrain how the stanzas produced by [`Self::wrap_file_keys`]
+ /// may be combined with those from other recipients.
+ ///
+ /// Encryption will succeed only if every recipient returns the same set of labels.
+ /// Subsets or partial overlapping sets are not allowed; all sets must be identical.
+ /// Labels are compared exactly, and are case-sensitive.
+ ///
+ /// Label sets can be used to ensure a recipient is only encrypted to alongside other
+ /// recipients with equivalent properties, or to ensure a recipient is always used
+ /// alone. A recipient with no particular properties to enforce should return an empty
+ /// label set.
+ ///
+ /// Labels can have any value that is a valid arbitrary string (`1*VCHAR` in ABNF),
+ /// but usually take one of several forms:
+ /// - *Common public label* - used by multiple recipients to permit their stanzas to
+ /// be used only together. Examples include:
+ /// - `postquantum` - indicates that the recipient stanzas being generated are
+ /// postquantum-secure, and that they can only be combined with other stanzas
+ /// that are also postquantum-secure.
+ /// - *Common private label* - used by recipients created by the same private entity
+ /// to permit their recipient stanzas to be used only together. For example,
+ /// private recipients used in a corporate environment could all send the same
+ /// private label in order to prevent compliant age clients from simultaneously
+ /// wrapping file keys with other recipients.
+ /// - *Random label* - used by recipients that want to ensure their stanzas are not
+ /// used with any other recipient stanzas. This can be used to produce a file key
+ /// that is only encrypted to a single recipient stanza, for example to preserve
+ /// its authentication properties.
+ fn labels(&mut self) -> HashSet;
+
/// Wraps each `file_key` to all recipients and identities previously added via
/// `add_recipient` and `add_identity`.
///
- /// Returns either one stanza per recipient and identity for each file key, or any
- /// errors if one or more recipients or identities could not be wrapped to.
+ /// Returns a set of stanzas per file key that wrap it to each recipient and identity.
+ /// Plugins may return more than one stanza per "actual recipient", e.g. to support
+ /// multiple formats, to build group aliases, or to act as a proxy.
+ ///
+ /// If one or more recipients or identities could not be wrapped to, no stanzas are
+ /// returned for any of the file keys.
///
/// `callbacks` can be used to interact with the user, to have them take some physical
/// action or request a secret value.
@@ -48,6 +97,32 @@ pub trait RecipientPluginV1 {
) -> io::Result>, Vec>>;
}
+impl RecipientPluginV1 for Infallible {
+ fn add_recipient(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> {
+ // This is never executed.
+ Ok(())
+ }
+
+ fn add_identity(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> {
+ // This is never executed.
+ Ok(())
+ }
+
+ fn labels(&mut self) -> HashSet {
+ // This is never executed.
+ HashSet::new()
+ }
+
+ fn wrap_file_keys(
+ &mut self,
+ _: Vec,
+ _: impl Callbacks,
+ ) -> io::Result>, Vec>> {
+ // This is never executed.
+ Ok(Ok(vec![]))
+ }
+}
+
/// The interface that age plugins can use to interact with an age implementation.
struct BidirCallbacks<'a, 'b, R: io::Read, W: io::Write>(&'b mut BidirSend<'a, R, W>);
@@ -112,7 +187,7 @@ impl<'a, 'b, R: io::Read, W: io::Write> Callbacks for BidirCallbacks<'a,
.and_then(|res| match res {
Ok(s) => String::from_utf8(s.body)
.map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "secret is not UTF-8"))
- .map(|s| Ok(SecretString::new(s))),
+ .map(|s| Ok(SecretString::from(s))),
Err(e) => Ok(Err(e)),
})
}
@@ -188,8 +263,8 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
let mut conn = Connection::accept();
// Phase 1: collect recipients, and file keys to be wrapped
- let ((recipients, identities), file_keys) = {
- let (recipients, identities, file_keys) = conn.unidir_receive(
+ let ((recipients, identities), file_keys, labels_supported) = {
+ let (recipients, identities, file_keys, labels_supported) = conn.unidir_receive(
(ADD_RECIPIENT, |s| match (&s.args[..], &s.body[..]) {
([recipient], []) => Ok(recipient.clone()),
_ => Err(Error::Internal {
@@ -210,12 +285,18 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
}),
(Some(WRAP_FILE_KEY), |s| {
// TODO: Should we ignore file key commands with unexpected metadata args?
- TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&s.body[..])
- .map_err(|_| Error::Internal {
- message: "invalid file key length".to_owned(),
- })
- .map(FileKey::from)
+ FileKey::try_init_with_mut(|file_key| {
+ if s.body.len() == file_key.len() {
+ file_key.copy_from_slice(&s.body);
+ Ok(())
+ } else {
+ Err(Error::Internal {
+ message: "invalid file key length".to_owned(),
+ })
+ }
+ })
}),
+ (Some(EXTENSION_LABELS), |_| Ok(())),
)?;
(
match (recipients, identities) {
@@ -236,6 +317,13 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
}]),
r => r,
},
+ match &labels_supported.unwrap() {
+ Ok(v) if v.is_empty() => Ok(false),
+ Ok(v) if v.len() == 1 => Ok(true),
+ _ => Err(vec![Error::Internal {
+ message: format!("Received more than one {} command", EXTENSION_LABELS),
+ }]),
+ },
)
};
@@ -300,23 +388,61 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> {
|index, plugin_name, bytes| plugin.add_identity(index, plugin_name, &bytes),
);
+ let required_labels = plugin.labels();
+
+ let labels = match (labels_supported, required_labels.is_empty()) {
+ (Ok(true), _) | (Ok(false), true) => {
+ if required_labels.contains("") {
+ Err(vec![Error::Internal {
+ message: "Plugin tried to use the empty string as a label".into(),
+ }])
+ } else if required_labels.iter().all(is_arbitrary_string) {
+ Ok(required_labels)
+ } else {
+ Err(vec![Error::Internal {
+ message: "Plugin tried to use a label containing an invalid character".into(),
+ }])
+ }
+ }
+ (Ok(false), false) => Err(vec![Error::Internal {
+ message: "Plugin requires labels but client does not support them".into(),
+ }]),
+ (Err(errors), true) => Err(errors),
+ (Err(mut errors), false) => {
+ errors.push(Error::Internal {
+ message: "Plugin requires labels but client does not support them".into(),
+ });
+ Err(errors)
+ }
+ };
+
// Phase 2: wrap the file keys or return errors
conn.bidir_send(|mut phase| {
- let (expected_stanzas, file_keys) = match (recipients, identities, file_keys) {
- (Ok(recipients), Ok(identities), Ok(file_keys)) => (recipients + identities, file_keys),
- (recipients, identities, file_keys) => {
- for error in recipients
- .err()
- .into_iter()
- .chain(identities.err())
- .chain(file_keys.err())
- .flatten()
- {
- error.send(&mut phase)?;
+ let (expected_stanzas, file_keys, labels) =
+ match (recipients, identities, file_keys, labels) {
+ (Ok(recipients), Ok(identities), Ok(file_keys), Ok(labels)) => {
+ (recipients + identities, file_keys, labels)
}
- return Ok(());
- }
- };
+ (recipients, identities, file_keys, labels) => {
+ for error in recipients
+ .err()
+ .into_iter()
+ .chain(identities.err())
+ .chain(file_keys.err())
+ .chain(labels.err())
+ .flatten()
+ {
+ error.send(&mut phase)?;
+ }
+ return Ok(());
+ }
+ };
+
+ let labels = labels.iter().map(|s| s.as_str()).collect::>();
+ // We confirmed above that if `labels` is non-empty, the client supports labels.
+ // So we can unconditionally send this, and will only get an `unsupported`
+ // response if `labels` is empty (where it does not matter).
+ let _ = phase.send(LABELS, &labels, &[])?;
match plugin.wrap_file_keys(file_keys, BidirCallbacks(&mut phase))? {
Ok(files) => {
diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md
index 95dda56..eb79b40 100644
--- a/age/CHANGELOG.md
+++ b/age/CHANGELOG.md
@@ -10,13 +10,68 @@ to 1.0.0 are beta releases.
## [Unreleased]
-## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1] - 2024-11-18
+## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18
### Security
-- The age plugin protocol previously allowed plugin names that could be
- interpreted as file paths. Under certain conditions, this could lead to a
- different binary being executed as an age plugin than intended. Plugin names
- are now required to only contain alphanumeric characters or the four special
- characters `+-._`.
+- Fixed a security vulnerability that could allow an attacker to execute an
+ arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin
+ names are now required to only contain alphanumeric characters or the four
+ special characters `+-._`. Thanks to ⬡-49016 for reporting this issue.
+
+## [0.11.0] - 2024-11-03
+### Added
+- New streamlined APIs for use with a single recipient or identity and a small
+ amount of data (that can fit entirely in memory):
+ - `age::encrypt`
+ - `age::encrypt_and_armor`
+ - `age::decrypt`
+- `age::Decryptor::{decrypt, decrypt_async, is_scrypt}`
+- `age::IdentityFile::to_recipients`
+- `age::IdentityFile::with_callbacks`
+- `age::IdentityFile::write_recipients_file`
+- `age::IdentityFileConvertError`
+- `age::NoCallbacks`
+- `age::scrypt`, providing recipient and identity types for passphrase-based
+ encryption.
+- Partial French translation!
+
+### Changed
+- Migrated to `i18n-embed 0.15`, `secrecy 0.10`.
+- `age::Encryptor::with_recipients` now takes recipients by reference instead of
+ by value. This aligns it with `age::Decryptor` (which takes identities by
+ reference), and also means that errors with recipients are reported earlier.
+ This causes the following changes to the API:
+ - `Encryptor::with_recipients` takes `impl Iterator- `
+ instead of `Vec>`.
+ - Verification of recipients and generation of stanzas now happens in
+ `Encryptor::with_recipients` instead of `Encryptor::wrap_output` and
+ `Encryptor::wrap_async_output`.
+ - `Encryptor::with_recipients` returns `Result` instead of
+ `Option`, and `Encryptor::{wrap_output, wrap_async_output}` return
+ `io::Result>` instead of `Result, EncryptError>`.
+ - `age::EncryptError` has a new variant `MissingRecipients`, taking the place
+ of the `None` that `Encryptor::with_recipients` could previously return.
+- `age::Decryptor` is now an opaque struct instead of an enum with `Recipients`
+ and `Passphrase` variants.
+- `age::IdentityFile` now has a `C: Callbacks` generic parameter, which defaults
+ to `NoCallbacks`.
+- `age::IdentityFile::into_identities` now returns
+ `Result>, DecryptError>` instead of
+ `Vec`.
+- `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`:
+ a tuple of the stanzas to be placed in an age file header, and labels that
+ constrain how the stanzas may be combined with those from other recipients.
+- `age::plugin::RecipientPluginV1` now supports the labels extension.
+
+### Fixed
+- `age::cli_common::read_identities` once again correctly parses identity files
+ that are a single line without a trailing newline. This broke in 0.10.0 due to
+ an unrelated refactor.
+
+### Removed
+- `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with
+ `age::scrypt::Identity` instead).
+- `age::decryptor::RecipientsDecryptor` (use `age::Decryptor` instead).
+- `age::IdentityFileEntry`
## [0.10.0] - 2024-02-04
### Added
diff --git a/age/Cargo.toml b/age/Cargo.toml
index d407c62..1151046 100644
--- a/age/Cargo.toml
+++ b/age/Cargo.toml
@@ -1,7 +1,7 @@
[package]
name = "age"
description = "[BETA] A simple, secure, and modern encryption library."
