openpgp: Hide stream::Encryptor::aead_algo from public API.

  - Mark `aead_algo` as available only during tests,

  - Remove support for AEAD from `sop`,

  - Mark `aead` parameter in FFI as unused,

  - openpgp-ffi: Drop `aead_algo` argument from `pgp_encryptor_new`,

  - Fixes #550.

5 files changed, 9 insertions, 19 deletions

diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c
index 27a7a585..c7f2841f 100644
--- a/openpgp-ffi/examples/encrypt-for.c
+++ b/openpgp-ffi/examples/encrypt-for.c
@@ -57,8 +57,7 @@ main (int argc, char **argv)
                               writer,
                               NULL, 0, /* no passwords */
                               recipients, recipients_len,
-                              9 /* AES256 */,
-                              0 /* No AEAD */);
+                              9 /* AES256 */);
   if (writer == NULL)
     error (1, 0, "pgp_encryptor_new: %s", pgp_error_to_string (err));
 
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 074170d5..a5c49596 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -1842,8 +1842,7 @@ pgp_writer_stack_t pgp_encryptor_new (pgp_error_t *errp,
 				      size_t passwords_len,
 				      pgp_recipient_t *recipients,
 				      size_t recipients_len,
-				      uint8_t cipher_algo,
-				      uint8_t aead_algo);
+				      uint8_t cipher_algo);
 
 /*/
 /// Frees this object.
diff --git a/openpgp-ffi/src/serialize.rs b/openpgp-ffi/src/serialize.rs
index 20ccc684..972ce7a5 100644
--- a/openpgp-ffi/src/serialize.rs
+++ b/openpgp-ffi/src/serialize.rs
@@ -13,7 +13,6 @@ use libc::{c_char, size_t, ssize_t};
 extern crate sequoia_openpgp as openpgp;
 
 use self::openpgp::types::{
-    AEADAlgorithm,
     SymmetricAlgorithm,
 };
 
@@ -352,8 +351,7 @@ pub extern "C" fn pgp_encryptor_new<'a>
      inner: *mut Message<'a>,
      passwords: Option<&*const c_char>, passwords_len: size_t,
      recipients: Option<&*mut Recipient<'a>>, recipients_len: size_t,
-     cipher_algo: u8,
-     aead_algo: u8)
+     cipher_algo: u8)
      -> *mut Message<'a>
 {
     ffi_make_fry_from_errp!(errp);
@@ -384,11 +382,6 @@ pub extern "C" fn pgp_encryptor_new<'a>
     } else {
         Some(cipher_algo.into())
     };
-    let aead_algo : Option<AEADAlgorithm> = if aead_algo == 0 {
-        None
-    } else {
-        Some(aead_algo.into())
-    };
     if passwords_.len() + recipients_.len() == 0 {
         ffi_try!(Err(anyhow::anyhow!(
             "Neither recipient nor password given")));
@@ -399,8 +392,5 @@ pub extern "C" fn pgp_encryptor_new<'a>
     if let Some(algo) = cipher_algo {
         encryptor = encryptor.symmetric_algo(algo);
     }
-    if let Some(algo) = aead_algo {
-        encryptor = encryptor.aead_algo(algo);
-    }
     ffi_try_box!(encryptor.build())
 }
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs
index 15e9cb9d..7b356dba 100644
--- a/openpgp/src/serialize/stream.rs
+++ b/openpgp/src/serialize/stream.rs
@@ -2435,6 +2435,10 @@ impl<'a> Encryptor<'a> {
     /// message.finalize()?;
     /// # Ok(()) }
     /// ```
+    // Function hidden from the public API due to
+    // https://gitlab.com/sequoia-pgp/sequoia/-/issues/550
+    // It is used only for tests so that it does not bit-rot.
+    #[cfg(test)]
     pub fn aead_algo(mut self, algo: AEADAlgorithm) -> Self {
         self.aead_algo = Some(algo);
         self
diff --git a/sop/src/main.rs b/sop/src/main.rs
index 15eccf4c..37f28d06 100644
--- a/sop/src/main.rs
+++ b/sop/src/main.rs
@@ -300,14 +300,12 @@ fn real_main() -> Result<()> {
             let message = stdout(no_armor, armor::Kind::Message)?;
 
             // Encrypt the message.
-            let mut encryptor =
+            let encryptor =
                 Encryptor::for_recipients(message, recipients)
                 .add_passwords(passwords)
                 .symmetric_algo(
                     symmetric_algos.get(0).cloned().unwrap_or_default());
-            if let Some(&a) = aead_algos.get(0) {
-                encryptor = encryptor.aead_algo(a);
-            }
+
             let message = encryptor.build()
                 .context("Failed to create encryptor")?;