Compare commits
	
		
			No commits in common. "4e64c73f2183ffe0134c46d6eb3226f2f6c7551e" and "64c5c648a6f30bca0c31a5f2abf0117ba20f315b" have entirely different histories.
		
	
	
		
			4e64c73f21
			...
			64c5c648a6
		
	
		|  | @ -882,7 +882,6 @@ dependencies = [ | ||||||
|  "clap", |  "clap", | ||||||
|  "keyfork-mnemonic-util", |  "keyfork-mnemonic-util", | ||||||
|  "keyfork-plumbing", |  "keyfork-plumbing", | ||||||
|  "keyfork-shard", |  | ||||||
|  "smex", |  "smex", | ||||||
|  "thiserror", |  "thiserror", | ||||||
| ] | ] | ||||||
|  |  | ||||||
|  | @ -5,15 +5,11 @@ edition = "2021" | ||||||
| 
 | 
 | ||||||
| # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||||||
| 
 | 
 | ||||||
| [features] |  | ||||||
| default = ["openpgp"] |  | ||||||
| openpgp = ["sequoia-openpgp"] |  | ||||||
| 
 |  | ||||||
| [dependencies] | [dependencies] | ||||||
| anyhow = "1.0.75" | anyhow = "1.0.75" | ||||||
| bincode = "1.3.3" | bincode = "1.3.3" | ||||||
| keyfork-derive-openpgp = { version = "0.1.0", path = "../keyfork-derive-openpgp" } | keyfork-derive-openpgp = { version = "0.1.0", path = "../keyfork-derive-openpgp" } | ||||||
| sequoia-openpgp = { version = "1.16.1", optional = true } | sequoia-openpgp = "1.16.1" | ||||||
| serde = "1.0.188" | serde = "1.0.188" | ||||||
| sharks = "0.5.0" | sharks = "0.5.0" | ||||||
| smex = { version = "0.1.0", path = "../smex" } | smex = { version = "0.1.0", path = "../smex" } | ||||||
|  |  | ||||||
|  | @ -6,7 +6,7 @@ use std::{ | ||||||
|     str::FromStr, |     str::FromStr, | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| use keyfork_shard::openpgp::{combine, discover_certs, parse_messages, openpgp::Cert}; | use keyfork_shard::{combine, discover_certs, parse_messages, openpgp::Cert}; | ||||||
| 
 | 
 | ||||||
| type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>; | type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,6 +1,6 @@ | ||||||
| use std::{env, path::PathBuf, process::ExitCode, str::FromStr}; | use std::{env, path::PathBuf, process::ExitCode, str::FromStr}; | ||||||
| 
 | 
 | ||||||
| use keyfork_shard::openpgp::{discover_certs, openpgp::Cert, split}; | use keyfork_shard::{discover_certs, openpgp::Cert, split}; | ||||||
| 
 | 
 | ||||||
| #[derive(Clone, Debug)] | #[derive(Clone, Debug)] | ||||||
| enum Error { | enum Error { | ||||||
|  |  | ||||||
|  | @ -1,4 +1,4 @@ | ||||||
| use super::openpgp::{ | use crate::openpgp::{ | ||||||
|     self, |     self, | ||||||
|     cert::Cert, |     cert::Cert, | ||||||
|     packet::{PKESK, SKESK}, |     packet::{PKESK, SKESK}, | ||||||
|  | @ -1,2 +1,338 @@ | ||||||
| #[cfg(feature = "openpgp")] | use std::{ | ||||||
| pub mod openpgp; |     collections::{HashMap, VecDeque}, | ||||||
|  |     io::{Read, Write}, | ||||||
|  |     path::Path, | ||||||
|  |     str::FromStr, | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | use keyfork_derive_openpgp::derive_util::{ | ||||||
|  |     request::{DerivationAlgorithm, DerivationRequest}, | ||||||
|  |     DerivationPath, | ||||||
|  | }; | ||||||
|  | use openpgp::{ | ||||||
|  |     armor::{Kind, Writer}, | ||||||
|  |     cert::{Cert, CertParser, ValidCert}, | ||||||
|  |     packet::{Packet, Tag, UserID, PKESK, SEIP}, | ||||||
|  |     parse::{stream::DecryptorBuilder, Parse}, | ||||||
|  |     policy::{NullPolicy, Policy, StandardPolicy}, | ||||||
|  |     serialize::{ | ||||||
|  |         stream::{ArbitraryWriter, Encryptor, LiteralWriter, Message, Recipient, Signer}, | ||||||
|  |         Marshal, | ||||||
|  |     }, | ||||||
|  |     types::KeyFlags, | ||||||
|  |     KeyID, PacketPile | ||||||
|  | }; | ||||||
|  | pub use sequoia_openpgp as openpgp; | ||||||
|  | use sharks::{Share, Sharks}; | ||||||
|  | 
 | ||||||
|  | mod keyring; | ||||||
|  | use keyring::Keyring; | ||||||
|  | 
 | ||||||
|  | // TODO: better error handling
 | ||||||
|  | 
 | ||||||
|  | #[derive(Debug, Clone)] | ||||||
|  | pub struct WrappedError(String); | ||||||
|  | 
 | ||||||
|  | impl std::fmt::Display for WrappedError { | ||||||
|  |     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { | ||||||
|  |         f.write_str(&self.0) | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | impl std::error::Error for WrappedError {} | ||||||
|  | 
 | ||||||
|  | pub type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>; | ||||||
|  | 
 | ||||||
|  | #[derive(Debug, Clone)] | ||||||
|  | pub struct EncryptedMessage { | ||||||
|  |     pkesks: Vec<PKESK>, | ||||||
|  |     message: SEIP, | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | impl EncryptedMessage { | ||||||
|  |     pub fn with_swap(pkesks: &mut Vec<PKESK>, seip: SEIP) -> Self { | ||||||
|  |         Self { | ||||||
|  |             pkesks: std::mem::take(pkesks), | ||||||
|  |             message: seip, | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     pub fn decrypt_with(&self, policy: &'_ dyn Policy, keyring: &mut Keyring) -> Result<Vec<u8>> { | ||||||
|  |         let mut packets = vec![]; | ||||||
|  | 
 | ||||||
|  |         for pkesk in &self.pkesks { | ||||||
|  |             let mut packet = vec![]; | ||||||
|  |             pkesk.serialize(&mut packet)?; | ||||||
|  |             let message = Message::new(&mut packets); | ||||||
|  |             let mut message = ArbitraryWriter::new(message, Tag::PKESK)?; | ||||||
|  |             message.write_all(&packet)?; | ||||||
|  |             message.finalize()?; | ||||||
|  |         } | ||||||
|  |         let mut packet = vec![]; | ||||||
|  |         self.message.serialize(&mut packet)?; | ||||||
|  |         let message = Message::new(&mut packets); | ||||||
|  |         let mut message = ArbitraryWriter::new(message, Tag::SEIP)?; | ||||||
|  |         message.write_all(&packet)?; | ||||||
|  |         message.finalize()?; | ||||||
|  | 
 | ||||||
|  |         let mut decryptor = | ||||||
|  |             DecryptorBuilder::from_bytes(&packets)?.with_policy(policy, None, keyring)?; | ||||||
|  | 
 | ||||||
|  |         let mut content = vec![]; | ||||||
|  |         decryptor.read_to_end(&mut content)?; | ||||||
|  |         Ok(content) | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | pub fn discover_certs(path: impl AsRef<Path>) -> Result<Vec<Cert>> { | ||||||
|  |     let path = path.as_ref(); | ||||||
|  | 
 | ||||||
|  |     if path.is_file() { | ||||||
|  |         let mut vec = vec![]; | ||||||
