Compare commits
1 Commits
main
...
ryan/recov
Author | SHA1 | Date |
---|---|---|
Ryan Heywood | 960f098b95 |
|
@ -1,2 +0,0 @@
|
||||||
[registries.distrust]
|
|
||||||
index = "https://git.distrust.co/public/_cargo-index.git"
|
|
|
@ -1 +0,0 @@
|
||||||
audits filter=lfs diff=lfs merge=lfs -text
|
|
277
CHANGELOG.md
277
CHANGELOG.md
|
@ -1,277 +0,0 @@
|
||||||
# Keyfork v0.2.4
|
|
||||||
|
|
||||||
This release includes a lot of "maintenance" changes, without any changes in
|
|
||||||
end-user functionality.
|
|
||||||
|
|
||||||
### Changes in keyfork:
|
|
||||||
|
|
||||||
The most significant change in this release is the reorganization of some of
|
|
||||||
the subcommands, where they would be better as enum-traits, such as `keyfork
|
|
||||||
derive` and `keyfork wizard`.
|
|
||||||
|
|
||||||
```
|
|
||||||
b254ba7 cleanup post-merge
|
|
||||||
58d3c34 Merge branch 'main' into ryansquared/staging-since-latest
|
|
||||||
35f57fc Merge branch 'ryansquared/keyfork-mnemonic-refactors'
|
|
||||||
a2eb5fd bump dependencies with listed vulnerabilities (not affected)
|
|
||||||
5219c5a keyfork: enum-trait-ify choose-your-own commands
|
|
||||||
b26f296 keyfork-derive-path-data: move all pathcrafting here
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
f5627e5 keyfork-mnemonic-util: impl try_from_slice and from_array
|
|
||||||
02e5b54 keyfork-mnemonic-util::generate_seed: return const size array
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-openpgp:
|
|
||||||
|
|
||||||
```
|
|
||||||
b254ba7 cleanup post-merge
|
|
||||||
35f57fc Merge branch 'ryansquared/keyfork-mnemonic-refactors'
|
|
||||||
a2eb5fd bump dependencies with listed vulnerabilities (not affected)
|
|
||||||
b26f296 keyfork-derive-path-data: move all pathcrafting here
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-path-data:
|
|
||||||
|
|
||||||
This change now centralizes all special Keyfork paths. This means crates should
|
|
||||||
no longer be required to implement their own path parsing logic.
|
|
||||||
|
|
||||||
```
|
|
||||||
b26f296 keyfork-derive-path-data: move all pathcrafting here
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-util:
|
|
||||||
|
|
||||||
```
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-mnemonic:
|
|
||||||
|
|
||||||
`keyfork-mnemonic-util` has finally been renamed to `keyfork-mnemonic`. The
|
|
||||||
method names `as_bytes() => as_slice()`, `to_bytes() => to_vec()`, and
|
|
||||||
`into_bytes() => into_vec()`, and the function names
|
|
||||||
`from_bytes() => try_from_slice()` and
|
|
||||||
`from_nonstandard_bytes() => from_array()`, have been implemented to more
|
|
||||||
closely represent the native types they are representing. Additionally,
|
|
||||||
`Mnemonic::generate_seed()` has been modified to return a constant size array;
|
|
||||||
this is a breaking change, but should have minimal impact.
|
|
||||||
|
|
||||||
```
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
3ee81b6 keyfork-mnemonic-util: impl as_slice to_vec into_vec
|
|
||||||
f5627e5 keyfork-mnemonic-util: impl try_from_slice and from_array
|
|
||||||
02e5b54 keyfork-mnemonic-util::generate_seed: return const size array
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-prompt:
|
|
||||||
|
|
||||||
```
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-shard:
|
|
||||||
|
|
||||||
```
|
|
||||||
58d3c34 Merge branch 'main' into ryansquared/staging-since-latest
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
f5627e5 keyfork-mnemonic-util: impl try_from_slice and from_array
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyforkd:
|
|
||||||
|
|
||||||
```
|
|
||||||
35ab5e6 keyfork-mnemonic-util => keyfork-mnemonic
|
|
||||||
02e5b54 keyfork-mnemonic-util::generate_seed: return const size array
|
|
||||||
536e6da keyforkd{,-client}: lots of documentationings
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyforkd-client:
|
|
||||||
|
|
||||||
```
|
|
||||||
536e6da keyforkd{,-client}: lots of documentationings
|
|
||||||
```
|
|
||||||
|
|
||||||
# Keyfork v0.2.3
|
|
||||||
|
|
||||||
This release includes a bugfix for the wizard where the wizard was too strict
|
|
||||||
about when keys were "alive".
|
|
||||||
|
|
||||||
### Changes in keyfork:
|
|
||||||
|
|
||||||
```
|
|
||||||
dd4354f keyfork: bump keyfork-shard
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-shard:
|
|
||||||
|
|
||||||
```
|
|
||||||
ba64db8 update Cargo.toml and Cargo.lock
|
|
||||||
fa84a2a keyfork-shard: Be less strict about keys
|
|
||||||
```
|
|
||||||
|
|
||||||
# Keyfork v0.2.2
|
|
||||||
|
|
||||||
This release adds a new wizard, intended to be used at DEFCON 32.
|
|
||||||
|
|
||||||
### Changes in keyfork:
|
|
||||||
|
|
||||||
```
|
|
||||||
8d40d26 keyfork: add `bottoms-up` wizard
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-openpgp:
|
|
||||||
|
|
||||||
This change also includes a minor change, allowing the derivation path for
|
|
||||||
`keyfork-derive-openpg` to derive further than two paths, which was useful in
|
|
||||||
the testing of the wizard.
|
|
||||||
|
|
||||||
```
|
|
||||||
8d40d26 keyfork: add `bottoms-up` wizard
|
|
||||||
```
|
|
||||||
|
|
||||||
# Keyfork v0.2.1
|
|
||||||
|
|
||||||
This release contains an emergency bugfix for Keyfork Shard, which previously
|
|
||||||
would not be able to properly verify the length of remote shard QR codes.
|
|
||||||
|
|
||||||
# Keyfork v0.2.0
|
|
||||||
|
|
||||||
Some of the changes in this release are based on feedback from audits
|
|
||||||
(publications coming soon!). The previous version of Keyfork, in almost every
|
|
||||||
configuration, is safe to use. The most significant change in this version
|
|
||||||
affects Keyfork Shard, which has an incompatible difference between this
|
|
||||||
version and the previous version. Information about shards, such as the length
|
|
||||||
of the shard, could be leaked and discovered by an attacker when using the
|
|
||||||
Remote Shard recovery mechanism.
|
|
||||||
|
|
||||||
An additional change is the requirement of hardened indices on the first two
|
|
||||||
levels of key derivation. This is due to Keyfork potentially leaking private
|
|
||||||
keys when hardened derivation is not used. To be completely honest, I don't
|
|
||||||
entirely understand the math behind it.
|
|
||||||
|
|
||||||
There is no reason to upgrade if Keyfork has been used as-is, as all supported
|
|
||||||
provisioners at this point in time require hardened derivation at all steps.
|
|
||||||
|
|
||||||
### Changes in keyfork:
|
|
||||||
|
|
||||||
```
|
|
||||||
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
||||||
5d2309e keyfork-prompt: add SecurePinValidator for making new, secure, PINs
|
|
||||||
cdf4015 keyfork wizard: use correct derivation path for re-deriving shard decryption keys
|
|
||||||
f0e5ae9 keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
|
|
||||||
289cec3 keyfork wizard: upcast i and index to avoid wrapping add
|
|
||||||
9394500 keyfork-shard: generate nonce using hkdf
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-openpgp:
|
|
||||||
|
|
||||||
```
|
|
||||||
f0e5ae9 keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
|
|
||||||
9f089e7 keyfork-derive-openpgp: use .first() in place of .get(0)
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-derive-util:
|
|
||||||
|
|
||||||
```
|
|
||||||
de4e98a keyfork-derive-util: black-box checking all zeroes
|
|
||||||
48ccd7c keyfork-derive-util: add note about potential side-channel when verifying keys
|
|
||||||
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
||||||
1de466c keyfork-derive-util: allow zeroable input for non-master-key derivation
|
|
||||||
61871a7 keyfork-derive-util: make private and public test keys more visible
|
|
||||||
2bca0a1 keyfork-derive-util: make Test{Public,Private}Key public, rename Internal algorithm
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-entropy:
|
|
||||||
|
|
||||||
```
|
|
||||||
5438f4e keyfork-entropy: downgrade entropy size limit to warning
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-mnemonic-util:
|
|
||||||
|
|
||||||
```
|
|
||||||
001fc0b remove trailing hitespace :(
|
|
||||||
6a265ad keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-prompt:
|
|
||||||
|
|
||||||
```
|
|
||||||
5d2309e keyfork-prompt: add SecurePinValidator for making new, secure, PINs
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-qrcode:
|
|
||||||
|
|
||||||
```
|
|
||||||
fa125e7 keyfork-qrcode: prefer Instant over SystemTime for infallible time comparison
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-shard:
|
|
||||||
|
|
||||||
```
|
|
||||||
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
||||||
1a036a0 keyfork-shard: clean up documentation for encrypted shard padding
|
|
||||||
e068743 keyfork-shard: display error message on duplicate key fingerprints found
|
|
||||||
23db509 keyfork-shard: improve wording for counting shardholders
|
|
||||||
9461772 keyfork-shard: ignore duplicate certificate entries
|
|
||||||
6a265ad keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes
|
|
||||||
c0b19e2 keyfork-shard: assert shared secrets are contributory
|
|
||||||
0fe5301 keyfork-shard: add in bug messages
|
|
||||||
08a66e2 keyfork-shard: base64 encode content instead of base16
|
|
||||||
6fa434e keyfork-shard: shorten length and pad inside encrypted block
|
|
||||||
9394500 keyfork-shard: generate nonce using hkdf
|
|
||||||
194d475 keyfork-shard: validate signatures using shard-specific validation requirements
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyfork-zbar:
|
|
||||||
|
|
||||||
```
|
|
||||||
0c76869 .cargo/config.toml: add registry configuration :)
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyforkd:
|
|
||||||
|
|
||||||
```
|
|
||||||
bcfcc87 keyforkd: add warning when loading seed with less than 128 bits
|
|
||||||
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyforkd-client:
|
|
||||||
|
|
||||||
```
|
|
||||||
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
||||||
1de466c keyfork-derive-util: allow zeroable input for non-master-key derivation
|
|
||||||
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
||||||
```
|
|
||||||
|
|
||||||
### Changes in keyforkd-models:
|
|
||||||
|
|
||||||
```
|
|
||||||
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
||||||
```
|
|
||||||
|
|
||||||
# Keyfork v0.1.0
|
|
||||||
|
|
||||||
### Tagged releases:
|
|
||||||
|
|
||||||
* `keyfork-bin 0.1.0`
|
|
||||||
* `keyfork-bug 0.1.0`
|
|
||||||
* `keyfork-crossterm 0.27.1`
|
|
||||||
* `keyfork-derive-key 0.1.0`
|
|
||||||
* `keyfork-derive-openpgp 0.1.0`
|
|
||||||
* `keyfork-derive-path-data 0.1.0`
|
|
||||||
* `keyfork-derive-util 0.1.0`
|
|
||||||
* `keyfork-entropy 0.1.0`
|
|
||||||
* `keyfork-frame 0.1.0`
|
|
||||||
* `keyfork-mnemonic-util 0.2.0`
|
|
||||||
* `keyfork-prompt 0.1.0`
|
|
||||||
* `keyfork-qrcode 0.1.0`
|
|
||||||
* `keyfork-shard 0.1.0`
|
|
||||||
* `keyfork-slip10-test-data 0.1.0`
|
|
||||||
* `keyfork 0.1.0`
|
|
||||||
* `keyfork-zbar-sys 0.1.0`
|
|
||||||
* `keyfork-zbar 0.1.0`
|
|
||||||
* `keyforkd-client 0.1.0`
|
|
||||||
* `keyforkd-models 0.1.0`
|
|
||||||
* `keyforkd 0.1.0`
|
|
||||||
* `smex 0.1.0`
|
|
File diff suppressed because it is too large
Load Diff
52
Cargo.toml
52
Cargo.toml
|
@ -19,62 +19,12 @@ members = [
|
||||||
"crates/util/keyfork-crossterm",
|
"crates/util/keyfork-crossterm",
|
||||||
"crates/util/keyfork-entropy",
|
"crates/util/keyfork-entropy",
|
||||||
"crates/util/keyfork-frame",
|
"crates/util/keyfork-frame",
|
||||||
"crates/util/keyfork-mnemonic",
|
"crates/util/keyfork-mnemonic-util",
|
||||||
"crates/util/keyfork-prompt",
|
"crates/util/keyfork-prompt",
|
||||||
"crates/util/keyfork-slip10-test-data",
|
"crates/util/keyfork-slip10-test-data",
|
||||||
"crates/util/smex",
|
"crates/util/smex",
|
||||||
]
|
]
|
||||||
|
|
||||||
[workspace.dependencies]
|
|
||||||
|
|
||||||
# Keyfork dependencies
|
|
||||||
keyforkd = { version = "0.1.1", path = "crates/daemon/keyforkd", registry = "distrust", default-features = false }
|
|
||||||
keyforkd-client = { version = "0.2.0", path = "crates/daemon/keyforkd-client", registry = "distrust", default-features = false }
|
|
||||||
keyforkd-models = { version = "0.2.0", path = "crates/daemon/keyforkd-models", registry = "distrust", default-features = false }
|
|
||||||
keyfork-derive-openpgp = { version = "0.1.2", path = "crates/derive/keyfork-derive-openpgp", registry = "distrust", default-features = false }
|
|
||||||
keyfork-derive-path-data = { version = "0.1.1", path = "crates/derive/keyfork-derive-path-data", registry = "distrust", default-features = false }
|
|
||||||
keyfork-derive-util = { version = "0.2.0", path = "crates/derive/keyfork-derive-util", registry = "distrust", default-features = false }
|
|
||||||
keyfork-shard = { version = "0.2.2", path = "crates/keyfork-shard", registry = "distrust", default-features = false }
|
|
||||||
keyfork-qrcode = { version = "0.1.1", path = "crates/qrcode/keyfork-qrcode", registry = "distrust", default-features = false }
|
|
||||||
keyfork-zbar = { version = "0.1.0", path = "crates/qrcode/keyfork-zbar", registry = "distrust", default-features = false }
|
|
||||||
keyfork-zbar-sys = { version = "0.1.0", path = "crates/qrcode/keyfork-zbar-sys", registry = "distrust", default-features = false }
|
|
||||||
keyfork-bin = { version = "0.1.0", path = "crates/util/keyfork-bin", registry = "distrust", default-features = false }
|
|
||||||
keyfork-bug = { version = "0.1.0", path = "crates/util/keyfork-bug", registry = "distrust", default-features = false }
|
|
||||||
keyfork-crossterm = { version = "0.27.1", path = "crates/util/keyfork-crossterm", registry = "distrust", default-features = false }
|
|
||||||
keyfork-entropy = { version = "0.1.1", path = "crates/util/keyfork-entropy", registry = "distrust", default-features = false }
|
|
||||||
keyfork-frame = { version = "0.1.0", path = "crates/util/keyfork-frame", registry = "distrust", default-features = false }
|
|
||||||
keyfork-mnemonic = { version = "0.4.0", path = "crates/util/keyfork-mnemonic", registry = "distrust", default-features = false }
|
|
||||||
keyfork-prompt = { version = "0.1.1", path = "crates/util/keyfork-prompt", registry = "distrust", default-features = false }
|
|
||||||
keyfork-slip10-test-data = { version = "0.1.0", path = "crates/util/keyfork-slip10-test-data", registry = "distrust", default-features = false }
|
|
||||||
smex = { version = "0.1.0", path = "crates/util/smex", registry = "distrust", default-features = false }
|
|
||||||
|
|
||||||
# External dependencies
|
|
||||||
|
|
||||||
# Cryptography
|
|
||||||
ed25519-dalek = "2.1.1"
|
|
||||||
hmac = "0.12.1"
|
|
||||||
k256 = { version = "0.13.3", default-features = false, features = ["std"] }
|
|
||||||
sha2 = "0.10.8"
|
|
||||||
|
|
||||||
# OpenPGP
|
|
||||||
card-backend-pcsc = "0.5.0"
|
|
||||||
openpgp-card = { version = "0.4.1" }
|
|
||||||
openpgp-card-sequoia = { version = "0.2.0", default-features = false }
|
|
||||||
sequoia-openpgp = { version = "1.21.2", default-features = false, features = ["compression"] }
|
|
||||||
|
|
||||||
# Serialization
|
|
||||||
bincode = "1.3.3"
|
|
||||||
serde = { version= "1.0.195", features = ["derive"] }
|
|
||||||
serde_json = "1.0.111"
|
|
||||||
|
|
||||||
# Misc.
|
|
||||||
anyhow = "1.0.79"
|
|
||||||
hex-literal = "0.4.1"
|
|
||||||
image = { version = "0.25.2", default-features = false }
|
|
||||||
thiserror = "1.0.56"
|
|
||||||
tokio = "1.35.1"
|
|
||||||
v4l = "0.14.0"
|
|
||||||
|
|
||||||
[profile.dev.package.keyfork-qrcode]
|
[profile.dev.package.keyfork-qrcode]
|
||||||
opt-level = 3
|
opt-level = 3
|
||||||
debug = true
|
debug = true
|
||||||
|
|
|
@ -75,7 +75,7 @@ Note: The following features are proposed, and may not yet be implemented.
|
||||||
* Offline
|
* Offline
|
||||||
* Will exit if network access is detected to force you to keep keys offline
|
* Will exit if network access is detected to force you to keep keys offline
|
||||||
* Helps limit the risk of supply chain attacks
|
* Helps limit the risk of supply chain attacks
|
||||||
* Intended for use with QubesOS Vault VM, [AirgapOS](https://git.distrust.co/public/airgap), etc
|
* Intended for use with QubesOS Vault VM, AirgapOS, etc
|
||||||
* Private keys are installed to HSMs/TEEs for use by online machines
|
* Private keys are installed to HSMs/TEEs for use by online machines
|
||||||
|
|
||||||
## Install
|
## Install
|
||||||
|
@ -178,8 +178,7 @@ keyfork recover mnemonic
|
||||||
|
|
||||||
This guide assumes you are sharding to an `N`-of-`M` system with `I` smart
|
This guide assumes you are sharding to an `N`-of-`M` system with `I` smart
|
||||||
cards per shardholder. The variables will be used in the following commands as
|
cards per shardholder. The variables will be used in the following commands as
|
||||||
`$N`, `$M`, and `$I`. The smart card OpenPGP slots will be factory reset during
|
`$N`, `$M`, and `$I`. The smart cards will be factory reset during the process.
|
||||||
the process.
|
|
||||||
|
|
||||||
On an airgapped system, run the following command to generate a file containing
|
On an airgapped system, run the following command to generate a file containing
|
||||||
encrypted shards of a generated seed:
|
encrypted shards of a generated seed:
|
||||||
|
|
Binary file not shown.
Binary file not shown.
92
bacon.toml
92
bacon.toml
|
@ -1,92 +0,0 @@
|
||||||
# This is a configuration file for the bacon tool
|
|
||||||
#
|
|
||||||
# Bacon repository: https://github.com/Canop/bacon
|
|
||||||
# Complete help on configuration: https://dystroy.org/bacon/config/
|
|
||||||
# You can also check bacon's own bacon.toml file
|
|
||||||
# as an example: https://github.com/Canop/bacon/blob/main/bacon.toml
|
|
||||||
|
|
||||||
default_job = "check"
|
|
||||||
|
|
||||||
[jobs.check]
|
|
||||||
command = ["cargo", "check", "--color", "always"]
|
|
||||||
need_stdout = false
|
|
||||||
|
|
||||||
[jobs.check-all]
|
|
||||||
command = ["cargo", "check", "--all-targets", "--color", "always"]
|
|
||||||
need_stdout = false
|
|
||||||
|
|
||||||
[jobs.clippy]
|
|
||||||
command = [
|
|
||||||
"cargo", "clippy",
|
|
||||||
"--all-targets",
|
|
||||||
"--color", "always",
|
|
||||||
]
|
|
||||||
need_stdout = false
|
|
||||||
|
|
||||||
[jobs.clippy-unwrap]
|
|
||||||
command = [
|
|
||||||
"cargo", "clippy",
|
|
||||||
"--lib",
|
|
||||||
"--color", "always",
|
|
||||||
"--",
|
|
||||||
"-W",
|
|
||||||
"clippy::unwrap_used",
|
|
||||||
"-W",
|
|
||||||
"clippy::expect_used",
|
|
||||||
]
|
|
||||||
need_stdout = false
|
|
||||||
|
|
||||||
# This job lets you run
|
|
||||||
# - all tests: bacon test
|
|
||||||
# - a specific test: bacon test -- config::test_default_files
|
|
||||||
# - the tests of a package: bacon test -- -- -p config
|
|
||||||
[jobs.test]
|
|
||||||
command = [
|
|
||||||
"cargo", "test", "--color", "always",
|
|
||||||
"--", "--color", "always", # see https://github.com/Canop/bacon/issues/124
|
|
||||||
]
|
|
||||||
need_stdout = true
|
|
||||||
|
|
||||||
[jobs.doc]
|
|
||||||
command = ["cargo", "doc", "--color", "always", "--no-deps"]
|
|
||||||
need_stdout = false
|
|
||||||
|
|
||||||
# If the doc compiles, then it opens in your browser and bacon switches
|
|
||||||
# to the previous job
|
|
||||||
[jobs.doc-open]
|
|
||||||
command = ["cargo", "doc", "--color", "always", "--no-deps", "--open"]
|
|
||||||
need_stdout = false
|
|
||||||
on_success = "back" # so that we don't open the browser at each change
|
|
||||||
|
|
||||||
# You can run your application and have the result displayed in bacon,
|
|
||||||
# *if* it makes sense for this crate.
|
|
||||||
# Don't forget the `--color always` part or the errors won't be
|
|
||||||
# properly parsed.
|
|
||||||
# If your program never stops (eg a server), you may set `background`
|
|
||||||
# to false to have the cargo run output immediately displayed instead
|
|
||||||
# of waiting for program's end.
|
|
||||||
[jobs.run]
|
|
||||||
command = [
|
|
||||||
"cargo", "run",
|
|
||||||
"--color", "always",
|
|
||||||
# put launch parameters for your program behind a `--` separator
|
|
||||||
]
|
|
||||||
need_stdout = true
|
|
||||||
allow_warnings = true
|
|
||||||
background = true
|
|
||||||
|
|
||||||
# This parameterized job runs the example of your choice, as soon
|
|
||||||
# as the code compiles.
|
|
||||||
# Call it as
|
|
||||||
# bacon ex -- my-example
|
|
||||||
[jobs.ex]
|
|
||||||
command = ["cargo", "run", "--color", "always", "--example"]
|
|
||||||
need_stdout = true
|
|
||||||
allow_warnings = true
|
|
||||||
|
|
||||||
# You may define here keybindings that would be specific to
|
|
||||||
# a project, for example a shortcut to launch a specific job.
|
|
||||||
# Shortcuts to internal functions (scrolling, toggling, etc.)
|
|
||||||
# should go in your personal global prefs.toml file instead.
|
|
||||||
[keybindings]
|
|
||||||
# alt-m = "job:my-job"
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyforkd-client"
|
name = "keyforkd-client"
|
||||||
version = "0.2.1"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
|
@ -12,14 +12,14 @@ ed25519 = ["keyfork-derive-util/ed25519", "ed25519-dalek"]
|
||||||
secp256k1 = ["keyfork-derive-util/secp256k1", "k256"]
|
secp256k1 = ["keyfork-derive-util/secp256k1", "k256"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-derive-util = { workspace = true, default-features = false }
|
keyfork-derive-util = { version = "0.1.0", path = "../../derive/keyfork-derive-util", default-features = false, registry = "distrust" }
|
||||||
keyfork-frame = { workspace = true }
|
keyfork-frame = { version = "0.1.0", path = "../../util/keyfork-frame", registry = "distrust" }
|
||||||
keyforkd-models = { workspace = true }
|
keyforkd-models = { version = "0.1.0", path = "../keyforkd-models", registry = "distrust" }
|
||||||
bincode = { workspace = true }
|
bincode = "1.3.3"
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.49"
|
||||||
k256 = { workspace = true, default-features = false, features = ["std"], optional = true }
|
k256 = { version = "0.13.3", optional = true }
|
||||||
ed25519-dalek = { workspace = true, optional = true }
|
ed25519-dalek = { version = "2.1.1", optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
keyfork-slip10-test-data = { workspace = true }
|
keyfork-slip10-test-data = { path = "../../util/keyfork-slip10-test-data", registry = "distrust" }
|
||||||
keyforkd = { workspace = true }
|
keyforkd = { path = "../keyforkd", registry = "distrust" }
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
//! # The Keyforkd Client
|
//! # The Keyforkd Client
|
||||||
//!
|
//!
|
||||||
//! Keyfork allows securing the master key and highest-level derivation keys by having derivation
|
//! Keyfork allows securing the master key and highest-level derivation keys by having derivation
|
||||||
//! requests performed against a server, "Keyforkd" or the "Keyfork Server". This allows
|
//! requests performed against a server, "Keyforkd" or the "Keyfork Server". The server is operated
|
||||||
//! enforcement of policies, such as requiring at least two leves of a derivation path (for
|
//! on a UNIX socket with messages sent using the Keyfork Frame format.
|
||||||
//! instance, `m/0'` would not be allowed, but `m/0'/0'` would). The server is operated on a UNIX
|
|
||||||
//! socket with messages sent using the Keyfork Frame format.
|
|
||||||
//!
|
//!
|
||||||
//! Programs using the Keyfork Client should ensure they are built against a compatible version of
|
//! Programs using the Keyfork Client should ensure they are built against a compatible version of
|
||||||
//! the Keyfork Server. For versions prior to `1.0.0`, all versions within a "minor" version (i.e.,
|
//! the Keyfork Server. For versions prior to `1.0.0`, all versions within a "minor" version (i.e.,
|
||||||
|
@ -12,58 +10,9 @@
|
||||||
//! after `1.0.0`, all versions within a "major" version (i.e., `1.0.0`) will be compatible, but
|
//! after `1.0.0`, all versions within a "major" version (i.e., `1.0.0`) will be compatible, but
|
||||||
//! `1.x.y` will not be compatible with `2.0.0`.
|
//! `1.x.y` will not be compatible with `2.0.0`.
|
||||||
//!
|
//!
|
||||||
//! The Keyfork Client documentation makes extensive use of the `keyforkd::test_util` module.
|
//! Presently, the Keyfork server only supports the following requests:
|
||||||
//! This provides testing infrastructure to set up a temporary Keyfork Daemon. In
|
|
||||||
//! your code, you should assume the daemon has already been initialized, whether by another
|
|
||||||
//! process, on another terminal, or some other instance. At no point should a program deriving an
|
|
||||||
//! "endpoint" key have control over a mnemonic or a seed.
|
|
||||||
//!
|
//!
|
||||||
//! ## Server Requests
|
//! * Derive Key
|
||||||
//!
|
|
||||||
//! Keyfork is designed as a client-request/server-response model. The client sends a request, such
|
|
||||||
//! as a derivation request, and the server sends its response. Presently, the Keyfork server
|
|
||||||
//! supports the following requests:
|
|
||||||
//!
|
|
||||||
//! ### Request: Derive Key
|
|
||||||
//!
|
|
||||||
//! The client creates a derivation path of at least two indices and requests a derived XPrv
|
|
||||||
//! (Extended Private Key) from the server.
|
|
||||||
//!
|
|
||||||
//! ```rust
|
|
||||||
//! use std::str::FromStr;
|
|
||||||
//!
|
|
||||||
//! use keyforkd_client::Client;
|
|
||||||
//! use keyfork_derive_util::DerivationPath;
|
|
||||||
//! # use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
|
||||||
//! // use k256::SecretKey as PrivateKey;
|
|
||||||
//! // use ed25519_dalek::SigningKey as PrivateKey;
|
|
||||||
//!
|
|
||||||
//! #[derive(Debug, thiserror::Error)]
|
|
||||||
//! enum Error {
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Path(#[from] keyfork_derive_util::PathError),
|
|
||||||
//!