-version = "0.10.1"
+version = "0.11.1"
authors.workspace = true
repository.workspace = true
readme = "README.md"
@@ -37,7 +37,7 @@ futures = { version = "0.3", optional = true }
pin-project = "1"
# Common CLI dependencies
-pinentry = { version = "0.5", optional = true }
+pinentry = { workspace = true, optional = true }
# Dependencies used internally:
# (Breaking upgrades to these are usually backwards-compatible, but check MSRVs.)
diff --git a/age/README.md b/age/README.md
index ea7c188..e3a4cff 100644
--- a/age/README.md
+++ b/age/README.md
@@ -12,8 +12,8 @@ encryption and decryption of files or streams (e.g. in shell scripts), as well
as additional features such as mounting an encrypted archive.
The format specification is at [age-encryption.org/v1](https://age-encryption.org/v1).
-The age format was designed by [@Benjojo12](https://twitter.com/Benjojo12) and
-[@FiloSottile](https://twitter.com/FiloSottile).
+The age format was designed by [@Benjojo](https://benjojo.co.uk/) and
+[@FiloSottile](https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl).
The reference interoperable Go implementation is available at
[filippo.io/age](https://filippo.io/age).
@@ -23,7 +23,7 @@ The reference interoperable Go implementation is available at
Add this line to your `Cargo.toml`:
```
-age = "0.10"
+age = "0.11"
```
See the [documentation](https://docs.rs/age) for examples.
diff --git a/age/benches/parser.rs b/age/benches/parser.rs
index e67fb57..cea37c4 100644
--- a/age/benches/parser.rs
+++ b/age/benches/parser.rs
@@ -1,4 +1,4 @@
-use age::{x25519, Decryptor, Encryptor, Recipient};
+use age::{x25519, Decryptor, Encryptor};
use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion, Throughput};
#[cfg(unix)]
@@ -8,7 +8,7 @@ use std::io::Write;
fn bench(c: &mut Criterion) {
let recipients: Vec<_> = (0..10)
- .map(|_| Box::new(x25519::Identity::generate().to_public()))
+ .map(|_| x25519::Identity::generate().to_public())
.collect();
let mut group = c.benchmark_group("header");
@@ -16,17 +16,11 @@ fn bench(c: &mut Criterion) {
group.throughput(Throughput::Elements(count as u64));
group.bench_function(BenchmarkId::new("parse", count), |b| {
let mut encrypted = vec![];
- let mut output = Encryptor::with_recipients(
- recipients
- .iter()
- .take(count)
- .cloned()
- .map(|r| r as Box)
- .collect(),
- )
- .unwrap()
- .wrap_output(&mut encrypted)
- .unwrap();
+ let mut output =
+ Encryptor::with_recipients(recipients.iter().take(count).map(|r| r as _))
+ .unwrap()
+ .wrap_output(&mut encrypted)
+ .unwrap();
output.write_all(&[]).unwrap();
output.finish().unwrap();
diff --git a/age/benches/throughput.rs b/age/benches/throughput.rs
index 7a3c8e5..8c5c349 100644
--- a/age/benches/throughput.rs
+++ b/age/benches/throughput.rs
@@ -52,7 +52,7 @@ fn bench(c: &mut Criterion_) {
group.bench_function(BenchmarkId::new("encrypt", size), |b| {
b.iter(|| {
- let mut output = Encryptor::with_recipients(vec![Box::new(recipient.clone())])
+ let mut output = Encryptor::with_recipients(iter::once(&recipient as _))
.unwrap()
.wrap_output(io::sink())
.unwrap();
@@ -62,7 +62,7 @@ fn bench(c: &mut Criterion_) {
});
group.bench_function(BenchmarkId::new("decrypt", size), |b| {
- let mut output = Encryptor::with_recipients(vec![Box::new(recipient.clone())])
+ let mut output = Encryptor::with_recipients(iter::once(&recipient as _))
.unwrap()
.wrap_output(&mut ct_buf)
.unwrap();
@@ -70,10 +70,7 @@ fn bench(c: &mut Criterion_) {
output.finish().unwrap();
b.iter(|| {
- let decryptor = match Decryptor::new_buffered(&ct_buf[..]).unwrap() {
- Decryptor::Recipients(decryptor) => decryptor,
- _ => panic!(),
- };
+ let decryptor = Decryptor::new_buffered(&ct_buf[..]).unwrap();
let mut input = decryptor
.decrypt(iter::once(&identity as &dyn age::Identity))
.unwrap();
diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl
index 4f6af14..f1b07ed 100644
--- a/age/i18n/en-US/age.ftl
+++ b/age/i18n/en-US/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -44,6 +46,20 @@ rec-deny-binary-output = Did you mean to use {-flag-armor}? {rec-detected-binary
err-deny-overwrite-file = refusing to overwrite existing file '{$filename}'.
+err-invalid-filename = invalid filename '{$filename}'.
+
+err-missing-directory = directory '{$path}' does not exist.
+
+## Identity file errors
+
+err-failed-to-write-output = Failed to write to output: {$err}
+
+err-identity-file-contains-plugin = Identity file '{$filename}' contains identities for '{-age-plugin-}{$plugin_name}'.
+rec-identity-file-contains-plugin = Try using '{-age-plugin-}{$plugin_name}' to convert this identity to a recipient.
+
+err-no-identities-in-file = No identities found in file '{$filename}'.
+err-no-identities-in-stdin = No identities found in standard input.
+
## Errors
err-decryption-failed = Decryption failed
@@ -55,8 +71,17 @@ err-header-invalid = Header is invalid
err-header-mac-invalid = Header MAC is invalid
+err-incompatible-recipients-oneway = Cannot encrypt to a recipient with labels '{$labels}' alongside a recipient with no labels
+err-incompatible-recipients-twoway = Cannot encrypt to a recipient with labels '{$left}' alongside a recipient with labels '{$right}'
+
+err-invalid-recipient-labels = The first recipient requires one or more invalid labels: '{$labels}'
+
err-key-decryption = Failed to decrypt an encrypted key
+err-missing-recipients = Missing recipients.
+
+err-mixed-recipient-passphrase = {-scrypt-recipient} can't be used with other recipients.
+
err-no-matching-keys = No matching keys found
err-unknown-format = Unknown {-age} format.
diff --git a/age/i18n/es-AR/age.ftl b/age/i18n/es-AR/age.ftl
index 657760a..08a5406 100644
--- a/age/i18n/es-AR/age.ftl
+++ b/age/i18n/es-AR/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -55,6 +57,8 @@ err-header-mac-invalid = MAC de encabezado inválido.
err-key-decryption = No se pudo desencriptar una clave encriptada.
+err-missing-recipients = No se encontraron destinatarios.
+
err-no-matching-keys = No se encontraron claves coincidentes.
err-unknown-format = Formato {-age} desconocido.
diff --git a/age/i18n/fr/age.ftl b/age/i18n/fr/age.ftl
new file mode 100644
index 0000000..e2be564
--- /dev/null
+++ b/age/i18n/fr/age.ftl
@@ -0,0 +1,185 @@
+# Copyright 2020 Jack Grigg
+#
+# Licensed under the Apache License, Version 2.0 or the MIT license
+# , at your
+# option. This file may not be copied, modified, or distributed
+# except according to those terms.
+
+### Localization for strings in the age library crate
+
+## Terms (not to be localized)
+
+-age = age
+-rage = rage
+
+-scrypt-recipient = scrypt::Recipient
+
+-openssh = OpenSSH
+-ssh-keygen = ssh-keygen
+-ssh-rsa = ssh-rsa
+-ssh-ed25519 = ssh-ed25519
+-fido-u2f = FIDO/U2F
+-yubikeys = YubiKeys
+-piv = PIV
+
+## CLI helpers
+
+cli-secret-input-required = Entrée requise
+cli-secret-input-mismatch = Les entrées ne correspondent pas
+
+cli-passphrase-desc = Tapez votre phrase secrète (laissez vide pour en générer une très sure automatiquement)
+cli-passphrase-prompt = Phrase secrète
+cli-passphrase-confirm = Confirmez votre phrase secrète
+
+-flag-armor = -a/--armor
+-flag-output = -o/--output
+-output-stdout = -o -
+
+cli-truncated-tty = tronqué; utilisez un pipe, une redirection ou {-flag-output} pour déchiffrer l'entièreté du fichier
+
+err-detected-binary = données non impressibles détectées; par précaution, pas d'impression dans le terminal.
+rec-detected-binary = Forcez l'impression avec '{-output-stdout}'.
+
+err-deny-binary-output = refus d'impression de valeurs binaires dans le terminal.
+rec-deny-binary-output = Est-ce que vous vouliez utiliser {-flag-armor}? {rec-detected-binary}
+
+err-deny-overwrite-file = refus d'écraser le fichier existant '{$filename}'.
+
+## Identity file errors
+
+err-failed-to-write-output = Echec d'écriture vers la sortie: {$err}
+
+err-identity-file-contains-plugin = Le ficher d'identité '{$filename}' contient des identités pour '{-age-plugin-}{$plugin_name}'.
+rec-identity-file-contains-plugin = Essayez d'utiliser {-age-plugin-}{$plugin_name}' pour convertir cette identité en un destinataire.
+
+err-no-identities-in-file = Aucune identité trouvée dans le fichier '{$filename}'.
+err-no-identities-in-stdin = Aucune identité trouvée dans l'entrée standard (stdin).
+
+## Errors
+
+err-decryption-failed = Echec du déchiffrement
+
+err-excessive-work = Facteur d'effort trop grand pour la phrase secrète.
+rec-excessive-work = Le déchiffrement prendrait environ {$duration} seconds.
+
+err-header-invalid = En-tête non valable
+
+err-header-mac-invalid = Le MAC de l'en-tête est invalide
+
+err-key-decryption = Echec du déchiffrement d'une clef chiffrée
+
+err-missing-recipients = Destinataires manquants.
+
+err-no-matching-keys = Aucune clef correspondante n'a été trouvée
+
+err-unknown-format = Format {-age} inconnu.
+rec-unknown-format = Avez-vous tenté de mettre jour vers la dernière version ?
+
+err-missing-plugin = Impossible de trouver '{$plugin_name}' dans le PATH.
+rec-missing-plugin = Avez-vous installé le plugin ?
+
+err-plugin-identity = '{$plugin_name}' n'a pas pu utiliser une identité: {$message}
+err-plugin-recipient = '{$plugin_name}' n'a pas pu utiliser le destinataire {$recipient}: {$message}
+
+err-plugin-died = '{$plugin_name}' est mort de manière inopinée.
+rec-plugin-died-1 = Si vous développez un plugin, utilisez {$env_var} pour plus d'informations.
+rec-plugin-died-2 = Attention: ceci imprime des informations de clef privées sur la sortie d'erreur standard.
+
+err-plugin-multiple = Le plugin a retourné de multiples erreurs:
+
+err-read-identity-encrypted-without-passphrase =
+ Le fichier d'identité '{$filename}' est chiffré avec {-age} mais pas avec une phrase secrète.
+err-read-identity-not-found = Fichier d'identité introuvable: {$filename}
+
+err-read-invalid-recipient = Destinataire invalide: '{$recipient}'.
+
+err-read-invalid-recipients-file =
+ Le fichier de destinataires '{$filename}' contient des données autres que des destinataires à la ligne {$line_number}.
+
+err-read-missing-recipients-file = Fichier de destinataires introuvable: {$filename}
+
+err-read-multiple-stdin = L'entrée standard (stdin) ne peut pas être utilisée pour plus d'une chose.
+
+err-read-rsa-modulus-too-large =
+ Module RSA Trop Grand
+ ---------------------
+ {-openssh} supporte de nombreuses tailles de modules RSA, mais {-rage} ne supporte que des clefs
+ publiques d'au plus {$max_size} bits, pour éviter les risques de déni de service (DoS) lors du
+ chiffrement vers des clefs publiques inconnues.
+
+err-read-rsa-modulus-too-small = Taille de clef RSA trop petite.
+
+err-stream-last-chunk-empty = Le dernier morceau du STREAM est vide. chunk is empty. S'il vous plait, faites un bug report, et/ou essayez avec une version plus ancienne de {-rage}.