|  |         for cert in CertParser::from_file(path)? { | ||||||
|  |             vec.push(cert?); | ||||||
|  |         } | ||||||
|  |         Ok(vec) | ||||||
|  |     } else { | ||||||
|  |         let mut vec = vec![]; | ||||||
|  |         for entry in path | ||||||
|  |             .read_dir()? | ||||||
|  |             .filter_map(Result::ok) | ||||||
|  |             .filter(|p| p.path().is_file()) | ||||||
|  |         { | ||||||
|  |             vec.push(Cert::from_file(entry.path())?); | ||||||
|  |         } | ||||||
|  |         Ok(vec) | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | pub fn parse_messages(reader: impl Read + Send + Sync) -> Result<VecDeque<EncryptedMessage> >{ | ||||||
|  |     let mut pkesks = Vec::new(); | ||||||
|  |     let mut encrypted_messages = VecDeque::new(); | ||||||
|  | 
 | ||||||
|  |     for packet in PacketPile::from_reader(reader)?.into_children() { | ||||||
|  |         match packet { | ||||||
|  |             Packet::PKESK(p) => pkesks.push(p), | ||||||
|  |             Packet::SEIP(s) => { | ||||||
|  |                 encrypted_messages.push_back(EncryptedMessage::with_swap(&mut pkesks, s)); | ||||||
|  |             } | ||||||
|  |             s => { | ||||||
|  |                 panic!("Invalid variant found: {}", s.tag()); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     Ok(encrypted_messages) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn get_encryption_keys<'a>( | ||||||
|  |     cert: &'a ValidCert, | ||||||
|  | ) -> openpgp::cert::prelude::ValidKeyAmalgamationIter< | ||||||
|  |     'a, | ||||||
|  |     openpgp::packet::key::PublicParts, | ||||||
|  |     openpgp::packet::key::UnspecifiedRole, | ||||||
|  | > { | ||||||
|  |     cert.keys() | ||||||
|  |         .alive() | ||||||
|  |         .revoked(false) | ||||||
|  |         .supported() | ||||||
|  |         .for_storage_encryption() | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn get_decryption_keys<'a>( | ||||||
|  |     cert: &'a ValidCert, | ||||||
|  | ) -> openpgp::cert::prelude::ValidKeyAmalgamationIter< | ||||||
|  |     'a, | ||||||
|  |     openpgp::packet::key::SecretParts, | ||||||
|  |     openpgp::packet::key::UnspecifiedRole, | ||||||
|  | > { | ||||||
|  |     cert.keys() | ||||||
|  |         /* | ||||||
|  |         .alive() | ||||||
|  |         .revoked(false) | ||||||
|  |         .supported() | ||||||
|  |         */ | ||||||
|  |         .for_storage_encryption() | ||||||
|  |         .secret() | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | pub fn combine( | ||||||
|  |     threshold: u8, | ||||||
|  |     certs: Vec<Cert>, | ||||||
|  |     metadata: EncryptedMessage, | ||||||
|  |     messages: Vec<EncryptedMessage>, | ||||||
|  |     mut output: impl Write, | ||||||
|  | ) -> Result<()> { | ||||||
|  |     // Be as liberal as possible when decrypting.
 | ||||||
|  |     // We don't want to invalidate someone's keys just because the old sig expired.
 | ||||||
|  |     let policy = NullPolicy::new(); | ||||||
|  | 
 | ||||||
|  |     let mut keyring = Keyring::new(certs); | ||||||
|  |     let content = metadata.decrypt_with(&policy, &mut keyring)?; | ||||||
|  | 
 | ||||||
|  |     let mut cert_parser = CertParser::from_bytes(&content)?; | ||||||
|  |     let root_cert = match cert_parser.next() { | ||||||
|  |         Some(Ok(c)) => c, | ||||||
|  |         Some(Err(e)) => panic!("Could not find root (first) certificate: {e}"), | ||||||
|  |         None => panic!("No certs found in cert parser"), | ||||||
|  |     }; | ||||||
|  |     let certs = cert_parser.collect::<openpgp::Result<Vec<_>>>()?; | ||||||
|  |     keyring.set_root_cert(root_cert); | ||||||
|  |     let mut messages: HashMap<KeyID, EncryptedMessage> = | ||||||
|  |         HashMap::from_iter(certs.iter().map(|c| c.keyid()).zip(messages)); | ||||||
|  |     let mut decrypted_messages: HashMap<KeyID, Vec<u8>> = HashMap::new(); | ||||||
|  | 
 | ||||||
|  |     // NOTE: This is ONLY stable because we control the generation of PKESK packets and
 | ||||||
|  |     // encode the policy to ourselves.
 | ||||||
|  |     for valid_cert in certs.iter().map(|cert| cert.with_policy(&policy, None)) { | ||||||
|  |         let valid_cert = valid_cert?; | ||||||
|  |         // get keys from keyring for cert
 | ||||||
|  |         let Some(secret_cert) = keyring.get_cert_for_primary_keyid(&valid_cert.keyid()) else { | ||||||
|  |             continue; | ||||||
|  |         }; | ||||||
|  |         let secret_cert = secret_cert.with_policy(&policy, None)?; | ||||||
|  |         let keys = get_decryption_keys(&secret_cert).collect::<Vec<_>>(); | ||||||
|  |         if !keys.is_empty() { | ||||||
|  |             if let Some(message) = messages.get_mut(&valid_cert.keyid()) { | ||||||
|  |                 for (pkesk, key) in message.pkesks.iter_mut().zip(keys) { | ||||||
|  |                     pkesk.set_recipient(key.keyid()); | ||||||
|  |                 } | ||||||
|  |                 // we have a pkesk, decrypt via keyring
 | ||||||
|  |                 let result = message.decrypt_with(&policy, &mut keyring); | ||||||
|  |                 match result { | ||||||
|  |                     Ok(message) => { | ||||||
|  |                         decrypted_messages.insert(valid_cert.keyid(), message); | ||||||
|  |                     } | ||||||
|  |                     Err(e) => { | ||||||
|  |                         eprintln!( | ||||||
|  |                             "Could not decrypt with fingerprint {}: {}", | ||||||
|  |                             valid_cert.keyid(), | ||||||
|  |                             e | ||||||
|  |                         ); | ||||||
|  |                         // do nothing, key will be retained
 | ||||||
|  |                     } | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     // clean decrypted messages from encrypted messages
 | ||||||
|  |     messages.retain(|k, _v| !decrypted_messages.contains_key(k)); | ||||||
|  | 
 | ||||||
|  |     let left_from_threshold = threshold as usize - decrypted_messages.len(); | ||||||
|  |     if left_from_threshold > 0 { | ||||||
|  |         eprintln!("remaining keys: {left_from_threshold}, prompting yubikeys"); | ||||||
|  |     } | ||||||
|  |     for _ in 0..left_from_threshold { | ||||||
|  |         todo!("prompt for Yubikeys") | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     let shares = decrypted_messages | ||||||
