As of #52, this crate does not support encrypting or decrypting across multiple records with the legacy aesgcm encoding. However, given the way that the chunking code is currently implemented in a shared helper, this was implemented in a deliberately ham-fisted way: we allow the record-chunking code to run, then check how many records it produced, and throw an error if it produced multiple records.
Let's take the opportunity to actually clean up this code, taking advantage of that fact that we now only need to support aes128gcm. In practice I think this means something like:
- Getting rid of the shared
EceWebPush trait; a big part of its job is providing the shared record-chunking code, which no longer needs to be shared.
- Maybe we'll want to keep it around for e.g. common error handling, but it might be simpler to just duplicate that...
- Making a "chunk plaintext into records" iterator that's specific to the
aes128gcm scheme, which takes the plaintext and the padding length and return record-sized chunks to be encrypted.
- We don't need a "chunk ciphertext into records" equivalent because Rust's
&[u8].chunks already exists.
- Making a much simpler
aesgcm encryption routine that throws an error if the plaintext+padding size exceeds the size of a single record
- Making a much simpler
aesgcm decryption routine that throws an error if the ciphertext size exceeds the size of a single record.
As of #52, this crate does not support encrypting or decrypting across multiple records with the legacy
aesgcmencoding. However, given the way that the chunking code is currently implemented in a shared helper, this was implemented in a deliberately ham-fisted way: we allow the record-chunking code to run, then check how many records it produced, and throw an error if it produced multiple records.Let's take the opportunity to actually clean up this code, taking advantage of that fact that we now only need to support
aes128gcm. In practice I think this means something like:EceWebPushtrait; a big part of its job is providing the shared record-chunking code, which no longer needs to be shared.aes128gcmscheme, which takes the plaintext and the padding length and return record-sized chunks to be encrypted.&[u8].chunksalready exists.aesgcmencryption routine that throws an error if the plaintext+padding size exceeds the size of a single recordaesgcmdecryption routine that throws an error if the ciphertext size exceeds the size of a single record.