From 47e25cd7f710fcd82356377cf48eccf9f65d31cc Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 12 Dec 2023 09:17:59 +0100 Subject: [PATCH] WIP --- src/config.rs | 25 ++++++++++++++++++++++--- src/login/mod.rs | 14 +++++++++++++- src/login/static_provider.rs | 6 +++--- src/main.rs | 4 +++- 4 files changed, 41 insertions(+), 8 deletions(-) diff --git a/src/config.rs b/src/config.rs index 506640f..cd3bff3 100644 --- a/src/config.rs +++ b/src/config.rs @@ -4,7 +4,7 @@ use std::net::SocketAddr; use std::path::PathBuf; use anyhow::Result; -use serde::{Deserialize, Serialize}; +use serde::{Deserialize, Serialize, Serializer, Deserializer}; #[derive(Serialize, Deserialize, Debug, Clone)] pub struct CompanionConfig { @@ -79,6 +79,7 @@ pub struct LoginLdapConfig { pub username_attr: String, #[serde(default = "default_mail_attr")] pub mail_attr: String, + pub crypto_root_attr: String, // Storage related thing #[serde(flatten)] @@ -110,9 +111,11 @@ pub type UserList = HashMap; #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(tag = "crypto_root")] pub enum CryptographyRoot { - PasswordProtected, + PasswordProtected { + root_blob: String, + }, Keyring, - InPlace { + ClearText { master_key: String, secret_key: String, } @@ -175,3 +178,19 @@ pub fn write_config(config_file: PathBuf, config: &T) -> Result<() fn default_mail_attr() -> String { "mail".into() } + +fn as_base64(val: &T, serializer: &mut S) -> Result<(), S::Error> + where T: AsRef<[u8]>, + S: Serializer +{ + serializer.serialize_str(&base64::encode(val.as_ref())) +} + +fn from_base64(deserializer: &mut D) -> Result, D::Error> + where D: Deserializer +{ + use serde::de::Error; + String::deserialize(deserializer) + .and_then(|string| base64::decode(&string).map_err(|err| Error::custom(err.to_string()))) +} + diff --git a/src/login/mod.rs b/src/login/mod.rs index a9b9efe..f7a81c2 100644 --- a/src/login/mod.rs +++ b/src/login/mod.rs @@ -169,9 +169,20 @@ impl CryptoKeys { } pub async fn open( - storage: &Builders, password: &str, + root_blob: &str, ) -> Result { + let kdf_salt = &password_blob[..32]; + let password_openned = try_open_encrypted_keys(kdf_salt, password, &password_blob[32..])?; + + let keys = Self::deserialize(&password_openned)?; + if keys.public != expected_public { + bail!("Password public key doesn't match stored public key"); + } + + Ok(keys) + + /* let k2v = storage.row_store()?; let (ident_salt, expected_public) = Self::load_salt_and_public(&k2v).await?; @@ -208,6 +219,7 @@ impl CryptoKeys { } Ok(keys) + */ } pub async fn open_without_password( diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs index 0f6ab3a..7fadf2f 100644 --- a/src/login/static_provider.rs +++ b/src/login/static_provider.rs @@ -83,15 +83,15 @@ impl LoginProvider for StaticLoginProvider { }; let keys = match &user.crypto_root { /*(&user.master_key, &user.secret_key) {*/ - CryptographyRoot::InPlace { master_key: m, secret_key: s } => { + CryptographyRoot::ClearText { master_key: m, secret_key: s } => { let master_key = Key::from_slice(&base64::decode(m)?).ok_or(anyhow!("Invalid master key"))?; let secret_key = SecretKey::from_slice(&base64::decode(s)?) .ok_or(anyhow!("Invalid secret key"))?; CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await? } - CryptographyRoot::PasswordProtected => { - CryptoKeys::open(&storage, password).await? + CryptographyRoot::PasswordProtected { root_blob } => { + CryptoKeys::open(password, root_blob).await? } CryptographyRoot::Keyring => unimplemented!(), }; diff --git a/src/main.rs b/src/main.rs index 679204d..c252623 100644 --- a/src/main.rs +++ b/src/main.rs @@ -191,7 +191,9 @@ fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) - write_config(users.clone(), &ulist)?; }, AccountManagement::Delete { login } => { - unimplemented!(); + tracing::debug!(user=login, "will-delete"); + ulist.remove(&login); + write_config(users.clone(), &ulist)?; }, AccountManagement::ChangePassword { login } => { unimplemented!();