mirror of
https://github.com/uqbar-dao/nectar.git
synced 2025-01-04 15:53:21 +03:00
modified keygen.rs::decode_keyfile to return a Result with a Keyfile (newly in types.rs) or an Err. Invoking this new function signature in register.rs
This commit is contained in:
parent
0919dae011
commit
165746204a
@ -11,6 +11,8 @@ use ring::signature::{self, KeyPair};
|
||||
use ring::{digest as ring_digest, rand::SecureRandom};
|
||||
use std::num::NonZeroU32;
|
||||
|
||||
use crate::types::Keyfile;
|
||||
|
||||
type DiskKey = [u8; CREDENTIAL_LEN];
|
||||
|
||||
pub const CREDENTIAL_LEN: usize = ring_digest::SHA256_OUTPUT_LEN;
|
||||
@ -68,16 +70,11 @@ pub fn encode_keyfile(
|
||||
pub fn decode_keyfile(
|
||||
keyfile: Vec<u8>,
|
||||
password: &str,
|
||||
) -> (
|
||||
String,
|
||||
Vec<String>,
|
||||
signature::Ed25519KeyPair,
|
||||
Vec<u8>,
|
||||
Vec<u8>,
|
||||
) {
|
||||
) -> Result<Keyfile, &'static str> {
|
||||
|
||||
let (username, routers, salt, key_enc, jtw_enc, file_enc) =
|
||||
bincode::deserialize::<(String, Vec<String>, Vec<u8>, Vec<u8>, Vec<u8>, Vec<u8>)>(&keyfile)
|
||||
.unwrap();
|
||||
.map_err(|_| "failed to deserialize keyfile")?;
|
||||
|
||||
// rederive disk key
|
||||
let mut disk_key: DiskKey = [0u8; CREDENTIAL_LEN];
|
||||
@ -96,38 +93,26 @@ pub fn decode_keyfile(
|
||||
let jwt_nonce = generic_array::GenericArray::from_slice(&jtw_enc[..12]);
|
||||
let file_nonce = generic_array::GenericArray::from_slice(&file_enc[..12]);
|
||||
|
||||
println!("decrypting saved networking key...");
|
||||
let serialized_networking_keypair: Vec<u8> = match cipher.decrypt(net_nonce, &key_enc[12..]) {
|
||||
Ok(p) => p,
|
||||
Err(e) => {
|
||||
panic!("failed to decrypt networking keys: {}", e);
|
||||
}
|
||||
};
|
||||
let networking_keypair =
|
||||
match signature::Ed25519KeyPair::from_pkcs8(&serialized_networking_keypair) {
|
||||
Ok(k) => k,
|
||||
Err(_) => panic!("failed to parse networking keys"),
|
||||
};
|
||||
let serialized_networking_keypair: Vec<u8> = cipher.decrypt(net_nonce, &key_enc[12..])
|
||||
.map_err(|_| "failed to decrypt networking keys")?;
|
||||
|
||||
// TODO: check if jwt_secret_file is valid and then proceed to unwrap and decrypt. If there is a failure, generate a new jwt_secret and save it
|
||||
// use password to decrypt jwt secret
|
||||
println!("decrypting saved jwt secret...");
|
||||
let networking_keypair = signature::Ed25519KeyPair::from_pkcs8(&serialized_networking_keypair)
|
||||
.map_err(|_| "failed to parse networking keys")?;
|
||||
|
||||
let jwt: Vec<u8> = match cipher.decrypt(jwt_nonce, &jtw_enc[12..]) {
|
||||
Ok(p) => p,
|
||||
Err(e) => {
|
||||
panic!("failed to decrypt jwt secret: {}", e);
|
||||
}
|
||||
};
|
||||
let jwt_secret_bytes: Vec<u8> = cipher.decrypt(jwt_nonce, &jtw_enc[12..])
