keyfork wizard generate-shard-secret: cache all seen cards instead of last seen card
This commit is contained in:
parent
8792ef69e1
commit
203d190955
|
@ -1,13 +1,9 @@
|
|||
use super::Keyfork;
|
||||
use clap::{Parser, Subcommand};
|
||||
use std::collections::HashSet;
|
||||
|
||||
use card_backend_pcsc::PcscBackend;
|
||||
use openpgp_card::card_do::ApplicationIdentifier;
|
||||
use openpgp_card_sequoia::{
|
||||
state::Open,
|
||||
types::KeyType,
|
||||
Card,
|
||||
};
|
||||
use openpgp_card_sequoia::{state::Open, types::KeyType, Card};
|
||||
|
||||
use keyfork_derive_openpgp::openpgp::{self, packet::UserID, types::KeyFlags, Cert};
|
||||
use keyfork_derive_util::{
|
||||
|
@ -49,7 +45,7 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
|
|||
// TODO: extract into crate
|
||||
/// Factory reset the current card so long as it does not match the last-used backend.
|
||||
fn factory_reset_current_card(
|
||||
previous_backend: &mut Option<ApplicationIdentifier>,
|
||||
seen_cards: &mut HashSet<String>,
|
||||
cert: &Cert,
|
||||
) -> Result<()> {
|
||||
let policy = openpgp::policy::NullPolicy::new();
|
||||
|
@ -75,12 +71,12 @@ fn factory_reset_current_card(
|
|||
if let Some(current_backend) = PcscBackend::cards(None)?.next().transpose()? {
|
||||
let mut card = Card::<Open>::new(current_backend)?;
|
||||
let mut transaction = card.transaction()?;
|
||||
let application_identifier = transaction.application_identifier()?;
|
||||
if previous_backend.is_some_and(|pb| pb == application_identifier) {
|
||||
let application_identifier = transaction.application_identifier()?.ident();
|
||||
if seen_cards.contains(&application_identifier) {
|
||||
// we were given the same card, error
|
||||
panic!("Previously used card {application_identifier} was reused");
|
||||
} else {
|
||||
let _ = previous_backend.insert(application_identifier);
|
||||
seen_cards.insert(application_identifier);
|
||||
}
|
||||
transaction.factory_reset()?;
|
||||
let mut admin = transaction.to_admin_card("12345678")?;
|
||||
|
@ -98,15 +94,17 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
|
|||
let seed = keyfork_plumbing::generate_entropy_of_size(256 / 8)?;
|
||||
let mut pm = PromptManager::new(std::io::stdin(), std::io::stderr())?;
|
||||
let mut certs = vec![];
|
||||
let mut last_card = None;
|
||||
let mut seen_cards: HashSet<String> = HashSet::new();
|
||||
|
||||
for index in 0..max {
|
||||
let cert = derive_key(&seed, index)?;
|
||||
for i in 0..keys_per_shard {
|
||||
pm.prompt_message(&Message::Text(format!(
|
||||
"Please insert user {index} key {i}"
|
||||
"Please insert key #{} for user #{}",
|
||||
i + 1,
|
||||
index + 1,
|
||||
)))?;
|
||||
factory_reset_current_card(&mut last_card, &cert)?;
|
||||
factory_reset_current_card(&mut seen_cards, &cert)?;
|
||||
}
|
||||
certs.push(cert);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue