diff options
| -rw-r--r-- | guide/src/chapter_02.md | 12 | ||||
| -rw-r--r-- | openpgp-ffi/examples/encrypt-for.c | 9 | ||||
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 16 | ||||
| -rw-r--r-- | openpgp-ffi/src/serialize.rs | 10 | ||||
| -rw-r--r-- | openpgp/examples/encrypt-for.rs | 3 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 3 | ||||
| -rw-r--r-- | openpgp/src/autocrypt.rs | 3 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 26 | ||||
| -rw-r--r-- | tool/src/commands/mod.rs | 3 |
9 files changed, 48 insertions, 37 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 5db1cbdc..0afcf3f3 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -55,7 +55,8 @@ fn main() { # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. # &[recipient], -# EncryptionMode::ForTransport)?; +# EncryptionMode::ForTransport, +# None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( @@ -192,7 +193,8 @@ fn generate() -> openpgp::Result<openpgp::TPK> { # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. # &[recipient], -# EncryptionMode::ForTransport)?; +# EncryptionMode::ForTransport, +# None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( @@ -329,7 +331,8 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) let encryptor = Encryptor::new(message, &[], // No symmetric encryption. &[recipient], - EncryptionMode::ForTransport)?; + EncryptionMode::ForTransport, + None)?; // Emit a literal data packet. let mut literal_writer = LiteralWriter::new( @@ -480,7 +483,8 @@ Decrypted data can be read from this using [`io::Read`]. # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. # &[recipient], -# EncryptionMode::ForTransport)?; +# EncryptionMode::ForTransport, +# None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c index 16295678..32106319 100644 --- a/openpgp-ffi/examples/encrypt-for.c +++ b/openpgp-ffi/examples/encrypt-for.c @@ -56,10 +56,11 @@ main (int argc, char **argv) writer = pgp_writer_stack_message (sink); writer = pgp_encryptor_new (&err, - writer, - NULL, 0, /* no passwords */ - &tpk, 1, - PGP_ENCRYPTION_MODE_FOR_TRANSPORT); + writer, + NULL, 0, /* no passwords */ + &tpk, 1, + PGP_ENCRYPTION_MODE_FOR_TRANSPORT, + 9 /* AES256 */); if (writer == NULL) error (1, 0, "pgp_encryptor_new: %s", pgp_error_to_string (err)); diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index b00cce91..7063d214 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -1378,17 +1378,15 @@ pgp_writer_stack_t pgp_literal_writer_new (pgp_error_t *errp, /// The stream will be encrypted using a generated session key, /// which will be encrypted using the given passwords, and all /// encryption-capable subkeys of the given TPKs. -/// -/// The stream is encrypted using AES256, regardless of any key -/// preferences. /*/ pgp_writer_stack_t pgp_encryptor_new (pgp_error_t *errp, - pgp_writer_stack_t inner, - char **passwords, - size_t passwords_len, - pgp_tpk_t *recipients, - size_t recipients_len, - pgp_encryption_mode_t mode); + pgp_writer_stack_t inner, + char **passwords, + size_t passwords_len, + pgp_tpk_t *recipients, + size_t recipients_len, + pgp_encryption_mode_t mode, + uint8_t cipher_algo); /*/ /// Creates an pgp_secret_t from a decrypted session key. diff --git a/openpgp-ffi/src/serialize.rs b/openpgp-ffi/src/serialize.rs index 61e69a98..f39a069d 100644 --- a/openpgp-ffi/src/serialize.rs +++ b/openpgp-ffi/src/serialize.rs @@ -221,7 +221,8 @@ pub extern "system" fn pgp_encryptor_new inner: *mut writer::Stack<'static, Cookie>, passwords: Option<&*const c_char>, passwords_len: size_t, recipients: Option<&*const TPK>, recipients_len: size_t, - encryption_mode: uint8_t) + encryption_mode: uint8_t, + cipher_algo: uint8_t) -> *mut writer::Stack<'static, Cookie> { ffi_make_fry_from_errp!(errp); @@ -253,7 +254,8 @@ pub extern "system" fn pgp_encryptor_new _ => panic!("Bad encryption mode: {}", encryption_mode), }; ffi_try_box!