keyfork-shard: verify QR code length correctly

2024-05-29 16:15:17 -04:00 · 2024-05-29 16:15:17 -04:00 · 142bea3b9f
parent c65ddbf119
commit 142bea3b9f
5 changed files with 11 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,8 @@
+# Keyfork v0.2.1
+
+This release contains an emergency bugfix for Keyfork Shard, which previously
+would not be able to properly verify the length of remote shard QR codes.
+
 # Keyfork v0.2.0

 Some of the changes in this release are based on feedback from audits
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1674,7 +1674,7 @@ dependencies = [

 [[package]]
 name = "keyfork"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
 "card-backend-pcsc",
 "clap",
@ -1835,7 +1835,7 @@ dependencies = [

 [[package]]
 name = "keyfork-shard"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
 "aes-gcm",
 "anyhow",
--- a/crates/keyfork-shard/Cargo.toml
+++ b/crates/keyfork-shard/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "keyfork-shard"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2021"
 license = "AGPL-3.0-only"

--- a/crates/keyfork-shard/src/lib.rs
+++ b/crates/keyfork-shard/src/lib.rs
@ -483,7 +483,8 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
                    .expect(bug!("qrcode should contain base64 encoded data"));
                assert_eq!(
                    decoded_data.len(),
-                    ENCRYPTED_LENGTH as usize,
+                    // Include length of public key
+                    ENCRYPTED_LENGTH as usize + 32,
                    bug!("invalid payload data")
                );
                let _ = pubkey_data.insert(decoded_data[..32].try_into().map_err(|_| InvalidData)?);
--- a/crates/keyfork/Cargo.toml
+++ b/crates/keyfork/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "keyfork"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2021"
 license = "AGPL-3.0-only"