+
+## Encrypted identities
+
+encrypted-passphrase-prompt = Type passphrase for encrypted identity '{$filename}'
+
+encrypted-warn-no-match = Warning: encrypted identity file '{$filename}' didn't match file's recipients
+
+## Plugin identities
+
+plugin-waiting-on-binary = Waiting for {$binary_name}...
+
+## SSH identities
+
+ssh-passphrase-prompt = Type passphrase for {-openssh} key '{$filename}'
+
+ssh-unsupported-key = Unsupported SSH key: {$name}
+
+ssh-insecure-key-format =
+ Insecure Encrypted Key Format
+ -----------------------------
+ Prior to {-openssh} version 7.8, if a password was set when generating a new
+ DSA, ECDSA, or RSA key, {-ssh-keygen} would encrypt the key using the encrypted
+ PEM format. This encryption format is insecure and should no longer be used.
+
+ You can migrate your key to the encrypted SSH private key format (which has
+ been supported by {-openssh} since version 6.5, released in January 2014) by
+ changing its passphrase with the following command:
+
+ {" "}{$change_passphrase}
+
+ If you are using an {-openssh} version between 6.5 and 7.7 (such as the default
+ {-openssh} provided on Ubuntu 18.04 LTS), you can use the following command to
+ force keys to be generated using the new format:
+
+ {" "}{$gen_new}
+
+ssh-unsupported-cipher =
+ Unsupported Cipher for Encrypted SSH Key
+ ----------------------------------------
+ {-openssh} internally supports several different ciphers for encrypted keys,
+ but it has only ever directly generated a few of them. {-rage} supports all
+ ciphers that {-ssh-keygen} might generate, and is being updated on a
+ case-by-case basis with support for non-standard ciphers. Your key uses a
+ currently-unsupported cipher ({$cipher}).
+
+ If you would like support for this key type, please open an issue here:
+
+ {$new_issue}
+
+ssh-unsupported-key-type =
+ Unsupported SSH Key Type
+ ------------------------
+ {-openssh} supports various different key types, but {-rage} only supports a
+ subset of these for backwards compatibility, specifically the '{-ssh-rsa}'
+ and '{-ssh-ed25519}' key types. This SSH key uses the unsupported key type
+ '{$key_type}'.
+
+ssh-unsupported-security-key =
+ Authenficateur physique SSH non supporté
+ --------------------------------------
+ {-openssh} version 8.2p1 a ajouté le support pour les authentificateurs physique {-fido-u2f}
+ y compris les clefs de sécurité physiques telles que {-yubikeys}. {-rage} ne fonctionne pas
+ avec ce type de clef SSH, parcque leur protocole ne supporte pas le chiffrement.
+ Cette clef SSH est du type '{$key_type}' qui n'est pas compatible.
+
+ Si vous avez une clef de sécurité physique, vous devriez utiliser ce plugin:
+
+ {$age_plugin_yubikey_url}
+
+ Une clef de sécurité utilisée avec à la fois {-openssh} et ce plugin aura
+ une clef SSH publique différente de sa clef destinataire {-age}, car ce plugin
+ implémente le protocol {-piv}.
diff --git a/age/i18n/it/age.ftl b/age/i18n/it/age.ftl
index 64a1ff2..f8c16ca 100644
--- a/age/i18n/it/age.ftl
+++ b/age/i18n/it/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -44,6 +46,16 @@ rec-deny-binary-output = Intendevi usare {-flag-armor}? {rec-detected-binary}
err-deny-overwrite-file = rifiuto di sovrascrivere il file esistente '{$filename}'.
+## Identity file errors
+
+err-failed-to-write-output = Impossibile scrivere sull'output: {$err}
+
+err-identity-file-contains-plugin = Il file '{$filename}' contiene identità per '{-age-plugin-}{$plugin_name}'.
+rec-identity-file-contains-plugin = Prova a usare '{-age-plugin-}{$plugin_name}' per convertire questa identità in destinatario.
+
+err-no-identities-in-file = Nessuna identità trovata nel file '{$filename}'.
+err-no-identities-in-stdin = Nessuna identità trovata tramite standard input.
+
## Errors
err-decryption-failed = Decifrazione fallita
@@ -57,6 +69,8 @@ err-header-mac-invalid = Il MAC dell'header è invalido
err-key-decryption = La decifrazione di una chiave crittografata è fallita
+err-missing-recipients = Destinatari mancanti.
+
err-no-matching-keys = Nessuna chiave corrispondente trovata
err-unknown-format = Formato {-age} sconosciuto.
diff --git a/age/i18n/ru/age.ftl b/age/i18n/ru/age.ftl
index 410a67a..1158cac 100644
--- a/age/i18n/ru/age.ftl
+++ b/age/i18n/ru/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -44,6 +46,16 @@ rec-deny-binary-output = Возможно, вы хотели использов
err-deny-overwrite-file = отказ от перезаписи существующего файла '{$filename}'.
+## Identity file errors
+
+err-failed-to-write-output = Не удалось записать в выходной файл: {$err}
+
+err-identity-file-contains-plugin = Файл идентификации '{$filename}' содержит идентификаторы для '{-age-plugin-}{$plugin_name}'.
+rec-identity-file-contains-plugin = Попробуйте использовать '{-age-plugin-}{$plugin_name}' для преобразования этого идентификатора в получателя.
+
+err-no-identities-in-file = Идентификаторы в файле '{$filename}' не найдены.
+err-no-identities-in-stdin = Идентификаторы в стандартном вводе не найдены.
+
## Errors
err-decryption-failed = Ошибка дешифрования
@@ -57,6 +69,8 @@ err-header-mac-invalid = Недействительный MAC заголовка
err-key-decryption = Не удалось расшифровать зашифрованный ключ
+err-missing-recipients = Отсутствуют получатели.
+
err-no-matching-keys = Не найдены подходящие ключи
err-unknown-format = Неизвестный формат {-age}.
diff --git a/age/i18n/zh-CN/age.ftl b/age/i18n/zh-CN/age.ftl
index f38cf1d..d4aefd1 100644
--- a/age/i18n/zh-CN/age.ftl
+++ b/age/i18n/zh-CN/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -55,6 +57,8 @@ err-header-mac-invalid = 标头消息认证码 (MAC) 无效
err-key-decryption = 未能解密加密密钥
+err-missing-recipients = 缺少接收方。
+
err-no-matching-keys = 未搜索到匹配的密钥
err-unknown-format = 未知的 {-age} 格式。
diff --git a/age/i18n/zh-TW/age.ftl b/age/i18n/zh-TW/age.ftl
index 871ba93..3caa462 100644
--- a/age/i18n/zh-TW/age.ftl
+++ b/age/i18n/zh-TW/age.ftl
@@ -13,6 +13,8 @@
-age = age
-rage = rage
+-scrypt-recipient = scrypt::Recipient
+
-openssh = OpenSSH
-ssh-keygen = ssh-keygen
-ssh-rsa = ssh-rsa
@@ -55,6 +57,8 @@ err-header-mac-invalid = 標頭消息認證碼 (MAC) 無效
err-key-decryption = 未能解密加密密鑰
+err-missing-recipients = 缺少接收方。
+
err-no-matching-keys = 未搜索到匹配的密鑰
err-unknown-format = 未知的 {-age} 格式。
diff --git a/age/src/cli_common.rs b/age/src/cli_common.rs
index f8a25e6..c508544 100644
--- a/age/src/cli_common.rs
+++ b/age/src/cli_common.rs
@@ -125,10 +125,10 @@ pub fn read_secret(
input.interact()
} else {
// Fall back to CLI interface.
- let passphrase = prompt_password(format!("{}: ", description)).map(SecretString::new)?;
+ let passphrase = prompt_password(format!("{}: ", description)).map(SecretString::from)?;
if let Some(confirm_prompt) = confirm {
let confirm_passphrase =
- prompt_password(format!("{}: ", confirm_prompt)).map(SecretString::new)?;
+ prompt_password(format!("{}: ", confirm_prompt)).map(SecretString::from)?;
if !bool::from(
passphrase
@@ -199,7 +199,7 @@ impl Passphrase {
acc + "-" + s
}
});
- Passphrase::Generated(SecretString::new(new_passphrase))
+ Passphrase::Generated(SecretString::from(new_passphrase))
}
}
diff --git a/age/src/cli_common/error.rs b/age/src/cli_common/error.rs
index 0ae80f2..2769ad1 100644
--- a/age/src/cli_common/error.rs
+++ b/age/src/cli_common/error.rs
@@ -1,7 +1,10 @@
use std::fmt;
use std::io;
-use crate::{wfl, wlnfl, DecryptError};
+use crate::{wfl, DecryptError};
+
+#[cfg(feature = "plugin")]
+use crate::wlnfl;
/// Errors that can occur while reading recipients or identities.
#[derive(Debug)]
diff --git a/age/src/cli_common/file_io.rs b/age/src/cli_common/file_io.rs
index e24324f..7275df8 100644
--- a/age/src/cli_common/file_io.rs
+++ b/age/src/cli_common/file_io.rs
@@ -16,39 +16,37 @@ use crate::{fl, util::LINE_ENDING, wfl, wlnfl};
const SHORT_OUTPUT_LENGTH: usize = 20 * 80;
#[derive(Debug)]
-struct DenyBinaryOutputError;
+enum FileError {
+ DenyBinaryOutput,
+ DenyOverwriteFile(String),
+ DetectedBinaryOutput,
+ InvalidFilename(String),
+ MissingDirectory(String),
+}
-impl fmt::Display for DenyBinaryOutputError {
+impl fmt::Display for FileError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
- wlnfl!(f, "err-deny-binary-output")?;
- wfl!(f, "rec-deny-binary-output")
+ match self {
+ Self::DenyBinaryOutput => {
+ wlnfl!(f, "err-deny-binary-output")?;
+ wfl!(f, "rec-deny-binary-output")
+ }
+ Self::DenyOverwriteFile(filename) => {
+ wfl!(f, "err-deny-overwrite-file", filename = filename.as_str())
+ }
+ Self::DetectedBinaryOutput => {
+ wlnfl!(f, "err-detected-binary")?;
+ wfl!(f, "rec-detected-binary")
+ }
+ Self::InvalidFilename(filename) => {
+ wfl!(f, "err-invalid-filename", filename = filename.as_str())
+ }
+ Self::MissingDirectory(path) => wfl!(f, "err-missing-directory", path = path.as_str()),
+ }
}
}
-impl std::error::Error for DenyBinaryOutputError {}
-
-#[derive(Debug)]
-struct DetectedBinaryOutputError;
-
-impl fmt::Display for DetectedBinaryOutputError {
- fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
- wlnfl!(f, "err-detected-binary")?;
- wfl!(f, "rec-detected-binary")
- }
-}
-
-impl std::error::Error for DetectedBinaryOutputError {}
-
-#[derive(Debug)]
-struct DenyOverwriteFileError(String);
-
-impl fmt::Display for DenyOverwriteFileError {
- fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
- wfl!(f, "err-deny-overwrite-file", filename = self.0.as_str())
- }
-}
-
-impl std::error::Error for DenyOverwriteFileError {}
+impl std::error::Error for FileError {}
/// Wrapper around a [`File`].
pub struct FileReader {
@@ -211,7 +209,7 @@ impl Write for StdoutWriter {
if std::str::from_utf8(data).is_err() {
return Err(io::Error::new(
io::ErrorKind::InvalidInput,
- DetectedBinaryOutputError,
+ FileError::DetectedBinaryOutput,
));
}
}
@@ -353,13 +351,32 @@ impl OutputWriter {
// Respect the Unix convention that "-" as an output filename
// parameter is an explicit request to use standard output.
if filename != "-" {
+ let file_path = Path::new(&filename);
+
+ // Provide a better error if the filename is invalid, or the directory
+ // containing the file does not exist (we don't automatically create
+ // directories).