|
||||
.map_err(|_| "failed to decrypt jwt secret")?;
|
||||
|
||||
let file_key: Vec<u8> = match cipher.decrypt(file_nonce, &file_enc[12..]) {
|
||||
Ok(p) => p,
|
||||
Err(e) => {
|
||||
panic!("failed to decrypt file key: {}", e);
|
||||
}
|
||||
};
|
||||
let file_key: Vec<u8> = cipher.decrypt(file_nonce, &file_enc[12..])
|
||||
.map_err(|_| "failed to decrypt file key")?;
|
||||
|
||||
Ok(Keyfile {
|
||||
username,
|
||||
routers,
|
||||
networking_keypair,
|
||||
jwt_secret_bytes,
|
||||
file_key,
|
||||
})
|
||||
|
||||
(username, routers, networking_keypair, jwt, file_key)
|
||||
}
|
||||
|
||||
/// # Returns
|
||||
|
@ -206,15 +206,17 @@ async fn handle_password(
|
||||
None => return Err(warp::reject()),
|
||||
};
|
||||
// use password to decrypt networking keys
|
||||
let (username, routers, networking_keypair, jwt_secret_bytes, file_key) =
|
||||
keygen::decode_keyfile(keyfile, password);
|
||||
let decoded = match keygen::decode_keyfile(keyfile, password) {
|
||||
Ok(decoded) => decoded,
|
||||
Err(_) => return Err(warp::reject()),
|
||||
};
|
||||
|
||||
let token = match generate_jwt(&jwt_secret_bytes, username.clone()) {
|
||||
let token = match generate_jwt(&decoded.jwt_secret_bytes, decoded.username.clone()) {
|
||||
Some(token) => token,
|
||||
None => return Err(warp::reject()),
|
||||
};
|
||||
let cookie_value = format!("uqbar-auth_{}={};", &username, &token);
|
||||
let ws_cookie_value = format!("uqbar-ws-auth_{}={};", &username, &token);
|
||||
let cookie_value = format!("uqbar-auth_{}={};", &decoded.username, &token);
|
||||
let ws_cookie_value = format!("uqbar-ws-auth_{}={};", &decoded.username, &token);
|
||||
|
||||
let mut response = warp::reply::html("Success".to_string()).into_response();
|
||||
|
||||
@ -223,11 +225,11 @@ async fn handle_password(
|
||||
headers.append(SET_COOKIE, HeaderValue::from_str(&ws_cookie_value).unwrap());
|
||||
|
||||
tx.send((
|
||||
username,
|
||||
routers,
|
||||
networking_keypair,
|
||||
jwt_secret_bytes.to_vec(),
|
||||
file_key.to_vec(),
|
||||
decoded.username,
|
||||
decoded.routers,
|
||||
decoded.networking_keypair,
|
||||
decoded.jwt_secret_bytes.to_vec(),
|
||||
decoded.file_key.to_vec(),
|
||||
))
|
||||
.await
|
||||
.unwrap();
|
||||
|
10
src/types.rs
10
src/types.rs
@ -4,6 +4,7 @@ use std::{
|
||||
collections::{HashMap, HashSet},
|
||||
sync::Arc,
|
||||
};
|
||||
use ring::signature;
|
||||
use thiserror::Error;
|
||||
use tokio::sync::RwLock;
|
||||
|
||||
@ -70,6 +71,15 @@ pub struct IdentityTransaction {
|
||||
pub nonce: String,
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct Keyfile {
|
||||
pub username: String,
|
||||
pub routers: Vec<String>,
|
||||
pub networking_keypair: signature::Ed25519KeyPair,
|
||||
pub jwt_secret_bytes: Vec<u8>,
|
||||
pub file_key: Vec<u8>,
|
||||
}
|
||||
|
||||
//
|
||||
// process-facing kernel types, used for process
|
||||
// management and message-passing
|
||||
|
Loading…
Reference in New Issue
Block a user