From e42e362aeaea876012ed4842dd5d3bcab5446989 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 20 Dec 2023 14:49:10 -0500 Subject: [PATCH] keyfork-shard: extract threshold from encrypted metadata --- .../src/bin/keyfork-shard-combine-openpgp.rs | 14 +++++--------- keyfork-shard/src/openpgp.rs | 7 +------ keyfork/src/cli/shard.rs | 10 +--------- 3 files changed, 7 insertions(+), 24 deletions(-) diff --git a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs index ddd39e1..5a461ed 100644 --- a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs +++ b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs @@ -3,7 +3,6 @@ use std::{ io::{stdin, stdout}, path::PathBuf, process::ExitCode, - str::FromStr, }; use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages}; @@ -11,10 +10,8 @@ use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messa type Result> = std::result::Result; fn validate<'a>( - threshold: &str, key_discovery: impl Into>, -) -> Result<(u8, Vec)> { - let threshold = u8::from_str(threshold)?; +) -> Result> { let key_discovery = key_discovery.into().map(PathBuf::from); key_discovery.as_ref().map(std::fs::metadata).transpose()?; @@ -24,16 +21,16 @@ fn validate<'a>( .transpose()? .unwrap_or(vec![]); - Ok((threshold, certs)) + Ok(certs) } fn run() -> Result<()> { let mut args = env::args(); let program_name = args.next().expect("program name"); let args = args.collect::>(); - let (threshold, cert_list) = match args.as_slice() { - [threshold, key_discovery] => validate(threshold, key_discovery.as_str())?, - [threshold] => validate(threshold, None)?, + let cert_list = match args.as_slice() { + [key_discovery] => validate(key_discovery.as_str())?, + [] => validate(None)?, _ => panic!("Usage: {program_name} threshold [key_discovery]"), }; @@ -44,7 +41,6 @@ fn run() -> Result<()> { .expect("any pgp encrypted message"); combine( - threshold, cert_list, encrypted_metadata, encrypted_messages.into(), diff --git a/keyfork-shard/src/openpgp.rs b/keyfork-shard/src/openpgp.rs index defa06c..42697ca 100644 --- a/keyfork-shard/src/openpgp.rs +++ b/keyfork-shard/src/openpgp.rs @@ -206,7 +206,6 @@ fn get_decryption_keys<'a>( } pub fn combine( - threshold: u8, certs: Vec, metadata: EncryptedMessage, messages: Vec, @@ -232,11 +231,7 @@ pub fn combine( SHARD_METADATA_VERSION, content[0], "incompatible metadata version" ); - // TODO: this should be removed along with the `threshold` option. - assert_eq!( - threshold, content[1], - "threshold does not match stored threshold" - ); + let threshold = content[1]; let mut cert_parser = CertParser::from_bytes(&content[SHARD_METADATA_OFFSET..]).map_err(Error::Sequoia)?; diff --git a/keyfork/src/cli/shard.rs b/keyfork/src/cli/shard.rs index f052f58..8b80e44 100644 --- a/keyfork/src/cli/shard.rs +++ b/keyfork/src/cli/shard.rs @@ -36,7 +36,6 @@ trait ShardExec { fn combine( &self, - threshold: u8, key_discovery: Option, input: impl Read + Send + Sync, output: &mut impl Write, @@ -70,7 +69,6 @@ impl ShardExec for OpenPGP { fn combine( &self, - threshold: u8, key_discovery: Option, input: impl Read + Send + Sync, output: &mut impl Write, @@ -89,7 +87,6 @@ impl ShardExec for OpenPGP { .expect("any pgp encrypted message"); keyfork_shard::openpgp::combine( - threshold, certs, encrypted_metadata, encrypted_messages.into(), @@ -131,10 +128,6 @@ pub enum ShardSubcommands { /// hardware metadata discovery, any hardware key used to split may be used to decrypt metadata /// used to combine. Combine { - /// The amount of sharesr equired to recombine a secret. - #[arg(long)] - threshold: u8, - /// The path to discover private keys from. key_discovery: Option, }, @@ -170,11 +163,10 @@ impl ShardSubcommands { } } ShardSubcommands::Combine { - threshold, key_discovery, } => match &shard.format { Some(Format::OpenPGP(o)) => { - o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout) + o.combine(key_discovery.as_ref(), stdin, &mut stdout) } Some(Format::P256(_p)) => { todo!()