|  |         .values() | ||||||
|  |         .map(|message| Share::try_from(message.as_slice())) | ||||||
|  |         .collect::<Result<Vec<_>, &str>>() | ||||||
|  |         .map_err(|e| WrappedError(e.to_string()))?; | ||||||
|  |     let secret = Sharks(threshold).recover(&shares)?; | ||||||
|  | 
 | ||||||
|  |     output.write_all(smex::encode(&secret).as_bytes())?; | ||||||
|  | 
 | ||||||
|  |     Ok(()) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | pub fn split(threshold: u8, certs: Vec<Cert>, secret: &[u8], output: impl Write) -> Result<()> { | ||||||
|  |     // build cert to sign encrypted shares
 | ||||||
|  |     let userid = UserID::from("keyfork-sss"); | ||||||
|  |     let kdr = DerivationRequest::new( | ||||||
|  |         DerivationAlgorithm::Ed25519, | ||||||
|  |         &DerivationPath::from_str("m/7366512'/0'")?, | ||||||
|  |     ) | ||||||
|  |     .derive_with_master_seed(secret.to_vec())?; | ||||||
|  |     let derived_cert = keyfork_derive_openpgp::derive( | ||||||
|  |         kdr, | ||||||
|  |         &[KeyFlags::empty().set_certification().set_signing()], | ||||||
|  |         userid, | ||||||
|  |     )?; | ||||||
|  |     let signing_key = derived_cert | ||||||
|  |         .primary_key() | ||||||
|  |         .parts_into_secret()? | ||||||
|  |         .key() | ||||||
|  |         .clone() | ||||||
|  |         .into_keypair()?; | ||||||
|  | 
 | ||||||
|  |     let sharks = Sharks(threshold); | ||||||
|  |     let dealer = sharks.dealer(secret); | ||||||
|  |     let shares = dealer.map(|s| Vec::from(&s)).collect::<Vec<_>>(); | ||||||
|  |     let policy = StandardPolicy::new(); | ||||||
|  |     let mut writer = Writer::new(output, Kind::Message)?; | ||||||
|  | 
 | ||||||
|  |     let mut total_recipients = vec![]; | ||||||
|  |     let mut messages = vec![]; | ||||||
|  | 
 | ||||||
|  |     for (share, cert) in shares.iter().zip(certs) { | ||||||
|  |         total_recipients.push(cert.clone()); | ||||||
|  |         let valid_cert = cert.with_policy(&policy, None)?; | ||||||
|  |         let encryption_keys = get_encryption_keys(&valid_cert).collect::<Vec<_>>(); | ||||||
|  | 
 | ||||||
|  |         let mut message_output = vec![]; | ||||||
|  |         let message = Message::new(&mut message_output); | ||||||
|  |         let message = Encryptor::for_recipients( | ||||||
|  |             message, | ||||||
|  |             encryption_keys | ||||||
|  |                 .iter() | ||||||
|  |                 .map(|k| Recipient::new(KeyID::wildcard(), k.key())), | ||||||
|  |         ) | ||||||
|  |         .build()?; | ||||||
|  |         let message = Signer::new(message, signing_key.clone()).build()?; | ||||||
|  |         let mut message = LiteralWriter::new(message).build()?; | ||||||
|  |         message.write_all(share)?; | ||||||
|  |         message.finalize()?; | ||||||
|  | 
 | ||||||
|  |         messages.push(message_output); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     let mut pp = vec![]; | ||||||
|  |     // store derived cert to verify provided shares
 | ||||||
|  |     derived_cert.serialize(&mut pp)?; | ||||||
|  |     for recipient in &total_recipients { | ||||||
|  |         recipient.serialize(&mut pp)?; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     // verify packet pile
 | ||||||
|  |     for (packet_cert, cert) in openpgp::cert::CertParser::from_bytes(&pp)? | ||||||
|  |         .skip(1) | ||||||
|  |         .zip(total_recipients.iter()) | ||||||
|  |     { | ||||||
|  |         if packet_cert? != *cert { | ||||||
|  |             panic!( | ||||||
|  |                 "packet pile could not recreate cert: {}", | ||||||
|  |                 cert.fingerprint() | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     let valid_certs = total_recipients | ||||||
|  |         .iter() | ||||||
|  |         .map(|c| c.with_policy(&policy, None)) | ||||||
|  |         .collect::<openpgp::Result<Vec<_>>>()?; | ||||||
|  | 
 | ||||||
|  |     let total_recipients = valid_certs.iter().flat_map(|vc| { | ||||||
|  |         get_encryption_keys(vc).map(|key| Recipient::new(KeyID::wildcard(), key.key())) | ||||||
|  |     }); | ||||||
|  | 
 | ||||||
|  |     // metadata
 | ||||||
|  |     let mut message_output = vec![]; | ||||||
|  |     let message = Message::new(&mut message_output); | ||||||
|  |     let message = Encryptor::for_recipients(message, total_recipients).build()?; | ||||||
|  |     let mut message = LiteralWriter::new(message).build()?; | ||||||
|  |     message.write_all(&pp)?; | ||||||
|  |     message.finalize()?; | ||||||
|  |     writer.write_all(&message_output)?; | ||||||
|  | 
 | ||||||
|  |     for message in messages { | ||||||
|  |         writer.write_all(&message)?; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     writer.finalize()?; | ||||||
|  | 
 | ||||||
|  |     Ok(()) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @ -1,338 +0,0 @@ | ||||||
| use std::{ |  | ||||||
|     collections::{HashMap, VecDeque}, |  | ||||||
|     io::{Read, Write}, |  | ||||||
|     path::Path, |  | ||||||
|     str::FromStr, |  | ||||||
| }; |  | ||||||
| 
 |  | ||||||
| use keyfork_derive_openpgp::derive_util::{ |  | ||||||
|     request::{DerivationAlgorithm, DerivationRequest}, |  | ||||||
|     DerivationPath, |  | ||||||
| }; |  | ||||||
| use openpgp::{ |  | ||||||
|     armor::{Kind, Writer}, |  | ||||||
|     cert::{Cert, CertParser, ValidCert}, |  | ||||||
|     packet::{Packet, Tag, UserID, PKESK, SEIP}, |  | ||||||
|     parse::{stream::DecryptorBuilder, Parse}, |  | ||||||
|     policy::{NullPolicy, Policy, StandardPolicy}, |  | ||||||
|     serialize::{ |  | ||||||
|         stream::{ArbitraryWriter, Encryptor, LiteralWriter, Message, Recipient, Signer}, |  | ||||||
|         Marshal, |  | ||||||
|     }, |  | ||||||
|     types::KeyFlags, |  | ||||||
|     KeyID, PacketPile |  | ||||||
| }; |  | ||||||
| pub use sequoia_openpgp as openpgp; |  | ||||||
| use sharks::{Share, Sharks}; |  | ||||||
| 
 |  | ||||||
| mod keyring; |  | ||||||
| use keyring::Keyring; |  | ||||||
| 
 |  | ||||||
| // TODO: better error handling
 |  | ||||||
| 
 |  | ||||||
| #[derive(Debug, Clone)] |  | ||||||
| pub struct WrappedError(String); |  | ||||||
| 
 |  | ||||||
| impl std::fmt::Display for WrappedError { |  | ||||||
|     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { |  | ||||||