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Keyforkd(#[from] keyforkd_client::Error),
|
|
||||||
//! }
|
|
||||||
//!
|
|
||||||
//! fn main() -> Result<(), Error> {
|
|
||||||
//! # let seed = b"funky accordion noises";
|
|
||||||
//! # keyforkd::test_util::run_test(seed, |socket_path| {
|
|
||||||
//! let derivation_path = DerivationPath::from_str("m/44'/0'")?;
|
|
||||||
//! let mut client = Client::discover_socket()?;
|
|
||||||
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path)?;
|
|
||||||
//! # Ok::<_, Error>(())
|
|
||||||
//! # })?;
|
|
||||||
//! Ok(())
|
|
||||||
//! }
|
|
||||||
//! ```
|
|
||||||
//!
|
|
||||||
//! ---
|
|
||||||
//!
|
|
||||||
//! Request objects are typically handled by the Keyfork Client library (such as with
|
|
||||||
//! [`Client::request_xprv`]). While unadvised, clients can also attempt to handle their own
|
|
||||||
//! requests, using [`Client::request`].
|
|
||||||
//!
|
//!
|
||||||
//! ## Extended Private Keys
|
//! ## Extended Private Keys
|
||||||
//!
|
//!
|
||||||
|
@ -72,101 +21,42 @@
|
||||||
//! The tests for this library ensure that all levels of Keyfork derivation beyond the required two
|
//! The tests for this library ensure that all levels of Keyfork derivation beyond the required two
|
||||||
//! will be derived similarly between the server and the client.
|
//! will be derived similarly between the server and the client.
|
||||||
//!
|
//!
|
||||||
|
//! # Examples
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use std::str::FromStr;
|
//! use std::str::FromStr;
|
||||||
//!
|
//!
|
||||||
//! use keyforkd_client::Client;
|
//! use keyforkd_client::Client;
|
||||||
//! use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
//! use keyfork_derive_util::DerivationPath;
|
||||||
//! # use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
//! # use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
||||||
//! // use k256::SecretKey as PrivateKey;
|
//! // use k256::SecretKey as PrivateKey;
|
||||||
//! // use ed25519_dalek::SigningKey as PrivateKey;
|
//! // use ed25519_dalek::SigningKey as PrivateKey;
|
||||||
//! # fn check_wallet<T>(_: T) {}
|
|
||||||
//!
|
//!
|
||||||
//! #[derive(Debug, thiserror::Error)]
|
|
||||||
//! enum Error {
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Index(#[from] keyfork_derive_util::IndexError),
|
|
||||||
//!
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Path(#[from] keyfork_derive_util::PathError),
|
|
||||||
//!
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! PrivateKey(#[from] keyfork_derive_util::PrivateKeyError),
|
|
||||||
//!
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Keyforkd(#[from] keyforkd_client::Error),
|
|
||||||
//! }
|
|
||||||
//!
|
|
||||||
//! fn main() -> Result<(), Error> {
|
|
||||||
//! # let seed = b"funky accordion noises";
|
//! # let seed = b"funky accordion noises";
|
||||||
//! # keyforkd::test_util::run_test(seed, |socket_path| {
|
//! # keyforkd::test_util::run_test(seed, |socket_path| {
|
||||||
//! let derivation_path = DerivationPath::from_str("m/44'/0'/0'/0")?;
|
//! # std::env::set_var("KEYFORKD_SOCKET_PATH", socket_path);
|
||||||
//! let mut client = Client::discover_socket()?;
|
|
||||||
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path)?;
|
|
||||||
//! // scan first 20 wallets
|
|
||||||
//! for index in 0..20 {
|
|
||||||
//! // use non-hardened derivation
|
|
||||||
//! let new_xprv = xprv.derive_child(&DerivationIndex::new(index, false)?);
|
|
||||||
//! check_wallet(new_xprv)
|
|
||||||
//! }
|
|
||||||
//! # Ok::<_, Error>(())
|
|
||||||
//! # })?;
|
|
||||||
//! Ok(())
|
|
||||||
//! }
|
|
||||||
//! ```
|
|
||||||
//!
|
|
||||||
//! ## Testing Infrastructure
|
|
||||||
//!
|
|
||||||
//! In tests, the `keyforkd::test_util` module and TestPrivateKeys can be used. These provide
|
|
||||||
//! useful utilities for writing tests that interact with the Keyfork Server without needing to
|
|
||||||
//! manually create the server for the purpose of the test. The `run_test` method can be used to
|
|
||||||
//! run a test, which can handle both returning errors and correctly translating panics (though,
|
|
||||||
//! the panics definitely won't look tidy).
|
|
||||||
//!
|
|
||||||
//! ```rust
|
|
||||||
//! use std::str::FromStr;
|
|
||||||
//!
|
|
||||||
//! use keyforkd_client::Client;
|
|
||||||
//! use keyfork_derive_util::DerivationPath;
|
|
||||||
//! use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
|
||||||
//!
|
|
||||||
//! #[derive(Debug, thiserror::Error)]
|
|
||||||
//! enum Error {
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Path(#[from] keyfork_derive_util::PathError),
|
|
||||||
//!
|
|
||||||
//! #[error(transparent)]
|
|
||||||
//! Keyforkd(#[from] keyforkd_client::Error),
|
|
||||||
//! }
|
|
||||||
//!
|
|
||||||
//! fn main() -> Result<(), Error> {
|
|
||||||
//! let seed = b"funky accordion noises";
|
|
||||||
//! keyforkd::test_util::run_test(seed, |socket_path| {
|
|
||||||
//! let derivation_path = DerivationPath::from_str("m/44'/0'")?;
|
|
||||||
//! let mut client = Client::discover_socket()?;
|
|
||||||
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path)?;
|
|
||||||
//! Ok::<_, Error>(())
|
|
||||||
//! })?;
|
|
||||||
//! Ok(())
|
|
||||||
//! }
|
|
||||||
//! ```
|
|
||||||
//!
|
|
||||||
//! If you would rather write tests to panic rather than error, or would rather not deal with error
|
|
||||||
//! types, the Panicable type should be used, which will handle the Error type for the closure.
|
|
||||||
//!
|
|
||||||
//! ```rust
|
|
||||||
//! use std::str::FromStr;
|
|
||||||
//!
|
|
||||||
//! use keyforkd_client::Client;
|
|
||||||
//! use keyfork_derive_util::DerivationPath;
|
|
||||||
//! use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
|
||||||
//!
|
|
||||||
//! let seed = b"funky accordion noises";
|
|
||||||
//! keyforkd::test_util::run_test(seed, |socket_path| {
|
|
||||||
//! let derivation_path = DerivationPath::from_str("m/44'/0'").unwrap();
|
//! let derivation_path = DerivationPath::from_str("m/44'/0'").unwrap();
|
||||||
//! let mut client = Client::discover_socket().unwrap();
|
//! let mut client = Client::discover_socket().unwrap();
|
||||||
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path).unwrap();
|
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path).unwrap();
|
||||||
//! keyforkd::test_util::Panicable::Ok(())
|
//! # keyforkd::test_util::Infallible::Ok(())
|
||||||
|
//! # }).unwrap();
|
||||||
|
//! ```
|
||||||
|
//!
|
||||||
|
//! In tests, the Keyforkd test_util module and TestPrivateKeys can be used.
|
||||||
|
//!
|
||||||
|
//! ```rust
|
||||||
|
//! use std::str::FromStr;
|
||||||
|
//!
|
||||||
|
//! use keyforkd_client::Client;
|
||||||
|
//! use keyfork_derive_util::DerivationPath;
|
||||||
|
//! use keyfork_derive_util::private_key::TestPrivateKey as PrivateKey;
|
||||||
|
//!
|
||||||
|
//! let seed = b"funky accordion noises";
|
||||||
|
//! keyforkd::test_util::run_test(seed, |socket_path| {
|
||||||
|
//! std::env::set_var("KEYFORKD_SOCKET_PATH", socket_path);
|
||||||
|
//! let derivation_path = DerivationPath::from_str("m/44'/0'").unwrap();
|
||||||
|
//! let mut client = Client::discover_socket().unwrap();
|
||||||
|
//! let xprv = client.request_xprv::<PrivateKey>(&derivation_path).unwrap();
|
||||||
|
//! keyforkd::test_util::Infallible::Ok(())
|
||||||
//! }).unwrap();
|
//! }).unwrap();
|
||||||
//! ```
|
//! ```
|
||||||
|
|
||||||
|
@ -218,10 +108,6 @@ pub enum Error {
|
||||||
/// An error encountered in Keyforkd.
|
/// An error encountered in Keyforkd.
|
||||||
#[error("Error in Keyforkd: {0}")]
|
#[error("Error in Keyforkd: {0}")]
|
||||||
Keyforkd(#[from] KeyforkdError),
|
Keyforkd(#[from] KeyforkdError),
|
||||||
|
|
||||||
/// An invalid key was returned.
|
|
||||||
#[error("Invalid key returned")]
|
|
||||||
InvalidKey,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[allow(missing_docs)]
|
#[allow(missing_docs)]
|
||||||
|
@ -275,9 +161,10 @@ impl Client {
|
||||||
///
|
///
|
||||||
/// # let seed = b"funky accordion noises";
|
/// # let seed = b"funky accordion noises";
|
||||||
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
||||||
/// let mut socket = get_socket()?;
|
/// # std::env::set_var("KEYFORKD_SOCKET_PATH", socket_path);
|
||||||
|
/// let mut socket = get_socket().unwrap();
|
||||||
/// let mut client = Client::new(socket);
|
/// let mut client = Client::new(socket);
|
||||||
/// # Ok::<_, keyforkd_client::Error>(())
|
/// # keyforkd::test_util::Infallible::Ok(())
|
||||||
/// # }).unwrap();
|
/// # }).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
pub fn new(socket: UnixStream) -> Self {
|
pub fn new(socket: UnixStream) -> Self {
|
||||||
|
@ -296,8 +183,9 @@ impl Client {
|
||||||
///
|
///
|
||||||
/// # let seed = b"funky accordion noises";
|
/// # let seed = b"funky accordion noises";
|
||||||
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
||||||
/// let mut client = Client::discover_socket()?;
|
/// # std::env::set_var("KEYFORKD_SOCKET_PATH", socket_path);
|
||||||
/// # Ok::<_, keyforkd_client::Error>(())
|
/// let mut client = Client::discover_socket().unwrap();
|
||||||
|
/// # keyforkd::test_util::Infallible::Ok(())
|
||||||
/// # }).unwrap();
|
/// # }).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
pub fn discover_socket() -> Result<Self> {
|
pub fn discover_socket() -> Result<Self> {
|
||||||
|
@ -325,10 +213,11 @@ impl Client {
|
||||||
///
|
///
|
||||||
/// # let seed = b"funky accordion noises";
|
/// # let seed = b"funky accordion noises";
|
||||||
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
/// # keyforkd::test_util::run_test(seed, |socket_path| {
|
||||||
|
/// # std::env::set_var("KEYFORKD_SOCKET_PATH", socket_path);
|
||||||
/// let derivation_path = DerivationPath::from_str("m/44'/0'").unwrap();
|
/// let derivation_path = DerivationPath::from_str("m/44'/0'").unwrap();
|
||||||
/// let mut client = Client::discover_socket().unwrap();
|
/// let mut client = Client::discover_socket().unwrap();
|
||||||
/// let xprv = client.request_xprv::<PrivateKey>(&derivation_path).unwrap();
|
/// let xprv = client.request_xprv::<PrivateKey>(&derivation_path).unwrap();
|
||||||
/// # keyforkd::test_util::Panicable::Ok(())
|
/// # keyforkd::test_util::Infallible::Ok(())
|
||||||
/// # }).unwrap();
|
/// # }).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
pub fn request_xprv<K>(&mut self, path: &DerivationPath) -> Result<ExtendedPrivateKey<K>>
|
pub fn request_xprv<K>(&mut self, path: &DerivationPath) -> Result<ExtendedPrivateKey<K>>
|
||||||
|
@ -345,26 +234,24 @@ impl Client {
|
||||||
}
|
}
|
||||||
|
|
||||||
let depth = path.len() as u8;
|
let depth = path.len() as u8;
|
||||||
ExtendedPrivateKey::from_parts(&d.data, depth, d.chain_code)
|
Ok(ExtendedPrivateKey::new_from_parts(
|
||||||
.map_err(|_| Error::InvalidKey)
|
&d.data,
|
||||||
|
depth,
|
||||||
|
d.chain_code,
|
||||||
|
))
|
||||||
}
|
}
|
||||||
_ => Err(Error::InvalidResponse),
|
_ => Err(Error::InvalidResponse),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
impl Client {
|
|
||||||
/// Serialize and send a [`Request`] to the server, awaiting a [`Result<Response>`].
|
/// Serialize and send a [`Request`] to the server, awaiting a [`Result<Response>`].
|
||||||
///
|
///
|
||||||
/// This function does not properly assert the association between a request type and a
|
|
||||||
/// response type, and does not perform any serialization of native objects into Request or
|
|
||||||
/// Response types, and should only be used when absolutely necessary.
|
|
||||||
///
|
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// An error may be returned if:
|
/// An error may be returned if:
|
||||||
/// * Reading or writing from or to the socket encountered an error.
|
/// * Reading or writing from or to the socket encountered an error.
|
||||||
/// * Bincode could not serialize the request or deserialize the response.
|
/// * Bincode could not serialize the request or deserialize the response.
|
||||||
/// * An error occurred in Keyforkd.
|
/// * An error occurred in Keyforkd.
|
||||||
|
#[doc(hidden)]
|
||||||
pub fn request(&mut self, req: &Request) -> Result<Response> {
|
pub fn request(&mut self, req: &Request) -> Result<Response> {
|
||||||
try_encode_to(&bincode::serialize(&req)?, &mut self.socket)?;
|
try_encode_to(&bincode::serialize(&req)?, &mut self.socket)?;
|
||||||
let resp = try_decode_from(&mut self.socket)?;
|
let resp = try_decode_from(&mut self.socket)?;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use crate::Client;
|
use crate::Client;
|
||||||
use keyfork_derive_util::{request::*, DerivationPath};
|
use keyfork_derive_util::{request::*, DerivationPath};
|
||||||
use keyfork_slip10_test_data::test_data;
|
use keyfork_slip10_test_data::test_data;
|
||||||
use keyforkd::test_util::{run_test, Panicable};
|
use keyforkd::test_util::{run_test, Infallible};
|
||||||
use std::{os::unix::net::UnixStream, str::FromStr};
|
use std::{os::unix::net::UnixStream, str::FromStr};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -11,7 +11,7 @@ fn secp256k1_test_suite() {
|
||||||
|
|
||||||
let tests = test_data()
|
let tests = test_data()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.remove("secp256k1")
|
.remove(&"secp256k1".to_string())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
for seed_test in tests {
|
for seed_test in tests {
|
||||||
|
@ -25,9 +25,6 @@ fn secp256k1_test_suite() {
|
||||||
if chain_len < 2 {
|
if chain_len < 2 {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if chain.iter().take(2).any(|index| !index.is_hardened()) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
// Consistency check: ensure the server and the client can each derive the same
|
// Consistency check: ensure the server and the client can each derive the same
|
||||||
// key using an XPrv, for all but the last XPrv, which is verified after this
|
// key using an XPrv, for all but the last XPrv, which is verified after this
|
||||||
for i in 2..chain_len {
|
for i in 2..chain_len {
|
||||||
|
@ -70,7 +67,7 @@ fn secp256k1_test_suite() {
|
||||||
fn ed25519_test_suite() {
|
fn ed25519_test_suite() {
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
|
||||||
let tests = test_data().unwrap().remove("ed25519").unwrap();
|
let tests = test_data().unwrap().remove(&"ed25519".to_string()).unwrap();
|
||||||
|
|
||||||
for seed_test in tests {
|
for seed_test in tests {
|
||||||
let seed = seed_test.seed;
|
let seed = seed_test.seed;
|
||||||
|
@ -109,7 +106,7 @@ fn ed25519_test_suite() {
|
||||||
DerivationResponse::try_from(client.request(&req.into()).unwrap()).unwrap();
|
DerivationResponse::try_from(client.request(&req.into()).unwrap()).unwrap();
|
||||||
assert_eq!(&response.data, test.private_key.as_slice());
|
assert_eq!(&response.data, test.private_key.as_slice());
|
||||||
}
|
}
|
||||||
Panicable::Ok(())
|
Infallible::Ok(())
|
||||||
})
|
})
|
||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyforkd-models"
|
name = "keyforkd-models"
|
||||||
version = "0.2.0"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-derive-util = { workspace = true, default-features = false }
|
keyfork-derive-util = { version = "0.1.0", path = "../../derive/keyfork-derive-util", default-features = false, registry = "distrust" }
|
||||||
serde = { workspace = true }
|
serde = { version = "1.0.190", features = ["derive"] }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.50"
|
||||||
|
|
|
@ -43,10 +43,6 @@ pub enum DerivationError {
|
||||||
#[error("Invalid derivation length: Expected at least 2, actual: {0}")]
|
#[error("Invalid derivation length: Expected at least 2, actual: {0}")]
|
||||||
InvalidDerivationLength(usize),
|
InvalidDerivationLength(usize),
|
||||||
|
|
||||||
/// The derivation request did not use hardened derivation on the 2 highest indexes.
|
|
||||||
#[error("Invalid derivation paths: expected index #{0} (1) to be hardened")]
|
|
||||||
InvalidDerivationPath(usize, u32),
|
|
||||||
|
|
||||||
/// An error occurred while deriving data.
|
/// An error occurred while deriving data.
|
||||||
#[error("Derivation error: {0}")]
|
#[error("Derivation error: {0}")]
|
||||||
Derivation(String),
|
Derivation(String),
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyforkd"
|
name = "keyforkd"
|
||||||
version = "0.1.2"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
|
@ -12,28 +12,28 @@ tracing = ["tower/tracing", "tokio/tracing", "dep:tracing", "dep:tracing-subscri
|
||||||
multithread = ["tokio/rt-multi-thread"]
|
multithread = ["tokio/rt-multi-thread"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../../util/keyfork-bug", registry = "distrust" }
|
||||||
keyfork-derive-util = { workspace = true }
|
keyfork-derive-util = { version = "0.1.0", path = "../../derive/keyfork-derive-util", registry = "distrust" }
|
||||||
keyfork-frame = { workspace = true, features = ["async"] }
|
keyfork-frame = { version = "0.1.0", path = "../../util/keyfork-frame", features = ["async"], registry = "distrust" }
|
||||||
keyfork-mnemonic = { workspace = true }
|
keyfork-mnemonic-util = { version = "0.2.0", path = "../../util/keyfork-mnemonic-util", registry = "distrust" }
|
||||||
keyfork-derive-path-data = { workspace = true }
|
keyfork-derive-path-data = { version = "0.1.0", path = "../../derive/keyfork-derive-path-data", registry = "distrust" }
|
||||||
keyforkd-models = { workspace = true }
|
keyforkd-models = { version = "0.1.0", path = "../keyforkd-models", registry = "distrust" }
|
||||||
|
|
||||||
# Not personally audited
|
# Not personally audited
|
||||||
bincode = { workspace = true }
|
bincode = "1.3.3"
|
||||||
|
|
||||||
# Ecosystem trust, not personally audited
|
# Ecosystem trust, not personally audited
|
||||||
tokio = { workspace = true, features = ["io-util", "macros", "rt", "io-std", "net", "fs", "signal"] }
|
tokio = { version = "1.32.0", features = ["io-util", "macros", "rt", "io-std", "net", "fs", "signal"] }
|
||||||
tracing = { version = "0.1.37", optional = true }
|
tracing = { version = "0.1.37", optional = true }
|
||||||
tracing-error = { version = "0.2.0", optional = true }
|
tracing-error = { version = "0.2.0", optional = true }
|
||||||
tracing-subscriber = { version = "0.3.17", optional = true, features = ["env-filter"] }
|
tracing-subscriber = { version = "0.3.17", optional = true, features = ["env-filter"] }
|
||||||
tower = { version = "0.4.13", features = ["tokio", "util"] }
|
tower = { version = "0.4.13", features = ["tokio", "util"] }
|
||||||
|
|
||||||
# Personally audited
|
# Personally audited
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.47"
|
||||||
serde = { workspace = true }
|
serde = { version = "1.0.186", features = ["derive"] }
|
||||||
tempfile = { version = "3.10.0", default-features = false }
|
tempfile = { version = "3.10.0", default-features = false }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex-literal = { workspace = true }
|
hex-literal = "0.4.1"
|
||||||
keyfork-slip10-test-data = { workspace = true }
|
keyfork-slip10-test-data = { path = "../../util/keyfork-slip10-test-data", registry = "distrust" }
|
||||||
|
|
|
@ -5,7 +5,7 @@ use std::{
|
||||||
path::{Path, PathBuf},
|
path::{Path, PathBuf},
|
||||||
};
|
};
|
||||||
|
|
||||||
pub use keyfork_mnemonic::Mnemonic;
|
pub use keyfork_mnemonic_util::Mnemonic;
|
||||||
pub use tower::ServiceBuilder;
|
pub use tower::ServiceBuilder;
|
||||||
|
|
||||||
#[cfg(feature = "tracing")]
|
#[cfg(feature = "tracing")]
|
||||||
|
@ -57,7 +57,7 @@ pub async fn start_and_run_server_on(
|
||||||
let service = ServiceBuilder::new()
|
let service = ServiceBuilder::new()
|
||||||
.layer(middleware::BincodeLayer::new())
|
.layer(middleware::BincodeLayer::new())
|
||||||
// TODO: passphrase support and/or store passphrase with mnemonic
|
// TODO: passphrase support and/or store passphrase with mnemonic
|
||||||
.service(Keyforkd::new(mnemonic.generate_seed(None).to_vec()));
|
.service(Keyforkd::new(mnemonic.generate_seed(None)));
|
||||||
|
|
||||||
let mut server = match UnixServer::bind(socket_path) {
|
let mut server = match UnixServer::bind(socket_path) {
|
||||||
Ok(s) => s,
|
Ok(s) => s,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
//! Launch the Keyfork Server from using a mnemonic passed through standard input.
|
//!
|
||||||
|
|
||||||
use keyfork_mnemonic::Mnemonic;
|
use keyfork_mnemonic_util::Mnemonic;
|
||||||
|
|
||||||
use tokio::io::{self, AsyncBufReadExt, BufReader};
|
use tokio::io::{self, AsyncBufReadExt, BufReader};
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ use keyfork_derive_path_data::guess_target;
|
||||||
// use keyfork_derive_util::request::{DerivationError, DerivationRequest, DerivationResponse};
|
// use keyfork_derive_util::request::{DerivationError, DerivationRequest, DerivationResponse};
|
||||||
use keyforkd_models::{DerivationError, Error, Request, Response};
|
use keyforkd_models::{DerivationError, Error, Request, Response};
|
||||||
use tower::Service;
|
use tower::Service;
|
||||||
use tracing::{info, warn};
|
use tracing::info;
|
||||||
|
|
||||||
// NOTE: All values implemented in Keyforkd must implement Clone with low overhead, either by
|
// NOTE: All values implemented in Keyforkd must implement Clone with low overhead, either by
|
||||||
// using an Arc or by having a small signature. This is because Service<T> takes &mut self.
|
// using an Arc or by having a small signature. This is because Service<T> takes &mut self.
|
||||||
|
@ -38,9 +38,6 @@ impl std::fmt::Debug for Keyforkd {
|
||||||
impl Keyforkd {
|
impl Keyforkd {
|
||||||
/// Create a new instance of Keyfork from a given seed.
|
/// Create a new instance of Keyfork from a given seed.
|
||||||
pub fn new(seed: Vec<u8>) -> Self {
|
pub fn new(seed: Vec<u8>) -> Self {
|
||||||
if seed.len() < 16 {
|
|
||||||
warn!("Entropy size is lower than 128 bits: {} bits.", seed.len() * 8);
|
|
||||||
}
|
|
||||||
Self {
|
Self {
|
||||||
seed: Arc::new(seed),
|
seed: Arc::new(seed),
|
||||||
}
|
}
|
||||||
|
@ -72,18 +69,6 @@ impl Service<Request> for Keyforkd {
|
||||||
return Err(DerivationError::InvalidDerivationLength(len).into());
|
return Err(DerivationError::InvalidDerivationLength(len).into());
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some((i, unhardened_index)) = req
|
|
||||||
.path()
|
|
||||||
.iter()
|
|
||||||
.take(2)
|
|
||||||
.enumerate()
|
|
||||||
.find(|(_, index)| {
|
|
||||||
!index.is_hardened()
|
|
||||||
})
|
|
||||||
{
|
|
||||||
return Err(DerivationError::InvalidDerivationPath(i, unhardened_index.inner()).into())
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(feature = "tracing")]
|
#[cfg(feature = "tracing")]
|
||||||
if let Some(target) = guess_target(req.path()) {
|
if let Some(target) = guess_target(req.path()) {
|
||||||
info!("Deriving path: {target}");
|
info!("Deriving path: {target}");
|
||||||
|
@ -113,7 +98,7 @@ mod tests {
|
||||||
async fn properly_derives_secp256k1() {
|
async fn properly_derives_secp256k1() {
|
||||||
let tests = test_data()
|
let tests = test_data()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.remove("secp256k1")
|
.remove(&"secp256k1".to_string())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
for per_seed in tests {
|
for per_seed in tests {
|
||||||
|
@ -125,9 +110,6 @@ mod tests {
|
||||||
if chain.len() < 2 {
|
if chain.len() < 2 {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if chain.iter().take(2).any(|index| !index.is_hardened()) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
let req = DerivationRequest::new(DerivationAlgorithm::Secp256k1, &chain);
|
let req = DerivationRequest::new(DerivationAlgorithm::Secp256k1, &chain);
|
||||||
let response: DerivationResponse = keyforkd
|
let response: DerivationResponse = keyforkd
|
||||||
.ready()
|
.ready()
|
||||||
|
@ -146,7 +128,7 @@ mod tests {
|
||||||
|
|
||||||
#[tokio::test]
|
#[tokio::test]
|
||||||
async fn properly_derives_ed25519() {
|
async fn properly_derives_ed25519() {
|
||||||
let tests = test_data().unwrap().remove("ed25519").unwrap();
|
let tests = test_data().unwrap().remove(&"ed25519".to_string()).unwrap();
|
||||||
|
|
||||||
for per_seed in tests {
|
for per_seed in tests {
|
||||||
let seed = &per_seed.seed;
|
let seed = &per_seed.seed;
|
||||||
|
|
|
@ -12,21 +12,20 @@ use keyfork_bug::bug;
|
||||||
#[derive(Debug, thiserror::Error)]
|
#[derive(Debug, thiserror::Error)]
|
||||||
#[error("This error can never be instantiated")]
|
#[error("This error can never be instantiated")]
|
||||||
#[doc(hidden)]
|
#[doc(hidden)]
|
||||||
pub enum UninstantiableError {}
|
pub struct InfallibleError {
|
||||||
|
protected: (),
|
||||||
|
}
|
||||||
|
|
||||||
/// A panicable result. This type can be used when a closure chooses to panic instead of
|
/// An infallible result. This type can be used to represent a function that should never error.
|
||||||
/// returning an error. This doesn't necessarily mean a closure _has_ to panic, and its absence
|
|
||||||
/// doesn't imply a closure _can't_ panic, but this is a useful utility function for writing tests,
|
|
||||||
/// to avoid the necessity of making custom error types.
|
|
||||||
///
|
///
|
||||||
/// ```rust
|
/// ```rust
|
||||||
/// use keyforkd::test_util::Panicable;
|
/// use keyforkd::test_util::Infallible;
|
||||||
/// let closure = || {
|
/// let closure = || {
|
||||||
/// Panicable::Ok(())
|
/// Infallible::Ok(())
|
||||||
/// };
|
/// };
|
||||||
/// assert!(closure().is_ok());
|
/// assert!(closure().is_ok());
|
||||||
/// ```
|
/// ```
|
||||||
pub type Panicable<T> = std::result::Result<T, UninstantiableError>;
|
pub type Infallible<T> = std::result::Result<T, InfallibleError>;
|
||||||
|
|
||||||
/// Run a test making use of a Keyforkd server. The test may use a seed (the first argument) from a
|
/// Run a test making use of a Keyforkd server. The test may use a seed (the first argument) from a
|
||||||
/// test suite, or (as shown in the example below) a simple seed may be used solely to ensure
|
/// test suite, or (as shown in the example below) a simple seed may be used solely to ensure
|
||||||
|
@ -40,8 +39,6 @@ pub type Panicable<T> = std::result::Result<T, UninstantiableError>;
|
||||||
/// runtime.