+ if let Some(dir_path) = file_path.parent() {
+ if !(dir_path == Path::new("") || dir_path.exists()) {
+ return Err(io::Error::new(
+ io::ErrorKind::NotFound,
+ FileError::MissingDirectory(dir_path.display().to_string()),
+ ));
+ }
+ } else {
+ return Err(io::Error::new(
+ io::ErrorKind::NotFound,
+ FileError::InvalidFilename(filename),
+ ));
+ }
+
// We open the file lazily, but as we don't want the caller to assume
// this, we eagerly confirm that the file does not exist if we can't
// overwrite it.
- if !allow_overwrite && Path::new(&filename).exists() {
+ if !allow_overwrite && file_path.exists() {
return Err(io::Error::new(
io::ErrorKind::AlreadyExists,
- DenyOverwriteFileError(filename),
+ FileError::DenyOverwriteFile(filename),
));
}
@@ -378,7 +395,10 @@ impl OutputWriter {
} else if is_tty {
if let OutputFormat::Binary = format {
// If output == Some("-") then this error is skipped.
- return Err(io::Error::new(io::ErrorKind::Other, DenyBinaryOutputError));
+ return Err(io::Error::new(
+ io::ErrorKind::Other,
+ FileError::DenyBinaryOutput,
+ ));
}
}
diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs
index df46936..e9625a3 100644
--- a/age/src/cli_common/identities.rs
+++ b/age/src/cli_common/identities.rs
@@ -1,10 +1,10 @@
use std::io::{self, BufReader};
-use super::{file_io::InputReader, ReadError, StdinGuard, UiCallbacks};
+use super::{ReadError, StdinGuard, UiCallbacks};
use crate::{identity::IdentityFile, Identity};
#[cfg(feature = "armor")]
-use crate::armor::ArmoredReader;
+use crate::{armor::ArmoredReader, cli_common::file_io::InputReader};
/// Reads identities from the provided files.
///
@@ -23,19 +23,21 @@ pub fn read_identities(
max_work_factor,
stdin_guard,
&mut identities,
+ #[cfg(feature = "armor")]
|identities, identity| {
identities.push(Box::new(identity));
Ok(())
},
+ #[cfg(feature = "ssh")]
|identities, _, identity| {
identities.push(Box::new(identity.with_callbacks(UiCallbacks)));
Ok(())
},
- |identities, entry| {
- let entry = entry.into_identity(UiCallbacks);
+ |identities, identity_file| {
+ let new_identities = identity_file.into_identities();
#[cfg(feature = "plugin")]
- let entry = entry.map_err(|e| match e {
+ let new_identities = new_identities.map_err(|e| match e {
#[cfg(feature = "plugin")]
crate::DecryptError::MissingPlugin { binary_name } => {
ReadError::MissingPlugin { binary_name }
@@ -48,9 +50,9 @@ pub fn read_identities(
// IdentityFileEntry::into_identity will never return a MissingPlugin error
// when plugin feature is not enabled.
#[cfg(not(feature = "plugin"))]
- let entry = entry.unwrap();
+ let new_identities = new_identities.unwrap();
- identities.push(entry);
+ identities.extend(new_identities);
Ok(())
},
@@ -62,7 +64,7 @@ pub fn read_identities(
/// Parses the provided identity files.
pub(super) fn parse_identity_files + From>(
filenames: Vec,
- max_work_factor: Option,
+ _max_work_factor: Option,
stdin_guard: &mut StdinGuard,
ctx: &mut Ctx,
#[cfg(feature = "armor")] encrypted_identity: impl Fn(
@@ -70,17 +72,21 @@ pub(super) fn parse_identity_files + From>(
crate::encrypted::Identity>, UiCallbacks>,
) -> Result<(), E>,
#[cfg(feature = "ssh")] ssh_identity: impl Fn(&mut Ctx, &str, crate::ssh::Identity) -> Result<(), E>,
- identity_file_entry: impl Fn(&mut Ctx, crate::IdentityFileEntry) -> Result<(), E>,
+ identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>,
) -> Result<(), E> {
for filename in filenames {
- let mut reader = PeekableReader::new(BufReader::new(
- stdin_guard.open(filename.clone()).map_err(|e| match e {
+ #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))]
+ let mut reader =
+ PeekableReader::new(stdin_guard.open(filename.clone()).map_err(|e| match e {
ReadError::Io(e) if matches!(e.kind(), io::ErrorKind::NotFound) => {
ReadError::IdentityNotFound(filename.clone())
}
_ => e,
- })?,
- ));
+ })?);
+
+ // Note to future self: the order in which we try parsing formats here is critical
+ // to the correct behaviour of `PeekableReader::fill_buf`. See the comments in
+ // that method.
#[cfg(feature = "armor")]
// Try parsing as an encrypted age identity.
@@ -88,7 +94,7 @@ pub(super) fn parse_identity_files + From>(
ArmoredReader::new_buffered(&mut reader),
Some(filename.clone()),
UiCallbacks,
- max_work_factor,
+ _max_work_factor,
)
.is_ok()
{
@@ -101,7 +107,7 @@ pub(super) fn parse_identity_files + From>(
ArmoredReader::new_buffered(reader.inner),
Some(filename.clone()),
UiCallbacks,
- max_work_factor,
+ _max_work_factor,
)
.expect("already parsed the age ciphertext header");
@@ -132,34 +138,42 @@ pub(super) fn parse_identity_files + From>(
reader.reset()?;
// Try parsing as multiple single-line age identities.
- let identity_file = IdentityFile::from_buffer(reader)?;
-
- for entry in identity_file.into_identities() {
- identity_file_entry(ctx, entry)?;
- }
+ identity_file(
+ ctx,
+ IdentityFile::from_buffer(reader)?.with_callbacks(UiCallbacks),
+ )?;
}
Ok(())
}
+/// Same as default buffer size for `BufReader`, but hard-coded so we know exactly what
+/// the buffer size is, and therefore can detect if the entire file fits into a single
+/// buffer.
+///
+/// This must be at least 71 bytes to ensure the correct behaviour of
+/// `PeekableReader::fill_buf`. See the comments in that method.
+const PEEKABLE_SIZE: usize = 8 * 1024;
+
enum PeekState {
Peeking { consumed: usize },
Reading,
}
-struct PeekableReader {
- inner: R,
+struct PeekableReader {
+ inner: BufReader,
state: PeekState,
}
-impl PeekableReader {
+impl PeekableReader {
fn new(inner: R) -> Self {
Self {
- inner,
+ inner: BufReader::with_capacity(PEEKABLE_SIZE, inner),
state: PeekState::Peeking { consumed: 0 },
}
}
+ #[cfg(any(feature = "armor", feature = "ssh"))]
fn reset(&mut self) -> io::Result<()> {
match &mut self.state {
PeekState::Peeking { consumed } => {
@@ -174,7 +188,7 @@ impl PeekableReader {
}
}
-impl io::Read for PeekableReader {
+impl io::Read for PeekableReader {
fn read(&mut self, buf: &mut [u8]) -> io::Result {
match self.state {
PeekState::Peeking { .. } => {
@@ -192,7 +206,7 @@ impl io::Read for PeekableReader {
}
}
-impl io::BufRead for PeekableReader {
+impl io::BufRead for PeekableReader {
fn fill_buf(&mut self) -> io::Result<&[u8]> {
match self.state {
PeekState::Peeking { consumed } => {
@@ -208,6 +222,28 @@ impl io::BufRead for PeekableReader {
// on `self.inner` to outside the conditional, which would prevent us
// from performing other mutable operations on the other side.
Ok(&self.inner.fill_buf()?[consumed..])
+ } else if inner_len < PEEKABLE_SIZE {
+ // We have read the entire file into a single buffer and consumed all
+ // of it. Don't fall through to change the state to `Reading`, because
+ // we can always reset a single-buffer stream.
+ //
+ // Note that we cannot distinguish between the file being the exact
+ // same size as our buffer, and the file being larger than it. But
+ // this only becomes relevant if we cannot distinguish between the
+ // kinds of identity files we support parsing, within a single buffer.
+ // We should always be able to distinguish before then, because we
+ // parse in the following order:
+ //
+ // - Encrypted identities, which are parsed incrementally as age
+ // ciphertexts with optional armor, and can be detected in at most
+ // 70 bytes.
+ // - SSH identities, which are parsed as a PEM encoding and can be
+ // detected in at most 36 bytes.
+ // - Identity files, which have one identity per line and therefore
+ // can have arbitrarily long lines. We intentionally try this format
+ // last.
+ assert_eq!(consumed, inner_len);
+ Ok(&[])
} else {
// We're done peeking.
self.inner.consume(consumed);
diff --git a/age/src/cli_common/recipients.rs b/age/src/cli_common/recipients.rs
index 1573b69..913a832 100644
--- a/age/src/cli_common/recipients.rs
+++ b/age/src/cli_common/recipients.rs
@@ -1,15 +1,22 @@
use std::io::{self, BufReader};
use super::StdinGuard;
-use super::{identities::parse_identity_files, ReadError, UiCallbacks};
-use crate::{x25519, EncryptError, IdentityFileEntry, Recipient};
+use super::{identities::parse_identity_files, ReadError};
+use crate::identity::RecipientsAccumulator;
+use crate::{x25519, Recipient};
#[cfg(feature = "plugin")]
-use crate::plugin;
+use crate::{cli_common::UiCallbacks, plugin};
+
+#[cfg(not(feature = "plugin"))]
+use std::convert::Infallible;
#[cfg(feature = "ssh")]
use crate::ssh;
+#[cfg(any(feature = "armor", feature = "plugin"))]
+use crate::EncryptError;
+
/// Handles error mapping for the given SSH recipient parser.
///
/// Returns `Ok(None)` if the parser finds a parseable value that should be ignored. This
@@ -44,25 +51,34 @@ where
/// Parses a recipient from a string.
fn parse_recipient(
- filename: &str,
+ _filename: &str,
s: String,
- recipients: &mut Vec>,
- plugin_recipients: &mut Vec,
+ recipients: &mut RecipientsAccumulator,
) -> Result<(), ReadError> {
if let Ok(pk) = s.parse::() {
recipients.push(Box::new(pk));
} else if let Some(pk) = {
#[cfg(feature = "ssh")]
{
- parse_ssh_recipient(|| s.parse::(), || Ok(None), filename)?
+ parse_ssh_recipient(|| s.parse::(), || Ok(None), _filename)?
}
#[cfg(not(feature = "ssh"))]
None
} {
recipients.push(pk);
- } else if let Ok(recipient) = s.parse::() {
- plugin_recipients.push(recipient);
+ } else if let Some(_recipient) = {
+ #[cfg(feature = "plugin")]
+ {
+ // TODO Do something with the error?
