public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: public:bf0468e405b0f82f5fe34a8405ba428a68f3b77b
Branches Tags
public:main
public:ryansquared/staging-since-latest
public:ryansquared/quick-and-dirty-prompt
public:ryansquared/keyfork-mnemonic-refactors
public:ryansquared/bottoms-up
public:anton/require-min-entropy
public:anton/chore/update-readme
public:anton/feat/min_bit_req
public:ryan/shard-improvements
public:ryan/harden-derivation-on-highest-level-keys
public:ryan/use-instant-time-qrcode
public:stagex-build
public:ryan/old-static-retain-for-stagex
public:ryan/recover-shardholder-hardware
public:ryan/keyfork-prompt/steel
public:ryan/keyfork-shard/reuse-prompt-handler
public:ryan/keyfork-shard-reuse-prompt-handler
public:keyfork-shard-traitify
public:ryan/fearless-conversions
public:ryan/optimize-hunk
public:ryan/cargo-update
public:ryansquared/keyfork-shard/openpgp-card
public:keyfork-shard-v0.2.2
public:keyfork-v0.2.3
public:keyfork-derive-openpgp-v0.1.2
public:keyfork-v0.2.2
public:keyforkd-models-v0.2.0
public:keyforkd-client-v0.2.0
public:keyforkd-v0.1.1
public:keyfork-shard-v0.2.0
public:keyfork-qrcode-v0.1.1
public:keyfork-prompt-v0.1.1
public:keyfork-mnemonic-util-v0.3.0
public:keyfork-entropy-v0.1.1
public:keyfork-derive-util-v0.2.0
public:keyfork-derive-path-data-v0.1.1
public:keyfork-derive-openpgp-v0.1.1
public:keyfork-derive-key-v0.1.1
public:keyfork-v0.2.0
public:keyfork-v0.1.0
public:smex-v0.1.0
public:keyfork-bug-v0.1.0
public:keyfork-bin-v0.1.0
public:keyfork-slip10-test-data-v0.1.0
public:keyfork-derive-util-v0.1.0
public:keyfork-frame-v0.1.0
public:keyforkd-models-v0.1.0
public:keyforkd-client-v0.1.0
public:keyfork-derive-openpgp-v0.1.0
public:keyfork-entropy-v0.1.0
public:keyfork-crossterm-v0.27.1
public:keyfork-prompt-v0.1.0
public:keyfork-zbar-sys-v0.1.0
public:keyfork-zbar-v0.1.0
public:keyfork-qrcode-v0.1.0
public:keyfork-shard-v0.1.0
public:keyfork-derive-path-data-v0.1.0
public:keyforkd-v0.1.0
public:keyfork-derive-key-v0.1.0
public:keyfork-mnemonic-util-v0.2.0
public:keyfork-mnemonic-util-v0.1.0
..
compare: public:6a99a09089113fb2854f88e731865299b8519bd6
Branches Tags
public:main
public:ryansquared/staging-since-latest
public:ryansquared/quick-and-dirty-prompt
public:ryansquared/keyfork-mnemonic-refactors
public:ryansquared/bottoms-up
public:anton/require-min-entropy
public:anton/chore/update-readme
public:anton/feat/min_bit_req
public:ryan/shard-improvements
public:ryan/harden-derivation-on-highest-level-keys
public:ryan/use-instant-time-qrcode
public:stagex-build
public:ryan/old-static-retain-for-stagex
public:ryan/recover-shardholder-hardware
public:ryan/keyfork-prompt/steel
public:ryan/keyfork-shard/reuse-prompt-handler
public:ryan/keyfork-shard-reuse-prompt-handler
public:keyfork-shard-traitify
public:ryan/fearless-conversions
public:ryan/optimize-hunk
public:ryan/cargo-update
public:ryansquared/keyfork-shard/openpgp-card
public:keyfork-shard-v0.2.2
public:keyfork-v0.2.3
public:keyfork-derive-openpgp-v0.1.2
public:keyfork-v0.2.2
public:keyforkd-models-v0.2.0
public:keyforkd-client-v0.2.0
public:keyforkd-v0.1.1
public:keyfork-shard-v0.2.0
public:keyfork-qrcode-v0.1.1
public:keyfork-prompt-v0.1.1
public:keyfork-mnemonic-util-v0.3.0
public:keyfork-entropy-v0.1.1
public:keyfork-derive-util-v0.2.0
public:keyfork-derive-path-data-v0.1.1
public:keyfork-derive-openpgp-v0.1.1
public:keyfork-derive-key-v0.1.1
public:keyfork-v0.2.0
public:keyfork-v0.1.0
public:smex-v0.1.0
public:keyfork-bug-v0.1.0
public:keyfork-bin-v0.1.0
public:keyfork-slip10-test-data-v0.1.0
public:keyfork-derive-util-v0.1.0
public:keyfork-frame-v0.1.0
public:keyforkd-models-v0.1.0
public:keyforkd-client-v0.1.0
public:keyfork-derive-openpgp-v0.1.0
public:keyfork-entropy-v0.1.0
public:keyfork-crossterm-v0.27.1
public:keyfork-prompt-v0.1.0
public:keyfork-zbar-sys-v0.1.0
public:keyfork-zbar-v0.1.0
public:keyfork-qrcode-v0.1.0
public:keyfork-shard-v0.1.0
public:keyfork-derive-path-data-v0.1.0
public:keyforkd-v0.1.0
public:keyfork-derive-key-v0.1.0
public:keyfork-mnemonic-util-v0.2.0
public:keyfork-mnemonic-util-v0.1.0

No commits in common. "bf0468e405b0f82f5fe34a8405ba428a68f3b77b" and "6a99a09089113fb2854f88e731865299b8519bd6" have entirely different histories.