|
/// runtime.
|
||||||
///
|
///
|
||||||
/// # Examples
|
/// # Examples
|
||||||
/// The test utility provides a socket that can be connected to for deriving keys.
|
|
||||||
///
|
|
||||||
/// ```rust
|
/// ```rust
|
||||||
/// use std::os::unix::net::UnixStream;
|
/// use std::os::unix::net::UnixStream;
|
||||||
/// let seed = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// let seed = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
|
@ -49,18 +46,6 @@ pub type Panicable<T> = std::result::Result<T, UninstantiableError>;
|
||||||
/// UnixStream::connect(&path).map(|_| ())
|
/// UnixStream::connect(&path).map(|_| ())
|
||||||
/// }).unwrap();
|
/// }).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
///
|
|
||||||
/// The `keyforkd-client` crate uses the `KEYFORKD_SOCKET_PATH` variable to determine the default
|
|
||||||
/// socket path. The test will export the environment variable so it may be used by default.
|
|
||||||
///
|
|
||||||
/// ```rust
|
|
||||||
/// use std::os::unix::net::UnixStream;
|
|
||||||
/// let seed = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
|
||||||
/// keyforkd::test_util::run_test(seed.as_slice(), |path| {
|
|
||||||
/// assert_eq!(std::env::var_os("KEYFORKD_SOCKET_PATH").unwrap(), path.as_os_str());
|
|
||||||
/// UnixStream::connect(&path).map(|_| ())
|
|
||||||
/// }).unwrap();
|
|
||||||
/// ```
|
|
||||||
#[allow(clippy::missing_errors_doc)]
|
#[allow(clippy::missing_errors_doc)]
|
||||||
pub fn run_test<F, E>(seed: &[u8], closure: F) -> Result<(), E>
|
pub fn run_test<F, E>(seed: &[u8], closure: F) -> Result<(), E>
|
||||||
where
|
where
|
||||||
|
@ -76,7 +61,7 @@ where
|
||||||
));
|
));
|
||||||
let socket_dir = tempfile::tempdir().expect(bug!("can't create tempdir"));
|
let socket_dir = tempfile::tempdir().expect(bug!("can't create tempdir"));
|
||||||
let socket_path = socket_dir.path().join("keyforkd.sock");
|
let socket_path = socket_dir.path().join("keyforkd.sock");
|
||||||
let result = rt.block_on(async move {
|
rt.block_on(async move {
|
||||||
let (tx, mut rx) = tokio::sync::mpsc::channel(1);
|
let (tx, mut rx) = tokio::sync::mpsc::channel(1);
|
||||||
let server_handle = tokio::spawn({
|
let server_handle = tokio::spawn({
|
||||||
let socket_path = socket_path.clone();
|
let socket_path = socket_path.clone();
|
||||||
|
@ -97,19 +82,13 @@ where
|
||||||
rx.recv()
|
rx.recv()
|
||||||
.await
|
.await
|
||||||
.expect(bug!("can't receive server start signal from channel"));
|
.expect(bug!("can't receive server start signal from channel"));
|
||||||
std::env::set_var("KEYFORKD_SOCKET_PATH", &socket_path);
|
|
||||||
let test_handle = tokio::task::spawn_blocking(move || closure(&socket_path));
|
let test_handle = tokio::task::spawn_blocking(move || closure(&socket_path));
|
||||||
|
|
||||||
let result = test_handle.await;
|
let result = test_handle.await;
|
||||||
server_handle.abort();
|
server_handle.abort();
|
||||||
result
|
result
|
||||||
});
|
})
|
||||||
if let Err(e) = result {
|
.expect(bug!("runtime could not join all threads"))
|
||||||
if let Ok(reason) = e.try_into_panic() {
|
|
||||||
std::panic::resume_unwind(reason);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
@ -119,6 +98,6 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn test_run_test() {
|
fn test_run_test() {
|
||||||
let seed = b"beefbeef";
|
let seed = b"beefbeef";
|
||||||
run_test(seed, |_path| Panicable::Ok(())).expect("infallible");
|
run_test(seed, |_path| Infallible::Ok(())).expect("infallible");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
[package]
|
|
||||||
name = "keyfork-derive-age"
|
|
||||||
version = "0.1.0"
|
|
||||||
edition = "2021"
|
|
||||||
license = "AGPL-3.0-only"
|
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
keyfork-derive-util = { workspace = true, default-features = false, features = ["ed25519"] }
|
|
||||||
keyforkd-client = { workspace = true }
|
|
||||||
smex = { workspace = true }
|
|
||||||
thiserror = "1.0.48"
|
|
||||||
bech32 = "0.11.0"
|
|
||||||
keyfork-derive-path-data = { workspace = true }
|
|
||||||
ed25519-dalek = "2.1.1"
|
|
|
@ -1,69 +0,0 @@
|
||||||
use std::{env, process::ExitCode, str::FromStr};
|
|
||||||
|
|
||||||
use keyfork_derive_path_data::paths;
|
|
||||||
use keyfork_derive_util::{DerivationPath, ExtendedPrivateKey, PathError};
|
|
||||||
use keyforkd_client::Client;
|
|
||||||
|
|
||||||
use ed25519_dalek::SigningKey;
|
|
||||||
|
|
||||||
type XPrv = ExtendedPrivateKey<SigningKey>;
|
|
||||||
|
|
||||||
/// Any error that can occur while deriving a key.
|
|
||||||
#[derive(Debug, thiserror::Error)]
|
|
||||||
pub enum Error {
|
|
||||||
/// The given path could not be parsed.
|
|
||||||
#[error("Could not parse the given path: {0}")]
|
|
||||||
PathFormat(#[from] PathError),
|
|
||||||
|
|
||||||
/// The request to derive data failed.
|
|
||||||
#[error("Unable to perform key derivation request: {0}")]
|
|
||||||
KeyforkdClient(#[from] keyforkd_client::Error),
|
|
||||||
}
|
|
||||||
|
|
||||||
#[allow(missing_docs)]
|
|
||||||
pub type Result<T, E = Error> = std::result::Result<T, E>;
|
|
||||||
|
|
||||||
fn validate(path: &str) -> Result<DerivationPath> {
|
|
||||||
let index = paths::AGE.inner().first().unwrap();
|
|
||||||
|
|
||||||
let path = DerivationPath::from_str(path)?;
|
|
||||||
assert!(
|
|
||||||
path.len() >= 2,
|
|
||||||
"Expected path of at least m/{index}/account_id'"
|
|
||||||
);
|
|
||||||
|
|
||||||
let given_index = path.iter().next().expect("checked .len() above");
|
|
||||||
assert_eq!(
|
|
||||||
index, given_index,
|
|
||||||
"Expected derivation path starting with m/{index}, got: {given_index}",
|
|
||||||
);
|
|
||||||
|
|
||||||
Ok(path)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn run() -> Result<(), Box<dyn std::error::Error>> {
|
|
||||||
let mut args = env::args();
|
|
||||||
let program_name = args.next().expect("program name");
|
|
||||||
let args = args.collect::<Vec<_>>();
|
|
||||||
let path = match args.as_slice() {
|
|
||||||
[path] => validate(path)?,
|
|
||||||
_ => panic!("Usage: {program_name} path"),
|
|
||||||
};
|
|
||||||
|
|
||||||
let mut client = Client::discover_socket()?;
|
|
||||||
// TODO: should this key be clamped to Curve25519 specs?
|
|
||||||
let xprv: XPrv = client.request_xprv(&path)?;
|
|
||||||
let hrp = bech32::Hrp::parse("AGE-SECRET-KEY-")?;
|
|
||||||
let age_key = bech32::encode::<bech32::Bech32>(hrp, &xprv.private_key().to_bytes())?;
|
|
||||||
println!("{}", age_key.to_uppercase());
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn main() -> ExitCode {
|
|
||||||
if let Err(e) = run() {
|
|
||||||
eprintln!("Error: {e}");
|
|
||||||
ExitCode::FAILURE
|
|
||||||
} else {
|
|
||||||
ExitCode::SUCCESS
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,13 +1,13 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-derive-key"
|
name = "keyfork-derive-key"
|
||||||
version = "0.1.1"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-derive-util = { workspace = true }
|
keyfork-derive-util = { version = "0.1.0", path = "../keyfork-derive-util", registry = "distrust" }
|
||||||
keyforkd-client = { workspace = true }
|
keyforkd-client = { version = "0.1.0", path = "../../daemon/keyforkd-client", registry = "distrust" }
|
||||||
smex = { workspace = true }
|
smex = { version = "0.1.0", path = "../../util/smex", registry = "distrust" }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.48"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Query the Keyfork Server to generate a hex-encoded key for a given algorithm.
|
//!
|
||||||
|
|
||||||
use std::{env, process::ExitCode, str::FromStr};
|
use std::{env, process::ExitCode, str::FromStr};
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-derive-openpgp"
|
name = "keyfork-derive-openpgp"
|
||||||
version = "0.1.3"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
|
@ -10,10 +10,9 @@ default = ["bin"]
|
||||||
bin = ["sequoia-openpgp/crypto-nettle"]
|
bin = ["sequoia-openpgp/crypto-nettle"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-derive-util = { workspace = true, default-features = false, features = ["ed25519"] }
|
keyfork-derive-util = { version = "0.1.0", path = "../keyfork-derive-util", default-features = false, features = ["ed25519"], registry = "distrust" }
|
||||||
keyforkd-client = { workspace = true, default-features = false, features = ["ed25519"] }
|
keyforkd-client = { version = "0.1.0", path = "../../daemon/keyforkd-client", default-features = false, features = ["ed25519"], registry = "distrust" }
|
||||||
ed25519-dalek = { workspace = true }
|
ed25519-dalek = "2.0.0"
|
||||||
sequoia-openpgp = { workspace = true }
|
sequoia-openpgp = { version = "1.17.0", default-features = false }
|
||||||
anyhow = { workspace = true }
|
anyhow = "1.0.75"
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.49"
|
||||||
keyfork-derive-path-data = { workspace = true }
|
|
||||||
|
|
|
@ -19,14 +19,8 @@ use sequoia_openpgp::{
|
||||||
Cert, Packet,
|
Cert, Packet,
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO: this key type is actually _not_ the extended private key, so it should be renamed
|
|
||||||
// something like Prv or PrvKey.
|
|
||||||
|
|
||||||
/// The private key type used with OpenPGP.
|
|
||||||
pub type XPrvKey = SigningKey;
|
pub type XPrvKey = SigningKey;
|
||||||
|
pub type XPrv = ExtendedPrivateKey<SigningKey>;
|
||||||
/// The extended private key type used with OpenPGP.
|
|
||||||
pub type XPrv = ExtendedPrivateKey<XPrvKey>;
|
|
||||||
|
|
||||||
/// An error occurred while creating an OpenPGP key.
|
/// An error occurred while creating an OpenPGP key.
|
||||||
#[derive(Debug, thiserror::Error)]
|
#[derive(Debug, thiserror::Error)]
|
||||||
|
@ -65,17 +59,13 @@ pub enum Error {
|
||||||
#[allow(missing_docs)]
|
#[allow(missing_docs)]
|
||||||
pub type Result<T, E = Error> = std::result::Result<T, E>;
|
pub type Result<T, E = Error> = std::result::Result<T, E>;
|
||||||
|
|
||||||
/// Create an OpenPGP Cert with private key data, with derived keys from the given derivation
|
/// Create an OpenPGP Cert with derived keys from the given derivation response, keys, and User
|
||||||
/// response, keys, and User ID.
|
/// ID.
|
||||||
///
|
|
||||||
/// Certificates are created with a default expiration of one day, but may be configured to expire
|
|
||||||
/// later using the `KEYFORK_OPENPGP_EXPIRE` environment variable using values such as "15d" (15
|
|
||||||
/// days), "1m" (one month), or "2y" (two years).
|
|
||||||
///
|
///
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// The function may error for any condition mentioned in [`Error`].
|
/// The function may error for any condition mentioned in [`Error`].
|
||||||
pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
let primary_key_flags = match keys.first() {
|
let primary_key_flags = match keys.get(0) {
|
||||||
Some(kf) if kf.for_certification() => kf,
|
Some(kf) if kf.for_certification() => kf,
|
||||||
_ => return Err(Error::NotCert),
|
_ => return Err(Error::NotCert),
|
||||||
};
|
};
|
||||||
|
@ -119,7 +109,7 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
let cert = cert.insert_packets(vec![Packet::from(userid.clone()), binding.into()])?;
|
let cert = cert.insert_packets(vec![Packet::from(userid.clone()), binding.into()])?;
|
||||||
let policy = sequoia_openpgp::policy::StandardPolicy::new();
|
let policy = sequoia_openpgp::policy::StandardPolicy::new();
|
||||||
|
|
||||||
// Set certificate expiration to configured expiration or (default) one day
|
// Set certificate expiration to one day
|
||||||
let mut keypair = primary_key.clone().into_keypair()?;
|
let mut keypair = primary_key.clone().into_keypair()?;
|
||||||
let signatures =
|
let signatures =
|
||||||
cert.set_expiration_time(&policy, None, &mut keypair, Some(expiration_date))?;
|
cert.set_expiration_time(&policy, None, &mut keypair, Some(expiration_date))?;
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
//! Query the Keyfork Servre to derive an OpenPGP Secret Key.
|
//!
|
||||||
|
|
||||||
use std::{env, process::ExitCode, str::FromStr};
|
use std::{env, process::ExitCode, str::FromStr};
|
||||||
|
|
||||||
use keyfork_derive_util::DerivationPath;
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
use keyfork_derive_path_data::paths;
|
|
||||||
use keyforkd_client::Client;
|
use keyforkd_client::Client;
|
||||||
|
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
@ -79,14 +78,14 @@ fn validate(
|
||||||
subkey_format: &str,
|
subkey_format: &str,
|
||||||
default_userid: &str,
|
default_userid: &str,
|
||||||
) -> Result<(DerivationPath, Vec<KeyType>, UserID), Box<dyn std::error::Error>> {
|
) -> Result<(DerivationPath, Vec<KeyType>, UserID), Box<dyn std::error::Error>> {
|
||||||
let index = paths::OPENPGP.inner().first().unwrap();
|
let index = DerivationIndex::new(u32::from_be_bytes(*b"\x00pgp"), true)?;
|
||||||
|
|
||||||
let path = DerivationPath::from_str(path)?;
|
let path = DerivationPath::from_str(path)?;
|
||||||
assert!(path.len() >= 2, "Expected path of at least m/{index}/account_id'");
|
assert_eq!(2, path.len(), "Expected path of m/{index}/account_id'");
|
||||||
|
|
||||||
let given_index = path.iter().next().expect("checked .len() above");
|
let given_index = path.iter().next().expect("checked .len() above");
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
index, given_index,
|
&index, given_index,
|
||||||
"Expected derivation path starting with m/{index}, got: {given_index}",
|
"Expected derivation path starting with m/{index}, got: {given_index}",
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -121,7 +120,7 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
|
||||||
let mut w = Writer::new(std::io::stdout(), Kind::SecretKey)?;
|
let mut w = Writer::new(std::io::stdout(), Kind::SecretKey)?;
|
||||||
|
|
||||||
for packet in cert.into_packets2() {
|
for packet in cert.into_packets() {
|
||||||
packet.serialize(&mut w)?;
|
packet.serialize(&mut w)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-derive-path-data"
|
name = "keyfork-derive-path-data"
|
||||||
version = "0.1.2"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-derive-util = { workspace = true, default-features = false }
|
keyfork-derive-util = { version = "0.1.0", path = "../keyfork-derive-util", default-features = false, registry = "distrust" }
|
||||||
once_cell = "1.19.0"
|
|
||||||
|
|
|
@ -2,129 +2,32 @@
|
||||||
|
|
||||||
#![allow(clippy::unreadable_literal)]
|
#![allow(clippy::unreadable_literal)]
|
||||||
|
|
||||||
use once_cell::sync::Lazy;
|
|
||||||
|
|
||||||
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
|
|
||||||
/// All common paths for key derivation.
|
/// The default derivation path for OpenPGP.
|
||||||
pub mod paths {
|
pub static OPENPGP: DerivationIndex = DerivationIndex::new_unchecked(7366512, true);
|
||||||
use super::*;
|
|
||||||
|
|
||||||
/// The default derivation path for OpenPGP.
|
|
||||||
pub static OPENPGP: Lazy<DerivationPath> = Lazy::new(|| {
|
|
||||||
DerivationPath::default().chain_push(DerivationIndex::new_unchecked(
|
|
||||||
u32::from_be_bytes(*b"\x00pgp"),
|
|
||||||
true,
|
|
||||||
))
|
|
||||||
});
|
|
||||||
|
|
||||||
/// The derivation path for OpenPGP certificates used for sharding.
|
|
||||||
pub static OPENPGP_SHARD: Lazy<DerivationPath> = Lazy::new(|| {
|
|
||||||
DerivationPath::default()
|
|
||||||
.chain_push(DerivationIndex::new_unchecked(
|
|
||||||
u32::from_be_bytes(*b"\x00pgp"),
|
|
||||||
true,
|
|
||||||
))
|
|
||||||
.chain_push(DerivationIndex::new_unchecked(
|
|
||||||
u32::from_be_bytes(*b"shrd"),
|
|
||||||
true,
|
|
||||||
))
|
|
||||||
});
|
|
||||||
|
|
||||||
/// The derivation path for OpenPGP certificates used for disaster recovery.
|
|
||||||
pub static OPENPGP_DISASTER_RECOVERY: Lazy<DerivationPath> = Lazy::new(|| {
|
|
||||||
DerivationPath::default()
|
|
||||||
.chain_push(DerivationIndex::new_unchecked(
|
|
||||||
u32::from_be_bytes(*b"\x00pgp"),
|
|
||||||
true,
|
|
||||||
))
|
|
||||||
.chain_push(DerivationIndex::new_unchecked(
|
|
||||||
u32::from_be_bytes(*b"\x00\x00dr"),
|
|
||||||
true,
|
|
||||||
))
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Determine if a prefix matches and whether the next index exists.
|
|
||||||
fn prefix_matches(given: &DerivationPath, target: &DerivationPath) -> Option<DerivationIndex> {
|
|
||||||
if given.len() <= target.len() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
if target
|
|
||||||
.iter()
|
|
||||||
.zip(given.iter())
|
|
||||||
.all(|(left, right)| left == right)
|
|
||||||
{
|
|
||||||
given.iter().nth(target.len()).cloned()
|
|
||||||
} else {
|
|
||||||
None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// A derivation target.
|
/// A derivation target.
|
||||||
#[derive(Debug)]
|
|
||||||
#[non_exhaustive]
|
|
||||||
pub enum Target {
|
pub enum Target {
|
||||||
/// An OpenPGP key, whose account is the given index.
|
/// An OpenPGP key, whose account is the given index.
|
||||||
OpenPGP(DerivationIndex),
|
OpenPGP(DerivationIndex),
|
||||||
|
|
||||||
/// An OpenPGP key used for sharding.
|
|
||||||
OpenPGPShard(DerivationIndex),
|
|
||||||
|
|
||||||
/// An OpenPGP key used for disaster recovery.
|
|
||||||
OpenPGPDisasterRecovery(DerivationIndex),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl std::fmt::Display for Target {
|
impl std::fmt::Display for Target {
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||||
match self {
|
match self {
|
||||||
Target::OpenPGP(account) => {
|
Self::OpenPGP(account) => {
|
||||||
write!(f, "OpenPGP key (account {account})")
|
write!(f, "OpenPGP key (account {account})")
|
||||||
}
|
}
|
||||||
Target::OpenPGPShard(shard_index) => {
|
|
||||||
write!(f, "OpenPGP Shard key (shard index {shard_index})")
|
|
||||||
}
|
|
||||||
Target::OpenPGPDisasterRecovery(account) => {
|
|
||||||
write!(f, "OpenPGP Disaster Recovery key (account {account})")
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
macro_rules! test_match {
|
|
||||||
($var:ident, $shard:path, $target:path) => {
|
|
||||||
if let Some(index) = prefix_matches($var, &$shard) {
|
|
||||||
return Some($target(index));
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Determine the closest [`Target`] for the given path. This method is intended to be used by
|
/// Determine the closest [`Target`] for the given path. This method is intended to be used by
|
||||||
/// `keyforkd` to provide an optional textual prompt to what a client is attempting to derive.
|
/// `keyforkd` to provide an optional textual prompt to what a client is attempting to derive.
|
||||||
pub fn guess_target(path: &DerivationPath) -> Option<Target> {
|
pub fn guess_target(path: &DerivationPath) -> Option<Target> {
|
||||||
test_match!(path, paths::OPENPGP_SHARD, Target::OpenPGPShard);
|
Some(match path.iter().collect::<Vec<_>>()[..] {
|
||||||
test_match!(
|
[t, index] if t == &OPENPGP => Target::OpenPGP(index.clone()),
|
||||||
path,
|
_ => return None,
|
||||||
paths::OPENPGP_DISASTER_RECOVERY,
|
})
|
||||||
Target::OpenPGPDisasterRecovery
|
|
||||||
);
|
|
||||||
test_match!(path, paths::OPENPGP, Target::OpenPGP);
|
|
||||||
None
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(test)]
|
|
||||||
mod tests {
|
|
||||||
use super::*;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn it_works() {
|
|
||||||
let index = DerivationIndex::new(5312, false).unwrap();
|
|
||||||
let dr_key = paths::OPENPGP_DISASTER_RECOVERY
|
|
||||||
.clone()
|
|
||||||
.chain_push(index.clone());
|
|
||||||
match guess_target(&dr_key) {
|
|
||||||
Some(Target::OpenPGPDisasterRecovery(idx)) if idx == index => (),
|
|
||||||
bad => panic!("invalid value: {bad:?}"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-derive-util"
|
name = "keyfork-derive-util"
|
||||||
version = "0.2.1"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
|
@ -12,25 +12,25 @@ secp256k1 = ["k256"]
|
||||||
ed25519 = ["ed25519-dalek"]
|
ed25519 = ["ed25519-dalek"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-mnemonic = { workspace = true }
|
keyfork-mnemonic-util = { version = "0.2.0", path = "../../util/keyfork-mnemonic-util", registry = "distrust" }
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../../util/keyfork-bug", registry = "distrust" }
|
||||||
|
|
||||||
# Included in Rust
|
# Included in Rust
|
||||||
digest = "0.10.7"
|
digest = "0.10.7"
|
||||||
sha2 = { workspace = true }
|
sha2 = "0.10.7"
|
||||||
|
|
||||||
# Rust-Crypto ecosystem, not personally audited
|
# Rust-Crypto ecosystem, not personally audited
|
||||||
ripemd = "0.1.3"
|
ripemd = "0.1.3"
|
||||||
hmac = { workspace = true, features = ["std"] }
|
hmac = { version = "0.12.1", features = ["std"] }
|
||||||
|
|
||||||
# Personally audited
|
# Personally audited
|
||||||
serde = { workspace = true }
|
serde = { version = "1.0.186", features = ["derive"] }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.47"
|
||||||
|
|
||||||
# Optional, not personally audited
|
# Optional, not personally audited
|
||||||
k256 = { workspace = true, default-features = false, features = ["std", "arithmetic"], optional = true }
|
k256 = { version = "0.13.1", default-features = false, features = ["std", "arithmetic"], optional = true }
|
||||||
ed25519-dalek = { workspace = true, optional = true }
|
ed25519-dalek = { version = "2.0.0", optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex-literal = { workspace = true }
|
hex-literal = "0.4.1"
|
||||||
keyfork-slip10-test-data = { workspace = true }
|
keyfork-slip10-test-data = { version = "0.1.0", path = "../../util/keyfork-slip10-test-data", registry = "distrust" }
|
||||||
|
|
|
@ -23,7 +23,7 @@ performed directly on a master seed. This is how Keyforkd works internally.
|
||||||
|
|
||||||
```rust
|
```rust
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
use keyfork_mnemonic::Mnemonic;
|
use keyfork_mnemonic_util::Mnemonic;
|
||||||
use keyfork_derive_util::{*, request::*};
|
use keyfork_derive_util::{*, request::*};
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
//! # Examples
|
//! # Examples
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use std::str::FromStr;
|
//! use std::str::FromStr;
|
||||||
//! use keyfork_mnemonic::Mnemonic;
|
//! use keyfork_mnemonic_util::Mnemonic;
|
||||||
//! use keyfork_derive_util::{*, request::*};
|
//! use keyfork_derive_util::{*, request::*};
|
||||||
//! use k256::SecretKey;
|
//! use k256::SecretKey;
|
||||||
//!
|
//!
|
||||||
|
@ -41,9 +41,9 @@
|
||||||
//! }
|
//! }
|
||||||
//! ```
|
//! ```
|
||||||
|
|
||||||
#[allow(missing_docs)]
|
///
|
||||||
pub mod private_key;
|
pub mod private_key;
|
||||||
#[allow(missing_docs)]
|
///
|
||||||
pub mod public_key;
|
pub mod public_key;
|
||||||
|
|
||||||
pub use {private_key::ExtendedPrivateKey, public_key::ExtendedPublicKey};
|
pub use {private_key::ExtendedPrivateKey, public_key::ExtendedPublicKey};
|
||||||
|
|
|
@ -27,10 +27,6 @@ pub enum Error {
|
||||||
/// The given slice was of an inappropriate size to create a Private Key.
|
/// The given slice was of an inappropriate size to create a Private Key.
|
||||||
#[error("The given slice was of an inappropriate size to create a Private Key")]
|
#[error("The given slice was of an inappropriate size to create a Private Key")]
|
||||||
InvalidSliceError(#[from] std::array::TryFromSliceError),
|
InvalidSliceError(#[from] std::array::TryFromSliceError),
|
||||||
|
|
||||||
/// The given data was not a valid key for the chosen key type.
|
|
||||||
#[error("The given data was not a valid key for the chosen key type")]
|
|
||||||
InvalidKey,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Result<T, E = Error> = std::result::Result<T, E>;
|
type Result<T, E = Error> = std::result::Result<T, E>;
|
||||||
|
@ -128,10 +124,10 @@ mod serde_with {
|
||||||
K: PrivateKey + Clone,
|
K: PrivateKey + Clone,
|
||||||
{
|
{
|
||||||
let variable_len_bytes = <&[u8]>::deserialize(deserializer)?;
|
let variable_len_bytes = <&[u8]>::deserialize(deserializer)?;
|
||||||
let bytes: [u8; 32] = variable_len_bytes.try_into().expect(bug!(
|
let bytes: [u8; 32] = variable_len_bytes
|
||||||
"unable to parse serialized private key; no support for static len"
|
.try_into()
|
||||||
));
|
.expect(bug!("unable to parse serialized private key; no support for static len"));
|
||||||
Ok(K::from_bytes(&bytes).expect(bug!("could not deserialize key with invalid scalar")))
|
Ok(K::from_bytes(&bytes))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -152,9 +148,13 @@ where
|
||||||
/// Generate a new [`ExtendedPrivateKey`] from a seed, ideally from a 12-word or 24-word
|
/// Generate a new [`ExtendedPrivateKey`] from a seed, ideally from a 12-word or 24-word
|
||||||
/// mnemonic, but may take 16-byte seeds.
|
/// mnemonic, but may take 16-byte seeds.
|
||||||
///
|
///
|
||||||
|
/// # Panics
|
||||||
|
/// The method performs unchecked `try_into()` operations on a constant-sized slice.
|
||||||
|
///
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// The function may return an error if the derived master key could not be parsed as a key for
|
/// An error may be returned if:
|
||||||
/// the given algorithm (such as exceeding values on the secp256k1 curve).
|
/// * The given seed had an incorrect length.
|
||||||
|
/// * A `HmacSha512` can't be constructed.