+ s.parse::().ok()
+ }
+
+ #[cfg(not(feature = "plugin"))]
+ None::
+ } {
+ #[cfg(feature = "plugin")]
+ recipients.push_plugin(_recipient);
} else {
return Err(ReadError::InvalidRecipient(s));
}
@@ -74,8 +90,7 @@ fn parse_recipient(
fn read_recipients_list(
filename: &str,
buf: R,
- recipients: &mut Vec>,
- plugin_recipients: &mut Vec,
+ recipients: &mut RecipientsAccumulator,
) -> Result<(), ReadError> {
for (line_number, line) in buf.lines().enumerate() {
let line = line?;
@@ -83,13 +98,13 @@ fn read_recipients_list(
// Skip empty lines and comments
if line.is_empty() || line.find('#') == Some(0) {
continue;
- } else if let Err(e) = parse_recipient(filename, line, recipients, plugin_recipients) {
+ } else if let Err(_e) = parse_recipient(filename, line, recipients) {
#[cfg(feature = "ssh")]
- match e {
+ match _e {
ReadError::RsaModulusTooLarge
| ReadError::RsaModulusTooSmall
| ReadError::UnsupportedKey(_, _) => {
- return Err(io::Error::new(io::ErrorKind::InvalidData, e.to_string()).into());
+ return Err(io::Error::new(io::ErrorKind::InvalidData, _e.to_string()).into());
}
_ => (),
}
@@ -118,12 +133,10 @@ pub fn read_recipients(
max_work_factor: Option,
stdin_guard: &mut StdinGuard,
) -> Result>, ReadError> {
- let mut recipients: Vec> = vec![];
- let mut plugin_recipients: Vec = vec![];
- let mut plugin_identities: Vec = vec![];
+ let mut recipients = RecipientsAccumulator::new();
for arg in recipient_strings {
- parse_recipient("", arg, &mut recipients, &mut plugin_recipients)?;
+ parse_recipient("", arg, &mut recipients)?;
}
for arg in recipients_file_strings {
@@ -134,15 +147,16 @@ pub fn read_recipients(
_ => e,
})?;
let buf = BufReader::new(f);
- read_recipients_list(&arg, buf, &mut recipients, &mut plugin_recipients)?;
+ read_recipients_list(&arg, buf, &mut recipients)?;
}
parse_identity_files::<_, ReadError>(
identity_strings,
max_work_factor,
stdin_guard,
- &mut (&mut recipients, &mut plugin_identities),
- |(recipients, _), identity| {
+ &mut recipients,
+ #[cfg(feature = "armor")]
+ |recipients, identity| {
recipients.extend(identity.recipients().map_err(|e| {
// Only one error can occur here.
if let EncryptError::EncryptedIdentities(e) = e {
@@ -153,7 +167,8 @@ pub fn read_recipients(
})?);
Ok(())
},
- |(recipients, _), filename, identity| {
+ #[cfg(feature = "ssh")]
+ |recipients, filename, identity| {
let recipient = parse_ssh_recipient(
|| ssh::Recipient::try_from(identity),
|| Err(ReadError::InvalidRecipient(filename.to_owned())),
@@ -163,43 +178,29 @@ pub fn read_recipients(
recipients.push(recipient);
Ok(())
},
- |(recipients, plugin_identities), entry| {
- match entry {
- IdentityFileEntry::Native(i) => recipients.push(Box::new(i.to_public())),
- IdentityFileEntry::Plugin(i) => plugin_identities.push(i),
- }
+ |recipients, identity_file| {
+ recipients.with_identities(identity_file);
Ok(())
},
)?;
- // Collect the names of the required plugins.
- let mut plugin_names = plugin_recipients
- .iter()
- .map(|r| r.plugin())
- .chain(plugin_identities.iter().map(|i| i.plugin()))
- .collect::>();
- plugin_names.sort_unstable();
- plugin_names.dedup();
-
- // Find the required plugins.
- for plugin_name in plugin_names {
- recipients.push(Box::new(
- plugin::RecipientPluginV1::new(
- plugin_name,
- &plugin_recipients,
- &plugin_identities,
- UiCallbacks,
- )
- .map_err(|e| {
- // Only one error can occur here.
- if let EncryptError::MissingPlugin { binary_name } = e {
+ recipients
+ .build(
+ #[cfg(feature = "plugin")]
+ UiCallbacks,
+ )
+ .map_err(|_e| {
+ // Only one error can occur here.
+ #[cfg(feature = "plugin")]
+ {
+ if let EncryptError::MissingPlugin { binary_name } = _e {
ReadError::MissingPlugin { binary_name }
} else {
unreachable!()
}
- })?,
- ))
- }
+ }
- Ok(recipients)
+ #[cfg(not(feature = "plugin"))]
+ unreachable!()
+ })
}
diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs
index ec405b0..4570a2b 100644
--- a/age/src/encrypted.rs
+++ b/age/src/encrypted.rs
@@ -2,18 +2,16 @@
use std::{cell::Cell, io};
-use crate::{
- decryptor::PassphraseDecryptor, fl, Callbacks, DecryptError, Decryptor, EncryptError,
- IdentityFile, IdentityFileEntry,
-};
+use crate::{fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile};
/// The state of the encrypted age identity.
-enum IdentityState {
+enum IdentityState {
Encrypted {
- decryptor: PassphraseDecryptor,
+ decryptor: Decryptor,
max_work_factor: Option,
+ callbacks: C,
},
- Decrypted(Vec),
+ Decrypted(IdentityFile),
/// The file was not correctly encrypted, or did not contain age identities. We cache
/// this error in case the caller tries to use this identity again. The `Option` is to
@@ -22,26 +20,23 @@ enum IdentityState {
Poisoned(Option),
}
-impl Default for IdentityState {
+impl Default for IdentityState {
fn default() -> Self {
Self::Poisoned(None)
}
}
-impl IdentityState {
+impl IdentityState {
/// Decrypts this encrypted identity if necessary.
///
/// Returns the (possibly cached) identities, and a boolean marking if the identities
/// were not cached (and we just asked the user for a passphrase).
- fn decrypt(
- self,
- filename: Option<&str>,
- callbacks: C,
- ) -> Result<(Vec, bool), DecryptError> {
+ fn decrypt(self, filename: Option<&str>) -> Result<(IdentityFile, bool), DecryptError> {
match self {
Self::Encrypted {
decryptor,
max_work_factor,
+ callbacks,
} => {
let passphrase = match callbacks.request_passphrase(&fl!(
"encrypted-passphrase-prompt",
@@ -51,8 +46,13 @@ impl IdentityState {
None => todo!(),
};
+ let mut identity = scrypt::Identity::new(passphrase);
+ if let Some(max_work_factor) = max_work_factor {
+ identity.set_max_work_factor(max_work_factor);
+ }
+
decryptor
- .decrypt(&passphrase, max_work_factor)
+ .decrypt(Some(&identity as _).into_iter())
.map_err(|e| {
if matches!(e, DecryptError::DecryptionFailed) {
DecryptError::KeyDecryptionFailed
@@ -61,11 +61,12 @@ impl IdentityState {
}
})
.and_then(|stream| {
- let file = IdentityFile::from_buffer(io::BufReader::new(stream))?;
- Ok((file.into_identities(), true))
+ let file = IdentityFile::from_buffer(io::BufReader::new(stream))?
+ .with_callbacks(callbacks);
+ Ok((file, true))
})
}
- Self::Decrypted(identities) => Ok((identities, false)),
+ Self::Decrypted(identity_file) => Ok((identity_file, false)),
// `IdentityState::decrypt` is only ever called with `Some`.
Self::Poisoned(e) => Err(e.unwrap()),
}
@@ -74,9 +75,8 @@ impl IdentityState {
/// An encrypted age identity file.
pub struct Identity {
- state: Cell>,
+ state: Cell>,
filename: Option,
- callbacks: C,
}
impl Identity {
@@ -92,17 +92,15 @@ impl Identity {
callbacks: C,
max_work_factor: Option,
) -> Result, DecryptError> {
- match Decryptor::new(data)? {
- Decryptor::Recipients(_) => Ok(None),
- Decryptor::Passphrase(decryptor) => Ok(Some(Identity {
- state: Cell::new(IdentityState::Encrypted {
- decryptor,
- max_work_factor,
- }),
- filename,
+ let decryptor = Decryptor::new(data)?;
+ Ok(decryptor.is_scrypt().then_some(Identity {
+ state: Cell::new(IdentityState::Encrypted {
+ decryptor,
+ max_work_factor,
callbacks,
- })),
- }
+ }),
+ filename,
+ }))
}
/// Returns the recipients contained within this encrypted identity.
@@ -110,18 +108,10 @@ impl Identity {
/// If this encrypted identity has not been decrypted yet, calling this method will
/// trigger a passphrase request.
pub fn recipients(&self) -> Result>, EncryptError> {
- match self
- .state
- .take()
- .decrypt(self.filename.as_deref(), self.callbacks.clone())
- {
- Ok((identities, _)) => {
- let recipients = identities
- .iter()
- .map(|entry| entry.to_recipient(self.callbacks.clone()))
- .collect::, _>>();
-
- self.state.set(IdentityState::Decrypted(identities));
+ match self.state.take().decrypt(self.filename.as_deref()) {
+ Ok((identity_file, _)) => {
+ let recipients = identity_file.to_recipients();
+ self.state.set(IdentityState::Decrypted(identity_file));
recipients
}
Err(e) => {
@@ -151,27 +141,20 @@ impl Identity {
Result, DecryptError>,
) -> Option>,
{
- match self
- .state
- .take()
- .decrypt(self.filename.as_deref(), self.callbacks.clone())
- {
- Ok((identities, requested_passphrase)) => {
- let result = identities
- .iter()
- .map(|entry| entry.clone().into_identity(self.callbacks.clone()))
- .find_map(filter);
+ match self.state.take().decrypt(self.filename.as_deref()) {
+ Ok((identity_file, requested_passphrase)) => {
+ let result = identity_file.to_identities().find_map(filter);
// If we requested a passphrase to decrypt, and none of the identities
// matched, warn the user.
if requested_passphrase && result.is_none() {
- self.callbacks.display_message(&fl!(
+ identity_file.callbacks.display_message(&fl!(
"encrypted-warn-no-match",
filename = self.filename.as_deref().unwrap_or_default()
));
}
- self.state.set(IdentityState::Decrypted(identities));
+ self.state.set(IdentityState::Decrypted(identity_file));
result
}
Err(e) => {
@@ -256,7 +239,7 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
/// This intentionally panics if called twice.
fn request_passphrase(&self, _: &str) -> Option {
- Some(SecretString::new(
+ Some(SecretString::from(
self.0.lock().unwrap().take().unwrap().to_owned(),
))
}
@@ -265,9 +248,12 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
#[test]
#[cfg(feature = "armor")]
fn round_trip() {
+ use age_core::format::FileKey;
+
let pk: x25519::Recipient = TEST_RECIPIENT.parse().unwrap();
- let file_key = [12; 16].into();
- let wrapped = pk.wrap_file_key(&file_key).unwrap();
+ let file_key = FileKey::new(Box::new([12; 16]));
+ let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap();
+ assert!(labels.is_empty());
// Unwrapping with the wrong passphrase fails.
{
diff --git a/age/src/error.rs b/age/src/error.rs
index 0416998..5505d4d 100644
--- a/age/src/error.rs
+++ b/age/src/error.rs
@@ -1,5 +1,6 @@
//! Error type.
+use std::collections::HashSet;
use std::fmt;
use std::io;
@@ -8,6 +9,72 @@ use crate::{wfl, wlnfl};
#[cfg(feature = "plugin")]
use age_core::format::Stanza;
+/// Errors returned when converting an identity file to a recipients file.
+#[derive(Debug)]
+pub enum IdentityFileConvertError {
+ /// An I/O error occurred while writing out a recipient corresponding to an identity
+ /// in this file.
+ FailedToWriteOutput(io::Error),
+ /// The identity file contains a plugin identity, which can be converted to a
+ /// recipient for encryption purposes, but not for writing a recipients file.
+ #[cfg(feature = "plugin")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))]
+ IdentityFileContainsPlugin {
+ /// The given identity file.
+ filename: Option,
+ /// The name of the plugin.
+ plugin_name: String,
+ },
+ /// The identity file contains no identities, and thus cannot be used to produce a
+ /// recipients file.
+ NoIdentities {
+ /// The given identity file.
+ filename: Option,
+ },
+}
+
+impl fmt::Display for IdentityFileConvertError {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ match self {
+ IdentityFileConvertError::FailedToWriteOutput(e) => {
+ wfl!(f, "err-failed-to-write-output", err = e.to_string())
+ }
+ #[cfg(feature = "plugin")]
+ IdentityFileConvertError::IdentityFileContainsPlugin {
+ filename,
+ plugin_name,
+ } => {
+ wlnfl!(
+ f,
+ "err-identity-file-contains-plugin",
+ filename = filename.as_deref().unwrap_or_default(),
+ plugin_name = plugin_name.as_str(),
+ )?;
+ wfl!(
+ f,
+ "rec-identity-file-contains-plugin",
+ plugin_name = plugin_name.as_str(),
+ )
+ }
+ IdentityFileConvertError::NoIdentities { filename } => match filename {
+ Some(filename) => {
+ wfl!(f, "err-no-identities-in-file", filename = filename.as_str())
+ }
+ None => wfl!(f, "err-no-identities-in-stdin"),
+ },
+ }
+ }
+}
+
+impl std::error::Error for IdentityFileConvertError {
+ fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+ match self {
+ IdentityFileConvertError::FailedToWriteOutput(e) => Some(e),
+ _ => None,
+ }
+ }
+}
+
/// Errors returned by a plugin.
