From 56499a11ad76afce78f2344ebfcb2b1ce1ee437f Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 17 Jul 2022 14:13:53 +0200 Subject: use SecretKey for key material in crypto --- src/api/auth/account.rs | 17 ++++++++--------- src/api/auth/password.rs | 9 ++++----- 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'src/api/auth') diff --git a/src/api/auth/account.rs b/src/api/auth/account.rs index bff2a66..56ec717 100644 --- a/src/api/auth/account.rs +++ b/src/api/auth/account.rs @@ -90,8 +90,8 @@ pub(crate) async fn create( }, } - let ka = SecretBytes::generate(); - let wrapwrap_kb = SecretBytes::generate(); + let ka = SecretKey::generate(); + let wrapwrap_kb = SecretKey::generate(); let auth_salt = SaltString::generate(rand::rngs::OsRng); let stretched = data.authPW.stretch(auth_salt.as_salt())?; let verify_hash = stretched.verify_hash(); @@ -113,8 +113,8 @@ pub(crate) async fn create( .add_user(User { auth_salt, email: data.email.to_owned(), - ka: SecretKey(ka.0), - wrapwrap_kb: SecretKey(wrapwrap_kb.0), + ka, + wrapwrap_kb, verify_hash: VerifyHash(verify_hash), display_name: None, verified: false, @@ -204,8 +204,8 @@ pub(crate) async fn login( let key_fetch_token = KeyFetchToken::generate(); let req = KeyFetchReq::derive_from(&key_fetch_token); let wrapped = req.derive_resp().wrap_keys(&KeyBundle { - ka: SecretBytes(user.ka.0), - wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), + ka: user.ka, + wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb), }); db.add_key_fetch(req.token_id, &req.req_hmac_key, &wrapped).await?; Some(key_fetch_token) @@ -380,13 +380,12 @@ pub(crate) async fn reset( let notify_devs = db.get_devices(&data.context).await?; - let wrapwrap_kb = SecretBytes::generate(); + let wrapwrap_kb = SecretKey::generate(); let auth_salt = SaltString::generate(rand::rngs::OsRng); let stretched = data.body.authPW.stretch(auth_salt.as_salt())?; let verify_hash = stretched.verify_hash(); - db.reset_user_auth(&data.context, auth_salt, SecretKey(wrapwrap_kb.0), VerifyHash(verify_hash)) - .await?; + db.reset_user_auth(&data.context, auth_salt, wrapwrap_kb, VerifyHash(verify_hash)).await?; defer.spawn_after_success("api::auth/account/reset(post)", { let client = Arc::clone(client); diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs index e389261..79b7587 100644 --- a/src/api/auth/password.rs +++ b/src/api/auth/password.rs @@ -63,10 +63,9 @@ pub(crate) async fn change_start( let change_req = PasswordChangeReq::derive_from_change_token(&change_token); let key_fetch_token = KeyFetchToken::generate(); let key_req = KeyFetchReq::derive_from(&key_fetch_token); - let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle { - ka: SecretBytes(user.ka.0), - wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), - }); + let wrapped = key_req + .derive_resp() + .wrap_keys(&KeyBundle { ka: user.ka, wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb) }); db.add_key_fetch(key_req.token_id, &key_req.req_hmac_key, &wrapped).await?; db.add_password_change(&uid, &change_req.token_id, &change_req.req_hmac_key, None).await?; @@ -106,7 +105,7 @@ impl AuthSource for WithChangeToken { #[allow(non_snake_case)] pub(crate) struct ChangeFinishReq { authPW: AuthPW, - wrapKb: SecretBytes<32>, + wrapKb: SecretKey, // MISSING sessionToken } -- cgit v1.2.3