keyfork-shard: use MnemonicSetValidator

This commit is contained in:
Ryan Heywood 2024-01-10 15:34:29 -05:00
parent b396497108
commit 11ced19bc5
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
2 changed files with 36 additions and 56 deletions

View File

@ -1,16 +1,17 @@
use std::{
io::{stdin, stdout, Write},
str::FromStr,
};
use std::io::{stdin, stdout, Write};
use aes_gcm::{
aead::{Aead, AeadCore, OsRng},
Aes256Gcm, KeyInit,
};
use hkdf::Hkdf;
use sha2::Sha256;
use keyfork_mnemonic_util::{Mnemonic, Wordlist};
use keyfork_prompt::{qrencode, Message as PromptMessage, PromptManager};
use keyfork_prompt::{
qrencode,
validators::{mnemonic::MnemonicSetValidator, Validator},
Message as PromptMessage, PromptManager,
};
use sha2::Sha256;
use sharks::{Share, Sharks};
use x25519_dalek::{EphemeralSecret, PublicKey};
@ -66,27 +67,17 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
pm.prompt_message(&PromptMessage::Data(qrcode))?;
}
let their_words = pm.prompt_wordlist("Their words: ", &wordlist)?;
let validator = MnemonicSetValidator {
word_lengths: [24, 48],
};
let mut pubkey_words = their_words.split_whitespace().take(24).peekable();
let mut payload_words = their_words.split_whitespace().skip(24).take(48).peekable();
let mut pubkey_mnemonic = String::new();
let mut payload_mnemonic = String::new();
while let Some(word) = pubkey_words.next() {
pubkey_mnemonic.push_str(word);
if pubkey_words.peek().is_some() {
pubkey_mnemonic.push(' ');
}
}
while let Some(word) = payload_words.next() {
payload_mnemonic.push_str(word);
if payload_words.peek().is_some() {
payload_mnemonic.push(' ');
}
}
let [pubkey_mnemonic, payload_mnemonic] =
pm.prompt_validated_wordlist("Their words: ", &wordlist, 3, validator.to_fn())?;
let their_key = Mnemonic::from_str(&pubkey_mnemonic)?.entropy();
let their_key: [u8; 32] = their_key.try_into().map_err(|_| InvalidMnemonicData)?;
let their_key: [u8; 32] = pubkey_mnemonic
.entropy()
.try_into()
.map_err(|_| InvalidMnemonicData)?;
let shared_secret = our_key
.diffie_hellman(&PublicKey::from(their_key))
@ -94,10 +85,9 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
let mut hkdf_output = [0u8; 256 / 8];
hkdf.expand(&[], &mut hkdf_output)?;
let shared_key =
Aes256Gcm::new_from_slice(&hkdf_output)?;
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
let payload = Mnemonic::from_str(&payload_mnemonic)?.entropy();
let payload = payload_mnemonic.entropy();
let payload =
shared_key.decrypt(&nonce, &payload[..payload[payload.len() - 1] as usize])?;
assert_eq!(HUNK_VERSION, payload[0], "Incompatible hunk version");

View File

@ -11,13 +11,16 @@ use aes_gcm::{
Aes256Gcm, Error as AesError, KeyInit, Nonce,
};
use hkdf::{Hkdf, InvalidLength as HkdfInvalidLength};
use sha2::Sha256;
use keyfork_derive_openpgp::derive_util::{
request::{DerivationAlgorithm, DerivationRequest},
DerivationPath,
};
use keyfork_mnemonic_util::{Mnemonic, MnemonicFromStrError, MnemonicGenerationError, Wordlist};
use keyfork_prompt::{qrencode, Error as PromptError, Message as PromptMessage, PromptManager};
use keyfork_prompt::{
qrencode,
validators::{mnemonic::MnemonicSetValidator, Validator},
Error as PromptError, Message as PromptMessage, PromptManager,
};
use openpgp::{
armor::{Kind, Writer},
cert::{Cert, CertParser, ValidCert},
@ -35,6 +38,7 @@ use openpgp::{
Fingerprint, KeyID, PacketPile,
};
pub use sequoia_openpgp as openpgp;
use sha2::Sha256;
use sharks::{Share, Sharks};
use x25519_dalek::{EphemeralSecret, PublicKey};
@ -51,7 +55,7 @@ use smartcard::SmartcardManager;
const SHARD_METADATA_VERSION: u8 = 1;
const SHARD_METADATA_OFFSET: usize = 2;
use super::{SharksError, InvalidMnemonicData, HUNK_VERSION};
use super::{InvalidMnemonicData, SharksError, HUNK_VERSION};
// 256 bit share is 49 bytes + some amount of hunk bytes, gives us reasonable padding
const ENC_LEN: u8 = 4 * 16;
@ -407,28 +411,17 @@ pub fn decrypt(
) -> Result<()> {
let mut pm = PromptManager::new(stdin(), stdout())?;
let wordlist = Wordlist::default();
let their_words = pm.prompt_wordlist("Their words: ", &wordlist)?;
let mut nonce_words = their_words.split_whitespace().take(9).peekable();
let mut pubkey_words = their_words.split_whitespace().skip(9).take(24).peekable();
let mut nonce_mnemonic = String::new();
let mut pubkey_mnemonic = String::new();
while let Some(word) = nonce_words.next() {
nonce_mnemonic.push_str(word);
if nonce_words.peek().is_some() {
nonce_mnemonic.push(' ');
}
}
while let Some(word) = pubkey_words.next() {
pubkey_mnemonic.push_str(word);
if pubkey_words.peek().is_some() {
pubkey_mnemonic.push(' ');
}
}
let their_key = Mnemonic::from_str(&pubkey_mnemonic)?.entropy();
let their_key: [u8; 32] = their_key
let validator = MnemonicSetValidator {
word_lengths: [9, 24],
};
let [nonce_mnemonic, pubkey_mnemonic] =
pm.prompt_validated_wordlist("Their words: ", &wordlist, 3, validator.to_fn())?;
let their_key: [u8; 32] = pubkey_mnemonic
.entropy()
.try_into()
.map_err(|_| InvalidMnemonicData)?;
let their_nonce = Mnemonic::from_str(&nonce_mnemonic)?.entropy();
let their_nonce = nonce_mnemonic.entropy();
let their_nonce = Nonce::<U12>::from_slice(&their_nonce);
let our_key = EphemeralSecret::random();
@ -450,8 +443,7 @@ pub fn decrypt(
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
let mut hkdf_output = [0u8; 256 / 8];
hkdf.expand(&[], &mut hkdf_output)?;
let shared_key =
Aes256Gcm::new_from_slice(&hkdf_output)?;
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
let bytes = shared_key.encrypt(their_nonce, share.as_slice())?;
shared_key.decrypt(their_nonce, &bytes[..])?;
@ -568,9 +560,7 @@ pub fn combine(
return Err(Error::InvalidSecret(derived_fp, expected_fp));
}
output
.write_all(&secret)
.map_err(Error::Io)?;
output.write_all(&secret).map_err(Error::Io)?;
Ok(())
}