bf0468e405 ... 6a99a09089

1 changed files with 47 additions and 94 deletions
Show Stats Expand all files Collapse all files

141
keyfork-mnemonic-generate/src/main.rs
View File

@ -3,13 +3,10 @@ use std::{
error::Error, error::Error,
fs::{read_dir, read_to_string, File}, fs::{read_dir, read_to_string, File},
io::Read, io::Read,
fmt::Display,
}; };
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
type Result<T, E = Box<dyn Error>> = std::result::Result<T, E>;
/// Usage: keyfork-mnemonic-generate [bitsize: 128 or 256] /// Usage: keyfork-mnemonic-generate [bitsize: 128 or 256]
/// CHECKS: /// CHECKS:
/// * If the system is online /// * If the system is online
@ -22,33 +19,6 @@ type Result<T, E = Box<dyn Error>> = std::result::Result<T, E>;
static WARNING_LINKS: [&str; 1] = static WARNING_LINKS: [&str; 1] =
["https://lore.kernel.org/lkml/20211223141113.1240679-2-Jason@zx2c4.com/"]; ["https://lore.kernel.org/lkml/20211223141113.1240679-2-Jason@zx2c4.com/"];
#[derive(Debug)]
enum MnemonicGenerationError {
InvalidByteCount(usize),
InvalidByteLength(usize),
}
impl MnemonicGenerationError {
fn boxed(self) -> Box<Self> {
Box::new(self)
}
}
impl Display for MnemonicGenerationError {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
MnemonicGenerationError::InvalidByteCount(count) => {
write!(f, "Invalid byte count: {count}, must be divisible by 8")
}
MnemonicGenerationError::InvalidByteLength(count) => {
write!(f, "Invalid byte length: {count}, must be 128 or 256")
}
}
}
}
impl Error for MnemonicGenerationError {}
fn ensure_safe_kernel_version() { fn ensure_safe_kernel_version() {
let kernel_version = read_to_string("/proc/version").expect("/proc/version"); let kernel_version = read_to_string("/proc/version").expect("/proc/version");
let v = kernel_version let v = kernel_version
@ -91,64 +61,6 @@ fn ensure_offline() {
} }
} }
// TODO: Can a Mnemonic be formatted using a wordlist, without allocating or without storing the
// entire word list?
