keyfork-shard: extract threshold from encrypted metadata
This commit is contained in:
parent
869860a903
commit
e42e362aea
|
@ -3,7 +3,6 @@ use std::{
|
|||
io::{stdin, stdout},
|
||||
path::PathBuf,
|
||||
process::ExitCode,
|
||||
str::FromStr,
|
||||
};
|
||||
|
||||
use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
|
||||
|
@ -11,10 +10,8 @@ use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messa
|
|||
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
||||
|
||||
fn validate<'a>(
|
||||
threshold: &str,
|
||||
key_discovery: impl Into<Option<&'a str>>,
|
||||
) -> Result<(u8, Vec<Cert>)> {
|
||||
let threshold = u8::from_str(threshold)?;
|
||||
) -> Result<Vec<Cert>> {
|
||||
let key_discovery = key_discovery.into().map(PathBuf::from);
|
||||
key_discovery.as_ref().map(std::fs::metadata).transpose()?;
|
||||
|
||||
|
@ -24,16 +21,16 @@ fn validate<'a>(
|
|||
.transpose()?
|
||||
.unwrap_or(vec![]);
|
||||
|
||||
Ok((threshold, certs))
|
||||
Ok(certs)
|
||||
}
|
||||
|
||||
fn run() -> Result<()> {
|
||||
let mut args = env::args();
|
||||
let program_name = args.next().expect("program name");
|
||||
let args = args.collect::<Vec<_>>();
|
||||
let (threshold, cert_list) = match args.as_slice() {
|
||||
[threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
|
||||
[threshold] => validate(threshold, None)?,
|
||||
let cert_list = match args.as_slice() {
|
||||
[key_discovery] => validate(key_discovery.as_str())?,
|
||||
[] => validate(None)?,
|
||||
_ => panic!("Usage: {program_name} threshold [key_discovery]"),
|
||||
};
|
||||
|
||||
|
@ -44,7 +41,6 @@ fn run() -> Result<()> {
|
|||
.expect("any pgp encrypted message");
|
||||
|
||||
combine(
|
||||
threshold,
|
||||
cert_list,
|
||||
encrypted_metadata,
|
||||
encrypted_messages.into(),
|
||||
|
|
|
@ -206,7 +206,6 @@ fn get_decryption_keys<'a>(
|
|||
}
|
||||
|
||||
pub fn combine(
|
||||
threshold: u8,
|
||||
certs: Vec<Cert>,
|
||||
metadata: EncryptedMessage,
|
||||
messages: Vec<EncryptedMessage>,
|
||||
|
@ -232,11 +231,7 @@ pub fn combine(
|
|||
SHARD_METADATA_VERSION, content[0],
|
||||
"incompatible metadata version"
|
||||
);
|
||||
// TODO: this should be removed along with the `threshold` option.
|
||||
assert_eq!(
|
||||
threshold, content[1],
|
||||
"threshold does not match stored threshold"
|
||||
);
|
||||
let threshold = content[1];
|
||||
|
||||
let mut cert_parser =
|
||||
CertParser::from_bytes(&content[SHARD_METADATA_OFFSET..]).map_err(Error::Sequoia)?;
|
||||
|
|
|
@ -36,7 +36,6 @@ trait ShardExec {
|
|||
|
||||
fn combine<T>(
|
||||
&self,
|
||||
threshold: u8,
|
||||
key_discovery: Option<T>,
|
||||
input: impl Read + Send + Sync,
|
||||
output: &mut impl Write,
|
||||
|
@ -70,7 +69,6 @@ impl ShardExec for OpenPGP {
|
|||
|
||||
fn combine<T>(
|
||||
&self,
|
||||
threshold: u8,
|
||||
key_discovery: Option<T>,
|
||||
input: impl Read + Send + Sync,
|
||||
output: &mut impl Write,
|
||||
|
@ -89,7 +87,6 @@ impl ShardExec for OpenPGP {
|
|||
.expect("any pgp encrypted message");
|
||||
|
||||
keyfork_shard::openpgp::combine(
|
||||
threshold,
|
||||
certs,
|
||||
encrypted_metadata,
|
||||
encrypted_messages.into(),
|
||||
|
@ -131,10 +128,6 @@ pub enum ShardSubcommands {
|
|||
/// hardware metadata discovery, any hardware key used to split may be used to decrypt metadata
|
||||
/// used to combine.
|
||||
Combine {
|
||||
/// The amount of sharesr equired to recombine a secret.
|
||||
#[arg(long)]
|
||||
threshold: u8,
|
||||
|
||||
/// The path to discover private keys from.
|
||||
key_discovery: Option<PathBuf>,
|
||||
},
|
||||
|
@ -170,11 +163,10 @@ impl ShardSubcommands {
|
|||
}
|
||||
}
|
||||
ShardSubcommands::Combine {
|
||||
threshold,
|
||||
key_discovery,
|
||||
} => match &shard.format {
|
||||
Some(Format::OpenPGP(o)) => {
|
||||
o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
|
||||
o.combine(key_discovery.as_ref(), stdin, &mut stdout)
|
||||
}
|
||||
Some(Format::P256(_p)) => {
|
||||
todo!()
|
||||
|
|
Loading…
Reference in New Issue