#[cfg(feature = "plugin")]
#[cfg_attr(docsrs, doc(cfg(feature = "plugin")))]
@@ -101,6 +168,18 @@ impl fmt::Display for PluginError {
pub enum EncryptError {
/// An error occured while decrypting passphrase-encrypted identities.
EncryptedIdentities(DecryptError),
+ /// The encryptor was given recipients that declare themselves incompatible.
+ IncompatibleRecipients {
+ /// The set of labels from the first recipient provided to the encryptor.
+ l_labels: HashSet,
+ /// The set of labels from the first non-matching recipient.
+ r_labels: HashSet,
+ },
+ /// One or more of the labels from the first recipient provided to the encryptor are
+ /// invalid.
+ ///
+ /// Labels must be valid age "arbitrary string"s (`1*VCHAR` in ABNF).
+ InvalidRecipientLabels(HashSet),
/// An I/O error occurred during encryption.
Io(io::Error),
/// A required plugin could not be found.
@@ -110,6 +189,12 @@ pub enum EncryptError {
/// The plugin's binary name.
binary_name: String,
},
+ /// The encryptor was not given any recipients.
+ MissingRecipients,
+ /// [`scrypt::Recipient`] was mixed with other recipient types.
+ ///
+ /// [`scrypt::Recipient`]: crate::scrypt::Recipient
+ MixedRecipientAndPassphrase,
/// Errors from a plugin.
#[cfg(feature = "plugin")]
#[cfg_attr(docsrs, doc(cfg(feature = "plugin")))]
@@ -126,27 +211,79 @@ impl Clone for EncryptError {
fn clone(&self) -> Self {
match self {
Self::EncryptedIdentities(e) => Self::EncryptedIdentities(e.clone()),
+ Self::IncompatibleRecipients { l_labels, r_labels } => Self::IncompatibleRecipients {
+ l_labels: l_labels.clone(),
+ r_labels: r_labels.clone(),
+ },
+ Self::InvalidRecipientLabels(labels) => Self::InvalidRecipientLabels(labels.clone()),
Self::Io(e) => Self::Io(io::Error::new(e.kind(), e.to_string())),
#[cfg(feature = "plugin")]
Self::MissingPlugin { binary_name } => Self::MissingPlugin {
binary_name: binary_name.clone(),
},
+ Self::MissingRecipients => Self::MissingRecipients,
+ Self::MixedRecipientAndPassphrase => Self::MixedRecipientAndPassphrase,
#[cfg(feature = "plugin")]
Self::Plugin(e) => Self::Plugin(e.clone()),
}
}
}
+fn print_labels(labels: &HashSet) -> String {
+ let mut s = String::new();
+ for (i, label) in labels.iter().enumerate() {
+ s.push_str(label);
+ if i != 0 {
+ s.push_str(", ");
+ }
+ }
+ s
+}
+
impl fmt::Display for EncryptError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
EncryptError::EncryptedIdentities(e) => e.fmt(f),
+ EncryptError::IncompatibleRecipients { l_labels, r_labels } => {
+ match (l_labels.is_empty(), r_labels.is_empty()) {
+ (true, true) => unreachable!("labels are compatible"),
+ (false, true) => {
+ wfl!(
+ f,
+ "err-incompatible-recipients-oneway",
+ labels = print_labels(l_labels),
+ )
+ }
+ (true, false) => {
+ wfl!(
+ f,
+ "err-incompatible-recipients-oneway",
+ labels = print_labels(r_labels),
+ )
+ }
+ (false, false) => wfl!(
+ f,
+ "err-incompatible-recipients-twoway",
+ left = print_labels(l_labels),
+ right = print_labels(r_labels),
+ ),
+ }
+ }
+ EncryptError::InvalidRecipientLabels(labels) => wfl!(
+ f,
+ "err-invalid-recipient-labels",
+ labels = print_labels(labels),
+ ),
EncryptError::Io(e) => e.fmt(f),
#[cfg(feature = "plugin")]
EncryptError::MissingPlugin { binary_name } => {
wlnfl!(f, "err-missing-plugin", plugin_name = binary_name.as_str())?;
wfl!(f, "rec-missing-plugin")
}
+ EncryptError::MissingRecipients => wfl!(f, "err-missing-recipients"),
+ EncryptError::MixedRecipientAndPassphrase => {
+ wfl!(f, "err-mixed-recipient-passphrase")
+ }
#[cfg(feature = "plugin")]
EncryptError::Plugin(errors) => match &errors[..] {
[] => unreachable!(),
@@ -168,7 +305,6 @@ impl std::error::Error for EncryptError {
match self {
EncryptError::EncryptedIdentities(inner) => Some(inner),
EncryptError::Io(inner) => Some(inner),
- #[cfg(feature = "plugin")]
_ => None,
}
}
diff --git a/age/src/format.rs b/age/src/format.rs
index 43064f3..23d86ac 100644
--- a/age/src/format.rs
+++ b/age/src/format.rs
@@ -1,11 +1,13 @@
//! The age file format.
-use age_core::format::Stanza;
use std::io::{self, BufRead, Read, Write};
+use age_core::format::{grease_the_joint, Stanza};
+
use crate::{
error::DecryptError,
primitives::{HmacKey, HmacWriter},
+ scrypt, EncryptError,
};
#[cfg(feature = "async")]
@@ -32,13 +34,22 @@ pub(crate) struct HeaderV1 {
}
impl HeaderV1 {
- pub(crate) fn new(recipients: Vec, mac_key: HmacKey) -> Self {
+ pub(crate) fn new(recipients: Vec, mac_key: HmacKey) -> Result {
let mut header = HeaderV1 {
recipients,
mac: [0; 32],
encoded_bytes: None,
};
+ if header.no_scrypt() {
+ // Keep the joint well oiled!
+ header.recipients.push(grease_the_joint());
+ }
+
+ if !header.is_valid() {
+ return Err(EncryptError::MixedRecipientAndPassphrase);
+ }
+
let mut mac = HmacWriter::new(mac_key);
cookie_factory::gen(write::header_v1_minus_mac(&header), &mut mac)
.expect("can serialize Header into HmacWriter");
@@ -46,7 +57,7 @@ impl HeaderV1 {
.mac
.copy_from_slice(mac.finalize().into_bytes().as_slice());
- header
+ Ok(header)
}
pub(crate) fn verify_mac(&self, mac_key: HmacKey) -> Result<(), hmac::digest::MacError> {
@@ -61,6 +72,33 @@ impl HeaderV1 {
}
mac.verify(&self.mac)
}
+
+ fn any_scrypt(&self) -> bool {
+ self.recipients
+ .iter()
+ .any(|r| r.tag == scrypt::SCRYPT_RECIPIENT_TAG)
+ }
+
+ /// Checks whether the header contains a single recipient of type `scrypt`.
+ ///
+ /// This can be used along with [`Self::no_scrypt`] to enforce the structural
+ /// requirements on the v1 header.
+ pub(crate) fn valid_scrypt(&self) -> bool {
+ self.any_scrypt() && self.recipients.len() == 1
+ }
+
+ /// Checks whether the header contains no `scrypt` recipients.
+ ///
+ /// This can be used along with [`Self::valid_scrypt`] to enforce the structural
+ /// requirements on the v1 header.
+ pub(crate) fn no_scrypt(&self) -> bool {
+ !self.any_scrypt()
+ }
+
+ /// Enforces structural requirements on the v1 header.
+ pub(crate) fn is_valid(&self) -> bool {
+ self.valid_scrypt() || self.no_scrypt()
+ }
}
impl Header {
diff --git a/age/src/i18n.rs b/age/src/i18n.rs
index ebe5439..fb1c9f1 100644
--- a/age/src/i18n.rs
+++ b/age/src/i18n.rs
@@ -16,7 +16,7 @@ lazy_static! {
// Ensure that the fallback language is always loaded, even if the library user
// doesn't call `localizer().select(languages)`.
let fallback: LanguageIdentifier = "en-US".parse().unwrap();
- language_loader.load_languages(&Localizations, &[&fallback]).unwrap();
+ language_loader.load_languages(&Localizations, &[fallback]).unwrap();
language_loader
};
}
diff --git a/age/src/identity.rs b/age/src/identity.rs
index 7f05710..6bd19d6 100644
--- a/age/src/identity.rs
+++ b/age/src/identity.rs
@@ -1,7 +1,7 @@
use std::fs::File;
use std::io;
-use crate::{x25519, Callbacks, DecryptError, EncryptError};
+use crate::{x25519, Callbacks, DecryptError, EncryptError, IdentityFileConvertError, NoCallbacks};
#[cfg(feature = "cli-common")]
use crate::cli_common::file_io::InputReader;
@@ -11,7 +11,7 @@ use crate::plugin;
/// The supported kinds of identities within an [`IdentityFile`].
#[derive(Clone)]
-pub enum IdentityFileEntry {
+enum IdentityFileEntry {
/// The standard age identity type.
Native(x25519::Identity),
/// A plugin-compatible identity.
@@ -29,38 +29,25 @@ impl IdentityFileEntry {
match self {
IdentityFileEntry::Native(i) => Ok(Box::new(i)),
#[cfg(feature = "plugin")]
- IdentityFileEntry::Plugin(i) => Ok(Box::new(crate::plugin::IdentityPluginV1::new(
- i.plugin(),
- &[i.clone()],
- callbacks,
- )?)),
- }
- }
-
- #[allow(unused_variables)]
- pub(crate) fn to_recipient(
- &self,
- callbacks: impl Callbacks,
- ) -> Result, EncryptError> {
- match self {
- IdentityFileEntry::Native(i) => Ok(Box::new(i.to_public())),
- #[cfg(feature = "plugin")]
- IdentityFileEntry::Plugin(i) => Ok(Box::new(crate::plugin::RecipientPluginV1::new(
- i.plugin(),
- &[],
- &[i.clone()],
- callbacks,
- )?)),
+ IdentityFileEntry::Plugin(i) => Ok(Box::new(
+ crate::plugin::Plugin::new(i.plugin())
+ .map_err(|binary_name| DecryptError::MissingPlugin { binary_name })
+ .map(|plugin| {
+ crate::plugin::IdentityPluginV1::from_parts(plugin, vec![i], callbacks)
+ })?,
+ )),
}
}
}
/// A list of identities that has been parsed from some input file.
-pub struct IdentityFile {
+pub struct IdentityFile {
+ filename: Option,
identities: Vec,
+ pub(crate) callbacks: C,
}
-impl IdentityFile {
+impl IdentityFile {
/// Parses one or more identities from a file containing valid UTF-8.
pub fn from_file(filename: String) -> io::Result {
File::open(&filename)
@@ -129,12 +116,177 @@ impl IdentityFile {
}
}
- Ok(IdentityFile { identities })
+ Ok(IdentityFile {
+ filename,
+ identities,
+ callbacks: NoCallbacks,
+ })
+ }
+}
+
+impl IdentityFile {
+ /// Sets the provided callbacks on this identity file, so that if this is an encrypted
+ /// identity, it can potentially be decrypted.
+ pub fn with_callbacks(self, callbacks: D) -> IdentityFile {
+ IdentityFile {
+ filename: self.filename,
+ identities: self.identities,
+ callbacks,
+ }
+ }
+
+ /// Writes a recipients file containing the recipients corresponding to the identities
+ /// in this file.
+ ///
+ /// Returns an error if this file is empty, or if it contains plugin identities (which
+ /// can only be converted by the plugin binary itself).
