diff options
Diffstat (limited to 'openpgp/src/crypto/mem.rs')
-rw-r--r-- | openpgp/src/crypto/mem.rs | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs index 8342aa8e..fa2adb0b 100644 --- a/openpgp/src/crypto/mem.rs +++ b/openpgp/src/crypto/mem.rs @@ -213,7 +213,7 @@ impl fmt::Debug for Protected { #[derive(Clone, Debug)] pub struct Encrypted { ciphertext: Protected, - iv: Protected, + iv: Box<[u8]>, } assert_send_and_sync!(Encrypted); @@ -243,7 +243,8 @@ const ENCRYPTED_MEMORY_PAGE_SIZE: usize = 4096; /// /// Code outside of it cannot access it, because `PREKEY` is private. mod has_access_to_prekey { - use std::io::{self, Cursor, Write}; + use std::io::{self, Write}; + use buffered_reader::Memory; use crate::types::{AEADAlgorithm, HashAlgorithm, SymmetricAlgorithm}; use crate::crypto::{aead, SessionKey}; use crate::crypto::hash::Digest; @@ -281,6 +282,15 @@ mod has_access_to_prekey { sk } + /// Returns the schedule for use with the AEAD encryption. + fn schedule(iv: &[u8]) -> impl aead::Schedule { + aead::AEDv1Schedule::new( + SYMMETRIC_ALGO, + AEAD_ALGO, + 4096, + iv).expect("valid parameters") + } + /// Encrypts the given chunk of memory. pub fn new(p: Protected) -> Self { let mut iv = @@ -291,12 +301,11 @@ mod has_access_to_prekey { let mut ciphertext = Vec::new(); { let mut encryptor = - aead::Encryptor::new(1, - SYMMETRIC_ALGO, + aead::Encryptor::new(SYMMETRIC_ALGO, AEAD_ALGO, 4096, - &iv, - &Self::sealing_key(), + Self::schedule(&iv), + Self::sealing_key(), &mut ciphertext) .expect("Mandatory algorithm unsupported"); encryptor.write_all(&p).unwrap(); @@ -314,15 +323,18 @@ mod has_access_to_prekey { pub fn map<F, T>(&self, mut fun: F) -> T where F: FnMut(&Protected) -> T { + let ciphertext = + Memory::with_cookie(&self.ciphertext, Default::default()); let mut plaintext = Vec::new(); + let mut decryptor = - aead::Decryptor::new(1, + aead::Decryptor::from_buffered_reader( SYMMETRIC_ALGO, AEAD_ALGO, 4096, - &self.iv, - &Self::sealing_key(), - Cursor::new(&self.ciphertext)) + Self::schedule(&self.iv), + Self::sealing_key(), + Box::new(ciphertext)) .expect("Mandatory algorithm unsupported"); io::copy(&mut decryptor, &mut plaintext) .expect("Encrypted memory modified or corrupted"); |