|         f.write_str(&self.0) |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| impl std::error::Error for WrappedError {} |  | ||||||
| 
 |  | ||||||
| pub type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>; |  | ||||||
| 
 |  | ||||||
| #[derive(Debug, Clone)] |  | ||||||
| pub struct EncryptedMessage { |  | ||||||
|     pkesks: Vec<PKESK>, |  | ||||||
|     message: SEIP, |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| impl EncryptedMessage { |  | ||||||
|     pub fn with_swap(pkesks: &mut Vec<PKESK>, seip: SEIP) -> Self { |  | ||||||
|         Self { |  | ||||||
|             pkesks: std::mem::take(pkesks), |  | ||||||
|             message: seip, |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     pub fn decrypt_with(&self, policy: &'_ dyn Policy, keyring: &mut Keyring) -> Result<Vec<u8>> { |  | ||||||
|         let mut packets = vec![]; |  | ||||||
| 
 |  | ||||||
|         for pkesk in &self.pkesks { |  | ||||||
|             let mut packet = vec![]; |  | ||||||
|             pkesk.serialize(&mut packet)?; |  | ||||||
|             let message = Message::new(&mut packets); |  | ||||||
|             let mut message = ArbitraryWriter::new(message, Tag::PKESK)?; |  | ||||||
|             message.write_all(&packet)?; |  | ||||||
|             message.finalize()?; |  | ||||||
|         } |  | ||||||
|         let mut packet = vec![]; |  | ||||||
|         self.message.serialize(&mut packet)?; |  | ||||||
|         let message = Message::new(&mut packets); |  | ||||||
|         let mut message = ArbitraryWriter::new(message, Tag::SEIP)?; |  | ||||||
|         message.write_all(&packet)?; |  | ||||||
|         message.finalize()?; |  | ||||||
| 
 |  | ||||||
|         let mut decryptor = |  | ||||||
|             DecryptorBuilder::from_bytes(&packets)?.with_policy(policy, None, keyring)?; |  | ||||||
| 
 |  | ||||||
|         let mut content = vec![]; |  | ||||||
|         decryptor.read_to_end(&mut content)?; |  | ||||||
|         Ok(content) |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| pub fn discover_certs(path: impl AsRef<Path>) -> Result<Vec<Cert>> { |  | ||||||
|     let path = path.as_ref(); |  | ||||||
| 
 |  | ||||||
|     if path.is_file() { |  | ||||||
|         let mut vec = vec![]; |  | ||||||
|         for cert in CertParser::from_file(path)? { |  | ||||||
|             vec.push(cert?); |  | ||||||
|         } |  | ||||||
|         Ok(vec) |  | ||||||
|     } else { |  | ||||||
|         let mut vec = vec![]; |  | ||||||
|         for entry in path |  | ||||||
|             .read_dir()? |  | ||||||
|             .filter_map(Result::ok) |  | ||||||
|             .filter(|p| p.path().is_file()) |  | ||||||
|         { |  | ||||||
|             vec.push(Cert::from_file(entry.path())?); |  | ||||||
|         } |  | ||||||
|         Ok(vec) |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| pub fn parse_messages(reader: impl Read + Send + Sync) -> Result<VecDeque<EncryptedMessage> >{ |  | ||||||
|     let mut pkesks = Vec::new(); |  | ||||||
|     let mut encrypted_messages = VecDeque::new(); |  | ||||||
| 
 |  | ||||||
|     for packet in PacketPile::from_reader(reader)?.into_children() { |  | ||||||
|         match packet { |  | ||||||
|             Packet::PKESK(p) => pkesks.push(p), |  | ||||||
|             Packet::SEIP(s) => { |  | ||||||
|                 encrypted_messages.push_back(EncryptedMessage::with_swap(&mut pkesks, s)); |  | ||||||
|             } |  | ||||||
|             s => { |  | ||||||
|                 panic!("Invalid variant found: {}", s.tag()); |  | ||||||
|             } |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     Ok(encrypted_messages) |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| fn get_encryption_keys<'a>( |  | ||||||
|     cert: &'a ValidCert, |  | ||||||
| ) -> openpgp::cert::prelude::ValidKeyAmalgamationIter< |  | ||||||
|     'a, |  | ||||||
|     openpgp::packet::key::PublicParts, |  | ||||||
|     openpgp::packet::key::UnspecifiedRole, |  | ||||||
| > { |  | ||||||
|     cert.keys() |  | ||||||
|         .alive() |  | ||||||
|         .revoked(false) |  | ||||||
|         .supported() |  | ||||||
|         .for_storage_encryption() |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| fn get_decryption_keys<'a>( |  | ||||||
|     cert: &'a ValidCert, |  | ||||||
| ) -> openpgp::cert::prelude::ValidKeyAmalgamationIter< |  | ||||||
|     'a, |  | ||||||
|     openpgp::packet::key::SecretParts, |  | ||||||
|     openpgp::packet::key::UnspecifiedRole, |  | ||||||
| > { |  | ||||||
|     cert.keys() |  | ||||||
|         /* |  | ||||||
|         .alive() |  | ||||||
|         .revoked(false) |  | ||||||
|         .supported() |  | ||||||
|         */ |  | ||||||
|         .for_storage_encryption() |  | ||||||
|         .secret() |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| pub fn combine( |  | ||||||
|     threshold: u8, |  | ||||||
|     certs: Vec<Cert>, |  | ||||||
|     metadata: EncryptedMessage, |  | ||||||
|     messages: Vec<EncryptedMessage>, |  | ||||||
|     mut output: impl Write, |  | ||||||
| ) -> Result<()> { |  | ||||||
|     // Be as liberal as possible when decrypting.
 |  | ||||||
|     // We don't want to invalidate someone's keys just because the old sig expired.
 |  | ||||||
|     let policy = NullPolicy::new(); |  | ||||||
| 
 |  | ||||||
|     let mut keyring = Keyring::new(certs); |  | ||||||
|     let content = metadata.decrypt_with(&policy, &mut keyring)?; |  | ||||||
| 
 |  | ||||||
|     let mut cert_parser = CertParser::from_bytes(&content)?; |  | ||||||
|     let root_cert = match cert_parser.next() { |  | ||||||
|         Some(Ok(c)) => c, |  | ||||||
|         Some(Err(e)) => panic!("Could not find root (first) certificate: {e}"), |  | ||||||
|         None => panic!("No certs found in cert parser"), |  | ||||||
|     }; |  | ||||||
|     let certs = cert_parser.collect::<openpgp::Result<Vec<_>>>()?; |  | ||||||
|     keyring.set_root_cert(root_cert); |  | ||||||
|     let mut messages: HashMap<KeyID, EncryptedMessage> = |  | ||||||
|         HashMap::from_iter(certs.iter().map(|c| c.keyid()).zip(messages)); |  | ||||||
|     let mut decrypted_messages: HashMap<KeyID, Vec<u8>> = HashMap::new(); |  | ||||||
| 
 |  | ||||||
|     // NOTE: This is ONLY stable because we control the generation of PKESK packets and
 |  | ||||||
|     // encode the policy to ourselves.
