From 203d19095599bf72db079739d56ca2f008b4cb6f Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 8 Jan 2024 13:13:08 -0500 Subject: [PATCH] keyfork wizard generate-shard-secret: cache all seen cards instead of last seen card --- keyfork/src/cli/wizard.rs | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/keyfork/src/cli/wizard.rs b/keyfork/src/cli/wizard.rs index 298ce03..2ee296e 100644 --- a/keyfork/src/cli/wizard.rs +++ b/keyfork/src/cli/wizard.rs @@ -1,13 +1,9 @@ use super::Keyfork; use clap::{Parser, Subcommand}; +use std::collections::HashSet; use card_backend_pcsc::PcscBackend; -use openpgp_card::card_do::ApplicationIdentifier; -use openpgp_card_sequoia::{ - state::Open, - types::KeyType, - Card, -}; +use openpgp_card_sequoia::{state::Open, types::KeyType, Card}; use keyfork_derive_openpgp::openpgp::{self, packet::UserID, types::KeyFlags, Cert}; use keyfork_derive_util::{ @@ -49,7 +45,7 @@ fn derive_key(seed: &[u8], index: u8) -> Result { // TODO: extract into crate /// Factory reset the current card so long as it does not match the last-used backend. fn factory_reset_current_card( - previous_backend: &mut Option, + seen_cards: &mut HashSet, cert: &Cert, ) -> Result<()> { let policy = openpgp::policy::NullPolicy::new(); @@ -75,12 +71,12 @@ fn factory_reset_current_card( if let Some(current_backend) = PcscBackend::cards(None)?.next().transpose()? { let mut card = Card::::new(current_backend)?; let mut transaction = card.transaction()?; - let application_identifier = transaction.application_identifier()?; - if previous_backend.is_some_and(|pb| pb == application_identifier) { + let application_identifier = transaction.application_identifier()?.ident(); + if seen_cards.contains(&application_identifier) { // we were given the same card, error panic!("Previously used card {application_identifier} was reused"); } else { - let _ = previous_backend.insert(application_identifier); + seen_cards.insert(application_identifier); } transaction.factory_reset()?; let mut admin = transaction.to_admin_card("12345678")?; @@ -98,15 +94,17 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<( let seed = keyfork_plumbing::generate_entropy_of_size(256 / 8)?; let mut pm = PromptManager::new(std::io::stdin(), std::io::stderr())?; let mut certs = vec![]; - let mut last_card = None; + let mut seen_cards: HashSet = HashSet::new(); for index in 0..max { let cert = derive_key(&seed, index)?; for i in 0..keys_per_shard { pm.prompt_message(&Message::Text(format!( - "Please insert user {index} key {i}" + "Please insert key #{} for user #{}", + i + 1, + index + 1, )))?; - factory_reset_current_card(&mut last_card, &cert)?; + factory_reset_current_card(&mut seen_cards, &cert)?; } certs.push(cert); }