Compare commits
11 Commits
4da3eadcca
...
08a66e2365
Author | SHA1 | Date |
---|---|---|
Ryan Heywood | 08a66e2365 | |
Ryan Heywood | 6fa434e89c | |
Ryan Heywood | 68f07f6f02 | |
Ryan Heywood | 9394500f2f | |
Ryan Heywood | 2bca0a1580 | |
Ryan Heywood | 5438f4e111 | |
Ryan Heywood | 71b6e4ed0c | |
Ryan Heywood | 4f4e3cfc65 | |
Ryan Heywood | 194d475d59 | |
Ryan Heywood | 40551a5c26 | |
Ryan Heywood | fa125e7cbe |
|
@ -1764,7 +1764,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "keyfork-derive-util"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"digest",
|
||||
"ed25519-dalek",
|
||||
|
@ -1782,7 +1782,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "keyfork-entropy"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"keyfork-bug",
|
||||
"smex",
|
||||
|
@ -1824,7 +1824,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "keyfork-qrcode"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"image",
|
||||
"keyfork-bug",
|
||||
|
@ -1886,7 +1886,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "keyforkd"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"bincode",
|
||||
"hex-literal",
|
||||
|
|
|
@ -25,6 +25,9 @@ fn secp256k1_test_suite() {
|
|||
if chain_len < 2 {
|
||||
continue;
|
||||
}
|
||||
if chain.iter().take(2).any(|index| !index.is_hardened()) {
|
||||
continue;
|
||||
}
|
||||
// Consistency check: ensure the server and the client can each derive the same
|
||||
// key using an XPrv, for all but the last XPrv, which is verified after this
|
||||
for i in 2..chain_len {
|
||||
|
|
|
@ -43,6 +43,10 @@ pub enum DerivationError {
|
|||
#[error("Invalid derivation length: Expected at least 2, actual: {0}")]
|
||||
InvalidDerivationLength(usize),
|
||||
|
||||
/// The derivation request did not use hardened derivation on the 2 highest indexes.
|
||||
#[error("Invalid derivation paths: expected index #{0} (1) to be hardened")]
|
||||
InvalidDerivationPath(usize, u32),
|
||||
|
||||
/// An error occurred while deriving data.
|
||||
#[error("Derivation error: {0}")]
|
||||
Derivation(String),
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "keyforkd"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
|
|
|
@ -69,6 +69,18 @@ impl Service<Request> for Keyforkd {
|
|||
return Err(DerivationError::InvalidDerivationLength(len).into());
|
||||
}
|
||||
|
||||
if let Some((i, unhardened_index)) = req
|
||||
.path()
|
||||
.iter()
|
||||
.take(2)
|
||||
.enumerate()
|
||||
.find(|(_, index)| {
|
||||
!index.is_hardened()
|
||||
})
|
||||
{
|
||||
return Err(DerivationError::InvalidDerivationPath(i, unhardened_index.inner()).into())
|
||||
}
|
||||
|
||||
#[cfg(feature = "tracing")]
|
||||
if let Some(target) = guess_target(req.path()) {
|
||||
info!("Deriving path: {target}");
|
||||
|
@ -110,6 +122,9 @@ mod tests {
|
|||
if chain.len() < 2 {
|
||||
continue;
|
||||
}
|
||||
if chain.iter().take(2).any(|index| !index.is_hardened()) {
|
||||
continue;
|
||||
}
|
||||
let req = DerivationRequest::new(DerivationAlgorithm::Secp256k1, &chain);
|
||||
let response: DerivationResponse = keyforkd
|
||||
.ready()
|
||||
|
|
|
@ -61,7 +61,7 @@ where
|
|||
));
|
||||
let socket_dir = tempfile::tempdir().expect(bug!("can't create tempdir"));
|
||||
let socket_path = socket_dir.path().join("keyforkd.sock");
|
||||
rt.block_on(async move {
|
||||
let result = rt.block_on(async move {
|
||||
let (tx, mut rx) = tokio::sync::mpsc::channel(1);
|
||||
let server_handle = tokio::spawn({
|
||||
let socket_path = socket_path.clone();
|
||||
|
@ -87,8 +87,13 @@ where
|
|||
let result = test_handle.await;
|
||||
server_handle.abort();
|
||||
result
|
||||
})
|
||||
.expect(bug!("runtime could not join all threads"))
|
||||
});
|
||||
if let Err(e) = result {
|
||||
if e.is_panic() {
|
||||
std::panic::resume_unwind(e.into_panic());
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "keyfork-derive-util"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
edition = "2021"
|
||||
license = "MIT"
|
||||
|
||||
|
|
|
@ -11,8 +11,8 @@ const KEY_SIZE: usize = 256;
|
|||
/// Errors associated with creating or deriving Extended Public Keys.
|
||||
#[derive(Error, Clone, Debug)]
|
||||
pub enum Error {
|
||||
/// BIP-0032 does not support deriving public keys from hardened private keys.
