From a26b79bcd64df54c6d448ac1b5ea87adc31c3a9a Mon Sep 17 00:00:00 2001 From: shimun Date: Tue, 5 May 2020 23:53:50 +0200 Subject: [PATCH] reduced redundant code --- src/cli.rs | 187 +++++++++++++++++++++++------------------------------ 1 file changed, 82 insertions(+), 105 deletions(-) diff --git a/src/cli.rs b/src/cli.rs index 86e34a7..5cc4178 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -329,77 +329,18 @@ pub fn run_cli() -> Fido2LuksResult<()> { authenticator, credentials, secret, - exclusive, - existing_secret, luks_mod, - } => { - let pin = if authenticator.pin { - Some(read_pin()?) - } else { - None - }; - let salt = |q: &str, verify: bool| -> Fido2LuksResult<[u8; 32]> { - if interactive || secret.password_helper == PasswordHelper::Stdin { - util::read_password_hashed(q, verify) - } else { - secret.salt.obtain(&secret.password_helper) - } - }; - let old_secret = match existing_secret { - OtherSecret { - keyfile: Some(file), - .. - } => util::read_keyfile(file)?, - OtherSecret { - fido_device: true, .. - } => derive_secret( - &credentials.ids.0, - &salt("Existing password", false)?, - authenticator.await_time, - pin.as_deref(), - )?[..] - .to_vec(), - _ => util::read_password("Existing password", false)? - .as_bytes() - .to_vec(), - }; - let secret = derive_secret( - &credentials.ids.0, - &salt("Password", false)?, - authenticator.await_time, - pin.as_deref(), - )?; - let added_slot = luks::add_key( - &luks.device, - &secret, - &old_secret[..], - luks_mod.kdf_time.or(Some(10)), - )?; - if *exclusive { - let destroyed = luks::remove_keyslots(&luks.device, &[added_slot])?; - println!( - "Added to key to device {}, slot: {}\nRemoved {} old keys", - luks.device.display(), - added_slot, - destroyed - ); - } else { - println!( - "Added to key to device {}, slot: {}", - luks.device.display(), - added_slot - ); - } - Ok(()) + existing_secret: other_secret, + .. } - Command::ReplaceKey { + | Command::ReplaceKey { luks, authenticator, credentials, secret, - add_password, - replacement, luks_mod, + replacement: other_secret, + .. } => { let pin = if authenticator.pin { Some(read_pin()?) @@ -413,51 +354,87 @@ pub fn run_cli() -> Fido2LuksResult<()> { secret.salt.obtain(&secret.password_helper) } }; - let replacement_secret = match replacement { - OtherSecret { - keyfile: Some(file), - .. - } => util::read_keyfile(file)?, - OtherSecret { - fido_device: true, .. - } => derive_secret( + let other_secret = |salt_q: &str, verify: bool| -> Fido2LuksResult> { + match other_secret { + OtherSecret { + keyfile: Some(file), + .. + } => util::read_keyfile(file), + OtherSecret { + fido_device: true, .. + } => Ok(derive_secret( + &credentials.ids.0, + &salt(salt_q, verify)?, + authenticator.await_time, + pin.as_deref(), + )?[..] + .to_vec()), + _ => Ok(util::read_password(salt_q, verify)?.as_bytes().to_vec()), + } + }; + let secret = |verify: bool| -> Fido2LuksResult<[u8; 32]> { + derive_secret( &credentials.ids.0, - &salt("Replacement password", true)?, + &salt("Password", verify)?, authenticator.await_time, pin.as_deref(), - )?[..] - .to_vec(), - _ => util::read_password("Replacement password", true)? - .as_bytes() - .to_vec(), + ) }; - let existing_secret = derive_secret( - &credentials.ids.0, - &salt("Password", false)?, - authenticator.await_time, - pin.as_deref(), - )?; - let slot = if *add_password { - luks::add_key( - &luks.device, - &replacement_secret[..], - &existing_secret, - luks_mod.kdf_time, - ) - } else { - luks::replace_key( - &luks.device, - &replacement_secret[..], - &existing_secret, - luks_mod.kdf_time, - ) - }?; - println!( - "Added to password to device {}, slot: {}", - luks.device.display(), - slot - ); - Ok(()) + // Non overlap + match &args.command { + Command::AddKey { exclusive, .. } => { + let existing_secret = other_secret("Current password", false)?; + let new_secret = secret(true)?; + let added_slot = luks::add_key( + &luks.device, + &new_secret, + &existing_secret[..], + luks_mod.kdf_time.or(Some(10)), + )?; + if *exclusive { + let destroyed = luks::remove_keyslots(&luks.device, &[added_slot])?; + println!( + "Added to key to device {}, slot: {}\nRemoved {} old keys", + luks.device.display(), + added_slot, + destroyed + ); + } else { + println!( + "Added to key to device {}, slot: {}", + luks.device.display(), + added_slot + ); + } + Ok(()) + } + Command::ReplaceKey { add_password, .. } => { + let existing_secret = secret(false)?; + let replacement_secret = other_secret("Replacement password", true)?; + let slot = if *add_password { + luks::add_key( + &luks.device, + &replacement_secret[..], + &existing_secret, + luks_mod.kdf_time, + ) + } else { + luks::replace_key( + &luks.device, + &replacement_secret[..], + &existing_secret, + luks_mod.kdf_time, + ) + }?; + println!( + "Added to password to device {}, slot: {}", + luks.device.display(), + slot + ); + Ok(()) + } + _ => unreachable!(), + } } Command::Open { luks,