From 56499a11ad76afce78f2344ebfcb2b1ce1ee437f Mon Sep 17 00:00:00 2001
From: pennae <github@quasiparticle.net>
Date: Sun, 17 Jul 2022 14:13:53 +0200
Subject: use SecretKey for key material in crypto

---
 src/api/auth/password.rs | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'src/api/auth/password.rs')

diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs
index e389261..79b7587 100644
--- a/src/api/auth/password.rs
+++ b/src/api/auth/password.rs
@@ -63,10 +63,9 @@ pub(crate) async fn change_start(
     let change_req = PasswordChangeReq::derive_from_change_token(&change_token);
     let key_fetch_token = KeyFetchToken::generate();
     let key_req = KeyFetchReq::derive_from(&key_fetch_token);
-    let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle {
-        ka: SecretBytes(user.ka.0),
-        wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)),
-    });
+    let wrapped = key_req
+        .derive_resp()
+        .wrap_keys(&KeyBundle { ka: user.ka, wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb) });
     db.add_key_fetch(key_req.token_id, &key_req.req_hmac_key, &wrapped).await?;
     db.add_password_change(&uid, &change_req.token_id, &change_req.req_hmac_key, None).await?;
 
@@ -106,7 +105,7 @@ impl<const IS_FORGOT: bool> AuthSource for WithChangeToken<IS_FORGOT> {
 #[allow(non_snake_case)]
 pub(crate) struct ChangeFinishReq {
     authPW: AuthPW,
-    wrapKb: SecretBytes<32>,
+    wrapKb: SecretKey,
     // MISSING sessionToken
 }
 
-- 
cgit v1.2.3