|
||||
#[error("Public keys may not be derived when hardened")]
|
||||
/// BIP-0032 does not support hardened public key derivation from parent public keys.
|
||||
#[error("Hardened child public keys may not be derived from parent public keys")]
|
||||
HardenedIndex,
|
||||
|
||||
/// The maximum depth for key derivation has been reached. The supported maximum depth is 255.
|
||||
|
|
|
@ -85,7 +85,7 @@ pub trait PrivateKey: Sized {
|
|||
/// # Errors
|
||||
///
|
||||
/// An error may be returned if:
|
||||
/// * A nonzero `other` is provided.
|
||||
/// * An all-zero `other` is provided.
|
||||
/// * An error specific to the given algorithm was encountered.
|
||||
fn derive_child(&self, other: &PrivateKeyBytes) -> Result<Self, Self::Err>;
|
||||
|
||||
|
@ -180,7 +180,6 @@ impl PrivateKey for ed25519_dalek::SigningKey {
|
|||
|
||||
use crate::public_key::TestPublicKey;
|
||||
|
||||
#[doc(hidden)]
|
||||
#[derive(Clone, Debug, PartialEq, Eq)]
|
||||
pub struct TestPrivateKey {
|
||||
key: [u8; 32],
|
||||
|
|
|
@ -42,7 +42,7 @@ pub trait PublicKey: Sized {
|
|||
/// # Errors
|
||||
///
|
||||
/// An error may be returned if:
|
||||
/// * A nonzero `other` is provided.
|
||||
/// * An all-zero `other` is provided.
|
||||
/// * An error specific to the given algorithm was encountered.
|
||||
fn derive_child(&self, other: PrivateKeyBytes) -> Result<Self, Self::Err>;
|
||||
|
||||
|
@ -142,7 +142,6 @@ impl PublicKey for VerifyingKey {
|
|||
}
|
||||
}
|
||||
|
||||
#[doc(hidden)]
|
||||
#[derive(Clone)]
|
||||
pub struct TestPublicKey {
|
||||
pub(crate) key: [u8; 33],
|
||||
|
|
|
@ -57,7 +57,7 @@ pub enum DerivationAlgorithm {
|
|||
#[allow(missing_docs)]
|
||||
Secp256k1,
|
||||
#[doc(hidden)]
|
||||
Internal,
|
||||
TestAlgorithm,
|
||||
}
|
||||
|
||||
impl DerivationAlgorithm {
|
||||
|
@ -86,7 +86,7 @@ impl DerivationAlgorithm {
|
|||
&derived_key,
|
||||
))
|
||||
}
|
||||
Self::Internal => {
|
||||
Self::TestAlgorithm => {
|
||||
let key = ExtendedPrivateKey::<TestPrivateKey>::new(seed);
|
||||
let derived_key = key.derive_path(path)?;
|
||||
Ok(DerivationResponse::with_algo_and_xprv(
|
||||
|
@ -120,7 +120,7 @@ pub trait AsAlgorithm: PrivateKey {
|
|||
|
||||
impl AsAlgorithm for TestPrivateKey {
|
||||
fn as_algorithm() -> DerivationAlgorithm {
|
||||
DerivationAlgorithm::Internal
|
||||
DerivationAlgorithm::TestAlgorithm
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -144,7 +144,7 @@ impl DerivationRequest {
|
|||
/// # };
|
||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
/// let algo: DerivationAlgorithm = //
|
||||
/// # DerivationAlgorithm::Internal;
|
||||
/// # DerivationAlgorithm::TestAlgorithm;
|
||||
/// let path: DerivationPath = //
|
||||
/// # DerivationPath::default();
|
||||
/// let request = DerivationRequest::new(algo, &path);
|
||||
|
@ -169,7 +169,7 @@ impl DerivationRequest {
|
|||
/// # };
|
||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
/// let algo: DerivationAlgorithm = //
|
||||
/// # DerivationAlgorithm::Internal;
|
||||
/// # DerivationAlgorithm::TestAlgorithm;
|
||||
/// let path: DerivationPath = //
|
||||
/// # DerivationPath::default();
|
||||
/// let request = DerivationRequest::new(algo, &path);
|
||||
|
@ -199,7 +199,7 @@ impl DerivationRequest {
|
|||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
|
||||
/// # )?;
|
||||
/// let algo: DerivationAlgorithm = //
|
||||
/// # DerivationAlgorithm::Internal;
|
||||
/// # DerivationAlgorithm::TestAlgorithm;
|
||||
/// let path: DerivationPath = //
|
||||
/// # DerivationPath::default();
|
||||
/// let request = DerivationRequest::new(algo, &path);
|
||||
|
@ -228,7 +228,7 @@ impl DerivationRequest {
|
|||
/// let seed: &[u8; 64] = //
|
||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||
/// let algo: DerivationAlgorithm = //
|
||||
/// # DerivationAlgorithm::Internal;
|
||||
/// # DerivationAlgorithm::TestAlgorithm;
|
||||
/// let path: DerivationPath = //
|
||||
/// # DerivationPath::default();
|
||||
/// let request = DerivationRequest::new(algo, &path);
|
||||
|
|
|
@ -84,13 +84,23 @@ impl<P: PromptHandler> VerificationHelper for &mut Keyring<P> {