|
||||||
///
|
///
|
||||||
/// # Examples
|
/// # Examples
|
||||||
/// ```rust
|
/// ```rust
|
||||||
|
@ -167,11 +167,11 @@ where
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
||||||
/// ```
|
/// ```
|
||||||
pub fn new(seed: impl as_private_key::AsPrivateKey) -> Result<Self> {
|
pub fn new(seed: impl as_private_key::AsPrivateKey) -> Self {
|
||||||
Self::new_internal(seed.as_private_key())
|
Self::new_internal(seed.as_private_key())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn new_internal(seed: &[u8]) -> Result<Self> {
|
fn new_internal(seed: &[u8]) -> Self {
|
||||||
let hash = HmacSha512::new_from_slice(&K::key().bytes().collect::<Vec<_>>())
|
let hash = HmacSha512::new_from_slice(&K::key().bytes().collect::<Vec<_>>())
|
||||||
.expect(bug!("HmacSha512 InvalidLength should be infallible"))
|
.expect(bug!("HmacSha512 InvalidLength should be infallible"))
|
||||||
.chain_update(seed)
|
.chain_update(seed)
|
||||||
|
@ -179,27 +179,13 @@ where
|
||||||
.into_bytes();
|
.into_bytes();
|
||||||
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
|
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
|
||||||
|
|
||||||
// Verify the master key is nonzero, hopefully avoiding side-channel attacks.
|
Self::new_from_parts(
|
||||||
let mut has_any_nonzero = false;
|
|
||||||
// deoptimize arithmetic smartness
|
|
||||||
for byte in private_key.iter().map(std::hint::black_box) {
|
|
||||||
if *byte != 0 {
|
|
||||||
// deoptimize break
|
|
||||||
has_any_nonzero = std::hint::black_box(true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
assert!(has_any_nonzero, bug!("hmac function returned all-zero master key"));
|
|
||||||
|
|
||||||
Self::from_parts(
|
|
||||||
private_key
|
private_key
|
||||||
.try_into()
|
.try_into()
|
||||||
.expect(bug!("KEY_SIZE / 8 did not give a 32 byte slice")),
|
.expect(bug!("KEY_SIZE / 8 did not give a 32 byte slice")),
|
||||||
0,
|
0,
|
||||||
// Checked: chain_code is always the same length, hash is static size
|
// Checked: chain_code is always the same length, hash is static size
|
||||||
chain_code
|
chain_code.try_into().expect(bug!("Invalid chain code length")),
|
||||||
.try_into()
|
|
||||||
.expect(bug!("Invalid chain code length")),
|
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -219,18 +205,13 @@ where
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let chain_code: &[u8; 32] = //
|
/// let chain_code: &[u8; 32] = //
|
||||||
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::from_parts(key, 4, *chain_code);
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new_from_parts(key, 4, *chain_code);
|
||||||
/// ```
|
/// ```
|
||||||
pub fn from_parts(key: &[u8; 32], depth: u8, chain_code: [u8; 32]) -> Result<Self> {
|
pub fn new_from_parts(key: &[u8; 32], depth: u8, chain_code: [u8; 32]) -> Self {
|
||||||
match K::from_bytes(key) {
|
Self {
|
||||||
Ok(key) => {
|
private_key: K::from_bytes(key),
|
||||||
Ok(Self {
|
|
||||||
private_key: key,
|
|
||||||
depth,
|
depth,
|
||||||
chain_code,
|
chain_code,
|
||||||
})
|
|
||||||
}
|
|
||||||
Err(_) => Err(Error::InvalidKey),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,15 +225,12 @@ where
|
||||||
/// # public_key::TestPublicKey as PublicKey,
|
/// # public_key::TestPublicKey as PublicKey,
|
||||||
/// # private_key::TestPrivateKey as PrivateKey,
|
/// # private_key::TestPrivateKey as PrivateKey,
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|
||||||
/// let key: &[u8; 32] = //
|
/// let key: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let chain_code: &[u8; 32] = //
|
/// let chain_code: &[u8; 32] = //
|
||||||
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::from_parts(key, 4, *chain_code)?;
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new_from_parts(key, 4, *chain_code);
|
||||||
/// assert_eq!(xprv.private_key(), &PrivateKey::from_bytes(key)?);
|
/// assert_eq!(xprv.private_key(), &PrivateKey::from_bytes(key));
|
||||||
/// # Ok(())
|
|
||||||
/// # }
|
|
||||||
/// ```
|
/// ```
|
||||||
pub fn private_key(&self) -> &K {
|
pub fn private_key(&self) -> &K {
|
||||||
&self.private_key
|
&self.private_key
|
||||||
|
@ -277,14 +255,14 @@ where
|
||||||
/// # 102, 201, 210, 159, 219, 222, 42, 201, 44, 196, 27,
|
/// # 102, 201, 210, 159, 219, 222, 42, 201, 44, 196, 27,
|
||||||
/// # 90, 221, 80, 85, 135, 79, 39, 253, 223, 35, 251
|
/// # 90, 221, 80, 85, 135, 79, 39, 253, 223, 35, 251
|
||||||
/// # ];
|
/// # ];
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed)?;
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
||||||
/// let xpub = xprv.extended_public_key();
|
/// let xpub = xprv.extended_public_key();
|
||||||
/// assert_eq!(known_key, xpub.public_key().to_bytes());
|
/// assert_eq!(known_key, xpub.public_key().to_bytes());
|
||||||
/// # Ok(())
|
/// # Ok(())
|
||||||
/// # }
|
/// # }
|
||||||
/// ```
|
/// ```
|
||||||
pub fn extended_public_key(&self) -> ExtendedPublicKey<K::PublicKey> {
|
pub fn extended_public_key(&self) -> ExtendedPublicKey<K::PublicKey> {
|
||||||
ExtendedPublicKey::from_parts(self.public_key(), self.depth, self.chain_code)
|
ExtendedPublicKey::new_from_parts(self.public_key(), self.depth, self.chain_code)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Return a public key for the current [`PrivateKey`].
|
/// Return a public key for the current [`PrivateKey`].
|
||||||
|
@ -301,7 +279,7 @@ where
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let seed: &[u8; 64] = //
|
/// let seed: &[u8; 64] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed)?;
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
||||||
/// let pubkey = xprv.public_key();
|
/// let pubkey = xprv.public_key();
|
||||||
/// # Ok(())
|
/// # Ok(())
|
||||||
/// # }
|
/// # }
|
||||||
|
@ -319,15 +297,12 @@ where
|
||||||
/// # public_key::TestPublicKey as PublicKey,
|
/// # public_key::TestPublicKey as PublicKey,
|
||||||
/// # private_key::TestPrivateKey as PrivateKey,
|
/// # private_key::TestPrivateKey as PrivateKey,
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|
||||||
/// let key: &[u8; 32] = //
|
/// let key: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let chain_code: &[u8; 32] = //
|
/// let chain_code: &[u8; 32] = //
|
||||||
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::from_parts(key, 4, *chain_code)?;
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new_from_parts(key, 4, *chain_code);
|
||||||
/// assert_eq!(xprv.depth(), 4);
|
/// assert_eq!(xprv.depth(), 4);
|
||||||
/// # Ok(())
|
|
||||||
/// # }
|
|
||||||
/// ```
|
/// ```
|
||||||
pub fn depth(&self) -> u8 {
|
pub fn depth(&self) -> u8 {
|
||||||
self.depth
|
self.depth
|
||||||
|
@ -342,15 +317,12 @@ where
|
||||||
/// # public_key::TestPublicKey as PublicKey,
|
/// # public_key::TestPublicKey as PublicKey,
|
||||||
/// # private_key::TestPrivateKey as PrivateKey,
|
/// # private_key::TestPrivateKey as PrivateKey,
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|
||||||
/// let key: &[u8; 32] = //
|
/// let key: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let chain_code: &[u8; 32] = //
|
/// let chain_code: &[u8; 32] = //
|
||||||
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// let xprv = ExtendedPrivateKey::<PrivateKey>::from_parts(key, 4, *chain_code)?;
|
/// let xprv = ExtendedPrivateKey::<PrivateKey>::new_from_parts(key, 4, *chain_code);
|
||||||
/// assert_eq!(chain_code, &xprv.chain_code());
|
/// assert_eq!(chain_code, &xprv.chain_code());
|
||||||
/// # Ok(())
|
|
||||||
/// # }
|
|
||||||
/// ```
|
/// ```
|
||||||
pub fn chain_code(&self) -> [u8; 32] {
|
pub fn chain_code(&self) -> [u8; 32] {
|
||||||
self.chain_code
|
self.chain_code
|
||||||
|
@ -372,7 +344,7 @@ where
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let seed: &[u8; 64] = //
|
/// let seed: &[u8; 64] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let root_xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed)?;
|
/// let root_xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
||||||
/// let path = DerivationPath::default()
|
/// let path = DerivationPath::default()
|
||||||
/// .chain_push(DerivationIndex::new(44, true)?)
|
/// .chain_push(DerivationIndex::new(44, true)?)
|
||||||
/// .chain_push(DerivationIndex::new(0, true)?)
|
/// .chain_push(DerivationIndex::new(0, true)?)
|
||||||
|
@ -418,7 +390,7 @@ where
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let seed: &[u8; 64] = //
|
/// let seed: &[u8; 64] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let root_xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed)?;
|
/// let root_xprv = ExtendedPrivateKey::<PrivateKey>::new(*seed);
|
||||||
/// let bip44_wallet = DerivationPath::default()
|
/// let bip44_wallet = DerivationPath::default()
|
||||||
/// .chain_push(DerivationIndex::new(44, true)?)
|
/// .chain_push(DerivationIndex::new(44, true)?)
|
||||||
/// .chain_push(DerivationIndex::new(0, true)?)
|
/// .chain_push(DerivationIndex::new(0, true)?)
|
||||||
|
|
|
@ -11,8 +11,8 @@ const KEY_SIZE: usize = 256;
|
||||||
/// Errors associated with creating or deriving Extended Public Keys.
|
/// Errors associated with creating or deriving Extended Public Keys.
|
||||||
#[derive(Error, Clone, Debug)]
|
#[derive(Error, Clone, Debug)]
|
||||||
pub enum Error {
|
pub enum Error {
|
||||||
/// BIP-0032 does not support hardened public key derivation from parent public keys.
|
/// BIP-0032 does not support deriving public keys from hardened private keys.
|
||||||
#[error("Hardened child public keys may not be derived from parent public keys")]
|
#[error("Public keys may not be derived when hardened")]
|
||||||
HardenedIndex,
|
HardenedIndex,
|
||||||
|
|
||||||
/// The maximum depth for key derivation has been reached. The supported maximum depth is 255.
|
/// The maximum depth for key derivation has been reached. The supported maximum depth is 255.
|
||||||
|
@ -60,11 +60,11 @@ where
|
||||||
/// let chain_code: &[u8; 32] = //
|
/// let chain_code: &[u8; 32] = //
|
||||||
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// let pubkey = PublicKey::from_bytes(key);
|
/// let pubkey = PublicKey::from_bytes(key);
|
||||||
/// let xpub = ExtendedPublicKey::<PublicKey>::from_parts(pubkey, 0, *chain_code);
|
/// let xpub = ExtendedPublicKey::<PublicKey>::new_from_parts(pubkey, 0, *chain_code);
|
||||||
/// # Ok(())
|
/// # Ok(())
|
||||||
/// # }
|
/// # }
|
||||||
/// ```
|
/// ```
|
||||||
pub fn from_parts(public_key: K, depth: u8, chain_code: ChainCode) -> Self {
|
pub fn new_from_parts(public_key: K, depth: u8, chain_code: ChainCode) -> Self {
|
||||||
Self {
|
Self {
|
||||||
public_key,
|
public_key,
|
||||||
depth,
|
depth,
|
||||||
|
@ -86,7 +86,7 @@ where
|
||||||
/// # let chain_code: &[u8; 32] = b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # let chain_code: &[u8; 32] = b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// # let pubkey = PublicKey::from_bytes(key);
|
/// # let pubkey = PublicKey::from_bytes(key);
|
||||||
/// let xpub = //
|
/// let xpub = //
|
||||||
/// # ExtendedPublicKey::<PublicKey>::from_parts(pubkey, 0, *chain_code);
|
/// # ExtendedPublicKey::<PublicKey>::new_from_parts(pubkey, 0, *chain_code);
|
||||||
/// let pubkey = xpub.public_key();
|
/// let pubkey = xpub.public_key();
|
||||||
/// # Ok(())
|
/// # Ok(())
|
||||||
/// # }
|
/// # }
|
||||||
|
@ -121,7 +121,7 @@ where
|
||||||
/// # let chain_code: &[u8; 32] = b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
/// # let chain_code: &[u8; 32] = b"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
|
||||||
/// # let pubkey = PublicKey::from_bytes(key);
|
/// # let pubkey = PublicKey::from_bytes(key);
|
||||||
/// let xpub = //
|
/// let xpub = //
|
||||||
/// # ExtendedPublicKey::<PublicKey>::from_parts(pubkey, 0, *chain_code);
|
/// # ExtendedPublicKey::<PublicKey>::new_from_parts(pubkey, 0, *chain_code);
|
||||||
/// let index = DerivationIndex::new(0, false)?;
|
/// let index = DerivationIndex::new(0, false)?;
|
||||||
/// let child = xpub.derive_child(&index)?;
|
/// let child = xpub.derive_child(&index)?;
|
||||||
/// # Ok(())
|
/// # Ok(())
|
||||||
|
|
|
@ -2,6 +2,8 @@ use crate::PublicKey;
|
||||||
|
|
||||||
use thiserror::Error;
|
use thiserror::Error;
|
||||||
|
|
||||||
|
use keyfork_bug::bug;
|
||||||
|
|
||||||
pub(crate) type PrivateKeyBytes = [u8; 32];
|
pub(crate) type PrivateKeyBytes = [u8; 32];
|
||||||
|
|
||||||
/// Functions required to use an `ExtendedPrivateKey`.
|
/// Functions required to use an `ExtendedPrivateKey`.
|
||||||
|
@ -24,7 +26,7 @@ pub trait PrivateKey: Sized {
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
||||||
/// ```
|
/// ```
|
||||||
fn from_bytes(b: &PrivateKeyBytes) -> Result<Self, Self::Err>;
|
fn from_bytes(b: &PrivateKeyBytes) -> Self;
|
||||||
|
|
||||||
/// Convert a &Self to bytes.
|
/// Convert a &Self to bytes.
|
||||||
///
|
///
|
||||||
|
@ -36,7 +38,7 @@ pub trait PrivateKey: Sized {
|
||||||
/// # };
|
/// # };
|
||||||
/// let key_data: &[u8; 32] = //
|
/// let key_data: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let private_key = OurPrivateKey::from_bytes(key_data).unwrap();
|
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
||||||
/// assert_eq!(key_data, &private_key.to_bytes());
|
/// assert_eq!(key_data, &private_key.to_bytes());
|
||||||
/// ```
|
/// ```
|
||||||
fn to_bytes(&self) -> PrivateKeyBytes;
|
fn to_bytes(&self) -> PrivateKeyBytes;
|
||||||
|
@ -71,7 +73,7 @@ pub trait PrivateKey: Sized {
|
||||||
/// # };
|
/// # };
|
||||||
/// let key_data: &[u8; 32] = //
|
/// let key_data: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let private_key = OurPrivateKey::from_bytes(key_data).unwrap();
|
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
||||||
/// let public_key = private_key.public_key();
|
/// let public_key = private_key.public_key();
|
||||||
/// ```
|
/// ```
|
||||||
fn public_key(&self) -> Self::PublicKey;
|
fn public_key(&self) -> Self::PublicKey;
|
||||||
|
@ -83,7 +85,7 @@ pub trait PrivateKey: Sized {
|
||||||
/// # Errors
|
/// # Errors
|
||||||
///
|
///
|
||||||
/// An error may be returned if:
|
/// An error may be returned if:
|
||||||
/// * An all-zero `other` is provided.
|
/// * A nonzero `other` is provided.
|
||||||
/// * An error specific to the given algorithm was encountered.
|
/// * An error specific to the given algorithm was encountered.
|
||||||
fn derive_child(&self, other: &PrivateKeyBytes) -> Result<Self, Self::Err>;
|
fn derive_child(&self, other: &PrivateKeyBytes) -> Result<Self, Self::Err>;
|
||||||
|
|
||||||
|
@ -100,10 +102,6 @@ pub enum PrivateKeyError {
|
||||||
/// For the given algorithm, the private key must be nonzero.
|
/// For the given algorithm, the private key must be nonzero.
|
||||||
#[error("The provided private key must be nonzero, but is not")]
|
#[error("The provided private key must be nonzero, but is not")]
|
||||||
NonZero,
|
NonZero,
|
||||||
|
|
||||||
/// A scalar could not be constructed for the given algorithm.
|
|
||||||
#[error("A scalar could not be constructed for the given algorithm")]
|
|
||||||
InvalidScalar,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "secp256k1")]
|
#[cfg(feature = "secp256k1")]
|
||||||
|
@ -118,8 +116,8 @@ impl PrivateKey for k256::SecretKey {
|
||||||
"Bitcoin seed"
|
"Bitcoin seed"
|
||||||
}
|
}
|
||||||
|
|
||||||
fn from_bytes(b: &PrivateKeyBytes) -> Result<Self, Self::Err> {
|
fn from_bytes(b: &PrivateKeyBytes) -> Self {
|
||||||
Self::from_slice(b).map_err(|_| PrivateKeyError::InvalidScalar)
|
Self::from_slice(b).expect(bug!("Invalid private key bytes"))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> PrivateKeyBytes {
|
fn to_bytes(&self) -> PrivateKeyBytes {
|
||||||
|
@ -132,19 +130,20 @@ impl PrivateKey for k256::SecretKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn derive_child(&self, other: &PrivateKeyBytes) -> Result<Self, Self::Err> {
|
fn derive_child(&self, other: &PrivateKeyBytes) -> Result<Self, Self::Err> {
|
||||||
use k256::elliptic_curve::ScalarPrimitive;
|
if other.iter().all(|n| n == &0) {
|
||||||
use k256::{Scalar, Secp256k1};
|
return Err(PrivateKeyError::NonZero);
|
||||||
|
}
|
||||||
// Construct a scalar from bytes
|
let other = *other;
|
||||||
let scalar = ScalarPrimitive::<Secp256k1>::from_bytes(other.into());
|
// Checked: See above nonzero check
|
||||||
let scalar = Option::<ScalarPrimitive<Secp256k1>>::from(scalar);
|
let scalar = Option::<NonZeroScalar>::from(NonZeroScalar::from_repr(other.into()))
|
||||||
let scalar = scalar.ok_or(PrivateKeyError::InvalidScalar)?;
|
.expect(bug!("Should have been able to get a NonZeroScalar"));
|
||||||
let scalar = Scalar::from(scalar);
|
|
||||||
|
|
||||||
let derived_scalar = self.to_nonzero_scalar().as_ref() + scalar.as_ref();
|
let derived_scalar = self.to_nonzero_scalar().as_ref() + scalar.as_ref();
|
||||||
let nonzero_scalar = Option::<NonZeroScalar>::from(NonZeroScalar::new(derived_scalar))
|
Ok(
|
||||||
.ok_or(PrivateKeyError::NonZero)?;
|
Option::<NonZeroScalar>::from(NonZeroScalar::new(derived_scalar))
|
||||||
Ok(Self::from(nonzero_scalar))
|
.map(Into::into)
|
||||||
|
.expect(bug!("Should be able to make Key")),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -157,8 +156,8 @@ impl PrivateKey for ed25519_dalek::SigningKey {
|
||||||
"ed25519 seed"
|
"ed25519 seed"
|
||||||
}
|
}
|
||||||
|
|
||||||
fn from_bytes(b: &PrivateKeyBytes) -> Result<Self, Self::Err> {
|
fn from_bytes(b: &PrivateKeyBytes) -> Self {
|
||||||
Ok(Self::from_bytes(b))
|
Self::from_bytes(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> PrivateKeyBytes {
|
fn to_bytes(&self) -> PrivateKeyBytes {
|
||||||
|
@ -181,8 +180,7 @@ impl PrivateKey for ed25519_dalek::SigningKey {
|
||||||
|
|
||||||
use crate::public_key::TestPublicKey;
|
use crate::public_key::TestPublicKey;
|
||||||
|
|
||||||
/// A private key that can be used for testing purposes. Does not utilize any significant
|
#[doc(hidden)]
|
||||||
/// cryptographic operations.
|
|
||||||
#[derive(Clone, Debug, PartialEq, Eq)]
|
#[derive(Clone, Debug, PartialEq, Eq)]
|
||||||
pub struct TestPrivateKey {
|
pub struct TestPrivateKey {
|
||||||
key: [u8; 32],
|
key: [u8; 32],
|
||||||
|
@ -202,8 +200,10 @@ impl PrivateKey for TestPrivateKey {
|
||||||
type PublicKey = TestPublicKey;
|
type PublicKey = TestPublicKey;
|
||||||
type Err = PrivateKeyError;
|
type Err = PrivateKeyError;
|
||||||
|
|
||||||
fn from_bytes(b: &PrivateKeyBytes) -> Result<Self, Self::Err> {
|
fn from_bytes(b: &PrivateKeyBytes) -> Self {
|
||||||
Ok(Self { key: *b })
|
Self {
|
||||||
|
key: *b
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> PrivateKeyBytes {
|
fn to_bytes(&self) -> PrivateKeyBytes {
|
||||||
|
|
|
@ -30,7 +30,7 @@ pub trait PublicKey: Sized {
|
||||||
/// # };
|
/// # };
|
||||||
/// let key_data: &[u8; 32] = //
|
/// let key_data: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let private_key = OurPrivateKey::from_bytes(key_data).unwrap();
|
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
||||||
/// let public_key_bytes = private_key.public_key().to_bytes();
|
/// let public_key_bytes = private_key.public_key().to_bytes();
|
||||||
/// ```
|
/// ```
|
||||||
fn to_bytes(&self) -> PublicKeyBytes;
|
fn to_bytes(&self) -> PublicKeyBytes;
|
||||||
|
@ -42,7 +42,7 @@ pub trait PublicKey: Sized {
|
||||||
/// # Errors
|
/// # Errors
|
||||||
///
|
///
|
||||||
/// An error may be returned if:
|
/// An error may be returned if:
|
||||||
/// * An all-zero `other` is provided.
|
/// * A nonzero `other` is provided.
|
||||||
/// * An error specific to the given algorithm was encountered.
|
/// * An error specific to the given algorithm was encountered.
|
||||||
fn derive_child(&self, other: PrivateKeyBytes) -> Result<Self, Self::Err>;
|
fn derive_child(&self, other: PrivateKeyBytes) -> Result<Self, Self::Err>;
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ pub trait PublicKey: Sized {
|
||||||
/// # };
|
/// # };
|
||||||
/// let key_data: &[u8; 32] = //
|
/// let key_data: &[u8; 32] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let private_key = OurPrivateKey::from_bytes(key_data).unwrap();
|
/// let private_key = OurPrivateKey::from_bytes(key_data);
|
||||||
/// let fingerprint = private_key.public_key().fingerprint();
|
/// let fingerprint = private_key.public_key().fingerprint();
|
||||||
/// ```
|
/// ```
|
||||||
fn fingerprint(&self) -> [u8; 4] {
|
fn fingerprint(&self) -> [u8; 4] {
|
||||||
|
@ -77,10 +77,6 @@ pub enum PublicKeyError {
|
||||||
#[error("The provided public key must be nonzero, but is not")]
|
#[error("The provided public key must be nonzero, but is not")]
|
||||||
NonZero,
|
NonZero,
|
||||||
|
|
||||||
/// A scalar could not be constructed for the given algorithm.
|
|
||||||
#[error("A scalar could not be constructed for the given algorithm")]
|
|
||||||
InvalidScalar,
|
|
||||||
|
|
||||||
/// Public key derivation is unsupported for this algorithm.
|
/// Public key derivation is unsupported for this algorithm.
|
||||||
#[error("Public key derivation is unsupported for this algorithm")]
|
#[error("Public key derivation is unsupported for this algorithm")]
|
||||||
DerivationUnsupported,
|
DerivationUnsupported,
|
||||||
|
@ -89,7 +85,7 @@ pub enum PublicKeyError {
|
||||||
#[cfg(feature = "secp256k1")]
|
#[cfg(feature = "secp256k1")]
|
||||||
use k256::{
|
use k256::{
|
||||||
elliptic_curve::{group::prime::PrimeCurveAffine, sec1::ToEncodedPoint},
|
elliptic_curve::{group::prime::PrimeCurveAffine, sec1::ToEncodedPoint},
|
||||||
AffinePoint,
|
AffinePoint, NonZeroScalar,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[cfg(feature = "secp256k1")]
|
#[cfg(feature = "secp256k1")]
|
||||||
|
@ -109,16 +105,14 @@ impl PublicKey for k256::PublicKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn derive_child(&self, other: PrivateKeyBytes) -> Result<Self, Self::Err> {
|
fn derive_child(&self, other: PrivateKeyBytes) -> Result<Self, Self::Err> {
|
||||||
use k256::elliptic_curve::ScalarPrimitive;
|
if other.iter().all(|n| n == &0) {
|
||||||
use k256::{Secp256k1, Scalar};
|
return Err(PublicKeyError::NonZero);
|
||||||
|
}
|
||||||
|
// Checked: See above
|
||||||
|
let scalar = Option::<NonZeroScalar>::from(NonZeroScalar::from_repr(other.into()))
|
||||||
|
.expect(bug!("Should have been able to get a NonZeroScalar"));
|
||||||
|
|
||||||
// Construct a scalar from bytes
|
let point = self.to_projective() + (AffinePoint::generator() * *scalar);
|
||||||
let scalar = ScalarPrimitive::<Secp256k1>::from_bytes(&other.into());
|
|
||||||
let scalar = Option::<ScalarPrimitive<Secp256k1>>::from(scalar);
|
|
||||||
let scalar = scalar.ok_or(PublicKeyError::InvalidScalar)?;
|
|
||||||
let scalar = Scalar::from(scalar);
|
|
||||||
|
|
||||||
let point = self.to_projective() + (AffinePoint::generator() * scalar);
|
|
||||||
Ok(Self::from_affine(point.into())
|
Ok(Self::from_affine(point.into())
|
||||||
.expect(bug!("Could not from_affine after scalar arithmetic")))
|
.expect(bug!("Could not from_affine after scalar arithmetic")))
|
||||||
}
|
}
|
||||||
|
@ -148,15 +142,14 @@ impl PublicKey for VerifyingKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A public key that can be used for testing purposes. Does not utilize any significant
|
#[doc(hidden)]
|
||||||
/// cryptographic operations.
