From ede9dc0d1a5ee8f591c7f707054df9bfc90f6c51 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 13 Apr 2022 16:51:14 +0200 Subject: [PATCH] api: tape key restore: fix optional param handling and code refactoring Signed-off-by: Thomas Lamprecht --- src/api2/config/tape_encryption_keys.rs | 40 +++++++++++-------------- src/api2/tape/drive.rs | 6 +--- 2 files changed, 19 insertions(+), 27 deletions(-) diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs index 42b0835e..1e130da6 100644 --- a/src/api2/config/tape_encryption_keys.rs +++ b/src/api2/config/tape_encryption_keys.rs @@ -185,7 +185,7 @@ pub fn change_passphrase( optional: true, }, key: { - description: "A previously exported paperkey in JSON format.", + description: "Restore/Re-create a key from this JSON string.", type: String, min_length: 300, max_length: 600, @@ -206,42 +206,38 @@ pub fn create_key( password: String, hint: Option, key: Option, - _rpcenv: &mut dyn RpcEnvironment + _rpcenv: &mut dyn RpcEnvironment, ) -> Result { let kdf = kdf.unwrap_or_default(); - if let Kdf::None = kdf { - param_bail!( - "kdf", - format_err!("Please specify a key derivation function (none is not allowed here).") - ); - } - if hint.is_none() && key.is_none() { - param_bail!( - "hint", - format_err!("Please specify either a hint or a key") - ); + if key.is_none() { + if let Kdf::None = kdf { + param_bail!( + "kdf", + format_err!("Please specify a key derivation function (none is not allowed here).") + ); + } + if hint.is_none() { + param_bail!("hint", format_err!("Please specify either a hint or a key")); + } } - let (key_decrypt, mut key_config, fingerprint) = match key { + let (key_decrypt, mut key_config) = match key { Some(key) => { let key_config: KeyConfig = serde_json::from_str(&key).map_err(|err| format_err!(": {}", err))?; - let password_fn = || Ok(password.as_bytes().to_vec()); - let (key_decrypt, _created, fingerprint) = key_config.decrypt(&password_fn)?; - (key_decrypt, key_config, fingerprint) - } - None => { - let (key_decrypt, key_config) = KeyConfig::new(password.as_bytes(), kdf)?; - let fingerprint = key_config.fingerprint.clone().unwrap(); - (key_decrypt, key_config, fingerprint) + let (key_decrypt, _created, _fp) = + key_config.decrypt(&|| Ok(password.as_bytes().to_vec()))?; + (key_decrypt, key_config) } + None => KeyConfig::new(password.as_bytes(), kdf)?, }; if hint.is_some() { key_config.hint = hint; } + let fingerprint = key_config.fingerprint.clone().unwrap(); insert_key(key_decrypt, key_config, false)?; Ok(fingerprint) diff --git a/src/api2/tape/drive.rs b/src/api2/tape/drive.rs index c08d650e..5dc9f8b5 100644 --- a/src/api2/tape/drive.rs +++ b/src/api2/tape/drive.rs @@ -620,11 +620,7 @@ fn write_media_label( }, )] /// Try to restore a tape encryption key -pub async fn restore_key( - drive: String, - password: String, -) -> Result<(), Error> { - +pub async fn restore_key(drive: String, password: String) -> Result<(), Error> { run_drive_blocking_task(drive.clone(), "restore key".to_string(), move |config| { let mut drive = open_drive(&config, &drive)?;