 |  | ||||||
|     for valid_cert in certs.iter().map(|cert| cert.with_policy(&policy, None)) { |  | ||||||
|         let valid_cert = valid_cert?; |  | ||||||
|         // get keys from keyring for cert
 |  | ||||||
|         let Some(secret_cert) = keyring.get_cert_for_primary_keyid(&valid_cert.keyid()) else { |  | ||||||
|             continue; |  | ||||||
|         }; |  | ||||||
|         let secret_cert = secret_cert.with_policy(&policy, None)?; |  | ||||||
|         let keys = get_decryption_keys(&secret_cert).collect::<Vec<_>>(); |  | ||||||
|         if !keys.is_empty() { |  | ||||||
|             if let Some(message) = messages.get_mut(&valid_cert.keyid()) { |  | ||||||
|                 for (pkesk, key) in message.pkesks.iter_mut().zip(keys) { |  | ||||||
|                     pkesk.set_recipient(key.keyid()); |  | ||||||
|                 } |  | ||||||
|                 // we have a pkesk, decrypt via keyring
 |  | ||||||
|                 let result = message.decrypt_with(&policy, &mut keyring); |  | ||||||
|                 match result { |  | ||||||
|                     Ok(message) => { |  | ||||||
|                         decrypted_messages.insert(valid_cert.keyid(), message); |  | ||||||
|                     } |  | ||||||
|                     Err(e) => { |  | ||||||
|                         eprintln!( |  | ||||||
|                             "Could not decrypt with fingerprint {}: {}", |  | ||||||
|                             valid_cert.keyid(), |  | ||||||
|                             e |  | ||||||
|                         ); |  | ||||||
|                         // do nothing, key will be retained
 |  | ||||||
|                     } |  | ||||||
|                 } |  | ||||||
|             } |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     // clean decrypted messages from encrypted messages
 |  | ||||||
|     messages.retain(|k, _v| !decrypted_messages.contains_key(k)); |  | ||||||
| 
 |  | ||||||
|     let left_from_threshold = threshold as usize - decrypted_messages.len(); |  | ||||||
|     if left_from_threshold > 0 { |  | ||||||
|         eprintln!("remaining keys: {left_from_threshold}, prompting yubikeys"); |  | ||||||
|     } |  | ||||||
|     for _ in 0..left_from_threshold { |  | ||||||
|         todo!("prompt for Yubikeys") |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     let shares = decrypted_messages |  | ||||||
|         .values() |  | ||||||
|         .map(|message| Share::try_from(message.as_slice())) |  | ||||||
|         .collect::<Result<Vec<_>, &str>>() |  | ||||||
|         .map_err(|e| WrappedError(e.to_string()))?; |  | ||||||
|     let secret = Sharks(threshold).recover(&shares)?; |  | ||||||
| 
 |  | ||||||
|     output.write_all(smex::encode(&secret).as_bytes())?; |  | ||||||
| 
 |  | ||||||
|     Ok(()) |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| pub fn split(threshold: u8, certs: Vec<Cert>, secret: &[u8], output: impl Write) -> Result<()> { |  | ||||||
|     // build cert to sign encrypted shares
 |  | ||||||
|     let userid = UserID::from("keyfork-sss"); |  | ||||||
|     let kdr = DerivationRequest::new( |  | ||||||
|         DerivationAlgorithm::Ed25519, |  | ||||||
|         &DerivationPath::from_str("m/7366512'/0'")?, |  | ||||||
|     ) |  | ||||||
|     .derive_with_master_seed(secret.to_vec())?; |  | ||||||
|     let derived_cert = keyfork_derive_openpgp::derive( |  | ||||||
|         kdr, |  | ||||||
|         &[KeyFlags::empty().set_certification().set_signing()], |  | ||||||
|         userid, |  | ||||||
|     )?; |  | ||||||
|     let signing_key = derived_cert |  | ||||||
|         .primary_key() |  | ||||||
|         .parts_into_secret()? |  | ||||||
|         .key() |  | ||||||
|         .clone() |  | ||||||
|         .into_keypair()?; |  | ||||||
| 
 |  | ||||||
|     let sharks = Sharks(threshold); |  | ||||||
|     let dealer = sharks.dealer(secret); |  | ||||||
|     let shares = dealer.map(|s| Vec::from(&s)).collect::<Vec<_>>(); |  | ||||||
|     let policy = StandardPolicy::new(); |  | ||||||
|     let mut writer = Writer::new(output, Kind::Message)?; |  | ||||||
| 
 |  | ||||||
|     let mut total_recipients = vec![]; |  | ||||||
|     let mut messages = vec![]; |  | ||||||
| 
 |  | ||||||
|     for (share, cert) in shares.iter().zip(certs) { |  | ||||||
|         total_recipients.push(cert.clone()); |  | ||||||
|         let valid_cert = cert.with_policy(&policy, None)?; |  | ||||||
|         let encryption_keys = get_encryption_keys(&valid_cert).collect::<Vec<_>>(); |  | ||||||
| 
 |  | ||||||
|         let mut message_output = vec![]; |  | ||||||
|         let message = Message::new(&mut message_output); |  | ||||||
|         let message = Encryptor::for_recipients( |  | ||||||
|             message, |  | ||||||
|             encryption_keys |  | ||||||
|                 .iter() |  | ||||||
|                 .map(|k| Recipient::new(KeyID::wildcard(), k.key())), |  | ||||||
|         ) |  | ||||||
|         .build()?; |  | ||||||
|         let message = Signer::new(message, signing_key.clone()).build()?; |  | ||||||
|         let mut message = LiteralWriter::new(message).build()?; |  | ||||||
|         message.write_all(share)?; |  | ||||||
|         message.finalize()?; |  | ||||||
| 
 |  | ||||||
|         messages.push(message_output); |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     let mut pp = vec![]; |  | ||||||
|     // store derived cert to verify provided shares
 |  | ||||||
|     derived_cert.serialize(&mut pp)?; |  | ||||||
|     for recipient in &total_recipients { |  | ||||||
|         recipient.serialize(&mut pp)?; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     // verify packet pile
 |  | ||||||
|     for (packet_cert, cert) in openpgp::cert::CertParser::from_bytes(&pp)? |  | ||||||
|         .skip(1) |  | ||||||
|         .zip(total_recipients.iter()) |  | ||||||