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub struct TestPublicKey {
|
pub struct TestPublicKey {
|
||||||
pub(crate) key: [u8; 33],
|
pub(crate) key: [u8; 33],
|
||||||
}
|
}
|
||||||
|
|
||||||
impl TestPublicKey {
|
impl TestPublicKey {
|
||||||
/// Create a new TestPublicKey from the given bytes.
|
#[doc(hidden)]
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
pub fn from_bytes(b: &[u8]) -> Self {
|
pub fn from_bytes(b: &[u8]) -> Self {
|
||||||
Self {
|
Self {
|
||||||
|
|
|
@ -24,7 +24,7 @@ use crate::{
|
||||||
DerivationPath, ExtendedPrivateKey,
|
DerivationPath, ExtendedPrivateKey,
|
||||||
};
|
};
|
||||||
|
|
||||||
use keyfork_mnemonic::{Mnemonic, MnemonicGenerationError};
|
use keyfork_mnemonic_util::{Mnemonic, MnemonicGenerationError};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
/// An error encountered while deriving a key.
|
/// An error encountered while deriving a key.
|
||||||
|
@ -57,7 +57,7 @@ pub enum DerivationAlgorithm {
|
||||||
#[allow(missing_docs)]
|
#[allow(missing_docs)]
|
||||||
Secp256k1,
|
Secp256k1,
|
||||||
#[doc(hidden)]
|
#[doc(hidden)]
|
||||||
TestAlgorithm,
|
Internal,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl DerivationAlgorithm {
|
impl DerivationAlgorithm {
|
||||||
|
@ -70,7 +70,7 @@ impl DerivationAlgorithm {
|
||||||
match self {
|
match self {
|
||||||
#[cfg(feature = "ed25519")]
|
#[cfg(feature = "ed25519")]
|
||||||
Self::Ed25519 => {
|
Self::Ed25519 => {
|
||||||
let key = ExtendedPrivateKey::<ed25519_dalek::SigningKey>::new(seed)?;
|
let key = ExtendedPrivateKey::<ed25519_dalek::SigningKey>::new(seed);
|
||||||
let derived_key = key.derive_path(path)?;
|
let derived_key = key.derive_path(path)?;
|
||||||
Ok(DerivationResponse::with_algo_and_xprv(
|
Ok(DerivationResponse::with_algo_and_xprv(
|
||||||
self.clone(),
|
self.clone(),
|
||||||
|
@ -79,15 +79,15 @@ impl DerivationAlgorithm {
|
||||||
}
|
}
|
||||||
#[cfg(feature = "secp256k1")]
|
#[cfg(feature = "secp256k1")]
|
||||||
Self::Secp256k1 => {
|
Self::Secp256k1 => {
|
||||||
let key = ExtendedPrivateKey::<k256::SecretKey>::new(seed)?;
|
let key = ExtendedPrivateKey::<k256::SecretKey>::new(seed);
|
||||||
let derived_key = key.derive_path(path)?;
|
let derived_key = key.derive_path(path)?;
|
||||||
Ok(DerivationResponse::with_algo_and_xprv(
|
Ok(DerivationResponse::with_algo_and_xprv(
|
||||||
self.clone(),
|
self.clone(),
|
||||||
&derived_key,
|
&derived_key,
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
Self::TestAlgorithm => {
|
Self::Internal => {
|
||||||
let key = ExtendedPrivateKey::<TestPrivateKey>::new(seed)?;
|
let key = ExtendedPrivateKey::<TestPrivateKey>::new(seed);
|
||||||
let derived_key = key.derive_path(path)?;
|
let derived_key = key.derive_path(path)?;
|
||||||
Ok(DerivationResponse::with_algo_and_xprv(
|
Ok(DerivationResponse::with_algo_and_xprv(
|
||||||
self.clone(),
|
self.clone(),
|
||||||
|
@ -120,7 +120,7 @@ pub trait AsAlgorithm: PrivateKey {
|
||||||
|
|
||||||
impl AsAlgorithm for TestPrivateKey {
|
impl AsAlgorithm for TestPrivateKey {
|
||||||
fn as_algorithm() -> DerivationAlgorithm {
|
fn as_algorithm() -> DerivationAlgorithm {
|
||||||
DerivationAlgorithm::TestAlgorithm
|
DerivationAlgorithm::Internal
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -144,7 +144,7 @@ impl DerivationRequest {
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let algo: DerivationAlgorithm = //
|
/// let algo: DerivationAlgorithm = //
|
||||||
/// # DerivationAlgorithm::TestAlgorithm;
|
/// # DerivationAlgorithm::Internal;
|
||||||
/// let path: DerivationPath = //
|
/// let path: DerivationPath = //
|
||||||
/// # DerivationPath::default();
|
/// # DerivationPath::default();
|
||||||
/// let request = DerivationRequest::new(algo, &path);
|
/// let request = DerivationRequest::new(algo, &path);
|
||||||
|
@ -169,7 +169,7 @@ impl DerivationRequest {
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let algo: DerivationAlgorithm = //
|
/// let algo: DerivationAlgorithm = //
|
||||||
/// # DerivationAlgorithm::TestAlgorithm;
|
/// # DerivationAlgorithm::Internal;
|
||||||
/// let path: DerivationPath = //
|
/// let path: DerivationPath = //
|
||||||
/// # DerivationPath::default();
|
/// # DerivationPath::default();
|
||||||
/// let request = DerivationRequest::new(algo, &path);
|
/// let request = DerivationRequest::new(algo, &path);
|
||||||
|
@ -194,12 +194,12 @@ impl DerivationRequest {
|
||||||
/// # private_key::TestPrivateKey as PrivateKey,
|
/// # private_key::TestPrivateKey as PrivateKey,
|
||||||
/// # };
|
/// # };
|
||||||
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
/// let mnemonic: keyfork_mnemonic::Mnemonic = //
|
/// let mnemonic: keyfork_mnemonic_util::Mnemonic = //
|
||||||
/// # keyfork_mnemonic::Mnemonic::from_entropy(
|
/// # keyfork_mnemonic_util::Mnemonic::from_entropy(
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
|
||||||
/// # )?;
|
/// # )?;
|
||||||
/// let algo: DerivationAlgorithm = //
|
/// let algo: DerivationAlgorithm = //
|
||||||
/// # DerivationAlgorithm::TestAlgorithm;
|
/// # DerivationAlgorithm::Internal;
|
||||||
/// let path: DerivationPath = //
|
/// let path: DerivationPath = //
|
||||||
/// # DerivationPath::default();
|
/// # DerivationPath::default();
|
||||||
/// let request = DerivationRequest::new(algo, &path);
|
/// let request = DerivationRequest::new(algo, &path);
|
||||||
|
@ -228,7 +228,7 @@ impl DerivationRequest {
|
||||||
/// let seed: &[u8; 64] = //
|
/// let seed: &[u8; 64] = //
|
||||||
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// # b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let algo: DerivationAlgorithm = //
|
/// let algo: DerivationAlgorithm = //
|
||||||
/// # DerivationAlgorithm::TestAlgorithm;
|
/// # DerivationAlgorithm::Internal;
|
||||||
/// let path: DerivationPath = //
|
/// let path: DerivationPath = //
|
||||||
/// # DerivationPath::default();
|
/// # DerivationPath::default();
|
||||||
/// let request = DerivationRequest::new(algo, &path);
|
/// let request = DerivationRequest::new(algo, &path);
|
||||||
|
@ -300,9 +300,11 @@ mod secp256k1 {
|
||||||
|
|
||||||
fn try_from(value: &DerivationResponse) -> Result<Self, Self::Error> {
|
fn try_from(value: &DerivationResponse) -> Result<Self, Self::Error> {
|
||||||
match value.algorithm {
|
match value.algorithm {
|
||||||
DerivationAlgorithm::Secp256k1 => {
|
DerivationAlgorithm::Secp256k1 => Ok(Self::new_from_parts(
|
||||||
Self::from_parts(&value.data, value.depth, value.chain_code).map_err(Into::into)
|
&value.data,
|
||||||
}
|
value.depth,
|
||||||
|
value.chain_code,
|
||||||
|
)),
|
||||||
_ => Err(Self::Error::Algorithm),
|
_ => Err(Self::Error::Algorithm),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -333,9 +335,11 @@ mod ed25519 {
|
||||||
|
|
||||||
fn try_from(value: &DerivationResponse) -> Result<Self, Self::Error> {
|
fn try_from(value: &DerivationResponse) -> Result<Self, Self::Error> {
|
||||||
match value.algorithm {
|
match value.algorithm {
|
||||||
DerivationAlgorithm::Ed25519 => {
|
DerivationAlgorithm::Ed25519 => Ok(Self::new_from_parts(
|
||||||
Self::from_parts(&value.data, value.depth, value.chain_code).map_err(Into::into)
|
&value.data,
|
||||||
}
|
value.depth,
|
||||||
|
value.chain_code,
|
||||||
|
)),
|
||||||
_ => Err(Self::Error::Algorithm),
|
_ => Err(Self::Error::Algorithm),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,7 @@ fn secp256k1() {
|
||||||
|
|
||||||
let tests = test_data()
|
let tests = test_data()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.remove("secp256k1")
|
.remove(&"secp256k1".to_string())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
for per_seed in tests {
|
for per_seed in tests {
|
||||||
|
@ -31,7 +31,7 @@ fn secp256k1() {
|
||||||
|
|
||||||
// Tests for ExtendedPrivateKey
|
// Tests for ExtendedPrivateKey
|
||||||
let varlen_seed = VariableLengthSeed::new(seed);
|
let varlen_seed = VariableLengthSeed::new(seed);
|
||||||
let xkey = ExtendedPrivateKey::<SecretKey>::new(varlen_seed).unwrap();
|
let xkey = ExtendedPrivateKey::<SecretKey>::new(varlen_seed);
|
||||||
let derived_key = xkey.derive_path(&chain).unwrap();
|
let derived_key = xkey.derive_path(&chain).unwrap();
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
derived_key.chain_code().as_slice(),
|
derived_key.chain_code().as_slice(),
|
||||||
|
@ -62,7 +62,7 @@ fn secp256k1() {
|
||||||
fn ed25519() {
|
fn ed25519() {
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
|
||||||
let tests = test_data().unwrap().remove("ed25519").unwrap();
|
let tests = test_data().unwrap().remove(&"ed25519".to_string()).unwrap();
|
||||||
|
|
||||||
for per_seed in tests {
|
for per_seed in tests {
|
||||||
let seed = &per_seed.seed;
|
let seed = &per_seed.seed;
|
||||||
|
@ -77,7 +77,7 @@ fn ed25519() {
|
||||||
|
|
||||||
// Tests for ExtendedPrivateKey
|
// Tests for ExtendedPrivateKey
|
||||||
let varlen_seed = VariableLengthSeed::new(seed);
|
let varlen_seed = VariableLengthSeed::new(seed);
|
||||||
let xkey = ExtendedPrivateKey::<SigningKey>::new(varlen_seed).unwrap();
|
let xkey = ExtendedPrivateKey::<SigningKey>::new(varlen_seed);
|
||||||
let derived_key = xkey.derive_path(&chain).unwrap();
|
let derived_key = xkey.derive_path(&chain).unwrap();
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
derived_key.chain_code().as_slice(),
|
derived_key.chain_code().as_slice(),
|
||||||
|
@ -110,7 +110,7 @@ fn panics_with_unhardened_derivation() {
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
|
||||||
let seed = hex!("000102030405060708090a0b0c0d0e0f");
|
let seed = hex!("000102030405060708090a0b0c0d0e0f");
|
||||||
let xkey = ExtendedPrivateKey::<SigningKey>::new(seed).unwrap();
|
let xkey = ExtendedPrivateKey::<SigningKey>::new(seed);
|
||||||
xkey.derive_path(&DerivationPath::from_str("m/0").unwrap())
|
xkey.derive_path(&DerivationPath::from_str("m/0").unwrap())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
@ -122,7 +122,7 @@ fn panics_at_depth() {
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
|
||||||
let seed = hex!("000102030405060708090a0b0c0d0e0f");
|
let seed = hex!("000102030405060708090a0b0c0d0e0f");
|
||||||
let mut xkey = ExtendedPrivateKey::<SigningKey>::new(seed).unwrap();
|
let mut xkey = ExtendedPrivateKey::<SigningKey>::new(seed);
|
||||||
for i in 0..=u32::from(u8::MAX) {
|
for i in 0..=u32::from(u8::MAX) {
|
||||||
xkey = xkey
|
xkey = xkey
|
||||||
.derive_child(&DerivationIndex::new(i, true).unwrap())
|
.derive_child(&DerivationIndex::new(i, true).unwrap())
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-shard"
|
name = "keyfork-shard"
|
||||||
version = "0.2.3"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
|
@ -14,26 +14,27 @@ openpgp-card = ["openpgp-card-sequoia", "card-backend-pcsc", "card-backend", "de
|
||||||
qrcode = ["keyfork-qrcode"]
|
qrcode = ["keyfork-qrcode"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../util/keyfork-bug", registry = "distrust" }
|
||||||
keyfork-prompt = { workspace = true, default-features = false, features = ["mnemonic"] }
|
keyfork-prompt = { version = "0.1.0", path = "../util/keyfork-prompt", default-features = false, features = ["mnemonic"], registry = "distrust" }
|
||||||
keyfork-qrcode = { workspace = true, optional = true, default-features = false }
|
keyfork-qrcode = { version = "0.1.0", path = "../qrcode/keyfork-qrcode", optional = true, default-features = false, registry = "distrust" }
|
||||||
smex = { workspace = true }
|
smex = { version = "0.1.0", path = "../util/smex", registry = "distrust" }
|
||||||
thiserror = { workspace = true }
|
|
||||||
|
sharks = "0.5.0"
|
||||||
|
thiserror = "1.0.50"
|
||||||
|
|
||||||
# Remote operator mode
|
# Remote operator mode
|
||||||
keyfork-mnemonic = { workspace = true }
|
keyfork-mnemonic-util = { version = "0.2.0", path = "../util/keyfork-mnemonic-util", registry = "distrust" }
|
||||||
x25519-dalek = { version = "2.0.0", features = ["getrandom"] }
|
x25519-dalek = { version = "2.0.0", features = ["getrandom"] }
|
||||||
aes-gcm = { version = "0.10.3", features = ["std"] }
|
aes-gcm = { version = "0.10.3", features = ["std"] }
|
||||||
hkdf = { version = "0.12.4", features = ["std"] }
|
hkdf = { version = "0.12.4", features = ["std"] }
|
||||||
sha2 = { workspace = true }
|
sha2 = "0.10.8"
|
||||||
|
|
||||||
# OpenPGP
|
# OpenPGP
|
||||||
keyfork-derive-openpgp = { workspace = true, default-features = false }
|
keyfork-derive-openpgp = { version = "0.1.0", path = "../derive/keyfork-derive-openpgp", default-features = false, registry = "distrust" }
|
||||||
anyhow = { workspace = true, optional = true }
|
anyhow = { version = "1.0.79", optional = true }
|
||||||
card-backend = { version = "0.2.0", optional = true }
|
card-backend = { version = "0.2.0", optional = true }
|
||||||
card-backend-pcsc = { workspace = true, optional = true }
|
card-backend-pcsc = { version = "0.5.0", optional = true }
|
||||||
openpgp-card-sequoia = { workspace = true, optional = true }
|
openpgp-card-sequoia = { version = "0.2.0", optional = true, default-features = false }
|
||||||
openpgp-card = { workspace = true, optional = true }
|
openpgp-card = { version = "0.4.0", optional = true }
|
||||||
sequoia-openpgp = { workspace = true, optional = true }
|
sequoia-openpgp = { version = "1.17.0", optional = true, default-features = false }
|
||||||
base64 = "0.22.0"
|
keyfork-derive-util = { version = "0.1.0", path = "../derive/keyfork-derive-util", default-features = false }
|
||||||
blahaj = "0.6.0"
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Combine OpenPGP shards and output the hex-encoded secret.
|
//!
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
env,
|
env,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Decrypt a single OpenPGP shard and encapsulate it for remote transport.
|
//!
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
env,
|
env,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Combine OpenPGP shards using remote transport and output the hex-encoded secret.
|
//!
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
env,
|
env,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Split a hex-encoded secret into OpenPGP shards
|
//!
|
||||||
|
|
||||||
use std::{env, path::PathBuf, process::ExitCode, str::FromStr};
|
use std::{env, path::PathBuf, process::ExitCode, str::FromStr};
|
||||||
|
|
||||||
|
|
|
@ -7,30 +7,23 @@ use std::{
|
||||||
};
|
};
|
||||||
|
|
||||||
use aes_gcm::{
|
use aes_gcm::{
|
||||||
aead::{consts::U12, Aead},
|
aead::{consts::U12, Aead, AeadCore, OsRng},
|
||||||
Aes256Gcm, KeyInit, Nonce,
|
Aes256Gcm, KeyInit, Nonce,
|
||||||
};
|
};
|
||||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
|
||||||
use hkdf::Hkdf;
|
use hkdf::Hkdf;
|
||||||
use keyfork_bug::{bug, POISONED_MUTEX};
|
use keyfork_bug::{bug, POISONED_MUTEX};
|
||||||
use keyfork_mnemonic::{English, Mnemonic};
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
|
use keyfork_mnemonic_util::{English, Mnemonic};
|
||||||
use keyfork_prompt::{
|
use keyfork_prompt::{
|
||||||
validators::{
|
validators::{mnemonic::MnemonicSetValidator, Validator},
|
||||||
mnemonic::{MnemonicSetValidator, MnemonicValidator, WordLength},
|
|
||||||
Validator,
|
|
||||||
},
|
|
||||||
Message as PromptMessage, PromptHandler, Terminal,
|
Message as PromptMessage, PromptHandler, Terminal,
|
||||||
};
|
};
|
||||||
use sha2::Sha256;
|
use sha2::Sha256;
|
||||||
use blahaj::{Share, Sharks};
|
use sharks::{Share, Sharks};
|
||||||
use x25519_dalek::{EphemeralSecret, PublicKey};
|
use x25519_dalek::{EphemeralSecret, PublicKey};
|
||||||
|
|
||||||
const PLAINTEXT_LENGTH: u8 = 32 // shard
|
// 256 bit share encrypted is 49 bytes, couple more bytes before we reach max size
|
||||||
+ 1 // index
|
const ENC_LEN: u8 = 4 * 16;
|
||||||
+ 1 // threshold
|
|
||||||
+ 1 // version
|
|
||||||
+ 1; // length;
|
|
||||||
const ENCRYPTED_LENGTH: u8 = PLAINTEXT_LENGTH + 16;
|
|
||||||
|
|
||||||
#[cfg(feature = "openpgp")]
|
#[cfg(feature = "openpgp")]
|
||||||
pub mod openpgp;
|
pub mod openpgp;
|
||||||
|
@ -73,6 +66,52 @@ pub trait Format {
|
||||||
/// A type representing the parsed, but encrypted, Shard data.
|
/// A type representing the parsed, but encrypted, Shard data.
|
||||||
type EncryptedData;
|
type EncryptedData;
|
||||||
|
|
||||||
|
/// Provision hardware with a deterministic key based on a shardholder's DerivationIndex.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
///
|
||||||
|
/// Purpose is defined by the Format, and can be a four-byte sequence transformed into a u32
|
||||||
|
/// using `u32::from_be_bytes(*purpose)`. For OpenPGP, for legacy reasons, this purpose is
|
||||||
|
/// "\x00pgp". The purpose can be _any_ sequence of four bytes so long as the _first_ byte is
|
||||||
|
/// not higher than 0x80 (meaning, all ASCII / 7-bit characters are allowed).
|
||||||
|
///
|
||||||
|
/// The shard index is provided by Keyfork, and is equivalent to b"shrd".
|
||||||
|
///
|
||||||
|
/// The shardholder index is how Keyfork is able to recreate keys for specific shardholders -
|
||||||
|
/// the only necessary information is which shardholder is not accounted for. Shardholders are
|
||||||
|
/// encouraged to mark hardware with the shardholder number so shardholders can verify their
|
||||||
|
/// index.
|
||||||
|
fn provision_shardholder_key(
|
||||||
|
&self,
|
||||||
|
derivation_path: DerivationPath,
|
||||||
|
seed: &[u8],
|
||||||
|
) -> Result<(), Self::Error>;
|
||||||
|
|
||||||
|
/// Return a DerivationIndex for the Format.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
///
|
||||||
|
/// Purpose is defined by the Format, and can be a four-byte sequence transformed into a u32
|
||||||
|
/// using `u32::from_be_bytes(*purpose)`. For OpenPGP, for legacy reasons, this purpose is
|
||||||
|
/// "\x00pgp". The purpose can be _any_ sequence of four bytes so long as the _first_ byte is
|
||||||
|
/// not higher than 0x80 (meaning, all ASCII / 7-bit characters are allowed).
|
||||||
|
fn purpose_derivation_index(&self) -> DerivationIndex;
|
||||||
|
|
||||||
|
/// Create a shardholder derivation path for the given format.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
fn create_derivation_path(&self, shardholder_index: DerivationIndex) -> DerivationPath {
|
||||||
|
let purpose = self.purpose_derivation_index();
|
||||||
|
let shard_index = DerivationIndex::new(u32::from_be_bytes(*b"shrd"), true).unwrap();
|
||||||
|
DerivationPath::default()
|
||||||
|
.chain_push(purpose)
|
||||||
|
.chain_push(shard_index)
|
||||||
|
.chain_push(shardholder_index)
|
||||||
|
}
|
||||||
|
|
||||||
/// Derive a signer
|
/// Derive a signer
|
||||||
fn derive_signing_key(&self, seed: &[u8]) -> Self::SigningKey;
|
fn derive_signing_key(&self, seed: &[u8]) -> Self::SigningKey;
|
||||||
|
|
||||||
|
@ -202,6 +241,7 @@ pub trait Format {
|
||||||
let encrypted_messages = self.parse_shard_file(reader)?;
|
let encrypted_messages = self.parse_shard_file(reader)?;
|
||||||
|
|
||||||
// establish AES-256-GCM key via ECDH
|
// establish AES-256-GCM key via ECDH
|
||||||
|
let mut nonce_data: Option<[u8; 12]> = None;
|
||||||
let mut pubkey_data: Option<[u8; 32]> = None;
|
let mut pubkey_data: Option<[u8; 32]> = None;
|
||||||
|
|
||||||
// receive remote data via scanning QR code from camera
|
// receive remote data via scanning QR code from camera
|
||||||
|
@ -211,13 +251,12 @@ pub trait Format {
|
||||||
.lock()
|
.lock()
|
||||||
.expect(bug!(POISONED_MUTEX))
|
.expect(bug!(POISONED_MUTEX))
|
||||||
.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
||||||
if let Ok(Some(qrcode_content)) =
|
if let Ok(Some(hex)) =
|
||||||
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(30), 0)
|
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(30), 0)
|
||||||
{
|
{
|
||||||
let decoded_data = BASE64_STANDARD
|
let decoded_data = smex::decode(&hex)?;
|
||||||
.decode(qrcode_content)
|
nonce_data = Some(decoded_data[..12].try_into().map_err(|_| InvalidData)?);
|
||||||
.expect(bug!("qrcode should contain base64 encoded data"));
|
pubkey_data = Some(decoded_data[12..].try_into().map_err(|_| InvalidData)?)
|
||||||
pubkey_data = Some(decoded_data.try_into().map_err(|_| InvalidData)?)
|
|
||||||
} else {
|
} else {
|
||||||
prompt
|
prompt
|
||||||
.lock()
|
.lock()
|
||||||
|
@ -227,43 +266,43 @@ pub trait Format {
|
||||||
}
|
}
|
||||||
|
|
||||||
// if QR code scanning failed or was unavailable, read from a set of mnemonics
|
// if QR code scanning failed or was unavailable, read from a set of mnemonics
|
||||||
let their_pubkey = match pubkey_data {
|
let (nonce, their_pubkey) = match (nonce_data, pubkey_data) {
|
||||||
Some(pubkey) => pubkey,
|
(Some(nonce), Some(pubkey)) => (nonce, pubkey),
|
||||||
None => {
|
_ => {
|
||||||
let validator = MnemonicValidator {
|
let validator = MnemonicSetValidator {
|
||||||
word_length: Some(WordLength::Count(24)),
|
word_lengths: [9, 24],
|
||||||
};
|
};
|
||||||
prompt
|
let [nonce_mnemonic, pubkey_mnemonic] = prompt
|
||||||
.lock()
|
.lock()
|
||||||
.expect(bug!(POISONED_MUTEX))
|
.expect(bug!(POISONED_MUTEX))
|
||||||
.prompt_validated_wordlist::<English, _>(
|
.prompt_validated_wordlist::<English, _>(
|
||||||
QRCODE_COULDNT_READ,
|
QRCODE_COULDNT_READ,
|
||||||
3,
|
3,
|
||||||
validator.to_fn(),
|
validator.to_fn(),
|
||||||
)?
|
)?;
|
||||||
|
|
||||||
|
let nonce = nonce_mnemonic
|
||||||
.as_bytes()
|
.as_bytes()
|
||||||
.try_into()
|
.try_into()
|
||||||
.map_err(|_| InvalidData)?
|
.map_err(|_| InvalidData)?;
|
||||||
|
let pubkey = pubkey_mnemonic
|
||||||
|
.as_bytes()
|
||||||
|
.try_into()
|
||||||
|
.map_err(|_| InvalidData)?;
|
||||||
|
(nonce, pubkey)
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// create our shared key
|
// create our shared key
|
||||||
let our_key = EphemeralSecret::random();
|
let our_key = EphemeralSecret::random();
|
||||||
let our_pubkey_mnemonic = Mnemonic::try_from_slice(PublicKey::from(&our_key).as_bytes())?;
|
let our_pubkey_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
|
||||||
let shared_secret = our_key.diffie_hellman(&PublicKey::from(their_pubkey));
|
let shared_secret = our_key
|
||||||
assert!(
|
.diffie_hellman(&PublicKey::from(their_pubkey))
|
||||||
shared_secret.was_contributory(),
|
.to_bytes();
|
||||||
bug!("shared secret might be insecure")
|
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
|
||||||
);
|
let mut hkdf_output = [0u8; 256 / 8];
|
||||||
let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
|
hkdf.expand(&[], &mut hkdf_output)?;
|
||||||
|
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
|
||||||
let mut shared_key_data = [0u8; 256 / 8];
|
|
||||||
hkdf.expand(b"key", &mut shared_key_data)?;
|
|
||||||
let shared_key = Aes256Gcm::new_from_slice(&shared_key_data)?;
|
|
||||||
|
|
||||||
let mut nonce_data = [0u8; 12];
|
|
||||||
hkdf.expand(b"nonce", &mut nonce_data)?;
|
|
||||||
let nonce = Nonce::<U12>::from_slice(&nonce_data);
|
|
||||||
|
|
||||||
// decrypt a single shard and create the payload
|
// decrypt a single shard and create the payload
|
||||||
let (share, threshold) =
|
let (share, threshold) =
|
||||||
|
@ -272,47 +311,49 @@ pub trait Format {
|
||||||
payload.insert(0, HUNK_VERSION);
|
payload.insert(0, HUNK_VERSION);
|
||||||
payload.insert(1, threshold);
|
payload.insert(1, threshold);
|
||||||
assert!(
|
assert!(
|
||||||
payload.len() < PLAINTEXT_LENGTH as usize,
|
payload.len() <= ENC_LEN as usize,
|
||||||
"invalid share length (too long, must be less than {PLAINTEXT_LENGTH} bytes)"
|
"invalid share length (too long, max {ENC_LEN} bytes)"
|
||||||
);
|
);
|
||||||
|
|
||||||
// convert plaintext to static-size payload
|
|
||||||
#[allow(clippy::assertions_on_constants)]
|
|
||||||
{
|
|
||||||
assert!(PLAINTEXT_LENGTH < u8::MAX, "length byte can be u8");
|
|
||||||
}
|
|
||||||
|
|
||||||
// NOTE: Previous versions of Keyfork Shard would modify the padding bytes to avoid
|
|
||||||
// duplicate mnemonic words. This version does not include that, and instead uses a
|
|
||||||
// repeated length byte.
|
|
||||||
#[allow(clippy::cast_possible_truncation)]
|
|
||||||
let mut plaintext_bytes = [u8::try_from(payload.len()).expect(bug!(
|
|
||||||
"previously asserted length must be < {PLAINTEXT_LENGTH}",
|
|
||||||
PLAINTEXT_LENGTH = PLAINTEXT_LENGTH
|
|
||||||
)); PLAINTEXT_LENGTH as usize];
|
|
||||||
plaintext_bytes[..payload.len()].clone_from_slice(&payload);
|
|
||||||
|
|
||||||
// encrypt data
|
// encrypt data
|
||||||
let encrypted_bytes = shared_key.encrypt(nonce, plaintext_bytes.as_slice())?;
|
let nonce = Nonce::<U12>::from_slice(&nonce);
|
||||||
assert_eq!(
|
let payload_bytes = shared_key.encrypt(nonce, payload.as_slice())?;
|
||||||
encrypted_bytes.len(),
|
|
||||||
ENCRYPTED_LENGTH as usize,
|
|
||||||
bug!("encrypted bytes size != expected len"),
|
|
||||||
);
|
|
||||||
let mut mnemonic_bytes = [0u8; ENCRYPTED_LENGTH as usize];
|
|
||||||
mnemonic_bytes.copy_from_slice(&encrypted_bytes);
|
|
||||||
|
|
||||||
let payload_mnemonic = Mnemonic::from_array(mnemonic_bytes);
|
// convert data to a static-size payload
|
||||||
|
// NOTE: Padding length is less than u8::MAX because ENC_LEN < u8::MAX
|
||||||
|
#[allow(clippy::assertions_on_constants)]
|
||||||
|
{
|
||||||
|
assert!(ENC_LEN < u8::MAX, "padding byte can be u8");
|
||||||
|
}
|
||||||
|
#[allow(clippy::cast_possible_truncation)]
|
||||||
|
let mut out_bytes = [payload_bytes.len() as u8; ENC_LEN as usize];
|
||||||
|
assert!(
|
||||||
|
payload_bytes.len() < out_bytes.len(),
|
||||||
|
"encrypted payload larger than acceptable limit"
|
||||||
|
);
|
||||||
|
out_bytes[..payload_bytes.len()].clone_from_slice(&payload_bytes);
|
||||||
|
|
||||||
|
// NOTE: This previously used a single repeated value as the padding byte, but resulted in
|
||||||
|
// difficulty when entering in prompts manually, as one's place could be lost due to
|
||||||
|
// repeated keywords. This is resolved below by having sequentially increasing numbers up to
|
||||||
|
// but not including the last byte.