+ pub fn write_recipients_file(
+ &self,
+ mut output: W,
+ ) -> Result<(), IdentityFileConvertError> {
+ if self.identities.is_empty() {
+ return Err(IdentityFileConvertError::NoIdentities {
+ filename: self.filename.clone(),
+ });
+ }
+
+ for identity in &self.identities {
+ match identity {
+ IdentityFileEntry::Native(sk) => writeln!(output, "{}", sk.to_public())
+ .map_err(IdentityFileConvertError::FailedToWriteOutput)?,
+ #[cfg(feature = "plugin")]
+ IdentityFileEntry::Plugin(id) => {
+ return Err(IdentityFileConvertError::IdentityFileContainsPlugin {
+ filename: self.filename.clone(),
+ plugin_name: id.plugin().to_string(),
+ });
+ }
+ }
+ }
+
+ Ok(())
+ }
+
+ /// Returns recipients for the identities in this file.
+ ///
+ /// Plugin identities will be merged into one [`Recipient`] per unique plugin.
+ ///
+ /// [`Recipient`]: crate::Recipient
+ pub fn to_recipients(&self) -> Result>, EncryptError> {
+ let mut recipients = RecipientsAccumulator::new();
+ recipients.with_identities_ref(self);
+ recipients.build(
+ #[cfg(feature = "plugin")]
+ self.callbacks.clone(),
+ )
}
/// Returns the identities in this file.
- pub fn into_identities(self) -> Vec {
+ pub(crate) fn to_identities(
+ &self,
+ ) -> impl Iterator
- , DecryptError>> + '_ {
self.identities
+ .iter()
+ .map(|entry| entry.clone().into_identity(self.callbacks.clone()))
+ }
+
+ /// Returns the identities in this file.
+ pub fn into_identities(self) -> Result>, DecryptError> {
+ self.identities
+ .into_iter()
+ .map(|entry| entry.into_identity(self.callbacks.clone()))
+ .collect()
+ }
+}
+
+pub(crate) struct RecipientsAccumulator {
+ recipients: Vec>,
+ #[cfg(feature = "plugin")]
+ plugin_recipients: Vec,
+ #[cfg(feature = "plugin")]
+ plugin_identities: Vec,
+}
+
+impl RecipientsAccumulator {
+ pub(crate) fn new() -> Self {
+ Self {
+ recipients: vec![],
+ #[cfg(feature = "plugin")]
+ plugin_recipients: vec![],
+ #[cfg(feature = "plugin")]
+ plugin_identities: vec![],
+ }
+ }
+
+ #[cfg(feature = "cli-common")]
+ pub(crate) fn push(&mut self, recipient: Box) {
+ self.recipients.push(recipient);
+ }
+
+ #[cfg(feature = "plugin")]
+ pub(crate) fn push_plugin(&mut self, recipient: plugin::Recipient) {
+ self.plugin_recipients.push(recipient);
+ }
+
+ #[cfg(feature = "armor")]
+ pub(crate) fn extend(
+ &mut self,
+ iter: impl IntoIterator
- >,
+ ) {
+ self.recipients.extend(iter);
+ }
+
+ #[cfg(feature = "cli-common")]
+ pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) {
+ for entry in identity_file.identities {
+ match entry {
+ IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())),
+ #[cfg(feature = "plugin")]
+ IdentityFileEntry::Plugin(i) => self.plugin_identities.push(i),
+ }
+ }
+ }
+
+ pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) {
+ for entry in &identity_file.identities {
+ match entry {
+ IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())),
+ #[cfg(feature = "plugin")]
+ IdentityFileEntry::Plugin(i) => self.plugin_identities.push(i.clone()),
+ }
+ }
+ }
+
+ #[cfg_attr(not(feature = "plugin"), allow(unused_mut))]
+ pub(crate) fn build(
+ mut self,
+ #[cfg(feature = "plugin")] callbacks: impl Callbacks,
+ ) -> Result>, EncryptError> {
+ #[cfg(feature = "plugin")]
+ {
+ // Collect the names of the required plugins.
+ let mut plugin_names = self
+ .plugin_recipients
+ .iter()
+ .map(|r| r.plugin())
+ .chain(self.plugin_identities.iter().map(|i| i.plugin()))
+ .collect::>();
+ plugin_names.sort_unstable();
+ plugin_names.dedup();
+
+ // Find the required plugins.
+ for plugin_name in plugin_names {
+ self.recipients
+ .push(Box::new(plugin::RecipientPluginV1::new(
+ plugin_name,
+ &self.plugin_recipients,
+ &self.plugin_identities,
+ callbacks.clone(),
+ )?))
+ }
+ }
+
+ Ok(self.recipients)
}
}
diff --git a/age/src/keys.rs b/age/src/keys.rs
index 857f086..06b6bd5 100644
--- a/age/src/keys.rs
+++ b/age/src/keys.rs
@@ -3,7 +3,7 @@
use age_core::{
format::FileKey,
primitives::hkdf,
- secrecy::{ExposeSecret, Secret},
+ secrecy::{ExposeSecret, SecretBox},
};
use rand::{rngs::OsRng, RngCore};
@@ -18,17 +18,15 @@ const HEADER_KEY_LABEL: &[u8] = b"header";
const PAYLOAD_KEY_LABEL: &[u8] = b"payload";
pub(crate) fn new_file_key() -> FileKey {
- let mut file_key = [0; 16];
- OsRng.fill_bytes(&mut file_key);
- file_key.into()
+ FileKey::init_with_mut(|file_key| OsRng.fill_bytes(file_key))
}
pub(crate) fn mac_key(file_key: &FileKey) -> HmacKey {
- HmacKey(Secret::new(hkdf(
+ HmacKey(SecretBox::new(Box::new(hkdf(
&[],
HEADER_KEY_LABEL,
file_key.expose_secret(),
- )))
+ ))))
}
pub(crate) fn v1_payload_key(
diff --git a/age/src/lib.rs b/age/src/lib.rs
index fd9d410..7e80080 100644
--- a/age/src/lib.rs
+++ b/age/src/lib.rs
@@ -8,8 +8,10 @@
//! There are several ways to use these:
//! - For most cases (including programmatic usage), use [`Encryptor::with_recipients`]
//! with [`x25519::Recipient`], and [`Decryptor`] with [`x25519::Identity`].
-//! - APIs are available for passphrase-based encryption and decryption. These should
-//! only be used with passphrases that were provided by (or generated for) a human.
+//! - For passphrase-based encryption and decryption, use [`scrypt::Recipient`] and
+//! [`scrypt::Identity`], or the helper method [`Encryptor::with_user_passphrase`].
+//! These should only be used with passphrases that were provided by (or generated for)
+//! a human.
//! - For compatibility with existing SSH keys, enable the `ssh` feature flag, and use
//! [`ssh::Recipient`] and [`ssh::Identity`].
//!
@@ -25,7 +27,76 @@
//!
//! # Examples
//!
-//! ## Recipient-based encryption
+//! ## Streamlined APIs
+//!
+//! These are useful when you only need to encrypt to a single recipient, and the data is
+//! small enough to fit in memory.
+//!
+//! ### Recipient-based encryption
+//!
+//! ```
+//! # fn run_main() -> Result<(), ()> {
+//! let key = age::x25519::Identity::generate();
+//! let pubkey = key.to_public();
+//!
+//! let plaintext = b"Hello world!";
+//!
+//! # fn encrypt(pubkey: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> {
+//! let encrypted = age::encrypt(&pubkey, plaintext)?;
+//! # Ok(encrypted)
+//! # }
+//! # fn decrypt(key: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> {
+//! let decrypted = age::decrypt(&key, &encrypted)?;
+//! # Ok(decrypted)
+//! # }
+//! # let decrypted = decrypt(
+//! # key,
+//! # encrypt(pubkey, &plaintext[..]).map_err(|_| ())?
+//! # ).map_err(|_| ())?;
+//!
+//! assert_eq!(decrypted, plaintext);
+//! # Ok(())
+//! # }
+//! # run_main().unwrap();
+//! ```
+//!
+//! ## Passphrase-based encryption
+//!
+//! ```
+//! use age::secrecy::SecretString;
+//!
+//! # fn run_main() -> Result<(), ()> {
+//! let passphrase = SecretString::from("this is not a good passphrase".to_owned());
+//! let recipient = age::scrypt::Recipient::new(passphrase.clone());
+//! let identity = age::scrypt::Identity::new(passphrase);
+//!
+//! let plaintext = b"Hello world!";
+//!
+//! # fn encrypt(recipient: age::scrypt::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> {
+//! let encrypted = age::encrypt(&recipient, plaintext)?;
+//! # Ok(encrypted)
+//! # }
+//! # fn decrypt(identity: age::scrypt::Identity, encrypted: Vec) -> Result, age::DecryptError> {
+//! let decrypted = age::decrypt(&identity, &encrypted)?;
+//! # Ok(decrypted)
+//! # }
+//! # let decrypted = decrypt(
+//! # identity,
+//! # encrypt(recipient, &plaintext[..]).map_err(|_| ())?
+//! # ).map_err(|_| ())?;
+//!
+//! assert_eq!(decrypted, plaintext);
+//! # Ok(())
+//! # }
+//! # run_main().unwrap();
+//! ```
+//!
+//! ## Full APIs
+//!
+//! The full APIs support encrypting to multiple recipients, streaming the data, and have
+//! async I/O options.
+//!
+//! ### Recipient-based encryption
//!
//! ```
//! use std::io::{Read, Write};
@@ -40,7 +111,7 @@
//! // Encrypt the plaintext to a ciphertext...
//! # fn encrypt(pubkey: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> {
//! let encrypted = {
-//! let encryptor = age::Encryptor::with_recipients(vec![Box::new(pubkey)])
+//! let encryptor = age::Encryptor::with_recipients(iter::once(&pubkey as _))
//! .expect("we provided a recipient");
//!
//! let mut encrypted = vec![];
@@ -56,10 +127,7 @@
//! // ... and decrypt the obtained ciphertext to the plaintext again.
//! # fn decrypt(key: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> {
//! let decrypted = {
-//! let decryptor = match age::Decryptor::new(&encrypted[..])? {
-//! age::Decryptor::Recipients(d) => d,
-//! _ => unreachable!(),
-//! };
+//! let decryptor = age::Decryptor::new(&encrypted[..])?;
//!
//! let mut decrypted = vec![];
//! let mut reader = decryptor.decrypt(iter::once(&key as &dyn age::Identity))?;
@@ -84,17 +152,18 @@
//! ## Passphrase-based encryption
//!
//! ```
-//! use age::secrecy::Secret;
+//! use age::secrecy::SecretString;
//! use std::io::{Read, Write};
+//! use std::iter;
//!
//! # fn run_main() -> Result<(), ()> {
//! let plaintext = b"Hello world!";
-//! let passphrase = "this is not a good passphrase";
+//! let passphrase = SecretString::from("this is not a good passphrase".to_owned());
//!
//! // Encrypt the plaintext to a ciphertext using the passphrase...
-//! # fn encrypt(passphrase: &str, plaintext: &[u8]) -> Result, age::EncryptError> {
+//! # fn encrypt(passphrase: SecretString, plaintext: &[u8]) -> Result, age::EncryptError> {
//! let encrypted = {
-//! let encryptor = age::Encryptor::with_user_passphrase(Secret::new(passphrase.to_owned()));
+//! let encryptor = age::Encryptor::with_user_passphrase(passphrase.clone());
//!
//! let mut encrypted = vec![];
//! let mut writer = encryptor.wrap_output(&mut encrypted)?;
@@ -107,15 +176,12 @@
//! # }
//!
//! // ... and decrypt the ciphertext to the plaintext again using the same passphrase.
-//! # fn decrypt(passphrase: &str, encrypted: Vec) -> Result, age::DecryptError> {
+//! # fn decrypt(passphrase: SecretString, encrypted: Vec) -> Result, age::DecryptError> {
//! let decrypted = {
-//! let decryptor = match age::Decryptor::new(&encrypted[..])? {
-//! age::Decryptor::Passphrase(d) => d,
-//! _ => unreachable!(),
-//! };
+//! let decryptor = age::Decryptor::new(&encrypted[..])?;
//!