|     { |  | ||||||
|         if packet_cert? != *cert { |  | ||||||
|             panic!( |  | ||||||
|                 "packet pile could not recreate cert: {}", |  | ||||||
|                 cert.fingerprint() |  | ||||||
|             ); |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     let valid_certs = total_recipients |  | ||||||
|         .iter() |  | ||||||
|         .map(|c| c.with_policy(&policy, None)) |  | ||||||
|         .collect::<openpgp::Result<Vec<_>>>()?; |  | ||||||
| 
 |  | ||||||
|     let total_recipients = valid_certs.iter().flat_map(|vc| { |  | ||||||
|         get_encryption_keys(vc).map(|key| Recipient::new(KeyID::wildcard(), key.key())) |  | ||||||
|     }); |  | ||||||
| 
 |  | ||||||
|     // metadata
 |  | ||||||
|     let mut message_output = vec![]; |  | ||||||
|     let message = Message::new(&mut message_output); |  | ||||||
|     let message = Encryptor::for_recipients(message, total_recipients).build()?; |  | ||||||
|     let mut message = LiteralWriter::new(message).build()?; |  | ||||||
|     message.write_all(&pp)?; |  | ||||||
|     message.finalize()?; |  | ||||||
|     writer.write_all(&message_output)?; |  | ||||||
| 
 |  | ||||||
|     for message in messages { |  | ||||||
|         writer.write_all(&message)?; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     writer.finalize()?; |  | ||||||
| 
 |  | ||||||
|     Ok(()) |  | ||||||
| } |  | ||||||
|  | @ -8,11 +8,7 @@ | ||||||
| - [Binaries](./bin/index.md) | - [Binaries](./bin/index.md) | ||||||
|   - [keyfork](./bin/keyfork/index.md) |   - [keyfork](./bin/keyfork/index.md) | ||||||
|     - [mnemonic](./bin/keyfork/mnemonic/index.md) |     - [mnemonic](./bin/keyfork/mnemonic/index.md) | ||||||
|     - [shard](./bin/keyfork/shard/index.md) |  | ||||||
|   - [keyforkd](./bin/keyforkd.md) |   - [keyforkd](./bin/keyforkd.md) | ||||||
|   - [keyfork-shard](./bin/keyfork-shard/index.md) |  | ||||||
|     - [keyfork-shard-split-openpgp](./bin/keyfork-shard/openpgp/split.md) |  | ||||||
|     - [keyfork-shard-combine-openpgp](./bin/keyfork-shard/openpgp/combine.md) |  | ||||||
|   - [keyfork-entropy](./bin/keyfork-plumbing/entropy.md) |   - [keyfork-entropy](./bin/keyfork-plumbing/entropy.md) | ||||||
|   - [keyfork-mnemonic-from-seed](./bin/keyfork-plumbing/mnemonic-from-seed.md) |   - [keyfork-mnemonic-from-seed](./bin/keyfork-plumbing/mnemonic-from-seed.md) | ||||||
|   - [keyfork-derive-key](./bin/keyfork-derive-key.md) |   - [keyfork-derive-key](./bin/keyfork-derive-key.md) | ||||||
|  |  | ||||||
|  | @ -1,19 +0,0 @@ | ||||||
| # keyfork-shard |  | ||||||
| 
 |  | ||||||
| <!-- Linked to: keyfork-user-guide/src/bin/keyfork/shard/index.md --> |  | ||||||
| 
 |  | ||||||
| The `keyfork-shard` crate contains some binaries to enable M-of-N sharing of |  | ||||||
| data. All binaries use Shamir's Secret Sharing through the [`sharks`] crate. |  | ||||||
| 
 |  | ||||||
| ## OpenPGP |  | ||||||
| 
 |  | ||||||
| Keyfork provides OpenPGP compatible [`split`][openpgp-split] and |  | ||||||
| [`combine`][openpgp-combine] versions of Shard binaries. These binaries use |  | ||||||
| Sequoia OpenPGP and while they require all the necessary certificates for the |  | ||||||
| splitting stage, the certificates are included in the payload, and once Keyfork |  | ||||||
| supports decrypting using OpenPGP smartcards, certificates will not be required |  | ||||||
| to decrypt the shares. |  | ||||||
| 
 |  | ||||||
| [`sharks`]: https://docs.rs/sharks/latest/sharks/ |  | ||||||
| [openpgp-split]: ./openpgp/split.md |  | ||||||
| [openpgp-combine]: ./openpgp/combine.md |  | ||||||
|  | @ -1,26 +0,0 @@ | ||||||
| # keyfork-shard-combine-openpgp |  | ||||||
| 
 |  | ||||||
| Combine `threshold` shares into a previously [`split`] secret. |  | ||||||
| 
 |  | ||||||
| ## Arguments |  | ||||||
| 
 |  | ||||||
| `keyfork-shard-combine-openpgp threshold key_discovery` |  | ||||||
| 
 |  | ||||||
| * `threshold`: Minimum number of operators present to recover the secret, as |  | ||||||
|   previously configured when creating the secret |  | ||||||
| * `key_discovery`: Either a file or a directory containing OpenPGP keys. |  | ||||||
|   If a file, load all keys from the file. |  | ||||||
|   If a directory, for every file in the directory (non-recursively), load |  | ||||||
|   keys from the file. |  | ||||||
|   If the amount of keys found is less than `threshold`, an OpenPGP Card |  | ||||||
|   fallback will be used to decrypt the rest of the messages. |  | ||||||
| 
 |  | ||||||
| ## Input |  | ||||||
| 
 |  | ||||||
| OpenPGP Messages from [`split`]. |  | ||||||
| 
 |  | ||||||
| ## Output |  | ||||||
| 
 |  | ||||||
| Hex-encoded secret. |  | ||||||
| 
 |  | ||||||
| [`split`]: ./split.md |  | ||||||
|  | @ -1,33 +0,0 @@ | ||||||
| # keyfork-shard-split-openpgp |  | ||||||
| 
 |  | ||||||
| <!-- Linked to: keyfork-user-guide/src/bin/keyfork-shard/index.md --> |  | ||||||
| 
 |  | ||||||
| Split a secret into threshold-of-max shares, encrypting each share to an |  | ||||||
| OpenPGP certificate. The resulting file may be kept by any share operator, but |  | ||||||
| requires at least `threshold` operators to be present to combine into the |  | ||||||
| original secret. |  | ||||||
| 
 |  | ||||||
| ## Arguments |  | ||||||
| 
 |  | ||||||
| `keyfork-shard-split-openpgp threshold max key_discovery` |  | ||||||
| 
 |  | ||||||
| * `threshold`: Minimum number of operators present to recover the secret |  | ||||||
| * `max`: Maximum number of operators; this many OpenPGP certs must be available |  | ||||||
| * `key_discovery`: Either a file or a directory containing OpenPGP certs. |  | ||||||
|   If a file, load all certificates from the file. |  | ||||||
|   If a directory, for every file in the directory (non-recursively), load |  | ||||||
|   certificates from the file. |  | ||||||
| 