|
||||||
|
#[allow(clippy::cast_possible_truncation)]
|
||||||
|
for (i, byte) in (out_bytes[payload_bytes.len()..(ENC_LEN as usize - 1)])
|
||||||
|
.iter_mut()
|
||||||
|
.enumerate()
|
||||||
|
{
|
||||||
|
*byte = (i % u8::MAX as usize) as u8;
|
||||||
|
}
|
||||||
|
|
||||||
|
// safety: size of out_bytes is constant and always % 4 == 0
|
||||||
|
let payload_mnemonic = unsafe { Mnemonic::from_raw_bytes(&out_bytes) };
|
||||||
|
|
||||||
#[cfg(feature = "qrcode")]
|
#[cfg(feature = "qrcode")]
|
||||||
{
|
{
|
||||||
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
||||||
let mut qrcode_data = our_pubkey_mnemonic.to_bytes();
|
let mut qrcode_data = our_pubkey_mnemonic.to_bytes();
|
||||||
qrcode_data.extend(payload_mnemonic.as_bytes());
|
qrcode_data.extend(payload_mnemonic.as_bytes());
|
||||||
if let Ok(qrcode) = qrencode(
|
if let Ok(qrcode) = qrencode(&smex::encode(&qrcode_data), ErrorCorrection::Highest) {
|
||||||
&BASE64_STANDARD.encode(qrcode_data),
|
|
||||||
ErrorCorrection::Highest,
|
|
||||||
) {
|
|
||||||
prompt
|
prompt
|
||||||
.lock()
|
.lock()
|
||||||
.expect(bug!(POISONED_MUTEX))
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
@ -407,7 +448,7 @@ pub struct InvalidData;
|
||||||
/// 1 byte: Version
|
/// 1 byte: Version
|
||||||
/// 1 byte: Threshold
|
/// 1 byte: Threshold
|
||||||
/// Data: &[u8]
|
/// Data: &[u8]
|
||||||
pub(crate) const HUNK_VERSION: u8 = 2;
|
pub(crate) const HUNK_VERSION: u8 = 1;
|
||||||
pub(crate) const HUNK_OFFSET: usize = 2;
|
pub(crate) const HUNK_OFFSET: usize = 2;
|
||||||
|
|
||||||
const QRCODE_PROMPT: &str = "Press enter, then present QR code to camera.";
|
const QRCODE_PROMPT: &str = "Press enter, then present QR code to camera.";
|
||||||
|
@ -438,22 +479,22 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
|
|
||||||
while iter_count.is_none() || iter_count.is_some_and(|i| i > 0) {
|
while iter_count.is_none() || iter_count.is_some_and(|i| i > 0) {
|
||||||
iter += 1;
|
iter += 1;
|
||||||
|
let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
|
||||||
|
let nonce_mnemonic = unsafe { Mnemonic::from_raw_bytes(nonce.as_slice()) };
|
||||||
let our_key = EphemeralSecret::random();
|
let our_key = EphemeralSecret::random();
|
||||||
let key_mnemonic = Mnemonic::try_from_slice(PublicKey::from(&our_key).as_bytes())?;
|
let key_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
|
||||||
|
|
||||||
#[cfg(feature = "qrcode")]
|
#[cfg(feature = "qrcode")]
|
||||||
{
|
{
|
||||||
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
||||||
let qrcode_data = key_mnemonic.to_bytes();
|
let mut qrcode_data = nonce_mnemonic.to_bytes();
|
||||||
if let Ok(qrcode) = qrencode(
|
qrcode_data.extend(key_mnemonic.as_bytes());
|
||||||
&BASE64_STANDARD.encode(qrcode_data),
|
if let Ok(qrcode) = qrencode(&smex::encode(&qrcode_data), ErrorCorrection::Highest) {
|
||||||
ErrorCorrection::Highest,
|
|
||||||
) {
|
|
||||||
pm.prompt_message(PromptMessage::Text(format!(
|
pm.prompt_message(PromptMessage::Text(format!(
|
||||||
concat!(
|
concat!(
|
||||||
"QR code #{iter} will be displayed after this prompt. ",
|
"A QR code will be displayed after this prompt. ",
|
||||||
"Send the QR code to the next shardholder. ",
|
"Send the QR code to only shardholder {iter}. ",
|
||||||
"Only the next shardholder should scan the QR code."
|
"Nobody else should scan this QR code."
|
||||||
),
|
),
|
||||||
iter = iter
|
iter = iter
|
||||||
)))?;
|
)))?;
|
||||||
|
@ -463,9 +504,11 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
|
|
||||||
pm.prompt_message(PromptMessage::Text(format!(
|
pm.prompt_message(PromptMessage::Text(format!(
|
||||||
concat!(
|
concat!(
|
||||||
"Upon request, these words should be sent to the shardholder: ",
|
"Upon request, these words should be sent to shardholder {iter}: ",
|
||||||
"{key_mnemonic}"
|
"{nonce_mnemonic} {key_mnemonic}"
|
||||||
),
|
),
|
||||||
|
iter = iter,
|
||||||
|
nonce_mnemonic = nonce_mnemonic,
|
||||||
key_mnemonic = key_mnemonic,
|
key_mnemonic = key_mnemonic,
|
||||||
)))?;
|
)))?;
|
||||||
|
|
||||||
|
@ -475,18 +518,10 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
#[cfg(feature = "qrcode")]
|
#[cfg(feature = "qrcode")]
|
||||||
{
|
{
|
||||||
pm.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
pm.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
||||||
if let Ok(Some(qrcode_content)) =
|
if let Ok(Some(hex)) =
|
||||||
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(QRCODE_TIMEOUT), 0)
|
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(QRCODE_TIMEOUT), 0)
|
||||||
{
|
{
|
||||||
let decoded_data = BASE64_STANDARD
|
let decoded_data = smex::decode(&hex)?;
|
||||||
.decode(qrcode_content)
|
|
||||||
.expect(bug!("qrcode should contain base64 encoded data"));
|
|
||||||
assert_eq!(
|
|
||||||
decoded_data.len(),
|
|
||||||
// Include length of public key
|
|
||||||
ENCRYPTED_LENGTH as usize + 32,
|
|
||||||
bug!("invalid payload data")
|
|
||||||
);
|
|
||||||
let _ = pubkey_data.insert(decoded_data[..32].try_into().map_err(|_| InvalidData)?);
|
let _ = pubkey_data.insert(decoded_data[..32].try_into().map_err(|_| InvalidData)?);
|
||||||
let _ = payload_data.insert(decoded_data[32..].to_vec());
|
let _ = payload_data.insert(decoded_data[32..].to_vec());
|
||||||
} else {
|
} else {
|
||||||
|
@ -498,7 +533,7 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
(Some(pubkey), Some(payload)) => (pubkey, payload),
|
(Some(pubkey), Some(payload)) => (pubkey, payload),
|
||||||
_ => {
|
_ => {
|
||||||
let validator = MnemonicSetValidator {
|
let validator = MnemonicSetValidator {
|
||||||
word_lengths: [24, 39],
|
word_lengths: [24, 48],
|
||||||
};
|
};
|
||||||
|
|
||||||
let [pubkey_mnemonic, payload_mnemonic] = pm
|
let [pubkey_mnemonic, payload_mnemonic] = pm
|
||||||
|
@ -516,28 +551,14 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
assert_eq!(
|
let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey)).to_bytes();
|
||||||
payload.len(),
|
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
|
||||||
ENCRYPTED_LENGTH as usize,
|
let mut hkdf_output = [0u8; 256 / 8];
|
||||||
bug!("invalid payload data")
|
hkdf.expand(&[], &mut hkdf_output)?;
|
||||||
);
|
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
|
||||||
|
|
||||||
let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey));
|
let payload =
|
||||||
assert!(
|
shared_key.decrypt(&nonce, &payload[..payload[payload.len() - 1] as usize])?;
|
||||||
shared_secret.was_contributory(),
|
|
||||||
bug!("shared secret might be insecure")
|
|
||||||
);
|
|
||||||
let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
|
|
||||||
|
|
||||||
let mut shared_key_data = [0u8; 256 / 8];
|
|
||||||
hkdf.expand(b"key", &mut shared_key_data)?;
|
|
||||||
let shared_key = Aes256Gcm::new_from_slice(&shared_key_data)?;
|
|
||||||
|
|
||||||
let mut nonce_data = [0u8; 12];
|
|
||||||
hkdf.expand(b"nonce", &mut nonce_data)?;
|
|
||||||
let nonce = Nonce::<U12>::from_slice(&nonce_data);
|
|
||||||
|
|
||||||
let payload = shared_key.decrypt(nonce, payload.as_slice())?;
|
|
||||||
assert_eq!(HUNK_VERSION, payload[0], "Incompatible hunk version");
|
assert_eq!(HUNK_VERSION, payload[0], "Incompatible hunk version");
|
||||||
|
|
||||||
match &mut iter_count {
|
match &mut iter_count {
|
||||||
|
@ -552,8 +573,7 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let payload_len = payload.last().expect(bug!("payload should not be empty"));
|
shares.push(payload[HUNK_OFFSET..].to_vec());
|
||||||
shares.push(payload[HUNK_OFFSET..usize::from(*payload_len)].to_vec());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let shares = shares
|
let shares = shares
|
||||||
|
|
|
@ -0,0 +1,617 @@
|
||||||
|
#![doc = include_str!("../README.md")]
|
||||||
|
#![allow(clippy::expect_fun_call)]
|
||||||
|
|
||||||
|
use std::{
|
||||||
|
io::{stdin, stdout, Read, Write},
|
||||||
|
sync::{Arc, Mutex},
|
||||||
|
};
|
||||||
|
|
||||||
|
use aes_gcm::{
|
||||||
|
aead::{consts::U12, Aead, AeadCore, OsRng},
|
||||||
|
Aes256Gcm, KeyInit, Nonce,
|
||||||
|
};
|
||||||
|
use hkdf::Hkdf;
|
||||||
|
<<<<<<< HEAD
|
||||||
|
use keyfork_bug::{bug, POISONED_MUTEX};
|
||||||
|
||||||| parent of 1b30b17 (keyfork-shard: begin work on (re)provisioning shardholder keys)
|
||||||
|
=======
|
||||||
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
|
>>>>>>> 1b30b17 (keyfork-shard: begin work on (re)provisioning shardholder keys)
|
||||||
|
use keyfork_mnemonic_util::{English, Mnemonic};
|
||||||
|
use keyfork_prompt::{
|
||||||
|
validators::{mnemonic::MnemonicSetValidator, Validator},
|
||||||
|
Message as PromptMessage, PromptHandler, Terminal,
|
||||||
|
};
|
||||||
|
use sha2::Sha256;
|
||||||
|
use sharks::{Share, Sharks};
|
||||||
|
use x25519_dalek::{EphemeralSecret, PublicKey};
|
||||||
|
|
||||||
|
// 256 bit share encrypted is 49 bytes, couple more bytes before we reach max size
|
||||||
|
const ENC_LEN: u8 = 4 * 16;
|
||||||
|
|
||||||
|
#[cfg(feature = "openpgp")]
|
||||||
|
pub mod openpgp;
|
||||||
|
|
||||||
|
/// A trait to specify where keys can be discovered from, such as a Rust-native type or a path on
|
||||||
|
/// the filesystem that keys may be read from.
|
||||||
|
pub trait KeyDiscovery<F: Format + ?Sized> {
|
||||||
|
/// Discover public keys for the associated format.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if public keys could not be loaded from the given discovery
|
||||||
|
/// mechanism. A discovery mechanism _must_ be able to detect public keys.
|
||||||
|
fn discover_public_keys(&self) -> Result<Vec<F::PublicKey>, F::Error>;
|
||||||
|
|
||||||
|
/// Discover private keys for the associated format.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if private keys could not be loaded from the given
|
||||||
|
/// discovery mechanism. Keys may exist off-system (such as with smartcards), in which case the
|
||||||
|
/// PrivateKeyData type of the asssociated format should be either `()` (if the keys may never
|
||||||
|
/// exist on-system) or an empty container (such as an empty Vec); in either case, this method
|
||||||
|
/// _must not_ return an error if keys are accessible but can't be transferred into memory.
|
||||||
|
fn discover_private_keys(&self) -> Result<F::PrivateKeyData, F::Error>;
|
||||||
|
}
|
||||||
|
|
||||||
|
/// A format to use for splitting and combining secrets.
|
||||||
|
pub trait Format {
|
||||||
|
/// The error type returned from any failed operations.
|
||||||
|
type Error: std::error::Error + 'static;
|
||||||
|
|
||||||
|
/// A type encapsulating a single public key recipient.
|
||||||
|
type PublicKey;
|
||||||
|
|
||||||
|
/// A type encapsulating the private key recipients of shards.
|
||||||
|
type PrivateKeyData;
|
||||||
|
|
||||||
|
/// A type representing a Signer derived from the secret.
|
||||||
|
type SigningKey;
|
||||||
|
|
||||||
|
/// A type representing the parsed, but encrypted, Shard data.
|
||||||
|
type EncryptedData;
|
||||||
|
|
||||||
|
/// Provision hardware with a deterministic key based on a shardholder's DerivationIndex.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
///
|
||||||
|
/// Purpose is defined by the Format, and can be a four-byte sequence transformed into a u32
|
||||||
|
/// using `u32::from_be_bytes(*purpose)`. For OpenPGP, for legacy reasons, this purpose is
|
||||||
|
/// "\x00pgp". The purpose can be _any_ sequence of four bytes so long as the _first_ byte is
|
||||||
|
/// not higher than 0x80 (meaning, all ASCII / 7-bit characters are allowed).
|
||||||
|
///
|
||||||
|
/// The shard index is provided by Keyfork, and is equivalent to b"shrd".
|
||||||
|
///
|
||||||
|
/// The shardholder index is how Keyfork is able to recreate keys for specific shardholders -
|
||||||
|
/// the only necessary information is which shardholder is not accounted for. Shardholders are
|
||||||
|
/// encouraged to mark hardware with the shardholder number so shardholders can verify their
|
||||||
|
/// index.
|
||||||
|
fn provision_shardholder_key(
|
||||||
|
&self,
|
||||||
|
derivation_path: DerivationPath,
|
||||||
|
seed: &[u8],
|
||||||
|
) -> Result<(), Self::Error>;
|
||||||
|
|
||||||
|
/// Return a DerivationIndex for the Format.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
///
|
||||||
|
/// Purpose is defined by the Format, and can be a four-byte sequence transformed into a u32
|
||||||
|
/// using `u32::from_be_bytes(*purpose)`. For OpenPGP, for legacy reasons, this purpose is
|
||||||
|
/// "\x00pgp". The purpose can be _any_ sequence of four bytes so long as the _first_ byte is
|
||||||
|
/// not higher than 0x80 (meaning, all ASCII / 7-bit characters are allowed).
|
||||||
|
fn purpose_derivation_index(&self) -> DerivationIndex;
|
||||||
|
|
||||||
|
/// Create a shardholder derivation path for the given format.
|
||||||
|
///
|
||||||
|
/// The derivation path for provisioned shardholder keys is built using the following template:
|
||||||
|
/// `m / purpose ' / shard_index ' / shardholder_index '`.
|
||||||
|
fn create_derivation_path(&self, shardholder_index: DerivationIndex) -> DerivationPath {
|
||||||
|
let purpose = self.purpose_derivation_index();
|
||||||
|
let shard_index = DerivationIndex::new(u32::from_be_bytes(*b"shrd"), true).unwrap();
|
||||||
|
DerivationPath::default()
|
||||||
|
.chain_push(purpose)
|
||||||
|
.chain_push(shard_index)
|
||||||
|
.chain_push(shardholder_index)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Derive a signer
|
||||||
|
fn derive_signing_key(&self, seed: &[u8]) -> Self::SigningKey;
|
||||||
|
|
||||||
|
/// Format a header containing necessary metadata. Such metadata contains a version byte, a
|
||||||
|
/// threshold byte, a public version of the [`Format::SigningKey`], and the public keys used to
|
||||||
|
/// encrypt shards. The public keys must be kept _in order_ to the encrypted shards. Keyfork
|
||||||
|
/// will use the same key_data for both, ensuring an iteration of this method will match with
|
||||||
|
/// iterations in methods called later.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if encryption to any of the public keys fails.
|
||||||
|
fn format_encrypted_header(
|
||||||
|
&self,
|
||||||
|
signing_key: &Self::SigningKey,
|
||||||
|
key_data: &[Self::PublicKey],
|
||||||
|
threshold: u8,
|
||||||
|
) -> Result<Self::EncryptedData, Self::Error>;
|
||||||
|
|
||||||
|
/// Format a shard encrypted to the given public key, signing with the private key.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the public key used to encrypt the shard is unsuitable
|
||||||
|
/// for encryption, or if an error occurs while encrypting.
|
||||||
|
fn encrypt_shard(
|
||||||
|
&self,
|
||||||
|
shard: &[u8],
|
||||||
|
public_key: &Self::PublicKey,
|
||||||
|
signing_key: &mut Self::SigningKey,
|
||||||
|
) -> Result<Self::EncryptedData, Self::Error>;
|
||||||
|
|
||||||
|
/// Parse the Shard file into a processable type.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the Shard file could not be read from or if the Shard
|
||||||
|
/// file could not be properly parsed.
|
||||||
|
fn parse_shard_file(
|
||||||
|
&self,
|
||||||
|
shard_file: impl Read + Send + Sync,
|
||||||
|
) -> Result<Vec<Self::EncryptedData>, Self::Error>;
|
||||||
|
|
||||||
|
/// Write the Shard data to a Shard file.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the Shard data could not be properly serialized or if the
|
||||||
|
/// Shard file could not be written to.
|
||||||
|
fn format_shard_file(
|
||||||
|
&self,
|
||||||
|
encrypted_data: &[Self::EncryptedData],
|
||||||
|
shard_file: impl Write + Send + Sync,
|
||||||
|
) -> Result<(), Self::Error>;
|
||||||
|
|
||||||
|
/// Decrypt shares and associated metadata from a readable input. For the current version of
|
||||||
|
/// Keyfork, the only associated metadata is a u8 representing the threshold to combine
|
||||||
|
/// secrets.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the shardfile couldn't be read from, if all shards
|
||||||
|
/// could not be decrypted, or if a shard could not be parsed from the decrypted data.
|
||||||
|
fn decrypt_all_shards(
|
||||||
|
&self,
|
||||||
|
private_keys: Option<Self::PrivateKeyData>,
|
||||||
|
encrypted_messages: &[Self::EncryptedData],
|
||||||
|
prompt: Arc<Mutex<impl PromptHandler>>,
|
||||||
|
) -> Result<(Vec<Share>, u8), Self::Error>;
|
||||||
|
|
||||||
|
/// Decrypt a single share and associated metadata from a reaable input. For the current
|
||||||
|
/// version of Keyfork, the only associated metadata is a u8 representing the threshold to
|
||||||
|
/// combine secrets.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the shardfile couldn't be read from, if a shard could not
|
||||||
|
/// be decrypted, or if a shard could not be parsed from the decrypted data.
|
||||||
|
fn decrypt_one_shard(
|
||||||
|
&self,
|
||||||
|
private_keys: Option<Self::PrivateKeyData>,
|
||||||
|
encrypted_data: &[Self::EncryptedData],
|
||||||
|
prompt: Arc<Mutex<impl PromptHandler>>,
|
||||||
|
) -> Result<(Share, u8), Self::Error>;
|
||||||
|
|
||||||
|
/// Decrypt multiple shares and combine them to recreate a secret.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the shares can't be decrypted or if the shares can't
|
||||||
|
/// be combined into a secret.
|
||||||
|
fn decrypt_all_shards_to_secret(
|
||||||
|
&self,
|
||||||
|
private_key_discovery: Option<impl KeyDiscovery<Self>>,
|
||||||
|
reader: impl Read + Send + Sync,
|
||||||
|
prompt: impl PromptHandler,
|
||||||
|
) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||||
|
let private_keys = private_key_discovery
|
||||||
|
.map(|p| p.discover_private_keys())
|
||||||
|
.transpose()?;
|
||||||
|
let encrypted_messages = self.parse_shard_file(reader)?;
|
||||||
|
let (shares, threshold) = self.decrypt_all_shards(
|
||||||
|
private_keys,
|
||||||
|
&encrypted_messages,
|
||||||
|
Arc::new(Mutex::new(prompt)),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
let secret = Sharks(threshold)
|
||||||
|
.recover(&shares)
|
||||||
|
.map_err(|e| SharksError::CombineShare(e.to_string()))?;
|
||||||
|
|
||||||
|
Ok(secret)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Establish an AES-256-GCM transport key using ECDH, decrypt a single shard, and encrypt the
|
||||||
|
/// shard to the AES key.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if a share can't be decrypted. The method will not return an
|
||||||
|
/// error if the camera is inaccessible or if a hardware error is encountered while scanning a
|
||||||
|
/// QR code; instead, a mnemonic prompt will be used.
|
||||||
|
fn decrypt_one_shard_for_transport(
|
||||||
|
&self,
|
||||||
|
private_key_discovery: Option<impl KeyDiscovery<Self>>,
|
||||||
|
reader: impl Read + Send + Sync,
|
||||||
|
prompt: impl PromptHandler,
|
||||||
|
) -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
let prompt = Arc::new(Mutex::new(prompt));
|
||||||
|
|
||||||
|
// parse input
|
||||||
|
let private_keys = private_key_discovery
|
||||||
|
.map(|p| p.discover_private_keys())
|
||||||
|
.transpose()?;
|
||||||
|
let encrypted_messages = self.parse_shard_file(reader)?;
|
||||||
|
|
||||||
|
// establish AES-256-GCM key via ECDH
|
||||||
|
let mut nonce_data: Option<[u8; 12]> = None;
|
||||||
|
let mut pubkey_data: Option<[u8; 32]> = None;
|
||||||
|
|
||||||
|
// receive remote data via scanning QR code from camera
|
||||||
|
#[cfg(feature = "qrcode")]
|
||||||
|
{
|
||||||
|
prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
||||||
|
if let Ok(Some(hex)) =
|
||||||
|
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(30), 0)
|
||||||
|
{
|
||||||
|
let decoded_data = smex::decode(&hex)?;
|
||||||
|
nonce_data = Some(decoded_data[..12].try_into().map_err(|_| InvalidData)?);
|
||||||
|
pubkey_data = Some(decoded_data[12..].try_into().map_err(|_| InvalidData)?)
|
||||||
|
} else {
|
||||||
|
prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_message(PromptMessage::Text(QRCODE_ERROR.to_string()))?;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// if QR code scanning failed or was unavailable, read from a set of mnemonics
|
||||||
|
let (nonce, their_pubkey) = match (nonce_data, pubkey_data) {
|
||||||
|
(Some(nonce), Some(pubkey)) => (nonce, pubkey),
|
||||||
|
_ => {
|
||||||
|
let validator = MnemonicSetValidator {
|
||||||
|
word_lengths: [9, 24],
|
||||||
|
};
|
||||||
|
let [nonce_mnemonic, pubkey_mnemonic] = prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_validated_wordlist::<English, _>(
|
||||||
|
QRCODE_COULDNT_READ,
|
||||||
|
3,
|
||||||
|
validator.to_fn(),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
let nonce = nonce_mnemonic
|
||||||
|
.as_bytes()
|
||||||
|
.try_into()
|
||||||
|
.map_err(|_| InvalidData)?;
|
||||||
|
let pubkey = pubkey_mnemonic
|
||||||
|
.as_bytes()
|
||||||
|
.try_into()
|
||||||
|
.map_err(|_| InvalidData)?;
|
||||||
|
(nonce, pubkey)
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
// create our shared key
|
||||||
|
let our_key = EphemeralSecret::random();
|
||||||
|
let our_pubkey_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
|
||||||
|
let shared_secret = our_key
|
||||||
|
.diffie_hellman(&PublicKey::from(their_pubkey))
|
||||||
|
.to_bytes();
|
||||||
|
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
|
||||||
|
let mut hkdf_output = [0u8; 256 / 8];
|
||||||
|
hkdf.expand(&[], &mut hkdf_output)?;
|
||||||
|
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
|
||||||
|
|
||||||
|
// decrypt a single shard and create the payload
|
||||||
|
let (share, threshold) =
|
||||||
|
self.decrypt_one_shard(private_keys, &encrypted_messages, prompt.clone())?;
|
||||||
|
let mut payload = Vec::from(&share);
|
||||||
|
payload.insert(0, HUNK_VERSION);
|
||||||
|
payload.insert(1, threshold);
|
||||||
|
assert!(
|
||||||
|
payload.len() <= ENC_LEN as usize,
|
||||||
|
"invalid share length (too long, max {ENC_LEN} bytes)"
|
||||||
|
);
|
||||||
|
|
||||||
|
// encrypt data
|
||||||
|
let nonce = Nonce::<U12>::from_slice(&nonce);
|
||||||
|
let payload_bytes = shared_key.encrypt(nonce, payload.as_slice())?;
|
||||||
|
|
||||||
|
// convert data to a static-size payload
|
||||||
|
// NOTE: Padding length is less than u8::MAX because ENC_LEN < u8::MAX
|
||||||
|
#[allow(clippy::assertions_on_constants)]
|
||||||
|
{
|
||||||
|
assert!(ENC_LEN < u8::MAX, "padding byte can be u8");
|
||||||
|
}
|
||||||
|
#[allow(clippy::cast_possible_truncation)]
|
||||||
|
let mut out_bytes = [payload_bytes.len() as u8; ENC_LEN as usize];
|
||||||
|
assert!(
|
||||||
|
payload_bytes.len() < out_bytes.len(),
|
||||||
|
"encrypted payload larger than acceptable limit"
|
||||||
|
);
|
||||||
|
out_bytes[..payload_bytes.len()].clone_from_slice(&payload_bytes);
|
||||||
|
|
||||||
|
// NOTE: This previously used a single repeated value as the padding byte, but resulted in
|
||||||
|
// difficulty when entering in prompts manually, as one's place could be lost due to
|
||||||
|
// repeated keywords. This is resolved below by having sequentially increasing numbers up to
|
||||||
|
// but not including the last byte.
|
||||||
|
#[allow(clippy::cast_possible_truncation)]
|
||||||
|
for (i, byte) in (out_bytes[payload_bytes.len()..(ENC_LEN as usize - 1)])
|
||||||
|
.iter_mut()
|
||||||
|
.enumerate()
|
||||||
|
{
|
||||||
|
*byte = (i % u8::MAX as usize) as u8;
|
||||||
|
}
|
||||||
|
|
||||||
|
// safety: size of out_bytes is constant and always % 4 == 0
|
||||||
|
let payload_mnemonic = unsafe { Mnemonic::from_raw_bytes(&out_bytes) };
|
||||||
|
|
||||||
|
#[cfg(feature = "qrcode")]
|
||||||
|
{
|
||||||
|
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
||||||
|
let mut qrcode_data = our_pubkey_mnemonic.to_bytes();
|
||||||
|
qrcode_data.extend(payload_mnemonic.as_bytes());
|
||||||
|
if let Ok(qrcode) = qrencode(&smex::encode(&qrcode_data), ErrorCorrection::Highest) {
|
||||||
|
prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_message(PromptMessage::Text(
|
||||||
|
concat!(
|
||||||
|
"A QR code will be displayed after this prompt. ",
|
||||||
|
"Send the QR code back to the operator combining the shards. ",
|
||||||
|
"Nobody else should scan this QR code."
|
||||||
|
)
|
||||||
|
.to_string(),
|
||||||
|
))?;
|
||||||
|
prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_message(PromptMessage::Data(qrcode))?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
prompt
|
||||||
|
.lock()
|
||||||
|
.expect(bug!(POISONED_MUTEX))
|
||||||
|
.prompt_message(PromptMessage::Text(format!(
|
||||||
|
"Upon request, these words should be sent: {our_pubkey_mnemonic} {payload_mnemonic}"
|
||||||
|
)))?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Split a secret into a shard for every shard in keys, with the given Shamir's Secret Sharing
|
||||||
|
/// threshold.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The method may return an error if the shares can't be encrypted.
|
||||||
|
fn shard_and_encrypt(
|
||||||
|
&self,
|
||||||
|
threshold: u8,
|
||||||
|
max: u8,
|
||||||
|
secret: &[u8],
|
||||||
|
public_key_discovery: impl KeyDiscovery<Self>,
|
||||||
|
writer: impl Write + Send + Sync,
|
||||||
|
) -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
let mut signing_key = self.derive_signing_key(secret);
|
||||||
|
|
||||||
|
let sharks = Sharks(threshold);
|
||||||
|
let dealer = sharks.dealer(secret);
|
||||||
|
|
||||||
|
let public_keys = public_key_discovery.discover_public_keys()?;
|
||||||
|
assert!(
|
||||||
|
public_keys.len() < u8::MAX as usize,
|
||||||
|
"must have less than u8::MAX public keys"
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
max,
|
||||||
|
public_keys.len() as u8,
|
||||||
|
"max must be equal to amount of public keys"
|
||||||
|
);
|
||||||
|
let max = public_keys.len() as u8;
|
||||||
|
assert!(max >= threshold, "threshold must not exceed max keys");
|
||||||
|
|
||||||
|
let header = self.format_encrypted_header(&signing_key, &public_keys, threshold)?;
|
||||||
|
let mut messages = vec![header];
|
||||||
|
for (pk, share) in public_keys.iter().zip(dealer) {
|
||||||
|
let shard = Vec::from(&share);
|
||||||
|
messages.push(self.encrypt_shard(&shard, pk, &mut signing_key)?);
|
||||||
|
}
|
||||||
|
|
||||||
|
self.format_shard_file(&messages, writer)?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Errors encountered while creating or combining shares using Shamir's Secret Sharing.
|
||||||
|
#[derive(thiserror::Error, Debug)]
|
||||||
|
pub enum SharksError {
|
||||||
|
/// A Shamir Share could not be created.
|
||||||
|
#[error("Error creating share: {0}")]
|
||||||
|
Share(String),
|
||||||
|
|
||||||
|
/// The Shamir shares could not be combined.
|
||||||
|
#[error("Error combining shares: {0}")]
|
||||||
|
CombineShare(String),
|
||||||
|
}
|
||||||
|
|
||||||
|
/// The mnemonic or QR code used to transport an encrypted shard did not store the correct amount
|
||||||
|
/// of data.
|
||||||
|
#[derive(thiserror::Error, Debug)]
|
||||||
|
#[error("Mnemonic or QR code did not store enough data")]
|
||||||
|
pub struct InvalidData;
|
||||||
|
|
||||||
|
/// Decrypt hunk version 1:
|
||||||
|
/// 1 byte: Version
|
||||||
|
/// 1 byte: Threshold
|
||||||
|
/// Data: &[u8]
|
||||||
|
pub(crate) const HUNK_VERSION: u8 = 1;
|
||||||
|
pub(crate) const HUNK_OFFSET: usize = 2;
|
||||||
|
|
||||||
|
const QRCODE_PROMPT: &str = "Press enter, then present QR code to camera.";
|
||||||
|
const QRCODE_TIMEOUT: u64 = 60; // One minute
|
||||||
|
const QRCODE_COULDNT_READ: &str = "A QR code could not be scanned. Please enter their words: ";
|
||||||
|
const QRCODE_ERROR: &str = "Unable to scan a QR code. Falling back to text entry.";
|
||||||
|
|
||||||
|
/// Establish ECDH transport for remote operators, receive transport-encrypted shares, decrypt the
|
||||||
|
/// shares, and combine them.
