modified keygen.rs::decode_keyfile to return a Result with a Keyfile (newly in types.rs) or an Err. Invoking this new function signature in register.rs

src/keygen.rs

@@ -11,6 +11,8 @@ use ring::signature::{self, KeyPair};
 use ring::{digest as ring_digest, rand::SecureRandom};
 use std::num::NonZeroU32;
 
+use crate::types::Keyfile;
+
 type DiskKey = [u8; CREDENTIAL_LEN];
 
 pub const CREDENTIAL_LEN: usize = ring_digest::SHA256_OUTPUT_LEN;
@@ -68,16 +70,11 @@ pub fn encode_keyfile(
 pub fn decode_keyfile(
     keyfile: Vec<u8>,
     password: &str,
-) -> (
-    String,
-    Vec<String>,
-    signature::Ed25519KeyPair,
-    Vec<u8>,
-    Vec<u8>,
-) {
+) -> Result<Keyfile, &'static str> {
+
     let (username, routers, salt, key_enc, jtw_enc, file_enc) =
         bincode::deserialize::<(String, Vec<String>, Vec<u8>, Vec<u8>, Vec<u8>, Vec<u8>)>(&keyfile)
-            .unwrap();
+            .map_err(|_| "failed to deserialize keyfile")?;
 
     // rederive disk key
     let mut disk_key: DiskKey = [0u8; CREDENTIAL_LEN];
@@ -96,38 +93,26 @@ pub fn decode_keyfile(
     let jwt_nonce = generic_array::GenericArray::from_slice(&jtw_enc[..12]);
     let file_nonce = generic_array::GenericArray::from_slice(&file_enc[..12]);
 
-    println!("decrypting saved networking key...");
-    let serialized_networking_keypair: Vec<u8> = match cipher.decrypt(net_nonce, &key_enc[12..]) {
-        Ok(p) => p,
-        Err(e) => {
-            panic!("failed to decrypt networking keys: {}", e);
-        }
-    };
-    let networking_keypair =
-        match signature::Ed25519KeyPair::from_pkcs8(&serialized_networking_keypair) {
-            Ok(k) => k,
-            Err(_) => panic!("failed to parse networking keys"),
-        };
+    let serialized_networking_keypair: Vec<u8> = cipher.decrypt(net_nonce, &key_enc[12..])
+        .map_err(|_| "failed to decrypt networking keys")?;
 
-    // TODO: check if jwt_secret_file is valid and then proceed to unwrap and decrypt. If there is a failure, generate a new jwt_secret and save it
-    // use password to decrypt jwt secret
-    println!("decrypting saved jwt secret...");
+    let networking_keypair = signature::Ed25519KeyPair::from_pkcs8(&serialized_networking_keypair)
+        .map_err(|_| "failed to parse networking keys")?;
 
-    let jwt: Vec<u8> = match cipher.decrypt(jwt_nonce, &jtw_enc[12..]) {
-        Ok(p) => p,
-        Err(e) => {
-            panic!("failed to decrypt jwt secret: {}", e);
-        }
-    };
+    let jwt_secret_bytes: Vec<u8> = cipher.decrypt(jwt_nonce, &jtw_enc[12..])
+        .map_err(|_| "failed to decrypt jwt secret")?;
 
-    let file_key: Vec<u8> = match cipher.decrypt(file_nonce, &file_enc[12..]) {
-        Ok(p) => p,
-        Err(e) => {
-            panic!("failed to decrypt file key: {}", e);
-        }
-    };
+    let file_key: Vec<u8> = cipher.decrypt(file_nonce, &file_enc[12..])
+        .map_err(|_| "failed to decrypt file key")?;
+
+    Ok(Keyfile {
+        username, 
+        routers, 
+        networking_keypair, 
+        jwt_secret_bytes, 
+        file_key,
+    })
 
-    (username, routers, networking_keypair, jwt, file_key)
 }
 
 /// # Returns

src/register.rs

@@ -206,15 +206,17 @@ async fn handle_password(
         None => return Err(warp::reject()),
     };
     // use password to decrypt networking keys
-    let (username, routers, networking_keypair, jwt_secret_bytes, file_key) =
-        keygen::decode_keyfile(keyfile, password);
+    let decoded = match keygen::decode_keyfile(keyfile, password) {
+        Ok(decoded) => decoded,
+        Err(_) => return Err(warp::reject()),
+    };
 
-    let token = match generate_jwt(&jwt_secret_bytes, username.clone()) {
+    let token = match generate_jwt(&decoded.jwt_secret_bytes, decoded.username.clone()) {
         Some(token) => token,
         None => return Err(warp::reject()),
     };
-    let cookie_value = format!("uqbar-auth_{}={};", &username, &token);
-    let ws_cookie_value = format!("uqbar-ws-auth_{}={};", &username, &token);
+    let cookie_value = format!("uqbar-auth_{}={};", &decoded.username, &token);
+    let ws_cookie_value = format!("uqbar-ws-auth_{}={};", &decoded.username, &token);
 
     let mut response = warp::reply::html("Success".to_string()).into_response();
 
@@ -223,11 +225,11 @@ async fn handle_password(
     headers.append(SET_COOKIE, HeaderValue::from_str(&ws_cookie_value).unwrap());
 
     tx.send((
-        username,
-        routers,
-        networking_keypair,
-        jwt_secret_bytes.to_vec(),
-        file_key.to_vec(),
+        decoded.username,
+        decoded.routers,
+        decoded.networking_keypair,
+        decoded.jwt_secret_bytes.to_vec(),
+        decoded.file_key.to_vec(),
     ))
     .await
     .unwrap();

src/types.rs

@@ -4,6 +4,7 @@ use std::{
     collections::{HashMap, HashSet},
     sync::Arc,
 };
+use ring::signature;
 use thiserror::Error;
 use tokio::sync::RwLock;
 
@@ -70,6 +71,15 @@ pub struct IdentityTransaction {
     pub nonce: String,
 }
 
+#[derive(Debug)]
+pub struct Keyfile {
+    pub username: String,
+    pub routers: Vec<String>,
+    pub networking_keypair: signature::Ed25519KeyPair,
+    pub jwt_secret_bytes: Vec<u8>,
+    pub file_key: Vec<u8>,
+}
+
 //
 // process-facing kernel types, used for process
 // management and message-passing