public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-shard: extract threshold from encrypted metadata

This commit is contained in:
Ryan Heywood 2023-12-20 14:49:10 -05:00
parent 869860a903
commit e42e362aea
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
3 changed files with 7 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
View File

@ -3,7 +3,6 @@ use std::{
io::{stdin, stdout},
path::PathBuf,
process::ExitCode,
str::FromStr,
};
use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
@ -11,10 +10,8 @@ use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messa
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
fn validate<'a>(
threshold: &str,
key_discovery: impl Into<Option<&'a str>>,
) -> Result<(u8, Vec<Cert>)> {
let threshold = u8::from_str(threshold)?;
) -> Result<Vec<Cert>> {
let key_discovery = key_discovery.into().map(PathBuf::from);
key_discovery.as_ref().map(std::fs::metadata).transpose()?;
@ -24,16 +21,16 @@ fn validate<'a>(
.transpose()?
.unwrap_or(vec![]);
Ok((threshold, certs))
Ok(certs)
}
fn run() -> Result<()> {
let mut args = env::args();
let program_name = args.next().expect("program name");
let args = args.collect::<Vec<_>>();
let (threshold, cert_list) = match args.as_slice() {
[threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
[threshold] => validate(threshold, None)?,
let cert_list = match args.as_slice() {
[key_discovery] => validate(key_discovery.as_str())?,
[] => validate(None)?,
_ => panic!("Usage: {program_name} threshold [key_discovery]"),
};
@ -44,7 +41,6 @@ fn run() -> Result<()> {
.expect("any pgp encrypted message");
combine(
threshold,
cert_list,
encrypted_metadata,
encrypted_messages.into(),

7
keyfork-shard/src/openpgp.rs
View File

@ -206,7 +206,6 @@ fn get_decryption_keys<'a>(
}
pub fn combine(
threshold: u8,
certs: Vec<Cert>,
metadata: EncryptedMessage,
messages: Vec<EncryptedMessage>,
@ -232,11 +231,7 @@ pub fn combine(
SHARD_METADATA_VERSION, content[0],
"incompatible metadata version"
);
// TODO: this should be removed along with the `threshold` option.
assert_eq!(
threshold, content[1],
"threshold does not match stored threshold"
);
let threshold = content[1];
let mut cert_parser =
CertParser::from_bytes(&content[SHARD_METADATA_OFFSET..]).map_err(Error::Sequoia)?;

10
keyfork/src/cli/shard.rs
View File

@ -36,7 +36,6 @@ trait ShardExec {
fn combine<T>(
&self,
threshold: u8,
key_discovery: Option<T>,
input: impl Read + Send + Sync,
output: &mut impl Write,
@ -70,7 +69,6 @@ impl ShardExec for OpenPGP {
fn combine<T>(
&self,
threshold: u8,
key_discovery: Option<T>,
input: impl Read + Send + Sync,
output: &mut impl Write,
@ -89,7 +87,6 @@ impl ShardExec for OpenPGP {
.expect("any pgp encrypted message");
keyfork_shard::openpgp::combine(
threshold,
certs,
encrypted_metadata,
encrypted_messages.into(),
@ -131,10 +128,6 @@ pub enum ShardSubcommands {
/// hardware metadata discovery, any hardware key used to split may be used to decrypt metadata
/// used to combine.
Combine {
/// The amount of sharesr equired to recombine a secret.
#[arg(long)]
threshold: u8,
/// The path to discover private keys from.
key_discovery: Option<PathBuf>,
},
@ -170,11 +163,10 @@ impl ShardSubcommands {
}
}
ShardSubcommands::Combine {
threshold,
key_discovery,
} => match &shard.format {
Some(Format::OpenPGP(o)) => {
o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
o.combine(key_discovery.as_ref(), stdin, &mut stdout)
}
Some(Format::P256(_p)) => {
todo!()