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
/// The function may error if:
|
||||||
|
/// * Prompting for transport-encrypted shards fails.
|
||||||
|
/// * Decrypting shards fails.
|
||||||
|
/// * Combining shards fails.
|
||||||
|
///
|
||||||
|
/// # Panics
|
||||||
|
/// The function may panic if it is given payloads generated using a version of Keyfork that is
|
||||||
|
/// incompatible with the currently running version.
|
||||||
|
pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
let mut pm = Terminal::new(stdin(), stdout())?;
|
||||||
|
|
||||||
|
let mut iter_count = None;
|
||||||
|
let mut shares = vec![];
|
||||||
|
|
||||||
|
let mut threshold = 0;
|
||||||
|
let mut iter = 0;
|
||||||
|
|
||||||
|
while iter_count.is_none() || iter_count.is_some_and(|i| i > 0) {
|
||||||
|
iter += 1;
|
||||||
|
let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
|
||||||
|
let nonce_mnemonic = unsafe { Mnemonic::from_raw_bytes(nonce.as_slice()) };
|
||||||
|
let our_key = EphemeralSecret::random();
|
||||||
|
let key_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
|
||||||
|
|
||||||
|
#[cfg(feature = "qrcode")]
|
||||||
|
{
|
||||||
|
use keyfork_qrcode::{qrencode, ErrorCorrection};
|
||||||
|
let mut qrcode_data = nonce_mnemonic.to_bytes();
|
||||||
|
qrcode_data.extend(key_mnemonic.as_bytes());
|
||||||
|
if let Ok(qrcode) = qrencode(&smex::encode(&qrcode_data), ErrorCorrection::Highest) {
|
||||||
|
pm.prompt_message(PromptMessage::Text(format!(
|
||||||
|
concat!(
|
||||||
|
"A QR code will be displayed after this prompt. ",
|
||||||
|
"Send the QR code to only shardholder {iter}. ",
|
||||||
|
"Nobody else should scan this QR code."
|
||||||
|
),
|
||||||
|
iter = iter
|
||||||
|
)))?;
|
||||||
|
pm.prompt_message(PromptMessage::Data(qrcode))?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pm.prompt_message(PromptMessage::Text(format!(
|
||||||
|
concat!(
|
||||||
|
"Upon request, these words should be sent to shardholder {iter}: ",
|
||||||
|
"{nonce_mnemonic} {key_mnemonic}"
|
||||||
|
),
|
||||||
|
iter = iter,
|
||||||
|
nonce_mnemonic = nonce_mnemonic,
|
||||||
|
key_mnemonic = key_mnemonic,
|
||||||
|
)))?;
|
||||||
|
|
||||||
|
let mut pubkey_data: Option<[u8; 32]> = None;
|
||||||
|
let mut payload_data = None;
|
||||||
|
|
||||||
|
#[cfg(feature = "qrcode")]
|
||||||
|
{
|
||||||
|
pm.prompt_message(PromptMessage::Text(QRCODE_PROMPT.to_string()))?;
|
||||||
|
if let Ok(Some(hex)) =
|
||||||
|
keyfork_qrcode::scan_camera(std::time::Duration::from_secs(QRCODE_TIMEOUT), 0)
|
||||||
|
{
|
||||||
|
let decoded_data = smex::decode(&hex)?;
|
||||||
|
let _ = pubkey_data.insert(decoded_data[..32].try_into().map_err(|_| InvalidData)?);
|
||||||
|
let _ = payload_data.insert(decoded_data[32..].to_vec());
|
||||||
|
} else {
|
||||||
|
pm.prompt_message(PromptMessage::Text(QRCODE_ERROR.to_string()))?;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
let (pubkey, payload) = match (pubkey_data, payload_data) {
|
||||||
|
(Some(pubkey), Some(payload)) => (pubkey, payload),
|
||||||
|
_ => {
|
||||||
|
let validator = MnemonicSetValidator {
|
||||||
|
word_lengths: [24, 48],
|
||||||
|
};
|
||||||
|
|
||||||
|
let [pubkey_mnemonic, payload_mnemonic] = pm
|
||||||
|
.prompt_validated_wordlist::<English, _>(
|
||||||
|
QRCODE_COULDNT_READ,
|
||||||
|
3,
|
||||||
|
validator.to_fn(),
|
||||||
|
)?;
|
||||||
|
let pubkey = pubkey_mnemonic
|
||||||
|
.as_bytes()
|
||||||
|
.try_into()
|
||||||
|
.map_err(|_| InvalidData)?;
|
||||||
|
let payload = payload_mnemonic.to_bytes();
|
||||||
|
(pubkey, payload)
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey)).to_bytes();
|
||||||
|
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
|
||||||
|
let mut hkdf_output = [0u8; 256 / 8];
|
||||||
|
hkdf.expand(&[], &mut hkdf_output)?;
|
||||||
|
let shared_key = Aes256Gcm::new_from_slice(&hkdf_output)?;
|
||||||
|
|
||||||
|
let payload =
|
||||||
|
shared_key.decrypt(&nonce, &payload[..payload[payload.len() - 1] as usize])?;
|
||||||
|
assert_eq!(HUNK_VERSION, payload[0], "Incompatible hunk version");
|
||||||
|
|
||||||
|
match &mut iter_count {
|
||||||
|
Some(n) => {
|
||||||
|
// Must be > 0 to start loop, can't go lower
|
||||||
|
*n -= 1;
|
||||||
|
}
|
||||||
|
None => {
|
||||||
|
// NOTE: Should always be >= 1, < 256 due to Shamir constraints
|
||||||
|
threshold = payload[1];
|
||||||
|
let _ = iter_count.insert(threshold - 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
shares.push(payload[HUNK_OFFSET..].to_vec());
|
||||||
|
}
|
||||||
|
|
||||||
|
let shares = shares
|
||||||
|
.into_iter()
|
||||||
|
.map(|s| Share::try_from(s.as_slice()))
|
||||||
|
.collect::<Result<Vec<_>, &str>>()
|
||||||
|
.map_err(|e| SharksError::Share(e.to_string()))?;
|
||||||
|
let secret = Sharks(threshold)
|
||||||
|
.recover(&shares)
|
||||||
|
.map_err(|e| SharksError::CombineShare(e.to_string()))?;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verification would take up too much size, mnemonic would be very large
|
||||||
|
let userid = UserID::from("keyfork-sss");
|
||||||
|
let kdr = DerivationRequest::new(
|
||||||
|
DerivationAlgorithm::Ed25519,
|
||||||
|
&DerivationPath::from_str("m/7366512'/0'")?,
|
||||||
|
)
|
||||||
|
.derive_with_master_seed(secret.to_vec())?;
|
||||||
|
let derived_cert = keyfork_derive_openpgp::derive(
|
||||||
|
kdr,
|
||||||
|
&[KeyFlags::empty().set_certification().set_signing()],
|
||||||
|
userid,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
// NOTE: Signatures on certs will be different. Compare fingerprints instead.
|
||||||
|
let derived_fp = derived_cert.fingerprint();
|
||||||
|
let expected_fp = root_cert.fingerprint();
|
||||||
|
if derived_fp != expected_fp {
|
||||||
|
return Err(Error::InvalidSecret(derived_fp, expected_fp));
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
w.write_all(&secret)?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
|
@ -13,7 +13,7 @@ use std::{
|
||||||
|
|
||||||
use keyfork_bug::bug;
|
use keyfork_bug::bug;
|
||||||
use keyfork_derive_openpgp::{
|
use keyfork_derive_openpgp::{
|
||||||
derive_util::{DerivationPath, VariableLengthSeed},
|
derive_util::{DerivationIndex, DerivationPath, VariableLengthSeed},
|
||||||
XPrv,
|
XPrv,
|
||||||
};
|
};
|
||||||
use keyfork_prompt::PromptHandler;
|
use keyfork_prompt::PromptHandler;
|
||||||
|
@ -25,7 +25,7 @@ use openpgp::{
|
||||||
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
|
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
|
||||||
Parse,
|
Parse,
|
||||||
},
|
},
|
||||||
policy::{NullPolicy, StandardPolicy, Policy},
|
policy::{NullPolicy, Policy, StandardPolicy},
|
||||||
serialize::{
|
serialize::{
|
||||||
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
|
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
|
||||||
Marshal,
|
Marshal,
|
||||||
|
@ -34,7 +34,7 @@ use openpgp::{
|
||||||
KeyID, PacketPile,
|
KeyID, PacketPile,
|
||||||
};
|
};
|
||||||
pub use sequoia_openpgp as openpgp;
|
pub use sequoia_openpgp as openpgp;
|
||||||
use blahaj::Share;
|
use sharks::Share;
|
||||||
|
|
||||||
mod keyring;
|
mod keyring;
|
||||||
use keyring::Keyring;
|
use keyring::Keyring;
|
||||||
|
@ -77,10 +77,6 @@ pub enum Error {
|
||||||
/// An IO error occurred.
|
/// An IO error occurred.
|
||||||
#[error("IO error: {0}")]
|
#[error("IO error: {0}")]
|
||||||
Io(#[source] std::io::Error),
|
Io(#[source] std::io::Error),
|
||||||
|
|
||||||
/// No valid keys were found for the given recipient.
|
|
||||||
#[error("No valid keys were found for the recipient {0}")]
|
|
||||||
NoValidKeys(KeyID),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[allow(missing_docs)]
|
#[allow(missing_docs)]
|
||||||
|
@ -185,7 +181,7 @@ impl EncryptedMessage {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encoding and decoding shards using OpenPGP.
|
///
|
||||||
pub struct OpenPGP<P: PromptHandler> {
|
pub struct OpenPGP<P: PromptHandler> {
|
||||||
p: PhantomData<P>,
|
p: PhantomData<P>,
|
||||||
}
|
}
|
||||||
|
@ -198,59 +194,33 @@ impl<P: PromptHandler> OpenPGP<P> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<P: PromptHandler> OpenPGP<P> {
|
impl<P: PromptHandler> OpenPGP<P> {
|
||||||
/// Read all OpenPGP certificates in a path and return a [`Vec`] of them.
|
/// Read all OpenPGP certificates in a path and return a [`Vec`] of them. Certificates are read
|
||||||
///
|
/// from a file, or from files one level deep in a directory.
|
||||||
/// Certificates are read from a file, or from files one level deep in a directory.
|
|
||||||
/// Certificates with duplicated fingerprints will be discarded.
|
|
||||||
///
|
///
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// The function may return an error if it is unable to read the directory or if Sequoia is
|
/// The function may return an error if it is unable to read the directory or if Sequoia is unable
|
||||||
/// unable to load certificates from the file.
|
/// to load certificates from the file.
|
||||||
pub fn discover_certs(path: impl AsRef<Path>) -> Result<Vec<Cert>> {
|
pub fn discover_certs(path: impl AsRef<Path>) -> Result<Vec<Cert>> {
|
||||||
let path = path.as_ref();
|
let path = path.as_ref();
|
||||||
|
|
||||||
let mut pubkeys = std::collections::HashSet::new();
|
|
||||||
let mut certs = HashMap::new();
|
|
||||||
if path.is_file() {
|
if path.is_file() {
|
||||||
for maybe_cert in CertParser::from_file(path).map_err(Error::Sequoia)? {
|
let mut vec = vec![];
|
||||||
let cert = maybe_cert.map_err(Error::Sequoia)?;
|
for cert in CertParser::from_file(path).map_err(Error::Sequoia)? {
|
||||||
let certfp = cert.fingerprint();
|
vec.push(cert.map_err(Error::Sequoia)?);
|
||||||
for key in cert.keys() {
|
|
||||||
let fp = key.fingerprint();
|
|
||||||
if pubkeys.contains(&fp) {
|
|
||||||
eprintln!("Received duplicate key: {fp} in public key: {certfp}");
|
|
||||||
}
|
|
||||||
pubkeys.insert(fp);
|
|
||||||
}
|
|
||||||
certs.insert(certfp, cert);
|
|
||||||
}
|
}
|
||||||
|
Ok(vec)
|
||||||
} else {
|
} else {
|
||||||
|
let mut vec = vec![];
|
||||||
for entry in path
|
for entry in path
|
||||||
.read_dir()
|
.read_dir()
|
||||||
.map_err(Error::Io)?
|
.map_err(Error::Io)?
|
||||||
.filter_map(Result::ok)
|
.filter_map(Result::ok)
|
||||||
.filter(|p| p.path().is_file())
|
.filter(|p| p.path().is_file())
|
||||||
{
|
{
|
||||||
let cert = Cert::from_file(entry.path()).map_err(Error::Sequoia)?;
|
vec.push(Cert::from_file(entry.path()).map_err(Error::Sequoia)?);
|
||||||
let certfp = cert.fingerprint();
|
|
||||||
for key in cert.keys() {
|
|
||||||
let fp = key.fingerprint();
|
|
||||||
if pubkeys.contains(&fp) {
|
|
||||||
eprintln!("Received duplicate key: {fp} in public key: {certfp}");
|
|
||||||
}
|
}
|
||||||
pubkeys.insert(fp);
|
Ok(vec)
|
||||||
}
|
}
|
||||||
certs.insert(certfp, cert);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
for cert in certs.values() {
|
|
||||||
let policy = StandardPolicy::new();
|
|
||||||
let valid_cert = cert.with_policy(&policy, None).map_err(Error::Sequoia)?;
|
|
||||||
if get_encryption_keys(&valid_cert).next().is_none() {
|
|
||||||
return Err(Error::NoValidKeys(valid_cert.keyid()))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(certs.into_values().collect())
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -263,6 +233,18 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
|
||||||
type SigningKey = Cert;
|
type SigningKey = Cert;
|
||||||
type EncryptedData = EncryptedMessage;
|
type EncryptedData = EncryptedMessage;
|
||||||
|
|
||||||
|
fn provision_shardholder_key(
|
||||||
|
&self,
|
||||||
|
derivation_path: DerivationPath,
|
||||||
|
seed: &[u8],
|
||||||
|
) -> Result<(), Self::Error> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn purpose_derivation_index(&self) -> DerivationIndex {
|
||||||
|
DerivationIndex::new(u32::from_be_bytes(*b"\x00pgp"), true).unwrap()
|
||||||
|
}
|
||||||
|
|
||||||
/// Derive an OpenPGP Shard certificate from the given seed.
|
/// Derive an OpenPGP Shard certificate from the given seed.
|
||||||
fn derive_signing_key(&self, seed: &[u8]) -> Self::SigningKey {
|
fn derive_signing_key(&self, seed: &[u8]) -> Self::SigningKey {
|
||||||
let seed = VariableLengthSeed::new(seed);
|
let seed = VariableLengthSeed::new(seed);
|
||||||
|
@ -270,7 +252,6 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
|
||||||
let userid = UserID::from("keyfork-sss");
|
let userid = UserID::from("keyfork-sss");
|
||||||
let path = DerivationPath::from_str("m/7366512'/0'").expect(bug!("valid derivation path"));
|
let path = DerivationPath::from_str("m/7366512'/0'").expect(bug!("valid derivation path"));
|
||||||
let xprv = XPrv::new(seed)
|
let xprv = XPrv::new(seed)
|
||||||
.expect(bug!("could not create XPrv from key"))
|
|
||||||
.derive_path(&path)
|
.derive_path(&path)
|
||||||
.expect(bug!("valid derivation"));
|
.expect(bug!("valid derivation"));
|
||||||
keyfork_derive_openpgp::derive(
|
keyfork_derive_openpgp::derive(
|
||||||
|
@ -588,8 +569,7 @@ fn get_encryption_keys<'a>(
|
||||||
openpgp::packet::key::UnspecifiedRole,
|
openpgp::packet::key::UnspecifiedRole,
|
||||||
> {
|
> {
|
||||||
cert.keys()
|
cert.keys()
|
||||||
// NOTE: this causes complications on Airgap systems
|
.alive()
|
||||||
// .alive()
|
|
||||||
.revoked(false)
|
.revoked(false)
|
||||||
.supported()
|
.supported()
|
||||||
.for_storage_encryption()
|
.for_storage_encryption()
|
||||||
|
|
|
@ -84,23 +84,13 @@ impl<P: PromptHandler> VerificationHelper for &mut Keyring<P> {
|
||||||
aead_algo,
|
aead_algo,
|
||||||
} => {}
|
} => {}
|
||||||
MessageLayer::SignatureGroup { results } => {
|
MessageLayer::SignatureGroup { results } => {
|
||||||
match &results[..] {
|
|
||||||
[Ok(_)] => {
|
|
||||||
return Ok(());
|
|
||||||
}
|
|
||||||
_ => {
|
|
||||||
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
|
||||||
// return Err(e.context("Invalid signature"));
|
|
||||||
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
for result in results {
|
for result in results {
|
||||||
if let Err(e) = result {
|
if let Err(e) = result {
|
||||||
|
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
||||||
|
// return Err(e.context("Invalid signature"));
|
||||||
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -193,23 +193,12 @@ impl<P: PromptHandler> VerificationHelper for &mut SmartcardManager<P> {
|
||||||
aead_algo,
|
aead_algo,
|
||||||
} => {}
|
} => {}
|
||||||
MessageLayer::SignatureGroup { results } => {
|
MessageLayer::SignatureGroup { results } => {
|
||||||
match &results[..] {
|
|
||||||
[Ok(_)] => {
|
|
||||||
return Ok(());
|
|
||||||
}
|
|
||||||
_ => {
|
|
||||||
// FIXME: anyhow leak: VerificationError impl std::error::Error
|
|
||||||
// return Err(e.context("Invalid signature"));
|
|
||||||
return Err(anyhow::anyhow!("Error validating signature; either multiple signatures were passed or the single signature was not valid"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
for result in results {
|
for result in results {
|
||||||
if let Err(e) = result {
|
if let Err(e) = result {
|
||||||
return Err(anyhow::anyhow!("Invalid signature: {e}"));
|
// FIXME: anyhow leak
|
||||||
|
return Err(anyhow::anyhow!("Verification error: {}", e.to_string()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -275,8 +264,8 @@ impl<P: PromptHandler> DecryptionHelper for &mut SmartcardManager<P> {
|
||||||
} else {
|
} else {
|
||||||
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
|
format!("Unlock card {card_id} ({cardholder_name})\n{rpea}: {attempts}\n\nPIN: ")
|
||||||
};
|
};
|
||||||
let temp_pin = self
|
let temp_pin =
|
||||||
.pm
|
self.pm
|
||||||
.lock()
|
.lock()
|
||||||
.expect(bug!(POISONED_MUTEX))
|
.expect(bug!(POISONED_MUTEX))
|
||||||
.prompt_validated_passphrase(&message, 3, &pin_validator)?;
|
.prompt_validated_passphrase(&message, 3, &pin_validator)?;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork"
|
name = "keyfork"
|
||||||
version = "0.2.4"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
|
@ -23,25 +23,24 @@ sequoia-crypto-backend-openssl = ["sequoia-openpgp/crypto-openssl"]
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bin = { workspace = true }
|
keyfork-bin = { version = "0.1.0", path = "../util/keyfork-bin", registry = "distrust" }
|
||||||
keyforkd = { workspace = true, features = ["tracing"] }
|
keyforkd = { version = "0.1.0", path = "../daemon/keyforkd", features = ["tracing"], registry = "distrust" }
|
||||||
keyforkd-client = { workspace = true, default-features = false, features = ["ed25519"] }
|
keyforkd-client = { version = "0.1.0", path = "../daemon/keyforkd-client", default-features = false, features = ["ed25519"], registry = "distrust" }
|
||||||
keyfork-derive-util = { workspace = true, default-features = true }
|
keyfork-derive-openpgp = { version = "0.1.0", path = "../derive/keyfork-derive-openpgp", registry = "distrust" }
|
||||||
keyfork-derive-openpgp = { workspace = true }
|
keyfork-derive-util = { version = "0.1.0", path = "../derive/keyfork-derive-util", default-features = false, features = ["ed25519"], registry = "distrust" }
|
||||||
keyfork-derive-path-data = { workspace = true }
|
keyfork-entropy = { version = "0.1.0", path = "../util/keyfork-entropy", registry = "distrust" }
|
||||||
keyfork-entropy = { workspace = true }
|
keyfork-mnemonic-util = { version = "0.2.0", path = "../util/keyfork-mnemonic-util", registry = "distrust" }
|
||||||
keyfork-mnemonic = { workspace = true }
|
keyfork-prompt = { version = "0.1.0", path = "../util/keyfork-prompt", registry = "distrust" }
|
||||||
keyfork-prompt = { workspace = true }
|
keyfork-qrcode = { version = "0.1.0", path = "../qrcode/keyfork-qrcode", default-features = false, registry = "distrust" }
|
||||||
keyfork-qrcode = { workspace = true, default-features = false }
|
keyfork-shard = { version = "0.1.0", path = "../keyfork-shard", default-features = false, features = ["openpgp", "openpgp-card", "qrcode"], registry = "distrust" }
|
||||||
keyfork-shard = { workspace = true, default-features = false, features = ["openpgp", "openpgp-card", "qrcode"] }
|
smex = { version = "0.1.0", path = "../util/smex", registry = "distrust" }
|
||||||
smex = { workspace = true }
|
|
||||||
|
|
||||||
clap = { version = "4.4.2", features = ["derive", "env", "wrap_help"] }
|
clap = { version = "4.4.2", features = ["derive", "env", "wrap_help"] }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.48"
|
||||||
serde = { workspace = true }
|
serde = { version = "1.0.192", features = ["derive"] }
|
||||||
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
tokio = { version = "1.35.1", default-features = false, features = ["rt-multi-thread"] }
|
||||||
card-backend-pcsc = { workspace = true }
|
card-backend-pcsc = "0.5.0"
|
||||||
openpgp-card-sequoia = { workspace = true }
|
openpgp-card-sequoia = { version = "0.2.0", default-features = false }
|
||||||
openpgp-card = { workspace = true }
|
openpgp-card = "0.4.1"
|
||||||
clap_complete = { version = "4.4.6", optional = true }
|
clap_complete = { version = "4.4.6", optional = true }
|
||||||
sequoia-openpgp = { workspace = true }
|
sequoia-openpgp = { version = "1.17.0", default-features = false, features = ["compression"] }
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
use super::Keyfork;
|
use super::Keyfork;
|
||||||
use clap::{Args, Parser, Subcommand};
|
use clap::{Parser, Subcommand};
|
||||||
|
|
||||||
use keyfork_derive_openpgp::{
|
use keyfork_derive_openpgp::{
|
||||||
openpgp::{
|
openpgp::{
|
||||||
|
@ -10,8 +10,7 @@ use keyfork_derive_openpgp::{
|
||||||
},
|
},
|
||||||
XPrvKey,
|
XPrvKey,
|
||||||
};
|
};
|
||||||
use keyfork_derive_util::DerivationIndex;
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
use keyfork_derive_path_data::paths;
|
|
||||||
use keyforkd_client::Client;
|
use keyforkd_client::Client;
|
||||||
|
|
||||||
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
||||||
|
@ -21,33 +20,25 @@ pub enum DeriveSubcommands {
|
||||||
/// Derive an OpenPGP Transferable Secret Key (private key). The key is encoded using OpenPGP
|
/// Derive an OpenPGP Transferable Secret Key (private key). The key is encoded using OpenPGP
|
||||||
/// ASCII Armor, a format usable by most programs using OpenPGP.
|
/// ASCII Armor, a format usable by most programs using OpenPGP.
|
||||||
///
|
///
|
||||||
/// Certificates are created with a default expiration of one day, but may be configured to
|
/// The key is generated with a 24-hour expiration time. The operation to set the expiration
|
||||||
/// expire later using the `KEYFORK_OPENPGP_EXPIRE` environment variable using values such as
|
/// time to a higher value is left to the user to ensure the key is usable by the user.
|
||||||
/// "15d" (15 days), "1m" (one month), or "2y" (two years).
|
|
||||||
///
|
|
||||||
/// It is recommended to use the default expiration of one day and to change the expiration
|
|
||||||
/// using an external utility, to ensure the Certify key is usable.
|
|
||||||
#[command(name = "openpgp")]
|
#[command(name = "openpgp")]
|
||||||
OpenPGP(OpenPGP)
|
OpenPGP {
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Args, Clone, Debug)]
|
|
||||||
pub struct OpenPGP {
|
|
||||||
/// Default User ID for the certificate, using the OpenPGP User ID format.
|
/// Default User ID for the certificate, using the OpenPGP User ID format.