 |  | ||||||
| ## Input |  | ||||||
| 
 |  | ||||||
| Hex-encoded secret, ideally up to 2048 characters. For larger secrets, encrypt |  | ||||||
| beforehand using a symmetric key (AES256, for example), and split the symmetric |  | ||||||
| key. |  | ||||||
| 
 |  | ||||||
| ## Output |  | ||||||
| 
 |  | ||||||
| OpenPGP ASCII armored message containing several sequential encrypted messages. |  | ||||||
| 
 |  | ||||||
| **Note:** While it is possible to decrypt some of the messages using a tool |  | ||||||
| like GnuPG or Sequoia, it is not recommended to handle these messages using |  | ||||||
| tooling outside of Keyfork Shard. |  | ||||||
|  | @ -1,11 +1 @@ | ||||||
| # keyfork | # keyfork | ||||||
| 
 |  | ||||||
| The primary interface for interacting with the Keyfork utilities. |  | ||||||
| 
 |  | ||||||
| ## `shard` |  | ||||||
| 
 |  | ||||||
| Utilities for splitting and combining secrets using various formats. |  | ||||||
| 
 |  | ||||||
| ## `mnemonic` |  | ||||||
| 
 |  | ||||||
| Utilities pertaining to the creation and management of mnemonics. |  | ||||||
|  |  | ||||||
|  | @ -1,76 +0,0 @@ | ||||||
| # `keyfork shard` |  | ||||||
| 
 |  | ||||||
| <!-- Linked to: keyfork-user-guide/src/bin/keyfork-shard/index.md --> |  | ||||||
| 
 |  | ||||||
| Utilities to enable M-of-N sharing of data, using Shamir's Secret Sharing, |  | ||||||
| supporting multiple formats. |  | ||||||
| 
 |  | ||||||
| ## Options |  | ||||||
| 
 |  | ||||||
| * `--format`: Either `openpgp` or `p256`, provided anywhere after `split` |  | ||||||
| 
 |  | ||||||
| ### Format: OpenPGP |  | ||||||
| 
 |  | ||||||
| The secret is split and shares are automatically encrypted to provided OpenPGP |  | ||||||
| certificates. The resulting output is an OpenPGP ASCII armored message |  | ||||||
| containing several sequential encrypted messages. |  | ||||||
| 
 |  | ||||||
| When decrypting, for any missing keys that do not meet the threshold, the |  | ||||||
| command will prompt for a Yubikey to provide smartcard-based decryption of |  | ||||||
| shares. |  | ||||||
| 
 |  | ||||||
| ### Format: p256 |  | ||||||
| 
 |  | ||||||
| This section is incomplete as the functionality for p256 keys is not yet |  | ||||||
| implemented. |  | ||||||
| 
 |  | ||||||
| ## `keyfork shard split` |  | ||||||
| 
 |  | ||||||
| Split a secret into threshold-of-max shares. |  | ||||||
| 
 |  | ||||||
| ### Arguments |  | ||||||
| 
 |  | ||||||
| `keyfork shard split --threshold=threshold --max=max key_discovery` |  | ||||||
| 
 |  | ||||||
| * `threshold`: Minimum number of operators present to recover the secret |  | ||||||
| * `max`: Maximum number of operators, must equal the amount of keys in |  | ||||||
|   `key_discovery` |  | ||||||
| * `key_discovery`: Either a file or a directory containing public keys. |  | ||||||
|   If a file, load all public keys from a file. |  | ||||||
|   If a directory, for every file in the directory (non-recursively), load |  | ||||||
|   public keys from the file. |  | ||||||
| 
 |  | ||||||
| ### Input |  | ||||||
| 
 |  | ||||||
| Hex-encoded secret, ideally up to 2048 characters. For larger secrets, encrypt |  | ||||||
| beforehand using a symmetric key (AES256, for example), and split the symmetric |  | ||||||
| key. |  | ||||||
| 
 |  | ||||||
| ### Output |  | ||||||
| 
 |  | ||||||
| The output of the command is dependent on the format. |  | ||||||
| 
 |  | ||||||
| ## `keyfork shard combine` |  | ||||||
| 
 |  | ||||||
| Combine `threshold` shares into a secret. |  | ||||||
| 
 |  | ||||||
| ### Arguments |  | ||||||
| 
 |  | ||||||
| `keyfork shard combine --threshold=threshold [key_discovery]` |  | ||||||
| 
 |  | ||||||
| * `threshold`: Mini mum number of operators present to recover the secret |  | ||||||
| * `key_discovery`: Either a file or a directory containing public keys. |  | ||||||
|   If a file, load all private keys from a file. |  | ||||||
|   If a directory, for every file in the directory (non-recursively), load |  | ||||||
|   private keys from the file. |  | ||||||
|   If the amount of keys found is less than `threshold`, it is up to the format |  | ||||||
|   to determine how to discover the keys. |  | ||||||
| 
 |  | ||||||
| ### Input |  | ||||||
| 
 |  | ||||||
| The input of the command is dependent on the format, but should be the exact |  | ||||||
| same as the output from the `split` command previously used. |  | ||||||
| 
 |  | ||||||
| ### Output |  | ||||||
| 
 |  | ||||||
| Hex-encoded secret. |  | ||||||
|  | @ -11,4 +11,3 @@ clap = { version = "4.4.2", features = ["derive", "env"] } | ||||||
| thiserror = "1.0.48" | thiserror = "1.0.48" | ||||||
| smex = { version = "0.1.0", path = "../smex" } | smex = { version = "0.1.0", path = "../smex" } | ||||||
| keyfork-plumbing = { version = "0.1.0", path = "../keyfork-plumbing" } | keyfork-plumbing = { version = "0.1.0", path = "../keyfork-plumbing" } | ||||||
| keyfork-shard = { version = "0.1.0", path = "../keyfork-shard" } |  | ||||||
|  |  | ||||||
|  | @ -1,7 +1,6 @@ | ||||||
| use clap::{Parser, Subcommand}; | use clap::{Parser, Subcommand}; | ||||||
| 
 | 
 | ||||||
| mod mnemonic; | mod mnemonic; | ||||||
| mod shard; |  | ||||||
| 
 | 
 | ||||||
| /// The Kitchen Sink of Entropy.
 | /// The Kitchen Sink of Entropy.
 | ||||||
| #[derive(Parser, Clone, Debug)] | #[derive(Parser, Clone, Debug)] | ||||||
|  | @ -17,9 +16,6 @@ pub enum KeyforkCommands { | ||||||
|     /// Mnemonic generation and persistence utilities.
 |     /// Mnemonic generation and persistence utilities.
 | ||||||
|     Mnemonic(mnemonic::Mnemonic), |     Mnemonic(mnemonic::Mnemonic), | ||||||
| 
 | 
 | ||||||
|     /// Secret sharing utilities.
 |  | ||||||
|     Shard(shard::Shard), |  | ||||||
| 
 |  | ||||||
|     /// Keyforkd background daemon to manage seed creation.
 |     /// Keyforkd background daemon to manage seed creation.
