summaryrefslogtreecommitdiff
path: root/src/api/auth
diff options
context:
space:
mode:
authorpennae <github@quasiparticle.net>2022-07-17 14:13:53 +0200
committerpennae <github@quasiparticle.net>2022-07-17 17:26:05 +0200
commit56499a11ad76afce78f2344ebfcb2b1ce1ee437f (patch)
treeb4ed61651499523fae5a6b1dd62498a5e13bb233 /src/api/auth
parent5d7f509f1a98c2d45870e3877b4d7bfa756d2d2a (diff)
downloadminor-skulk-56499a11ad76afce78f2344ebfcb2b1ce1ee437f.tar.gz
minor-skulk-56499a11ad76afce78f2344ebfcb2b1ce1ee437f.tar.xz
minor-skulk-56499a11ad76afce78f2344ebfcb2b1ce1ee437f.zip
use SecretKey for key material in crypto
Diffstat (limited to 'src/api/auth')
-rw-r--r--src/api/auth/account.rs17
-rw-r--r--src/api/auth/password.rs9
2 files changed, 12 insertions, 14 deletions
diff --git a/src/api/auth/account.rs b/src/api/auth/account.rs
index bff2a66..56ec717 100644
--- a/src/api/auth/account.rs
+++ b/src/api/auth/account.rs
@@ -90,8 +90,8 @@ pub(crate) async fn create(
},
}
- let ka = SecretBytes::generate();
- let wrapwrap_kb = SecretBytes::generate();
+ let ka = SecretKey::generate();
+ let wrapwrap_kb = SecretKey::generate();
let auth_salt = SaltString::generate(rand::rngs::OsRng);
let stretched = data.authPW.stretch(auth_salt.as_salt())?;
let verify_hash = stretched.verify_hash();
@@ -113,8 +113,8 @@ pub(crate) async fn create(
.add_user(User {
auth_salt,
email: data.email.to_owned(),
- ka: SecretKey(ka.0),
- wrapwrap_kb: SecretKey(wrapwrap_kb.0),
+ ka,
+ wrapwrap_kb,
verify_hash: VerifyHash(verify_hash),
display_name: None,
verified: false,
@@ -204,8 +204,8 @@ pub(crate) async fn login(
let key_fetch_token = KeyFetchToken::generate();
let req = KeyFetchReq::derive_from(&key_fetch_token);
let wrapped = req.derive_resp().wrap_keys(&KeyBundle {
- ka: SecretBytes(user.ka.0),
- wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)),
+ ka: user.ka,
+ wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb),
});
db.add_key_fetch(req.token_id, &req.req_hmac_key, &wrapped).await?;
Some(key_fetch_token)
@@ -380,13 +380,12 @@ pub(crate) async fn reset(
let notify_devs = db.get_devices(&data.context).await?;
- let wrapwrap_kb = SecretBytes::generate();
+ let wrapwrap_kb = SecretKey::generate();
let auth_salt = SaltString::generate(rand::rngs::OsRng);
let stretched = data.body.authPW.stretch(auth_salt.as_salt())?;
let verify_hash = stretched.verify_hash();
- db.reset_user_auth(&data.context, auth_salt, SecretKey(wrapwrap_kb.0), VerifyHash(verify_hash))
- .await?;
+ db.reset_user_auth(&data.context, auth_salt, wrapwrap_kb, VerifyHash(verify_hash)).await?;
defer.spawn_after_success("api::auth/account/reset(post)", {
let client = Arc::clone(client);
diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs
index e389261..79b7587 100644
--- a/src/api/auth/password.rs
+++ b/src/api/auth/password.rs
@@ -63,10 +63,9 @@ pub(crate) async fn change_start(
let change_req = PasswordChangeReq::derive_from_change_token(&change_token);
let key_fetch_token = KeyFetchToken::generate();
let key_req = KeyFetchReq::derive_from(&key_fetch_token);
- let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle {
- ka: SecretBytes(user.ka.0),
- wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)),
- });
+ let wrapped = key_req
+ .derive_resp()
+ .wrap_keys(&KeyBundle { ka: user.ka, wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb) });
db.add_key_fetch(key_req.token_id, &key_req.req_hmac_key, &wrapped).await?;
db.add_password_change(&uid, &change_req.token_id, &change_req.req_hmac_key, None).await?;
@@ -106,7 +105,7 @@ impl<const IS_FORGOT: bool> AuthSource for WithChangeToken<IS_FORGOT> {
#[allow(non_snake_case)]
pub(crate) struct ChangeFinishReq {
authPW: AuthPW,
- wrapKb: SecretBytes<32>,
+ wrapKb: SecretKey,
// MISSING sessionToken
}