diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-12-12 09:17:59 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-12-12 09:17:59 +0100 |
commit | 47e25cd7f710fcd82356377cf48eccf9f65d31cc (patch) | |
tree | b847e1b83b6608047d666acc4856113604fc0dbd | |
parent | 23f918fd0edb224668fb775c770075eb4f44ce4d (diff) | |
download | aerogramme-47e25cd7f710fcd82356377cf48eccf9f65d31cc.tar.gz aerogramme-47e25cd7f710fcd82356377cf48eccf9f65d31cc.zip |
WIP
-rw-r--r-- | src/config.rs | 25 | ||||
-rw-r--r-- | src/login/mod.rs | 14 | ||||
-rw-r--r-- | src/login/static_provider.rs | 6 | ||||
-rw-r--r-- | src/main.rs | 4 |
4 files changed, 41 insertions, 8 deletions
diff --git a/src/config.rs b/src/config.rs index 506640f..cd3bff3 100644 --- a/src/config.rs +++ b/src/config.rs @@ -4,7 +4,7 @@ use std::net::SocketAddr; use std::path::PathBuf; use anyhow::Result; -use serde::{Deserialize, Serialize}; +use serde::{Deserialize, Serialize, Serializer, Deserializer}; #[derive(Serialize, Deserialize, Debug, Clone)] pub struct CompanionConfig { @@ -79,6 +79,7 @@ pub struct LoginLdapConfig { pub username_attr: String, #[serde(default = "default_mail_attr")] pub mail_attr: String, + pub crypto_root_attr: String, // Storage related thing #[serde(flatten)] @@ -110,9 +111,11 @@ pub type UserList = HashMap<String, UserEntry>; #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(tag = "crypto_root")] pub enum CryptographyRoot { - PasswordProtected, + PasswordProtected { + root_blob: String, + }, Keyring, - InPlace { + ClearText { master_key: String, secret_key: String, } @@ -175,3 +178,19 @@ pub fn write_config<T: Serialize>(config_file: PathBuf, config: &T) -> Result<() fn default_mail_attr() -> String { "mail".into() } + +fn as_base64<T, S>(val: &T, serializer: &mut S) -> Result<(), S::Error> + where T: AsRef<[u8]>, + S: Serializer<Ok = ()> +{ + serializer.serialize_str(&base64::encode(val.as_ref())) +} + +fn from_base64<D>(deserializer: &mut D) -> Result<Vec<u8>, D::Error> + where D: Deserializer +{ + use serde::de::Error; + String::deserialize(deserializer) + .and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string()))) +} + diff --git a/src/login/mod.rs b/src/login/mod.rs index a9b9efe..f7a81c2 100644 --- a/src/login/mod.rs +++ b/src/login/mod.rs @@ -169,9 +169,20 @@ impl CryptoKeys { } pub async fn open( - storage: &Builders, password: &str, + root_blob: &str, ) -> Result<Self> { + let kdf_salt = &password_blob[..32]; + let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?; + + let keys = Self::deserialize(&password_openned)?; + if keys.public != expected_public { + bail!("Password public key doesn't match stored public key"); + } + + Ok(keys) + + /* let k2v = storage.row_store()?; let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?; @@ -208,6 +219,7 @@ impl CryptoKeys { } Ok(keys) + */ } pub async fn open_without_password( diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs index 0f6ab3a..7fadf2f 100644 --- a/src/login/static_provider.rs +++ b/src/login/static_provider.rs @@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider { }; let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/ - CryptographyRoot::InPlace { master_key: m, secret_key: s } => { + CryptographyRoot::ClearText { master_key: m, secret_key: s } => { let master_key = Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?; let secret_key = SecretKey::from_slice(&base64::decode(s)?) .ok_or(anyhow!("Invalid secret key"))?; CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await? } - CryptographyRoot::PasswordProtected => { - CryptoKeys::open(&storage, password).await? + CryptographyRoot::PasswordProtected { root_blob } => { + CryptoKeys::open(password, root_blob).await? } CryptographyRoot::Keyring => unimplemented!(), }; diff --git a/src/main.rs b/src/main.rs index 679204d..c252623 100644 --- a/src/main.rs +++ b/src/main.rs @@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) - write_config(users.clone(), &ulist)?; }, AccountManagement::Delete { login } => { - unimplemented!(); + tracing::debug!(user=login, "will-delete"); + ulist.remove(&login); + write_config(users.clone(), &ulist)?; }, AccountManagement::ChangePassword { login } => { unimplemented!(); |