cleanup: factor out decrypt_key_config
This commit is contained in:
parent
ac163a7c18
commit
8ca37d6a65
@ -192,16 +192,14 @@ pub fn load_and_decrypt_key(
|
|||||||
.with_context(|| format!("failed to load decryption key from {:?}", path))
|
.with_context(|| format!("failed to load decryption key from {:?}", path))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn decrypt_key(
|
pub fn decrypt_key_config(
|
||||||
mut keydata: &[u8],
|
key_config: &KeyConfig,
|
||||||
passphrase: &dyn Fn() -> Result<Vec<u8>, Error>,
|
passphrase: &dyn Fn() -> Result<Vec<u8>, Error>,
|
||||||
) -> Result<([u8;32], i64, Fingerprint), Error> {
|
) -> Result<([u8;32], i64, Fingerprint), Error> {
|
||||||
let key_config: KeyConfig = serde_json::from_reader(&mut keydata)?;
|
|
||||||
|
|
||||||
let raw_data = key_config.data;
|
let raw_data = &key_config.data;
|
||||||
let created = key_config.created;
|
|
||||||
|
|
||||||
let key = if let Some(kdf) = key_config.kdf {
|
let key = if let Some(ref kdf) = key_config.kdf {
|
||||||
|
|
||||||
let passphrase = passphrase()?;
|
let passphrase = passphrase()?;
|
||||||
if passphrase.len() < 5 {
|
if passphrase.len() < 5 {
|
||||||
@ -226,10 +224,10 @@ pub fn decrypt_key(
|
|||||||
b"", //??
|
b"", //??
|
||||||
&enc_data,
|
&enc_data,
|
||||||
&tag,
|
&tag,
|
||||||
).map_err(|err| format_err!("Unable to decrypt key - {}", err))?
|
).map_err(|err| format_err!("Unable to decrypt key (wrong password?) - {}", err))?
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
raw_data
|
raw_data.clone()
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut result = [0u8; 32];
|
let mut result = [0u8; 32];
|
||||||
@ -237,8 +235,8 @@ pub fn decrypt_key(
|
|||||||
|
|
||||||
let crypt_config = CryptConfig::new(result.clone())?;
|
let crypt_config = CryptConfig::new(result.clone())?;
|
||||||
let fingerprint = crypt_config.fingerprint();
|
let fingerprint = crypt_config.fingerprint();
|
||||||
if let Some(stored_fingerprint) = key_config.fingerprint {
|
if let Some(ref stored_fingerprint) = key_config.fingerprint {
|
||||||
if fingerprint != stored_fingerprint {
|
if &fingerprint != stored_fingerprint {
|
||||||
bail!(
|
bail!(
|
||||||
"KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}",
|
"KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}",
|
||||||
stored_fingerprint, fingerprint
|
stored_fingerprint, fingerprint
|
||||||
@ -246,7 +244,15 @@ pub fn decrypt_key(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok((result, created, fingerprint))
|
Ok((result, key_config.created, fingerprint))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn decrypt_key(
|
||||||
|
mut keydata: &[u8],
|
||||||
|
passphrase: &dyn Fn() -> Result<Vec<u8>, Error>,
|
||||||
|
) -> Result<([u8;32], i64, Fingerprint), Error> {
|
||||||
|
let key_config: KeyConfig = serde_json::from_reader(&mut keydata)?;
|
||||||
|
decrypt_key_config(&key_config, passphrase)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn rsa_encrypt_key_config(
|
pub fn rsa_encrypt_key_config(
|
||||||
|
Loading…
Reference in New Issue
Block a user