 | ||||||
|     Daemon, |     Daemon, | ||||||
| } | } | ||||||
|  | @ -31,10 +27,6 @@ impl KeyforkCommands { | ||||||
|                 let response = m.command.handle(m, keyfork)?; |                 let response = m.command.handle(m, keyfork)?; | ||||||
|                 println!("{response}"); |                 println!("{response}"); | ||||||
|             } |             } | ||||||
|             KeyforkCommands::Shard(s) => { |  | ||||||
|                 // TODO: When actually fleshing out, this takes a `Read` and a `Write`
 |  | ||||||
|                 s.command.handle(s, keyfork)?; |  | ||||||
|             } |  | ||||||
|             KeyforkCommands::Daemon => { |             KeyforkCommands::Daemon => { | ||||||
|                 todo!() |                 todo!() | ||||||
|             } |             } | ||||||
|  |  | ||||||
|  | @ -1,186 +0,0 @@ | ||||||
| use super::Keyfork; |  | ||||||
| use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum}; |  | ||||||
| use std::{ |  | ||||||
|     io::{stdin, stdout, BufRead, BufReader, Read, Write}, |  | ||||||
|     path::{Path, PathBuf}, |  | ||||||
| }; |  | ||||||
| 
 |  | ||||||
| #[derive(Debug, Clone)] |  | ||||||
| enum Format { |  | ||||||
|     OpenPGP(OpenPGP), |  | ||||||
|     P256(P256), |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| impl ValueEnum for Format { |  | ||||||
|     fn value_variants<'a>() -> &'a [Self] { |  | ||||||
|         &[Self::OpenPGP(OpenPGP), Self::P256(P256)] |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     fn to_possible_value(&self) -> Option<PossibleValue> { |  | ||||||
|         Some(match self { |  | ||||||
|             Format::OpenPGP(_) => PossibleValue::new("openpgp"), |  | ||||||
|             Format::P256(_) => PossibleValue::new("p256"), |  | ||||||
|         }) |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| trait ShardExec { |  | ||||||
|     fn split( |  | ||||||
|         &self, |  | ||||||
|         threshold: u8, |  | ||||||
|         max: u8, |  | ||||||
|         key_discovery: impl AsRef<Path>, |  | ||||||
|         secret: &[u8], |  | ||||||
|         output: &mut impl Write, |  | ||||||
|     ) -> Result<(), Box<dyn std::error::Error>>; |  | ||||||
| 
 |  | ||||||
|     fn combine<T>( |  | ||||||
|         &self, |  | ||||||
|         threshold: u8, |  | ||||||
|         key_discovery: Option<T>, |  | ||||||
|         input: impl Read + Send + Sync, |  | ||||||
|         output: &mut impl Write, |  | ||||||
|     ) -> Result<(), Box<dyn std::error::Error>> |  | ||||||
|     where |  | ||||||
|         T: AsRef<Path>; |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| #[derive(Clone, Debug)] |  | ||||||
| struct OpenPGP; |  | ||||||
| 
 |  | ||||||
| impl ShardExec for OpenPGP { |  | ||||||
|     fn split( |  | ||||||
|         &self, |  | ||||||
|         threshold: u8, |  | ||||||
|         max: u8, |  | ||||||
|         key_discovery: impl AsRef<Path>, |  | ||||||
|         secret: &[u8], |  | ||||||
|         output: &mut impl Write, |  | ||||||
|     ) -> Result<(), Box<dyn std::error::Error>> { |  | ||||||
|         // Get certs and input
 |  | ||||||
|         let certs = keyfork_shard::openpgp::discover_certs(key_discovery.as_ref())?; |  | ||||||
|         assert_eq!( |  | ||||||
|             certs.len(), |  | ||||||
|             max.into(), |  | ||||||
|             "cert count {} != max {max}", |  | ||||||
|             certs.len() |  | ||||||
|         ); |  | ||||||
|         keyfork_shard::openpgp::split(threshold, certs, secret, output) |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     fn combine<T>( |  | ||||||
|         &self, |  | ||||||
|         threshold: u8, |  | ||||||
|         key_discovery: Option<T>, |  | ||||||
|         input: impl Read + Send + Sync, |  | ||||||
|         output: &mut impl Write, |  | ||||||
|     ) -> Result<(), Box<dyn std::error::Error>> |  | ||||||
|     where |  | ||||||
|         T: AsRef<Path>, |  | ||||||
|     { |  | ||||||
|         let certs = key_discovery |  | ||||||
|             .map(|kd| keyfork_shard::openpgp::discover_certs(kd.as_ref())) |  | ||||||
|             .transpose()? |  | ||||||
|             .unwrap_or(vec![]); |  | ||||||
| 
 |  | ||||||
|         let mut encrypted_messages = keyfork_shard::openpgp::parse_messages(input)?; |  | ||||||
|         let encrypted_metadata = encrypted_messages |  | ||||||
|             .pop_front() |  | ||||||
|             .expect("any pgp encrypted message"); |  | ||||||
| 
 |  | ||||||
|         keyfork_shard::openpgp::combine( |  | ||||||
|             threshold, |  | ||||||
|             certs, |  | ||||||
|             encrypted_metadata, |  | ||||||
|             encrypted_messages.into(), |  | ||||||
|             output, |  | ||||||
|         )?; |  | ||||||
| 
 |  | ||||||
|         Ok(()) |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| #[derive(Clone, Debug)] |  | ||||||
| struct P256; |  | ||||||
| 
 |  | ||||||
| #[derive(Subcommand, Clone, Debug)] |  | ||||||
| pub enum ShardSubcommands { |  | ||||||
|     /// Split a secret into multiple shares, using Shamir's Secret Sharing.
 |  | ||||||
|     Split { |  | ||||||
|         /// The amount of shares required to recombine a secret.
 |  | ||||||
|         #[arg(long)] |  | ||||||
|         threshold: u8, |  | ||||||
| 
 |  | ||||||
|         /// The total amount of shares to generate.
 |  | ||||||
|         #[arg(long)] |  | ||||||
|         max: u8, |  | ||||||
| 
 |  | ||||||
|         /// The path to discover public keys from.
 |  | ||||||
|         key_discovery: PathBuf, |  | ||||||
|     }, |  | ||||||
| 
 |  | ||||||
|     /// Combine multiple shares into a secret
 |  | ||||||
|     Combine { |  | ||||||
|         /// The amount of sharesr equired to recombine a secret.
 |  | ||||||
|         #[arg(long)] |  | ||||||
|         threshold: u8, |  | ||||||
| 
 |  | ||||||
|         /// The path to discover private keys from.
 |  | ||||||
|         key_discovery: Option<PathBuf>, |  | ||||||
|     }, |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| impl ShardSubcommands { |  | ||||||
|     pub fn handle( |  | ||||||
|         &self, |  | ||||||
|         shard: &Shard, |  | ||||||
|         _keyfork: &Keyfork, |  | ||||||
|     ) -> Result<(), Box<dyn std::error::Error>> { |  | ||||||
|         let stdin = stdin(); |  | ||||||
|         let mut stdout = stdout(); |  | ||||||
|         match self { |  | ||||||
|             ShardSubcommands::Split { |  | ||||||
|                 threshold, |  | ||||||
|                 max, |  | ||||||
|                 key_discovery, |  | ||||||
|             } => { |  | ||||||
|                 assert!(threshold <= max, "threshold {threshold} <= max {max}"); |  | ||||||
|                 let mut input = BufReader::new(stdin); |  | ||||||
|                 let mut hex_line = String::new(); |  | ||||||
|                 input.read_line(&mut hex_line)?; |  | ||||||
|                 let secret = smex::decode(hex_line.trim())?; |  | ||||||
|                 match &shard.format { |  | ||||||
|                     Some(Format::OpenPGP(o)) => { |  | ||||||
|                         o.split(*threshold, *max, key_discovery, &secret, &mut stdout) |  | ||||||
|                     } |  | ||||||
|                     Some(Format::P256(_p)) => { |  | ||||||
|                         todo!() |  | ||||||
|                     } |  | ||||||
|                     None => panic!("--format was not given"), |  | ||||||
|                 } |  | ||||||
|             } |  | ||||||
|             ShardSubcommands::Combine { |  | ||||||
|                 threshold, |  | ||||||
|                 key_discovery, |  | ||||||
|             } => match &shard.format { |  | ||||||
|                 Some(Format::OpenPGP(o)) => { |  | ||||||
|                     o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout) |  | ||||||
|                 } |  | ||||||
|                 Some(Format::P256(_p)) => { |  | ||||||
|                     todo!() |  | ||||||
|                 } |  | ||||||
|                 None => panic!("--format was not given"), |  | ||||||
|             }, |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| #[derive(Parser, Debug, Clone)] |  | ||||||
| pub struct Shard { |  | ||||||
|     /// Which format to use for encoding/encrypting and decoding/decrypting shares.
 |  | ||||||
|     #[arg(long, value_enum, global = true)] |  | ||||||
|     format: Option<Format>, |  | ||||||
| 
 |  | ||||||
|     #[command(subcommand)] |  | ||||||
|     pub command: ShardSubcommands, |  | ||||||
| } |  | ||||||
		Loading…
	
		Reference in New Issue