//! let mut decrypted = vec![];
-//! let mut reader = decryptor.decrypt(&Secret::new(passphrase.to_owned()), None)?;
+//! let mut reader = decryptor.decrypt(iter::once(&age::scrypt::Identity::new(passphrase) as _))?;
//! reader.read_to_end(&mut decrypted);
//!
//! decrypted
@@ -123,7 +189,7 @@
//! # Ok(decrypted)
//! # }
//! # let decrypted = decrypt(
-//! # passphrase,
+//! # passphrase.clone(),
//! # encrypt(passphrase, &plaintext[..]).map_err(|_| ())?
//! # ).map_err(|_| ())?;
//!
@@ -139,6 +205,8 @@
#![deny(rustdoc::broken_intra_doc_links)]
#![deny(missing_docs)]
+use std::collections::HashSet;
+
// Re-export crates that are used in our public API.
pub use age_core::secrecy;
@@ -150,12 +218,13 @@ mod primitives;
mod protocol;
mod util;
-pub use error::{DecryptError, EncryptError};
-pub use identity::{IdentityFile, IdentityFileEntry};
+pub use error::{DecryptError, EncryptError, IdentityFileConvertError};
+pub use identity::IdentityFile;
pub use primitives::stream;
-pub use protocol::{decryptor, Decryptor, Encryptor};
+pub use protocol::{Decryptor, Encryptor};
#[cfg(feature = "armor")]
+#[cfg_attr(docsrs, doc(cfg(feature = "armor")))]
pub use primitives::armor;
#[cfg(feature = "cli-common")]
@@ -165,12 +234,23 @@ pub mod cli_common;
mod i18n;
pub use i18n::localizer;
+//
+// Simple interface
+//
+
+mod simple;
+pub use simple::{decrypt, encrypt};
+
+#[cfg(feature = "armor")]
+#[cfg_attr(docsrs, doc(cfg(feature = "armor")))]
+pub use simple::encrypt_and_armor;
+
//
// Identity types
//
pub mod encrypted;
-mod scrypt;
+pub mod scrypt;
pub mod x25519;
#[cfg(feature = "plugin")]
@@ -181,6 +261,10 @@ pub mod plugin;
#[cfg_attr(docsrs, doc(cfg(feature = "ssh")))]
pub mod ssh;
+//
+// Core traits
+//
+
use age_core::{
format::{FileKey, Stanza},
secrecy::SecretString,
@@ -188,12 +272,25 @@ use age_core::{
/// A private key or other value that can unwrap an opaque file key from a recipient
/// stanza.
+///
+/// # Implementation notes
+///
+/// The canonical entry point for this trait is [`Identity::unwrap_stanzas`]. The default
+/// implementation of that method is:
+/// ```ignore
+/// stanzas.iter().find_map(|stanza| self.unwrap_stanza(stanza))
+/// ```
+///
+/// The `age` crate otherwise does not call [`Identity::unwrap_stanza`] directly. As such,
+/// if you want to add file-level stanza checks, override [`Identity::unwrap_stanzas`].
pub trait Identity {
/// Attempts to unwrap the given stanza with this identity.
///
/// This method is part of the `Identity` trait to expose age's [one joint] for
/// external implementations. You should not need to call this directly; instead, pass
- /// identities to [`RecipientsDecryptor::decrypt`].
+ /// identities to [`Decryptor::decrypt`].
+ ///
+ /// The `age` crate only calls this method via [`Identity::unwrap_stanzas`].
///
/// Returns:
/// - `Some(Ok(file_key))` on success.
@@ -201,7 +298,6 @@ pub trait Identity {
/// - `None` if the recipient stanza does not match this key.
///
/// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html
- /// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt
fn unwrap_stanza(&self, stanza: &Stanza) -> Option>;
/// Attempts to unwrap any of the given stanzas, which are assumed to come from the
@@ -209,7 +305,7 @@ pub trait Identity {
///
/// This method is part of the `Identity` trait to expose age's [one joint] for
/// external implementations. You should not need to call this directly; instead, pass
- /// identities to [`RecipientsDecryptor::decrypt`].
+ /// identities to [`Decryptor::decrypt`].
///
/// Returns:
/// - `Some(Ok(file_key))` on success.
@@ -217,7 +313,6 @@ pub trait Identity {
/// - `None` if none of the recipient stanzas match this identity.
///
/// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html
- /// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt
fn unwrap_stanzas(&self, stanzas: &[Stanza]) -> Option> {
stanzas.iter().find_map(|stanza| self.unwrap_stanza(stanza))
}
@@ -227,16 +322,50 @@ pub trait Identity {
///
/// Implementations of this trait might represent more than one recipient.
pub trait Recipient {
- /// Wraps the given file key, returning stanzas to be placed in an age file header.
+ /// Wraps the given file key, returning stanzas to be placed in an age file header,
+ /// and labels that constrain how the stanzas may be combined with those from other
+ /// recipients.
///
- /// Implementations MUST NOT return more than one stanza per "actual recipient".
+ /// Implementations may return more than one stanza per "actual recipient", e.g. to
+ /// support multiple formats, to build group aliases, or to act as a proxy.
///
/// This method is part of the `Recipient` trait to expose age's [one joint] for
/// external implementations. You should not need to call this directly; instead, pass
/// recipients to [`Encryptor::with_recipients`].
///
/// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html
- fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError>;
+ ///
+ /// # Labels
+ ///
+ /// [`Encryptor`] will succeed at encrypting only if every recipient returns the same
+ /// set of labels. Subsets or partial overlapping sets are not allowed; all sets must
+ /// be identical. Labels are compared exactly, and are case-sensitive.
+ ///
+ /// Label sets can be used to ensure a recipient is only encrypted to alongside other
+ /// recipients with equivalent properties, or to ensure a recipient is always used
+ /// alone. A recipient with no particular properties to enforce should return an empty
+ /// label set.
+ ///
+ /// Labels can have any value that is a valid arbitrary string (`1*VCHAR` in ABNF),
+ /// but usually take one of several forms:
+ /// - *Common public label* - used by multiple recipients to permit their stanzas to
+ /// be used only together. Examples include:
+ /// - `postquantum` - indicates that the recipient stanzas being generated are
+ /// postquantum-secure, and that they can only be combined with other stanzas
+ /// that are also postquantum-secure.
+ /// - *Common private label* - used by recipients created by the same private entity
+ /// to permit their recipient stanzas to be used only together. For example,
+ /// private recipients used in a corporate environment could all send the same
+ /// private label in order to prevent compliant age clients from simultaneously
+ /// wrapping file keys with other recipients.
+ /// - *Random label* - used by recipients that want to ensure their stanzas are not
+ /// used with any other recipient stanzas. This can be used to produce a file key
+ /// that is only encrypted to a single recipient stanza, for example to preserve
+ /// its authentication properties.
+ fn wrap_file_key(
+ &self,
+ file_key: &FileKey,
+ ) -> Result<(Vec, HashSet), EncryptError>;
}
/// Callbacks that might be triggered during encryption or decryption.
@@ -248,6 +377,9 @@ pub trait Callbacks: Clone + Send + Sync + 'static {
///
/// This can be used to prompt the user to take some physical action, such as
/// inserting a hardware key.
+ ///
+ /// No guarantee is provided that the user sees this message (for example, if there is
+ /// no UI for displaying messages).
fn display_message(&self, message: &str);
/// Requests that the user provides confirmation for some action.
@@ -270,12 +402,49 @@ pub trait Callbacks: Clone + Send + Sync + 'static {
/// Requests non-private input from the user.
///
/// To request private inputs, use [`Callbacks::request_passphrase`].
+ ///
+ /// Returns:
+ /// - `Some(input)` with the user-provided input.
+ /// - `None` if no input could be requested from the user (for example, if there is no
+ /// UI for displaying messages or typing inputs).
fn request_public_string(&self, description: &str) -> Option;
/// Requests a passphrase to decrypt a key.
+ ///
+ /// Returns:
+ /// - `Some(passphrase)` with the user-provided passphrase.
+ /// - `None` if no passphrase could be requested from the user (for example, if there
+ /// is no UI for displaying messages or typing inputs).
fn request_passphrase(&self, description: &str) -> Option;
}
+/// An implementation of [`Callbacks`] that does not allow callbacks.
+///
+/// No user interaction will occur; [`Recipient`] or [`Identity`] implementations will
+/// receive `None` from the callbacks that return responses, and will act accordingly.
+#[derive(Clone, Copy, Debug)]
+pub struct NoCallbacks;
+
+impl Callbacks for NoCallbacks {
+ fn display_message(&self, _: &str) {}
+
+ fn confirm(&self, _: &str, _: &str, _: Option<&str>) -> Option {
+ None
+ }
+
+ fn request_public_string(&self, _: &str) -> Option {
+ None
+ }
+
+ fn request_passphrase(&self, _: &str) -> Option {
+ None
+ }
+}
+
+//
+// Fuzzing APIs
+//
+
/// Helper for fuzzing the Header parser and serializer.
#[cfg(fuzzing)]
pub fn fuzz_header(data: &[u8]) {
diff --git a/age/src/plugin.rs b/age/src/plugin.rs
index 8e2e887..f38ec0c 100644
--- a/age/src/plugin.rs
+++ b/age/src/plugin.rs
@@ -10,6 +10,7 @@ use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine};
use bech32::Variant;
use std::borrow::Borrow;
+use std::collections::HashSet;
use std::fmt;
use std::io;
use std::iter;
@@ -32,6 +33,7 @@ const PLUGIN_IDENTITY_PREFIX: &str = "age-plugin-";
const CMD_ERROR: &str = "error";
const CMD_RECIPIENT_STANZA: &str = "recipient-stanza";
+const CMD_LABELS: &str = "labels";
const CMD_MSG: &str = "msg";
const CMD_CONFIRM: &str = "confirm";
const CMD_REQUEST_PUBLIC: &str = "request-public";
@@ -215,7 +217,7 @@ impl Identity {
}
/// An age plugin.
-struct Plugin {
+pub(crate) struct Plugin {
binary_name: String,
path: PathBuf,
}
@@ -224,7 +226,7 @@ impl Plugin {
/// Finds the age plugin with the given name in `$PATH`.
///
/// On error, returns the binary name that could not be located.
- fn new(name: &str) -> Result {
+ pub(crate) fn new(name: &str) -> Result {
let binary_name = binary_name(name);
match which::which(&binary_name).or_else(|e| {
// If we are running in WSL, try appending `.exe`; plugins installed in
@@ -410,7 +412,10 @@ impl RecipientPluginV1 {
}
impl crate::Recipient for RecipientPluginV1 {
- fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError> {
+ fn wrap_file_key(
+ &self,
+ file_key: &FileKey,
+ ) -> Result<(Vec, HashSet), EncryptError> {
// Open connection
let mut conn = self.plugin.connect(RECIPIENT_V1)?;
@@ -424,11 +429,13 @@ impl crate::Recipient for RecipientPluginV1 {
for identity in &self.identities {
phase.send("add-identity", &[&identity.identity], &[])?;
}
+ phase.send("extension-labels", &[], &[])?;
phase.send("wrap-file-key", &[], file_key.expose_secret())
})?;
// Phase 2: collect either stanzas or errors
let mut stanzas = vec![];
+ let mut labels = None;
let mut errors = vec![];
if let Err(e) = conn.bidir_receive(
&[
@@ -437,6 +444,7 @@ impl crate::Recipient for RecipientPluginV1 {
CMD_REQUEST_PUBLIC,
CMD_REQUEST_SECRET,
CMD_RECIPIENT_STANZA,
+ CMD_LABELS,
CMD_ERROR,
],
|mut command, reply| match command.tag.as_str() {
@@ -492,6 +500,34 @@ impl crate::Recipient for RecipientPluginV1