WIP: needs refactoring

Holo-Host · Nov 7, 2024 · 6adf5e3 · 6adf5e3
1 parent 12b3d53
commit 6adf5e3
Show file tree

Hide file tree

Showing 6 changed files with 250 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/core/src/config.rs b/core/src/config.rs
@@ -61,10 +61,21 @@ pub struct Settings {
     pub admin: Admin,
 }
 
+/// Returns the default derivation path per config version.
+pub const fn default_derivation_path(config: ConfigDiscriminants) -> usize {
+    match config {
+        // TODO: what should these be?
+        ConfigDiscriminants::V1 => 3,
+        ConfigDiscriminants::V2 => 3,
+        ConfigDiscriminants::V3 => 3,
+    }
+}
+
+#[allow(clippy::large_enum_variant)]
 #[cfg_attr(test, derive(Clone, PartialEq))]
 #[derive(Debug, Deserialize, Serialize, EnumDiscriminants)]
 #[strum_discriminants(
-    derive(VariantNames, EnumString, strum::Display),
+    derive(VariantNames, EnumString, strum::Display, Default),
     strum(ascii_case_insensitive)
 )]
 pub enum Config {
@@ -86,6 +97,7 @@ pub enum Config {
         settings: Settings,
     },
     #[serde(rename = "v3")]
+    #[strum_discriminants(default)]
     V3 {
         /// This is the Device Seed Bundle as a base64 string which is compatible with lair-keystore >=v0.0.8
         /// And is encoded with a password that will be needed to be used to decrypt it

diff --git a/core/src/utils.rs b/core/src/utils.rs
@@ -1,5 +1,5 @@
 use ed25519_dalek::SigningKey;
-use failure::bail;
+use failure::{bail, ResultExt};
 use log::debug;
 
 use crate::{
@@ -8,12 +8,6 @@ use crate::{
 };
 use hc_seed_bundle::{LockedSeedCipher, UnlockedSeedBundle};
 
-// TODO: what should this be?
-pub const DEFAULT_DERIVATION_PATH_V2: u32 = 3;
-
-// TODO: what should this be?
-pub const DEFAULT_DERIVATION_PATH_V3: u32 = 3;
-
 pub fn get_seed_from_bundle(device_bundle: &UnlockedSeedBundle) -> Result<Seed, failure::Error> {
     let mut seed = Seed::default();
 
@@ -69,21 +63,25 @@ pub async fn generate_device_bundle(
 }
 
 /// Unlock the given device bundle with the given password.
-pub async fn get_seed_from_locked_device_bundle(
+async fn _get_seed_from_locked_device_bundle(
     locked_device_bundle: &[u8],
     passphrase: &str,
 ) -> Result<Seed, failure::Error> {
     let passphrase = sodoken::BufRead::from(passphrase.as_bytes());
     let unlocked_bundle =
         match hc_seed_bundle::UnlockedSeedBundle::from_locked(locked_device_bundle)
-            .await?
+            .await
+            .context("getting seed from locked device bundle")?
             .remove(0)
         {
-            hc_seed_bundle::LockedSeedCipher::PwHash(cipher) => cipher.unlock(passphrase).await,
+            hc_seed_bundle::LockedSeedCipher::PwHash(cipher) => {
+                cipher.unlock(passphrase).await.context("unlocking cipher")
+            }
             oth => bail!("unexpected cipher: {:?}", oth),
         }?;
 
-    let seed = get_seed_from_bundle(&unlocked_bundle)?;
+    let seed =
+        get_seed_from_bundle(&unlocked_bundle).context("getting seed from unlocked bundle")?;
 
     Ok(seed)
 }
@@ -167,4 +165,19 @@ pub(crate) mod tests {
             ))
             .unwrap_err();
     }
+
+    #[tokio::test(flavor = "multi_thread")]
+    async fn extract_seed_from_locked_succeeds() {
+        let encoded_device_bundle = generate_base64().await;
+        let device_bundle =
+            base64::decode_config(&encoded_device_bundle, base64::URL_SAFE_NO_PAD).unwrap();
+
+        let a = _get_seed_from_locked_device_bundle(&device_bundle, PASSPHRASE)
+            .await
+            .unwrap();
+
+        let b = unlock(&encoded_device_bundle, PASSPHRASE).await.unwrap();
+
+        assert_eq!(a, *b.as_bytes());
+    }
 }
diff --git a/gen-cli/Cargo.toml b/gen-cli/Cargo.toml
@@ -20,3 +20,8 @@ sha2 = "0.8"
 clap = { version = "4.5.16", features = ["derive"] }
 base64 = { workspace = true }
 tokio = { workspace = true }
+
+[dev-dependencies]
+assert_cmd = "2.0"
+predicates = "3.1"
+once_cell = "1.19"
diff --git a/gen-cli/src/main.rs b/gen-cli/src/main.rs
@@ -1,8 +1,6 @@
 use hpos_config_core::{
     config::{ConfigDiscriminants, Seed},
-    public_key,
-    utils::get_seed_from_locked_device_bundle,
-    Config,
+    public_key, Config,
 };
 
 use clap::Parser;
@@ -61,7 +59,7 @@ struct ClapArgs {
 
     #[arg(
         long,
-        default_value_t = ConfigDiscriminants::V3,
+        default_value_t = ConfigDiscriminants::default(),
         ignore_case = true,
         help = "Version specifier for the emitted config"
     )]
@@ -84,7 +82,9 @@ async fn main() -> Result<(), Error> {
     let passphrase = "pass";
 
     let device_bundle = if let Some(device_bundle) = args.device_bundle {
-        seed = get_seed_from_locked_device_bundle(device_bundle.as_bytes(), passphrase).await?;
+        seed = hpos_config_core::utils::unlock(&device_bundle, passphrase)
+            .await?
+            .to_scalar_bytes();
 
         device_bundle
     } else {