(Encryptor::new(*inner, - &passwords_.iter().collect::<Vec<&Password>>(), - &recipients[..], - encryption_mode)) + &passwords_.iter().collect::<Vec<&Password>>(), + &recipients[..], + encryption_mode, + Some(cipher_algo.into()))) } diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index 51f5a981..3fd1217c 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -49,7 +49,8 @@ fn main() { let encryptor = Encryptor::new(message, &[], // No symmetric encryption. &recipients, - mode) + mode, + None) .expect("Failed to create encryptor"); let mut literal_writer = LiteralWriter::new(encryptor, DataFormat::Binary, None, None) diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 3fb00103..369e82ba 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -46,7 +46,8 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) let encryptor = Encryptor::new(message, &[], // No symmetric encryption. &[recipient], - EncryptionMode::ForTransport)?; + EncryptionMode::ForTransport, + None)?; // Emit a literal data packet. let mut literal_writer = LiteralWriter::new( diff --git a/openpgp/src/autocrypt.rs b/openpgp/src/autocrypt.rs index 8279897b..0faa1df7 100644 --- a/openpgp/src/autocrypt.rs +++ b/openpgp/src/autocrypt.rs @@ -407,7 +407,8 @@ impl AutocryptSetupMessage { let w = Encryptor::new(m, &[ self.passcode.as_ref().unwrap() ], &[], - EncryptionMode::ForTransport)?; + EncryptionMode::ForTransport, + None)?; let mut w = LiteralWriter::new(w, DataFormat::Binary, /* filename*/ None, /* date */ None)?; diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 6c303054..d06c1222 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -839,8 +839,8 @@ impl<'a> Encryptor<'a> { /// which will be encrypted using the given passwords, and all /// encryption-capable subkeys of the given TPKs. /// - /// The stream is encrypted using AES256, regardless of any key - /// preferences. + /// Unless otherwise specified, the stream is encrypted using + /// AES256. Key preferences of the recipients are not honored. /// /// # Example /// @@ -897,8 +897,7 @@ impl<'a> Encryptor<'a> { /// let message = Message::new(&mut o); /// let encryptor = Encryptor::new(message, /// &[&"совершенно секретно".into()], - /// &[&tpk], - /// EncryptionMode::AtRest) + /// &[&tpk], EncryptionMode::AtRest, None) /// .expect("Failed to create encryptor"); /// let mut w = LiteralWriter::new(encryptor, DataFormat::Text, None, None)?; /// w.write_all(b"Hello world.")?; @@ -906,10 +905,13 @@ impl<'a> Encryptor<'a> { /// # Ok(()) /// # } /// ``` - pub fn new(mut inner: writer::Stack<'a, Cookie>, - passwords: &[&Password], tpks: &[&TPK], - encryption_mode: EncryptionMode) - -> Result<writer::Stack<'a, Cookie>> { + pub fn new<C>(mut inner: writer::Stack<'a, Cookie>, + passwords: &[&Password], tpks: &[&TPK], + encryption_mode: EncryptionMode, + cipher_algo: C) + -> Result<writer::Stack<'a, Cookie>> + where C: Into<Option<SymmetricAlgorithm>> + { if tpks.len() + passwords.len() == 0 { return Err(Error::InvalidArgument( "Neither recipient keys nor passwords given".into()).into()); @@ -940,10 +942,10 @@ impl<'a> Encryptor<'a> { }; let level = inner.as_ref().cookie_ref().level + 1; - let algo = SymmetricAlgorithm::AES256; + let algo = cipher_algo.into().unwrap_or(SymmetricAlgorithm::AES256); // Generate a session key. - let sk = SessionKey::new(&mut rng, algo.key_size().unwrap()); + let sk = SessionKey::new(&mut rng, algo.key_size()?); // Write the PKESK packet(s). for tpk in tpks { @@ -1052,7 +1054,7 @@ impl<'a> Encryptor<'a> { })); // Write the initialization vector, and the quick-check bytes. - let mut iv = vec![0; algo.block_size().unwrap()]; + let mut iv = vec![0; algo.block_size()?]; rng.random(&mut iv); encryptor.write_all(&iv)?; encryptor.write_all(&iv[iv.len() - 2..])?; @@ -1407,7 +1409,7 @@ mod test { let m = Message::new(&mut o); let encryptor = Encryptor::new( m, &passwords.iter().collect::<Vec<&Password>>(), - &[], EncryptionMode::ForTransport) + &[], EncryptionMode::ForTransport, None) .unwrap(); let mut literal = LiteralWriter::new(encryptor, DataFormat::Binary, None, None) diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index b5deb4a9..393bddcc 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -107,7 +107,8 @@ pub fn encrypt(store: &mut store::Store, let mut sink = Encryptor::new(message, &passwords_, &recipients, - EncryptionMode::AtRest) + EncryptionMode::AtRest, + None) .context("Failed to create encryptor")?; // Optionally sign message. |