Commit Graph

359 Commits

Author SHA1 Message Date
Ryan Heywood 9e4d5649d9
audits: add audit from NCC and Cure53 following release of `blahaj` 2024-11-21 17:21:23 -05:00
Ryan Heywood 6a3244df01
Cargo.lock: bump g2p, remove syn 1.x 2024-08-14 14:31:03 -04:00
Ryan Heywood be6d562b33
keyfork-qrcode: use image::ImageReader over image::io::Reader (deprecated) 2024-08-14 13:50:48 -04:00
Ryan Heywood 6317cc964f
Cargo.lock: bump deps, dupe generic-array :( 2024-08-12 01:07:43 -04:00
Ryan Heywood 305e070b93
Cargo.lock: bump multiple deps to deduplicate 2024-08-12 00:31:18 -04:00
Ryan Heywood 7e5c7ea8fb
Cargo.lock: bump lalrpop to remove duplicate regex-syntax 2024-08-12 00:11:25 -04:00
Ryan Heywood 63b4677b19
deny.toml: update to not use deprecated keys 2024-08-11 23:48:44 -04:00
Ryan Heywood 1d68dd19d9
fry up some bacon 2024-08-11 23:19:39 -04:00
Ryan Heywood 4ab1e8afa6
add docs to make clippy extra happy 2024-08-11 19:38:18 -04:00
Ryan Heywood a8b2814b17
make clippy happy 2024-08-11 19:25:25 -04:00
Ryan Heywood c36fe0a1b1
keyfork-shard: re-enable standard policy, alive check still disabled, add check for encryption keys when discovering certs 2024-08-11 18:57:43 -04:00
Ryan Heywood c25c11d1a0
release keyfork v0.2.4 2024-08-11 17:33:41 -04:00
Ryan Heywood e1f8ce9a97
cleanup workspace duplicated dependencies 2024-08-11 16:54:06 -04:00
Ryan Heywood b254ba7c56
cleanup post-merge 2024-08-11 14:56:36 -04:00
Ryan Heywood 58d3c34b61
Merge branch 'main' into ryansquared/staging-since-latest 2024-08-11 14:54:02 -04:00
Ryan Heywood ba64db8f00
update Cargo.toml and Cargo.lock 2024-08-08 00:56:40 -04:00
Ryan Heywood dd4354ffc1
keyfork: bump keyfork-shard 2024-08-08 00:53:15 -04:00
Ryan Heywood fa84a2ae5f
keyfork-shard: Be less strict about keys
Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of
using StandardPolicy and checking whether keys are "alive" is the drift
between different Airgap systems where the keys may not be valid at the
same time. Because of this, it is impossible to shard a secret to all
keys at once using a StandardPolicy.

However, we consider these keys to be a trusted input, whether created
by a previous system or generated directly by Keyfork. Because of this,
we can use a NullPolicy to blanketly permit all keys, the same way we
blanketly permit all keys when reconstituting the sharded secret, and
disable the check for whether keys are alive (though, we are still
denying revoked keys).
2024-08-08 00:48:33 -04:00
Ryan Heywood 35f57fcc41
Merge branch 'ryansquared/keyfork-mnemonic-refactors' 2024-08-05 18:00:10 -04:00
Ryan Heywood a2eb5fda11
bump dependencies with listed vulnerabilities (not affected) 2024-08-05 17:48:19 -04:00
Ryan Heywood 5219c5a99f
keyfork: enum-trait-ify choose-your-own commands 2024-08-05 17:43:22 -04:00
Ryan Heywood b26f296a75
keyfork-derive-path-data: move all pathcrafting here 2024-08-01 11:05:46 -04:00
Ryan Heywood 35ab5e65a4
keyfork-mnemonic-util => keyfork-mnemonic 2024-08-01 09:50:30 -04:00
Ryan Heywood 3ee81b6a82
keyfork-mnemonic-util: impl as_slice to_vec into_vec 2024-08-01 09:35:04 -04:00
Ryan Heywood f5627e5bd9
keyfork-mnemonic-util: impl try_from_slice and from_array 2024-08-01 09:29:03 -04:00
Ryan Heywood 02e5b545a4
keyfork-mnemonic-util::generate_seed: return const size array 2024-08-01 09:19:07 -04:00
Ryan Heywood 536e6da5ad
keyforkd{,-client}: lots of documentationings 2024-08-01 08:59:01 -04:00
Ryan Heywood bac762f5be
release keyfork v0.2.2 and keyfork-derive-openpgp 0.1.2 2024-08-01 01:37:18 -04:00
Ryan Heywood c868afedbf
scripts/generate-dependency-queue.py: doc how to run 2024-08-01 01:30:56 -04:00
Ryan Heywood 8d40d2630c
keyfork: add `bottoms-up` wizard 2024-08-01 01:30:54 -04:00
Ryan Heywood 142bea3b9f
keyfork-shard: verify QR code length correctly 2024-05-29 16:16:55 -04:00
Ryan Heywood c65ddbf119
scripts/generate-dependency-queue.py: rewrite 2024-05-16 14:56:31 -04:00
Ryan Heywood d759982853
scripts: add publishing scripts 2024-05-16 02:01:10 -04:00
Ryan Heywood 491d19469a
crates: bump versions 2024-05-16 00:29:28 -04:00
Ryan Heywood 756be9b9d7
Merge remote-tracking branch 'origin/anton/require-min-entropy' 2024-05-05 14:49:12 -04:00
Ryan Heywood ad329131de
Merge remote-tracking branch 'origin/anton/chore/update-readme' 2024-05-05 14:49:01 -04:00
Anton Livaja bcfcc8711f
keyforkd: add warning when loading seed with less than 128 bits 2024-05-05 14:27:10 -04:00
Ryan Heywood de4e98ae07
keyfork-derive-util: black-box checking all zeroes 2024-05-03 23:28:45 -04:00
Ryan Heywood 48ccd7c68f
keyfork-derive-util: add note about potential side-channel when verifying keys 2024-05-03 23:20:53 -04:00
Ryan Heywood d04989ef30
keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct 2024-05-03 23:20:50 -04:00
Ryan Heywood 1a036a0b5f
keyfork-shard: clean up documentation for encrypted shard padding 2024-05-03 22:41:38 -04:00
Anton Livaja fc0350a098
fix: specify OpenPGP 2024-04-29 17:57:05 -04:00
Anton Livaja a18ea7ba0f
chore: make docs regarding factory reset more specific 2024-04-29 13:20:46 -04:00
Ryan Heywood e0687434ef
keyfork-shard: display error message on duplicate key fingerprints found 2024-04-24 13:29:32 -04:00
Ryan Heywood 23db50956f
keyfork-shard: improve wording for counting shardholders 2024-04-24 13:13:48 -04:00
Ryan Heywood 94617722a0
keyfork-shard: ignore duplicate certificate entries 2024-04-22 17:06:13 -04:00
Ryan Heywood 001fc0bccc
remove trailing hitespace :( 2024-04-19 00:30:38 -04:00
Ryan Heywood 6a265ad203
keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes 2024-04-18 23:53:59 -04:00
Ryan Heywood 5d2309e301
keyfork-prompt: add SecurePinValidator for making new, secure, PINs 2024-04-18 23:01:03 -04:00
Ryan Heywood c0b19e2457
keyfork-shard: assert shared secrets are contributory 2024-04-17 15:36:42 -04:00