|
|||
aead_algo,
|
||||
} => {}
|
||||
MessageLayer::SignatureGroup { results } => {
|
||||
for result in results {
|
||||
if let Err(e) = result {
|
||||
match &results[..] {
|
||||
[Ok(_)] => {
|
||||
return Ok(());
|
||||
}
|
||||
_ => {
|
||||
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
||||
// return Err(e.context("Invalid signature"));
|
||||
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
||||
}
|
||||
}
|
||||
/*
|
||||
for result in results {
|
||||
if let Err(e) = result {
|
||||
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
||||
}
|
||||
}
|
||||
*/
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -193,12 +193,23 @@ impl<P: PromptHandler> VerificationHelper for &mut SmartcardManager<P> {
|
|||
aead_algo,
|
||||
} => {}
|
||||
MessageLayer::SignatureGroup { results } => {
|
||||
match &results[..] {
|
||||
[Ok(_)] => {
|
||||
return Ok(());
|
||||
}
|
||||
_ => {
|
||||
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
||||
// return Err(e.context("Invalid signature"));
|
||||
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
||||
}
|
||||
}
|
||||
/*
|
||||
for result in results {
|
||||
if let Err(e) = result {
|
||||
// FIXME: anyhow leak
|
||||
return Err(anyhow::anyhow!("Verification error: {}", e.to_string()));
|
||||
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
||||
}
|
||||
}
|
||||
*/
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -264,8 +275,8 @@ impl<P: PromptHandler> DecryptionHelper for &mut SmartcardManager<P> {
|
|||
} else {
|
||||
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
|
||||
};
|
||||
let temp_pin =
|
||||
self.pm
|
||||
let temp_pin = self
|
||||
.pm
|
||||
.lock()
|
||||
.expect(bug!(POISONED_MUTEX))
|
||||
.prompt_validated_passphrase(&message, 3, &pin_validator)?;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "keyfork-qrcode"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
repository = "https://git.distrust.co/public/keyfork"
|
||||
edition = "2021"
|
||||
license = "MIT"
|
||||
|
|
|
@ -5,7 +5,7 @@ use keyfork_bug as bug;
|
|||
use image::io::Reader as ImageReader;
|
||||
use std::{
|
||||
io::{Cursor, Write},
|
||||
time::{Duration, SystemTime},
|
||||
time::{Duration, Instant},
|
||||
process::{Command, Stdio},
|
||||
};
|
||||
use v4l::{
|
||||
|
@ -110,11 +110,10 @@ pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QR
|
|||
fmt.fourcc = FourCC::new(b"MPG1");
|
||||
device.set_format(&fmt)?;
|
||||
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
||||
let start = SystemTime::now();
|
||||
let start = Instant::now();
|
||||
|
||||
while SystemTime::now()
|
||||
while Instant::now()
|
||||
.duration_since(start)
|
||||
.unwrap_or(Duration::from_secs(0))
|
||||
< timeout
|
||||
{
|
||||
let (buffer, _) = stream.next()?;
|
||||
|
@ -141,12 +140,11 @@ pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QR
|
|||
fmt.fourcc = FourCC::new(b"MPG1");
|
||||
device.set_format(&fmt)?;
|
||||
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
||||
let start = SystemTime::now();
|
||||
let start = Instant::now();
|
||||
let mut scanner = keyfork_zbar::image_scanner::ImageScanner::new();
|
||||
|
||||
while SystemTime::now()
|
||||
while Instant::now()
|
||||
.duration_since(start)
|
||||
.unwrap_or(Duration::from_secs(0))
|
||||
< timeout
|
||||
{
|
||||
let (buffer, _) = stream.next()?;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "keyfork-entropy"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
edition = "2021"
|
||||
license = "MIT"
|
||||
|
||||
|
|
|
@ -10,10 +10,12 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|||
bit_size % 8 == 0,
|
||||
"Bit size must be divisible by 8, got: {bit_size}"
|
||||
);
|
||||
assert!(
|
||||
bit_size <= 256,
|
||||
"Maximum supported bit size is 256, got: {bit_size}"
|
||||
);
|
||||
match bit_size {
|
||||
128 | 256 | 512 => {}
|
||||
_ => {
|
||||
eprintln!("reading entropy of uncommon size: {bit_size}");
|
||||
}
|
||||
}
|
||||
|
||||
let entropy = keyfork_entropy::generate_entropy_of_size(bit_size / 8)?;
|
||||
println!("{}", smex::encode(entropy));
|
||||
|
|
Loading…
Reference in New Issue