keyfork-shard: extract threshold from encrypted metadata

keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs

@@ -3,7 +3,6 @@ use std::{
     io::{stdin, stdout},
     path::PathBuf,
     process::ExitCode,
-    str::FromStr,
 };
 
 use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
@@ -11,10 +10,8 @@ use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messa
 type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
 
 fn validate<'a>(
-    threshold: &str,
     key_discovery: impl Into<Option<&'a str>>,
-) -> Result<(u8, Vec<Cert>)> {
+) -> Result<Vec<Cert>> {
-    let threshold = u8::from_str(threshold)?;
     let key_discovery = key_discovery.into().map(PathBuf::from);
     key_discovery.as_ref().map(std::fs::metadata).transpose()?;
 
@@ -24,16 +21,16 @@ fn validate<'a>(
         .transpose()?
         .unwrap_or(vec![]);
 
-    Ok((threshold, certs))
+    Ok(certs)
 }
 
 fn run() -> Result<()> {
     let mut args = env::args();
     let program_name = args.next().expect("program name");
     let args = args.collect::<Vec<_>>();
-    let (threshold, cert_list) = match args.as_slice() {
+    let cert_list = match args.as_slice() {
-        [threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
+        [key_discovery] => validate(key_discovery.as_str())?,
-        [threshold] => validate(threshold, None)?,
+        [] => validate(None)?,
         _ => panic!("Usage: {program_name} threshold [key_discovery]"),
     };
 
@@ -44,7 +41,6 @@ fn run() -> Result<()> {
         .expect("any pgp encrypted message");
 
     combine(
-        threshold,
         cert_list,
         encrypted_metadata,
         encrypted_messages.into(),

keyfork-shard/src/openpgp.rs

@@ -206,7 +206,6 @@ fn get_decryption_keys<'a>(
 }
 
 pub fn combine(
-    threshold: u8,
     certs: Vec<Cert>,
     metadata: EncryptedMessage,
     messages: Vec<EncryptedMessage>,
@@ -232,11 +231,7 @@ pub fn combine(
         SHARD_METADATA_VERSION, content[0],
         "incompatible metadata version"
     );
-    // TODO: this should be removed along with the `threshold` option.
+    let threshold = content[1];
-    assert_eq!(
-        threshold, content[1],
-        "threshold does not match stored threshold"
-    );
 
     let mut cert_parser =
         CertParser::from_bytes(&content[SHARD_METADATA_OFFSET..]).map_err(Error::Sequoia)?;

keyfork/src/cli/shard.rs

@@ -36,7 +36,6 @@ trait ShardExec {
 
     fn combine<T>(
         &self,
-        threshold: u8,
         key_discovery: Option<T>,
         input: impl Read + Send + Sync,
         output: &mut impl Write,
@@ -70,7 +69,6 @@ impl ShardExec for OpenPGP {
 
     fn combine<T>(
         &self,
-        threshold: u8,
         key_discovery: Option<T>,
         input: impl Read + Send + Sync,
         output: &mut impl Write,
@@ -89,7 +87,6 @@ impl ShardExec for OpenPGP {
             .expect("any pgp encrypted message");
 
         keyfork_shard::openpgp::combine(
-            threshold,
             certs,
             encrypted_metadata,
             encrypted_messages.into(),
@@ -131,10 +128,6 @@ pub enum ShardSubcommands {
     /// hardware metadata discovery, any hardware key used to split may be used to decrypt metadata
     /// used to combine.
     Combine {
-        /// The amount of sharesr equired to recombine a secret.
-        #[arg(long)]
-        threshold: u8,
-
         /// The path to discover private keys from.
         key_discovery: Option<PathBuf>,
     },
@@ -170,11 +163,10 @@ impl ShardSubcommands {
                 }
             }
             ShardSubcommands::Combine {
-                threshold,
                 key_discovery,
             } => match &shard.format {
                 Some(Format::OpenPGP(o)) => {
-                    o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
+                    o.combine(key_discovery.as_ref(), stdin, &mut stdout)
                 }
                 Some(Format::P256(_p)) => {
                     todo!()