reduced redundant code

2020-05-05 23:53:50 +02:00 · 2020-05-05 23:53:50 +02:00 · a26b79bcd6
commit a26b79bcd6
parent 69732a1ad6
1 changed files with 82 additions and 105 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@ -329,9 +329,18 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            authenticator,
            credentials,
            secret,
-            exclusive,
-            existing_secret,
            luks_mod,
+            existing_secret: other_secret,
+            ..
+        }
+        | Command::ReplaceKey {
+            luks,
+            authenticator,
+            credentials,
+            secret,
+            luks_mod,
+            replacement: other_secret,
+            ..
        } => {
            let pin = if authenticator.pin {
                Some(read_pin()?)
@ -345,34 +354,41 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    secret.salt.obtain(&secret.password_helper)
                }
            };
-            let old_secret = match existing_secret {
+            let other_secret = |salt_q: &str, verify: bool| -> Fido2LuksResult<Vec<u8>> {
+                match other_secret {
                    OtherSecret {
                        keyfile: Some(file),
                        ..
-                } => util::read_keyfile(file)?,
+                    } => util::read_keyfile(file),
                    OtherSecret {
                        fido_device: true, ..
-                } => derive_secret(
+                    } => Ok(derive_secret(
                        &credentials.ids.0,
-                    &salt("Existing password", false)?,
+                        &salt(salt_q, verify)?,
                        authenticator.await_time,
                        pin.as_deref(),
                    )?[..]
-                    .to_vec(),
-                _ => util::read_password("Existing password", false)?
-                    .as_bytes()
-                    .to_vec(),
+                        .to_vec()),
+                    _ => Ok(util::read_password(salt_q, verify)?.as_bytes().to_vec()),
+                }
            };
-            let secret = derive_secret(
+            let secret = |verify: bool| -> Fido2LuksResult<[u8; 32]> {
+                derive_secret(
                    &credentials.ids.0,
-                &salt("Password", false)?,
+                    &salt("Password", verify)?,
                    authenticator.await_time,
                    pin.as_deref(),
-            )?;
+                )
+            };
+            // Non overlap
+            match &args.command {
+                Command::AddKey { exclusive, .. } => {
+                    let existing_secret = other_secret("Current password", false)?;
+                    let new_secret = secret(true)?;
                    let added_slot = luks::add_key(
                        &luks.device,
-                &secret,
-                &old_secret[..],
+                        &new_secret,
+                        &existing_secret[..],
                        luks_mod.kdf_time.or(Some(10)),
                    )?;
                    if *exclusive {
@ -392,51 +408,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    }
                    Ok(())
                }
-        Command::ReplaceKey {
-            luks,
-            authenticator,
-            credentials,
-            secret,
-            add_password,
-            replacement,
-            luks_mod,
-        } => {
-            let pin = if authenticator.pin {
-                Some(read_pin()?)
-            } else {
-                None
-            };
-            let salt = |q: &str, verify: bool| -> Fido2LuksResult<[u8; 32]> {
-                if interactive || secret.password_helper == PasswordHelper::Stdin {
-                    util::read_password_hashed(q, verify)
-                } else {
-                    secret.salt.obtain(&secret.password_helper)
-                }
-            };
-            let replacement_secret = match replacement {
-                OtherSecret {
-                    keyfile: Some(file),
-                    ..
-                } => util::read_keyfile(file)?,
-                OtherSecret {
-                    fido_device: true, ..
-                } => derive_secret(
-                    &credentials.ids.0,
-                    &salt("Replacement password", true)?,
-                    authenticator.await_time,
-                    pin.as_deref(),
-                )?[..]
-                    .to_vec(),
-                _ => util::read_password("Replacement password", true)?
-                    .as_bytes()
-                    .to_vec(),
-            };
-            let existing_secret = derive_secret(
-                &credentials.ids.0,
-                &salt("Password", false)?,
-                authenticator.await_time,
-                pin.as_deref(),
-            )?;
+                Command::ReplaceKey { add_password, .. } => {
+                    let existing_secret = secret(false)?;
+                    let replacement_secret = other_secret("Replacement password", true)?;
                    let slot = if *add_password {
                        luks::add_key(
                            &luks.device,
@ -459,6 +433,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    );
                    Ok(())
                }
+                _ => unreachable!(),
+            }
+        }
        Command::Open {
            luks,
            authenticator,