diff --git a/src/aes.rs b/src/aes.rs index 3d32e6c..29708be 100644 --- a/src/aes.rs +++ b/src/aes.rs @@ -62,13 +62,12 @@ pub struct PlaintextDocument(pub Vec); #[derive(Debug, Clone, Copy, PartialEq, Eq)] pub struct EncryptionKey(pub [u8; 32]); -/// Decrypt the AES encrypted payload using the key. Note that the IV is on the front of the payload and the tag -/// is on the end. +/// Decrypt the AES encrypted payload using the key. Note that the IV is on the front of the payload. pub fn decrypt_document_with_attached_iv( key: &EncryptionKey, - aes_encrypted_payload: &[u8], + aes_encrypted_payload: &IvAndCiphertext, ) -> Result { - let (iv_slice, ciphertext) = aes_encrypted_payload.split_at(IV_LEN); + let (iv_slice, ciphertext) = aes_encrypted_payload.0.split_at(IV_LEN); let iv = iv_slice .try_into() .expect("IV conversion will always have 12 bytes."); @@ -162,7 +161,7 @@ mod test { let encrypted = encrypt_document_and_attach_iv(&mut rng, key, PlaintextDocument(document.clone())) .unwrap(); - let result = decrypt_document_with_attached_iv(&key, encrypted.as_ref()).unwrap(); + let result = decrypt_document_with_attached_iv(&key, &encrypted).unwrap(); assert_eq!(result.0, document); } } diff --git a/src/v3/mod.rs b/src/v3/mod.rs index 1cbadb8..67a433d 100644 --- a/src/v3/mod.rs +++ b/src/v3/mod.rs @@ -71,7 +71,7 @@ impl EncryptedPayload { /// Decrypt a V3 detached document and verify its signature. pub fn decrypt(self, key: &EncryptionKey) -> Result { if verify_signature(key.0, &self.v3_document_header) { - decrypt_document_with_attached_iv(key, &self.iv_and_ciphertext.0) + decrypt_document_with_attached_iv(key, &self.iv_and_ciphertext) } else { Err(Error::DecryptError( "Signature validation failed.".to_string(), diff --git a/src/v5/mod.rs b/src/v5/mod.rs index 86e5dc5..ea05e05 100644 --- a/src/v5/mod.rs +++ b/src/v5/mod.rs @@ -24,7 +24,7 @@ pub(crate) const DETACHED_HEADER_LEN: usize = 5; /// This value is correct by construction and will be validated when we create it. /// There is no public constructor, only the TryFrom implementations. #[derive(Debug, Clone, PartialEq, Eq)] -pub struct EncryptedPayload(pub IvAndCiphertext); +pub struct EncryptedPayload(IvAndCiphertext); impl Default for EncryptedPayload { fn default() -> EncryptedPayload { @@ -60,6 +60,12 @@ impl TryFrom> for EncryptedPayload { } } +impl From for EncryptedPayload { + fn from(value: IvAndCiphertext) -> Self { + EncryptedPayload(value) + } +} + impl EncryptedPayload { /// Convert the encrypted payload to t pub fn to_aes_value_with_attached_iv(self) -> IvAndCiphertext { @@ -68,10 +74,7 @@ impl EncryptedPayload { /// Decrypt a V5 detached document. The document should have the expected header pub fn decrypt(self, key: &EncryptionKey) -> Result { - crate::aes::decrypt_document_with_attached_iv( - key, - self.to_aes_value_with_attached_iv().as_ref(), - ) + crate::aes::decrypt_document_with_attached_iv(key, &self.to_aes_value_with_attached_iv()) } pub fn write_to_bytes(&self) -> Vec { @@ -91,9 +94,9 @@ pub fn encrypt_detached_document( document: PlaintextDocument, ) -> Result { let (iv, enc_data) = aes_encrypt(key, &document.0, &[], rng)?; - [&[V0], &MAGIC[..], &iv[..], &enc_data.0[..]] - .concat() - .try_into() + Ok(EncryptedPayload(IvAndCiphertext( + iv.into_iter().chain(enc_data.0.into_iter()).collect(), + ))) } pub fn parse_standard_edek(edek_bytes: Bytes) -> Result<(KeyIdHeader, V4DocumentHeader)> {