feat!: Add masterkey as credential option

Author: aawsome

crates/core/src/commands/init.rs

@@ -13,7 +13,7 @@ use crate::{
     error::RusticResult,
     id::Id,
     repofile::{ConfigFile, KeyId, configfile::RepositoryId},
-    repository::Repository,
+    repository::{Repository, credentials::Credential},
 };
 
 /// Initialize a new repository.
@@ -39,10 +39,10 @@ use crate::{
 /// A tuple of the key and the config file.
 pub(crate) fn init<P, S>(
     repo: &Repository<P, S>,
-    pass: &str,
+    credentials: &Credential,
     key_opts: &KeyOptions,
     config_opts: &ConfigOptions,
-) -> RusticResult<(Key, KeyId, ConfigFile)> {
+) -> RusticResult<(Key, Option<KeyId>, ConfigFile)> {
     // Create config first to allow catching errors from here without writing anything
     let repo_id = RepositoryId::from(Id::random());
     let chunker_poly = random_poly()?;
@@ -54,7 +54,7 @@ pub(crate) fn init<P, S>(
     }
     config_opts.apply(&mut config)?;
 
-    let (key, key_id) = init_with_config(repo, pass, key_opts, &config)?;
+    let (key, key_id) = init_with_config(repo, credentials, key_opts, &config)?;
     info!("repository {repo_id} successfully created.");
 
     Ok((key, key_id, config))
@@ -79,13 +79,19 @@ pub(crate) fn init<P, S>(
 /// The key used to encrypt the config.
 pub(crate) fn init_with_config<P, S>(
     repo: &Repository<P, S>,
-    pass: &str,
+    credentials: &Credential,
     key_opts: &KeyOptions,
     config: &ConfigFile,
-) -> RusticResult<(Key, KeyId)> {
+) -> RusticResult<(Key, Option<KeyId>)> {
     repo.be.create()?;
-    let (key, id) = init_key(repo, key_opts, pass)?;
-    info!("key {id} successfully added.");
+    let (key, id) = match credentials {
+        Credential::Password(password) => {
+            let (key, id) = init_key(repo, key_opts, password)?;
+            info!("key {id} successfully added.");
+            (key, Some(id))
+        }
+        Credential::Masterkey(key) => (key.key(), None),
+    };
     save_config(repo, config.clone(), key)?;
 
     Ok((key, id))

crates/core/src/error.rs

@@ -132,8 +132,8 @@ pub enum ErrorKind {
     /// general operations
     #[default]
     Other,
-    /// password handling
-    Password,
+    /// credentials handling
+    Credentials,
     /// the repository
     Repository,
     /// unsupported operations

crates/core/src/lib.rs

@@ -25,15 +25,15 @@ implement [`serde::Serialize`] and [`serde::Deserialize`].
 
 ```rust
     use rustic_backend::BackendOptions;
-    use rustic_core::{BackupOptions, ConfigOptions, KeyOptions, PathList,
-        Repository, RepositoryOptions, SnapshotOptions
+    use rustic_core::{BackupOptions, ConfigOptions, Credential, KeyOptions,
+        PathList, Repository, RepositoryOptions, SnapshotOptions
     };
 
     // Initialize the repository in a temporary dir
     let repo_dir = tempfile::tempdir().unwrap();
 
-    let repo_opts = RepositoryOptions::default()
-        .password("test");
+    let repo_opts = RepositoryOptions::default();
+    let credential = Credential::new_masterkey(); // In real life, make sure to save this credential!
 
     // Initialize Backends
     let backends = BackendOptions::default()
@@ -45,10 +45,13 @@ implement [`serde::Serialize`] and [`serde::Deserialize`].
 
     let config_opts = ConfigOptions::default();
 
-    let _repo = Repository::new(&repo_opts, &backends.clone()).unwrap().init(&key_opts, &config_opts).unwrap();
+    let _repo = Repository::new(&repo_opts, &backends)
+        .unwrap()
+        .init(&credential, &key_opts, &config_opts)
+        .unwrap();
 
     // We could have used _repo directly, but open the repository again to show how to open it...
-    let repo = Repository::new(&repo_opts, &backends).unwrap().open().unwrap();
+    let repo = Repository::new(&repo_opts, &backends).unwrap().open(&credential).unwrap();
 
     // Get all snapshots from the repository
     let snaps = repo.get_all_snapshots().unwrap();
@@ -165,5 +168,6 @@ pub use crate::{
         FullIndex, IdIndex, IndexedFull, IndexedIds, IndexedStatus, IndexedTree, Open, OpenStatus,
         Repository, RepositoryOptions,
         command_input::{CommandInput, CommandInputErrorKind},
+        credentials::{Credential, CredentialOptions},
     },
 };

crates/core/src/repofile.rs

@@ -160,7 +160,7 @@ pub use {
     },
     configfile::{Chunker, ConfigFile},
     indexfile::{IndexBlob, IndexFile, IndexId, IndexPack},
-    keyfile::{KeyFile, KeyId},
+    keyfile::{KeyFile, KeyId, MasterKey},
     packfile::{HeaderEntry, PackHeader, PackHeaderLength, PackHeaderRef, PackId},
     snapshotfile::{
         DeleteOption, PathList, SnapshotFile, SnapshotId, SnapshotModification, SnapshotSummary,

crates/core/src/repofile/keyfile.rs

@@ -306,28 +306,28 @@ fn log_2(x: u32) -> KeyFileResult<u8> {
 ///
 /// This is used to verify the integrity of the key
 #[serde_as]
-#[derive(Serialize, Deserialize, Debug)]
-pub(crate) struct Mac {
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct Mac {
     /// The key used for the mac
     #[serde_as(as = "Base64")]
-    k: Vec<u8>,
+    pub k: Vec<u8>,
 
     /// The random value used for the mac
     #[serde_as(as = "Base64")]
-    r: Vec<u8>,
+    pub r: Vec<u8>,
 }
 
 /// The master key of a [`Key`]
 ///
 /// This is used to encrypt the key
 #[serde_as]
-#[derive(Serialize, Deserialize, Debug)]
-pub(crate) struct MasterKey {
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct MasterKey {
     /// The mac of the key
-    mac: Mac,
+    pub mac: Mac,
     /// The encrypted key
     #[serde_as(as = "Base64")]
-    encrypt: Vec<u8>,
+    pub encrypt: Vec<u8>,
 }
 
 impl MasterKey {
@@ -340,7 +340,7 @@ impl MasterKey {
     /// # Returns
     ///
     /// The created [`MasterKey`]
-    fn from_key(key: Key) -> Self {
+    pub(crate) fn from_key(key: Key) -> Self {
         let (encrypt, k, r) = key.to_keys();
         Self {
             encrypt,
@@ -349,7 +349,7 @@ impl MasterKey {
     }
 
     /// Get the [`Key`] from the [`MasterKey`]
-    fn key(&self) -> Key {
+    pub(crate) fn key(&self) -> Key {
         Key::from_keys(&self.encrypt, &self.mac.k, &self.mac.r)
     }
 }
@@ -407,7 +407,7 @@ pub(crate) fn find_key_in_backend<B: ReadBackend>(
         }
 
         Err(RusticError::new(
-            ErrorKind::Password,
+            ErrorKind::Credentials,
             "The password that has been entered, seems to be incorrect. No suitable key found for the given password. Please check your password and try again.",
         ).attach_error_code("C002"))
     }