struct Mnemonic {
words: Vec<usize>,
wordlist: Vec<String>,
}
impl Mnemonic {
fn from_entropy(bytes: &[u8]) -> Result<Mnemonic> {
let bit_count = bytes.len() * 8;
let hash = generate_slice_hash(bytes);
if bit_count % 32 != 0 {
return Err(MnemonicGenerationError::InvalidByteCount(bit_count).boxed());
}
// 192 supported for test suite
if ![128, 192, 256].contains(&bit_count) {
return Err(MnemonicGenerationError::InvalidByteLength(bit_count).boxed());
}
assert_eq!(bit_count % 32, 0, "bit count must be in 32 bit increments");
let mut bits = vec![false; bit_count + bit_count / 32];
for byte_index in 0..bit_count / 8 {
for bit_index in 0..8 {
bits[byte_index * 8 + bit_index] = (bytes[byte_index] & (1 << (7 - bit_index))) > 0;
}
}
for check_bit in 0..bit_count / 32 {
bits[bit_count + check_bit] = (hash[check_bit / 8] & (1 << (7 - (check_bit % 8)))) > 0;
}
assert_eq!(bits.len() % 11, 0, "unstable bit count");
let words = bits
.chunks_exact(11)
.map(|chunk| bitslice_to_usize(chunk.try_into().expect("11 bit chunks")))
.collect::<Vec<_>>();
let wordlist = build_wordlist();
Ok(Mnemonic { words, wordlist })
}
}
impl Display for Mnemonic {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
let mut iter = self.words.iter().peekable();
while let Some(word_index) = iter.next() {
let word = &self.wordlist[*word_index];
write!(f, "{word}")?;
if iter.peek().is_some() {
write!(f, " ")?;
}
}
Ok(())
}
}
fn generate_slice_hash(data: &[u8]) -> Vec<u8> { fn generate_slice_hash(data: &[u8]) -> Vec<u8> {
let mut hasher = Sha256::new(); let mut hasher = Sha256::new();
hasher.update(data); hasher.update(data);
@ -172,7 +84,29 @@ fn bitslice_to_usize(bitslice: [bool; 11]) -> usize {
index index
} }
fn main() -> Result<()> { fn entropy_to_bits(bytes: &[u8]) -> Vec<bool> {
let bit_count = bytes.len() * 8;
let hash = generate_slice_hash(bytes);
assert_eq!(bit_count % 32, 0, "bit count must be in 32 bit increments");
let mut bits = vec![false; bit_count + bit_count / 32];
for byte_index in 0..bit_count / 8 {
for bit_index in 0..8 {
bits[byte_index * 8 + bit_index] = (bytes[byte_index] & (1 << (7 - bit_index))) > 0;
}
}
for check_bit in 0..bit_count / 32 {
bits[bit_count + check_bit] = (hash[check_bit / 8] & (1 << (7 - (check_bit % 8)))) > 0;
}
assert_eq!(bits.len() % 11, 0, "unstable bit count");
bits
}
fn main() -> Result<(), Box<dyn Error>> {
if !env::vars() if !env::vars()
.any(|(name, _)| name == "SHOOT_SELF_IN_FOOT" || name == "INSECURE_HARDWARE_ALLOWED") .any(|(name, _)| name == "SHOOT_SELF_IN_FOOT" || name == "INSECURE_HARDWARE_ALLOWED")
{ {
@ -180,6 +114,13 @@ fn main() -> Result<()> {
ensure_offline(); ensure_offline();
} }
let wordlist = build_wordlist();
assert_eq!(
wordlist.len(),
2usize.pow(11),
"Wordlist did not include correct word count"
);
let bit_size: usize = env::args() let bit_size: usize = env::args()
.nth(1) .nth(1)
.unwrap_or(String::from("256")) .unwrap_or(String::from("256"))
@ -194,9 +135,13 @@ fn main() -> Result<()> {
let entropy = &mut [0u8; 256 / 8]; let entropy = &mut [0u8; 256 / 8];
random_handle.read_exact(&mut entropy[..])?; random_handle.read_exact(&mut entropy[..])?;
let mnemonic = Mnemonic::from_entropy(&entropy[..bit_size / 8])?; let seed_bits = entropy_to_bits(entropy);
println!("{mnemonic}"); let words = seed_bits
.chunks_exact(11)
.map(|chunk| wordlist[bitslice_to_usize(chunk.try_into().expect("11 bit chunks"))].clone())
.collect::<Vec<_>>();
println!("{}", words.join(" "));
Ok(()) Ok(())
} }
@ -216,9 +161,10 @@ mod tests {
} }
#[test] #[test]
fn loads_mnemonics() -> Result<()> { fn loads_mnemonics() -> Result<(), Box<dyn super::Error>> {
let content = include_str!("test/vectors.json"); let content = include_str!("test/vectors.json");
let jsonobj: serde_json::Value = serde_json::from_str(content)?; let jsonobj: serde_json::Value = serde_json::from_str(content)?;
let wordlist = build_wordlist();
for test in jsonobj["english"].as_array().unwrap() { for test in jsonobj["english"].as_array().unwrap() {
let [ref hex_, ref seed, ..] = test.as_array().unwrap()[..] else { let [ref hex_, ref seed, ..] = test.as_array().unwrap()[..] else {
@ -226,9 +172,16 @@ mod tests {
}; };
let hex = hex::decode(hex_.as_str().unwrap()).unwrap(); let hex = hex::decode(hex_.as_str().unwrap()).unwrap();
let mnemonic = Mnemonic::from_entropy(&hex)?; let seed_bits = entropy_to_bits(&hex);
assert_eq!(mnemonic.to_string(), seed.as_str().unwrap()); let words = seed_bits
.chunks_exact(11)
.map(|chunk| {
wordlist[bitslice_to_usize(chunk.try_into().expect("11 bit chunks"))].clone()
})
.collect::<Vec<_>>();
assert_eq!(words.join(" "), seed.as_str().unwrap());
} }
Ok(()) Ok(())
} }