|
||||||
user_id: String,
|
user_id: String,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
impl DeriveSubcommands {
|
impl DeriveSubcommands {
|
||||||
fn handle(&self, account: DerivationIndex) -> Result<()> {
|
fn handle(&self, account: DerivationIndex) -> Result<()> {
|
||||||
match self {
|
match self {
|
||||||
DeriveSubcommands::OpenPGP(opgp) => opgp.handle(account),
|
DeriveSubcommands::OpenPGP { user_id } => {
|
||||||
}
|
let mut pgp_u32 = [0u8; 4];
|
||||||
}
|
pgp_u32[1..].copy_from_slice(&"pgp".bytes().collect::<Vec<u8>>());
|
||||||
}
|
let chain = DerivationIndex::new(u32::from_be_bytes(pgp_u32), true)?;
|
||||||
|
let path = DerivationPath::default()
|
||||||
impl OpenPGP {
|
.chain_push(chain)
|
||||||
pub fn handle(&self, account: DerivationIndex) -> Result<()> {
|
.chain_push(account);
|
||||||
let path = paths::OPENPGP.clone().chain_push(account);
|
|
||||||
// TODO: should this be customizable?
|
// TODO: should this be customizable?
|
||||||
let subkeys = vec![
|
let subkeys = vec![
|
||||||
KeyFlags::empty().set_certification(),
|
KeyFlags::empty().set_certification(),
|
||||||
|
@ -58,16 +49,19 @@ impl OpenPGP {
|
||||||
KeyFlags::empty().set_authentication(),
|
KeyFlags::empty().set_authentication(),
|
||||||
];
|
];
|
||||||
let xprv = Client::discover_socket()?.request_xprv::<XPrvKey>(&path)?;
|
let xprv = Client::discover_socket()?.request_xprv::<XPrvKey>(&path)?;
|
||||||
let default_userid = UserID::from(self.user_id.as_str());
|
let default_userid = UserID::from(user_id.as_str());
|
||||||
let cert = keyfork_derive_openpgp::derive(xprv, &subkeys, &default_userid)?;
|
let cert = keyfork_derive_openpgp::derive(xprv, &subkeys, &default_userid)?;
|
||||||
|
|
||||||
let mut w = Writer::new(std::io::stdout(), Kind::SecretKey)?;
|
let mut w = Writer::new(std::io::stdout(), Kind::SecretKey)?;
|
||||||
|
|
||||||
for packet in cert.into_packets2() {
|
for packet in cert.into_packets() {
|
||||||
packet.serialize(&mut w)?;
|
packet.serialize(&mut w)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
w.finalize()?;
|
w.finalize()?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -109,7 +109,7 @@ impl MnemonicSeedSource {
|
||||||
MnemonicSeedSource::Tarot => todo!(),
|
MnemonicSeedSource::Tarot => todo!(),
|
||||||
MnemonicSeedSource::Dice => todo!(),
|
MnemonicSeedSource::Dice => todo!(),
|
||||||
};
|
};
|
||||||
let mnemonic = keyfork_mnemonic::Mnemonic::try_from_slice(&seed)?;
|
let mnemonic = keyfork_mnemonic_util::Mnemonic::from_bytes(&seed)?;
|
||||||
Ok(mnemonic.to_string())
|
Ok(mnemonic.to_string())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@ use super::Keyfork;
|
||||||
use clap::{Parser, Subcommand};
|
use clap::{Parser, Subcommand};
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
|
||||||
use keyfork_mnemonic::{English, Mnemonic};
|
use keyfork_mnemonic_util::{English, Mnemonic};
|
||||||
use keyfork_prompt::{default_terminal, DefaultTerminal};
|
use keyfork_prompt::{default_terminal, DefaultTerminal};
|
||||||
use keyfork_shard::{remote_decrypt, Format};
|
use keyfork_shard::{remote_decrypt, Format};
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ pub struct Recover {
|
||||||
impl Recover {
|
impl Recover {
|
||||||
pub fn handle(&self, _k: &Keyfork) -> Result<()> {
|
pub fn handle(&self, _k: &Keyfork) -> Result<()> {
|
||||||
let seed = self.command.handle()?;
|
let seed = self.command.handle()?;
|
||||||
let mnemonic = Mnemonic::try_from_slice(&seed)?;
|
let mnemonic = Mnemonic::from_bytes(&seed)?;
|
||||||
tokio::runtime::Builder::new_multi_thread()
|
tokio::runtime::Builder::new_multi_thread()
|
||||||
.enable_all()
|
.enable_all()
|
||||||
.build()
|
.build()
|
||||||
|
|
|
@ -1,31 +1,21 @@
|
||||||
use super::Keyfork;
|
use super::Keyfork;
|
||||||
use clap::{Args, Parser, Subcommand};
|
use clap::{Parser, Subcommand};
|
||||||
use std::{collections::HashSet, fs::File, io::IsTerminal, path::PathBuf};
|
use std::{collections::HashSet, fs::File, io::IsTerminal, path::PathBuf};
|
||||||
|
|
||||||
use card_backend_pcsc::PcscBackend;
|
use card_backend_pcsc::PcscBackend;
|
||||||
use openpgp_card_sequoia::{state::Open, types::KeyType, Card};
|
use openpgp_card_sequoia::{state::Open, types::KeyType, Card};
|
||||||
|
|
||||||
use keyfork_derive_openpgp::{
|
use keyfork_derive_openpgp::{
|
||||||
openpgp::{
|
openpgp::{self, packet::UserID, types::KeyFlags, Cert},
|
||||||
self,
|
|
||||||
armor::{Kind, Writer},
|
|
||||||
packet::UserID,
|
|
||||||
serialize::Marshal,
|
|
||||||
types::KeyFlags,
|
|
||||||
Cert,
|
|
||||||
},
|
|
||||||
XPrv,
|
XPrv,
|
||||||
};
|
};
|
||||||
use keyfork_derive_path_data::paths;
|
use keyfork_derive_util::{DerivationIndex, DerivationPath};
|
||||||
use keyfork_derive_util::DerivationIndex;
|
|
||||||
use keyfork_mnemonic::Mnemonic;
|
|
||||||
use keyfork_prompt::{
|
use keyfork_prompt::{
|
||||||
default_terminal,
|
validators::{PinValidator, Validator},
|
||||||
validators::{SecurePinValidator, Validator},
|
Message, PromptHandler, DefaultTerminal, default_terminal
|
||||||
DefaultTerminal, Message, PromptHandler,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
use keyfork_shard::{openpgp::OpenPGP, Format};
|
use keyfork_shard::{Format, openpgp::OpenPGP};
|
||||||
|
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
#[error("Invalid PIN length: {0}")]
|
#[error("Invalid PIN length: {0}")]
|
||||||
|
@ -33,8 +23,6 @@ pub struct PinLength(usize);
|
||||||
|
|
||||||
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
||||||
|
|
||||||
// TODO: refactor to use mnemonic derived seed instead of 256 bit entropy to allow for possible
|
|
||||||
// recovery in the future.
|
|
||||||
fn derive_key(seed: [u8; 32], index: u8) -> Result<Cert> {
|
fn derive_key(seed: [u8; 32], index: u8) -> Result<Cert> {
|
||||||
let subkeys = vec![
|
let subkeys = vec![
|
||||||
KeyFlags::empty().set_certification(),
|
KeyFlags::empty().set_certification(),
|
||||||
|
@ -45,11 +33,18 @@ fn derive_key(seed: [u8; 32], index: u8) -> Result<Cert> {
|
||||||
KeyFlags::empty().set_authentication(),
|
KeyFlags::empty().set_authentication(),
|
||||||
];
|
];
|
||||||
|
|
||||||
|
let mut pgp_u32 = [0u8; 4];
|
||||||
|
pgp_u32[1..].copy_from_slice(&"pgp".bytes().collect::<Vec<u8>>());
|
||||||
|
let chain = DerivationIndex::new(u32::from_be_bytes(pgp_u32), true)?;
|
||||||
|
let mut shrd_u32 = [0u8; 4];
|
||||||
|
shrd_u32[..].copy_from_slice(&"shrd".bytes().collect::<Vec<u8>>());
|
||||||
|
let account = DerivationIndex::new(u32::from_be_bytes(pgp_u32), true)?;
|
||||||
let subkey = DerivationIndex::new(u32::from(index), true)?;
|
let subkey = DerivationIndex::new(u32::from(index), true)?;
|
||||||
let path = paths::OPENPGP_SHARD.clone().chain_push(subkey);
|
let path = DerivationPath::default()
|
||||||
let xprv = XPrv::new(seed)
|
.chain_push(chain)
|
||||||
.expect("could not construct master key from seed")
|
.chain_push(account)
|
||||||
.derive_path(&path)?;
|
.chain_push(subkey);
|
||||||
|
let xprv = XPrv::new(seed).derive_path(&path)?;
|
||||||
let userid = UserID::from(format!("Keyfork Shard {index}"));
|
let userid = UserID::from(format!("Keyfork Shard {index}"));
|
||||||
let cert = keyfork_derive_openpgp::derive(xprv, &subkeys, &userid)?;
|
let cert = keyfork_derive_openpgp::derive(xprv, &subkeys, &userid)?;
|
||||||
Ok(cert)
|
Ok(cert)
|
||||||
|
@ -103,106 +98,42 @@ fn factory_reset_current_card(
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Subcommand, Clone, Debug)]
|
fn generate_shard_secret(
|
||||||
pub enum WizardSubcommands {
|
|
||||||
GenerateShardSecret(GenerateShardSecret),
|
|
||||||
BottomsUp(BottomsUp),
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Create a 256 bit secret and shard the secret to smart cards.
|
|
||||||
///
|
|
||||||
/// Smart cards will need to be plugged in periodically during the wizard, where they will be
|
|
||||||
/// factory reset and provisioned to `m/pgp'/shrd'/<share index>`. The secret can then be recovered
|
|
||||||
/// with `keyfork recover shard` or `keyfork recover remote-shard`. The share file will be printed
|
|
||||||
/// to standard output.
|
|
||||||
#[derive(Args, Clone, Debug)]
|
|
||||||
pub struct GenerateShardSecret {
|
|
||||||
/// The minimum amount of keys required to decrypt the secret.
|
|
||||||
#[arg(long)]
|
|
||||||
threshold: u8,
|
threshold: u8,
|
||||||
|
|
||||||
/// The maximum amount of shards.
|
|
||||||
#[arg(long)]
|
|
||||||
max: u8,
|
max: u8,
|
||||||
|
|
||||||
/// The amount of smart cards to provision per-shard.
|
|
||||||
#[arg(long, default_value = "1")]
|
|
||||||
keys_per_shard: u8,
|
keys_per_shard: u8,
|
||||||
|
output_file: &Option<PathBuf>,
|
||||||
/// The file to write the generated shard file to.
|
) -> Result<()> {
|
||||||
#[arg(long)]
|
let seed = keyfork_entropy::generate_entropy_of_const_size::<{256 / 8}>()?;
|
||||||
output: Option<PathBuf>,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Create a 256 bit secret and shard the secret to previously known OpenPGP certificates,
|
|
||||||
/// deriving the default OpenPGP certificate for the secret.
|
|
||||||
///
|
|
||||||
/// This command was purpose-built for DEFCON and is not intended to be used normally, as it
|
|
||||||
/// implies keys used for sharding have been generated by a custom source.
|
|
||||||
#[derive(Args, Clone, Debug)]
|
|
||||||
pub struct BottomsUp {
|
|
||||||
/// The location of OpenPGP certificates to use when sharding.
|
|
||||||
key_discovery: PathBuf,
|
|
||||||
|
|
||||||
/// The minimum amount of keys required to decrypt the secret.
|
|
||||||
#[arg(long)]
|
|
||||||
threshold: u8,
|
|
||||||
|
|
||||||
/// The file to write the generated shard file to.
|
|
||||||
#[arg(long)]
|
|
||||||
output_shardfile: PathBuf,
|
|
||||||
|
|
||||||
/// The file to write the generated OpenPGP certificate to.
|
|
||||||
#[arg(long)]
|
|
||||||
output_cert: PathBuf,
|
|
||||||
|
|
||||||
/// The User ID for the generated OpenPGP certificate.
|
|
||||||
#[arg(long, default_value = "Disaster Recovery")]
|
|
||||||
user_id: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl WizardSubcommands {
|
|
||||||
// dispatch
|
|
||||||
fn handle(&self) -> Result<()> {
|
|
||||||
match self {
|
|
||||||
WizardSubcommands::GenerateShardSecret(gss) => gss.handle(),
|
|
||||||
WizardSubcommands::BottomsUp(bu) => bu.handle(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl GenerateShardSecret {
|
|
||||||
fn handle(&self) -> Result<()> {
|
|
||||||
let seed = keyfork_entropy::generate_entropy_of_const_size::<{ 256 / 8 }>()?;
|
|
||||||
let mut pm = default_terminal()?;
|
let mut pm = default_terminal()?;
|
||||||
let mut certs = vec![];
|
let mut certs = vec![];
|
||||||
let mut seen_cards: HashSet<String> = HashSet::new();
|
let mut seen_cards: HashSet<String> = HashSet::new();
|
||||||
let stdout = std::io::stdout();
|
let stdout = std::io::stdout();
|
||||||
if self.output.is_none() {
|
if output_file.is_none() {
|
||||||
assert!(
|
assert!(
|
||||||
!stdout.is_terminal(),
|
!stdout.is_terminal(),
|
||||||
"not printing shard to terminal, redirect output"
|
"not printing shard to terminal, redirect output"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
let user_pin_validator = SecurePinValidator {
|
let user_pin_validator = PinValidator {
|
||||||
min_length: Some(6),
|
min_length: Some(6),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}
|
}
|
||||||
.to_fn();
|
.to_fn();
|
||||||
let admin_pin_validator = SecurePinValidator {
|
let admin_pin_validator = PinValidator {
|
||||||
min_length: Some(8),
|
min_length: Some(8),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}
|
}
|
||||||
.to_fn();
|
.to_fn();
|
||||||
|
|
||||||
for index in 0..self.max {
|
for index in 0..max {
|
||||||
let cert = derive_key(seed, index)?;
|
let cert = derive_key(seed, index)?;
|
||||||
for i in 0..self.keys_per_shard {
|
for i in 0..keys_per_shard {
|
||||||
pm.prompt_message(Message::Text(format!(
|
pm.prompt_message(Message::Text(format!(
|
||||||
"Please remove all keys and insert key #{} for user #{}",
|
"Please remove all keys and insert key #{} for user #{}",
|
||||||
(i as u16) + 1,
|
i + 1,
|
||||||
(index as u16) + 1,
|
index + 1,
|
||||||
)))?;
|
)))?;
|
||||||
let card_backend = loop {
|
let card_backend = loop {
|
||||||
if let Some(c) = PcscBackend::cards(None)?.next().transpose()? {
|
if let Some(c) = PcscBackend::cards(None)?.next().transpose()? {
|
||||||
|
@ -236,64 +167,51 @@ impl GenerateShardSecret {
|
||||||
|
|
||||||
let opgp = OpenPGP::<DefaultTerminal>::new();
|
let opgp = OpenPGP::<DefaultTerminal>::new();
|
||||||
|
|
||||||
if let Some(output_file) = self.output.as_ref() {
|
if let Some(output_file) = output_file {
|
||||||
let output = File::create(output_file)?;
|
let output = File::create(output_file)?;
|
||||||
opgp.shard_and_encrypt(self.threshold, certs.len() as u8, &seed, &certs[..], output)?;
|
opgp.shard_and_encrypt(threshold, certs.len() as u8, &seed, &certs[..], output)?;
|
||||||
} else {
|
} else {
|
||||||
opgp.shard_and_encrypt(
|
opgp.shard_and_encrypt(threshold, certs.len() as u8, &seed, &certs[..], std::io::stdout())?;
|
||||||
self.threshold,
|
|
||||||
certs.len() as u8,
|
|
||||||
&seed,
|
|
||||||
&certs[..],
|
|
||||||
std::io::stdout(),
|
|
||||||
)?;
|
|
||||||
}
|
}
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl BottomsUp {
|
#[derive(Subcommand, Clone, Debug)]
|
||||||
|
pub enum WizardSubcommands {
|
||||||
|
/// Create a 256 bit secret and shard the secret to smart cards.
|
||||||
|
///
|
||||||
|
/// Smart cards will need to be plugged in periodically during the wizard, where they will be factory reset and
|
||||||
|
/// provisioned to `m/pgp'/shrd'/<share index>`. The secret can then be recovered with `keyfork recover shard` or
|
||||||
|
/// `keyfork recover remote-shard`. The share file will be printed to standard output.
|
||||||
|
GenerateShardSecret {
|
||||||
|
/// The minimum amount of keys required to decrypt the secret.
|
||||||
|
#[arg(long)]
|
||||||
|
threshold: u8,
|
||||||
|
|
||||||
|
/// The maximum amount of shards.
|
||||||
|
#[arg(long)]
|
||||||
|
max: u8,
|
||||||
|
|
||||||
|
/// The amount of smart cards to provision per-shard.
|
||||||
|
#[arg(long, default_value = "1")]
|
||||||
|
keys_per_shard: u8,
|
||||||
|
|
||||||
|
/// The file to write the generated shard file to.
|
||||||
|
#[arg(long)]
|
||||||
|
output: Option<PathBuf>,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
impl WizardSubcommands {
|
||||||
fn handle(&self) -> Result<()> {
|
fn handle(&self) -> Result<()> {
|
||||||
let entropy = keyfork_entropy::generate_entropy_of_const_size::<{ 256 / 8 }>()?;
|
match self {
|
||||||
let mnemonic = Mnemonic::from_array(entropy);
|
WizardSubcommands::GenerateShardSecret {
|
||||||
let seed = mnemonic.generate_seed(None);
|
threshold,
|
||||||
|
max,
|
||||||
// TODO: should this allow for customizing the account index from 0? Potential for key reuse
|
keys_per_shard,
|
||||||
// errors.
|
output,
|
||||||
let path = paths::OPENPGP_DISASTER_RECOVERY
|
} => generate_shard_secret(*threshold, *max, *keys_per_shard, output),
|
||||||
.clone()
|
}
|
||||||
.chain_push(DerivationIndex::new(0, true)?);
|
|
||||||
let subkeys = [
|
|
||||||
KeyFlags::empty().set_certification(),
|
|
||||||
KeyFlags::empty().set_signing(),
|
|
||||||
KeyFlags::empty()
|
|
||||||
.set_transport_encryption()
|
|
||||||
.set_storage_encryption(),
|
|
||||||
KeyFlags::empty().set_authentication(),
|
|
||||||
];
|
|
||||||
let xprv = XPrv::new(seed)
|
|
||||||
.expect("could not construct master key from seed")
|
|
||||||
.derive_path(&path)?;
|
|
||||||
let userid = UserID::from(self.user_id.as_str());
|
|
||||||
|
|
||||||
let cert = keyfork_derive_openpgp::derive(xprv, &subkeys, &userid)?;
|
|
||||||
let certfile = File::create(&self.output_cert)?;
|
|
||||||
let mut w = Writer::new(certfile, Kind::PublicKey)?;
|
|
||||||
cert.serialize(&mut w)?;
|
|
||||||
w.finalize()?;
|
|
||||||
|
|
||||||
let opgp = OpenPGP::<DefaultTerminal>::new();
|
|
||||||
let certs = OpenPGP::<DefaultTerminal>::discover_certs(&self.key_discovery)?;
|
|
||||||
|
|
||||||
let shardfile = File::create(&self.output_shardfile)?;
|
|
||||||
opgp.shard_and_encrypt(
|
|
||||||
self.threshold,
|
|
||||||
certs.len() as u8,
|
|
||||||
&entropy,
|
|
||||||
&certs[..],
|
|
||||||
shardfile,
|
|
||||||
)?;
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-qrcode"
|
name = "keyfork-qrcode"
|
||||||
version = "0.1.1"
|
version = "0.1.0"
|
||||||
repository = "https://git.distrust.co/public/keyfork"
|
repository = "https://git.distrust.co/public/keyfork"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
@ -14,9 +14,9 @@ decode-backend-rqrr = ["dep:rqrr"]
|
||||||
decode-backend-zbar = ["dep:keyfork-zbar"]
|
decode-backend-zbar = ["dep:keyfork-zbar"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../../util/keyfork-bug", registry = "distrust" }
|
||||||
keyfork-zbar = { workspace = true, optional = true }
|
keyfork-zbar = { version = "0.1.0", path = "../keyfork-zbar", optional = true, registry = "distrust" }
|
||||||
image = { workspace = true, default-features = false, features = ["jpeg"] }
|
image = { version = "0.24.7", default-features = false, features = ["jpeg"] }
|
||||||
rqrr = { version = "0.7.0", optional = true }
|
rqrr = { version = "0.6.0", optional = true }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.56"
|
||||||
v4l = { workspace = true }
|
v4l = "0.14.0"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#![allow(missing_docs)]
|
//!
|
||||||
|
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
use keyfork_bug as bug;
|
use keyfork_bug as bug;
|
||||||
|
|
||||||
use image::ImageReader;
|
use image::io::Reader as ImageReader;
|
||||||
use std::{
|
use std::{
|
||||||
io::{Cursor, Write},
|
io::{Cursor, Write},
|
||||||
time::{Duration, Instant},
|
time::{Duration, SystemTime},
|
||||||
process::{Command, Stdio},
|
process::{Command, Stdio},
|
||||||
};
|
};
|
||||||
use v4l::{
|
use v4l::{
|
||||||
|
@ -103,11 +103,6 @@ pub fn qrencode(
|
||||||
const VIDEO_FORMAT_READ_ERROR: &str = "Failed to read video device format";
|
const VIDEO_FORMAT_READ_ERROR: &str = "Failed to read video device format";
|
||||||
|
|
||||||
/// Continuously scan the `index`-th camera for a QR code.
|
/// Continuously scan the `index`-th camera for a QR code.
|
||||||
///
|
|
||||||
/// # Errors
|
|
||||||
///
|
|
||||||
/// The function may return an error if the hardware is unable to scan video or if an image could
|
|
||||||
/// not be decoded.
|
|
||||||
#[cfg(feature = "decode-backend-rqrr")]
|
#[cfg(feature = "decode-backend-rqrr")]
|
||||||
pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QRCodeScanError> {
|
pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QRCodeScanError> {
|
||||||
let device = Device::new(index)?;
|
let device = Device::new(index)?;
|
||||||
|
@ -115,10 +110,11 @@ pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QR
|
||||||
fmt.fourcc = FourCC::new(b"MPG1");
|
fmt.fourcc = FourCC::new(b"MPG1");
|
||||||
device.set_format(&fmt)?;
|
device.set_format(&fmt)?;
|
||||||
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
||||||
let start = Instant::now();
|
let start = SystemTime::now();
|
||||||
|
|
||||||
while Instant::now()
|
while SystemTime::now()
|
||||||
.duration_since(start)
|
.duration_since(start)
|
||||||
|
.unwrap_or(Duration::from_secs(0))
|
||||||
< timeout
|
< timeout
|
||||||
{
|
{
|
||||||
let (buffer, _) = stream.next()?;
|
let (buffer, _) = stream.next()?;
|
||||||
|
@ -138,11 +134,6 @@ pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QR
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Continuously scan the `index`-th camera for a QR code.
|
/// Continuously scan the `index`-th camera for a QR code.
|
||||||
///
|
|
||||||
/// # Errors
|
|
||||||
///
|
|
||||||
/// The function may return an error if the hardware is unable to scan video or if an image could
|
|
||||||
/// not be decoded.
|
|
||||||
#[cfg(feature = "decode-backend-zbar")]
|
#[cfg(feature = "decode-backend-zbar")]
|
||||||
pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QRCodeScanError> {
|
pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QRCodeScanError> {
|
||||||
let device = Device::new(index)?;
|
let device = Device::new(index)?;
|
||||||
|
@ -150,11 +141,12 @@ pub fn scan_camera(timeout: Duration, index: usize) -> Result<Option<String>, QR
|
||||||
fmt.fourcc = FourCC::new(b"MPG1");
|
fmt.fourcc = FourCC::new(b"MPG1");
|
||||||
device.set_format(&fmt)?;
|
device.set_format(&fmt)?;
|
||||||
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
let mut stream = Stream::with_buffers(&device, Type::VideoCapture, 4)?;
|
||||||
let start = Instant::now();
|
let start = SystemTime::now();
|
||||||
let mut scanner = keyfork_zbar::image_scanner::ImageScanner::new();
|
let mut scanner = keyfork_zbar::image_scanner::ImageScanner::new();
|
||||||
|
|
||||||
while Instant::now()
|
while SystemTime::now()
|
||||||
.duration_since(start)
|
.duration_since(start)
|
||||||
|
.unwrap_or(Duration::from_secs(0))
|
||||||
< timeout
|
< timeout
|
||||||
{
|
{
|
||||||
let (buffer, _) = stream.next()?;
|
let (buffer, _) = stream.next()?;
|
||||||
|
|
|
@ -9,13 +9,12 @@ license = "MIT"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["image"]
|
default = ["image"]
|
||||||
bin = ["image"]
|
|
||||||
image = ["dep:image"]
|
image = ["dep:image"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-zbar-sys = { workspace = true }
|
keyfork-zbar-sys = { version = "0.1.0", path = "../keyfork-zbar-sys", registry = "distrust" }
|
||||||
image = { workspace = true, default-features = false, optional = true }
|
image = { version = "0.24.7", default-features = false, optional = true }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.56"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
v4l = { workspace = true }
|
v4l = "0.14.0"
|
||||||
|
|
|
@ -33,7 +33,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
.decode()?,
|
.decode()?,
|
||||||
);
|
);
|
||||||
|
|
||||||
if let Some(symbol) = scanner.scan_image(&image).first() {
|
if let Some(symbol) = scanner.scan_image(&image).get(0) {
|
||||||
println!("{}", String::from_utf8_lossy(symbol.data()));
|
println!("{}", String::from_utf8_lossy(symbol.data()));
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! A Symbol represents some form of encoded data.
|
//!
|
||||||
|
|
||||||
use super::sys;
|
use super::sys;
|
||||||
|
|
||||||
|
|
|
@ -9,4 +9,4 @@ license = "MIT"
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
anyhow = { workspace = true }
|
anyhow = "1.0.79"
|
||||||
|
|
|
@ -55,16 +55,16 @@ crossterm_winapi = { version = "0.9.1", optional = true }
|
||||||
libc = "0.2"
|
libc = "0.2"
|
||||||
signal-hook = { version = "0.3.17", optional = true }
|
signal-hook = { version = "0.3.17", optional = true }
|
||||||
filedescriptor = { version = "0.8", optional = true }
|
filedescriptor = { version = "0.8", optional = true }
|
||||||
mio = { version = "1.0", features = ["os-poll"], optional = true }
|
mio = { version = "0.8", features = ["os-poll"], optional = true }
|
||||||
signal-hook-mio = { version = "0.2.3", features = ["support-v1_0"], optional = true }
|
signal-hook-mio = { version = "0.2.3", features = ["support-v0_8"], optional = true }
|
||||||
|
|
||||||
# Dev dependencies (examples, ...)
|
# Dev dependencies (examples, ...)
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
tokio = { workspace = true, features = ["full"] }
|
tokio = { version = "1.25", features = ["full"] }
|
||||||
futures = "0.3"
|
futures = "0.3"
|
||||||
futures-timer = "3.0"
|
futures-timer = "3.0"
|
||||||
async-std = "1.12"
|
async-std = "1.12"
|
||||||
serde_json = { workspace = true }
|
serde_json = "1.0"
|
||||||
serial_test = "2.0.0"
|
serial_test = "2.0.0"
|
||||||
|
|
||||||
# Examples
|
# Examples
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#![allow(missing_docs)]
|
//!
|
||||||
|
|
||||||
use keyfork_crossterm::{
|
use keyfork_crossterm::{
|
||||||
execute,
|
execute,
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use std::{collections::VecDeque, io, time::Duration};
|
use std::{collections::VecDeque, io, time::Duration};
|
||||||
|
|
||||||
use mio::{unix::SourceFd, Events, Interest, Poll, Token};
|
use mio::{unix::SourceFd, Events, Interest, Poll, Token};
|
||||||
use signal_hook_mio::v1_0::Signals;
|
use signal_hook_mio::v0_8::Signals;
|
||||||
|
|
||||||
#[cfg(feature = "event-stream")]
|
#[cfg(feature = "event-stream")]
|
||||||
use crate::event::sys::Waker;
|
use crate::event::sys::Waker;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-entropy"
|
name = "keyfork-entropy"
|
||||||
version = "0.1.1"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
|
@ -11,5 +11,5 @@ default = ["bin"]
|
||||||
bin = ["smex"]
|
bin = ["smex"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../keyfork-bug", registry = "distrust" }
|
||||||
smex = { workspace = true, optional = true }
|
smex = { version = "0.1.0", path = "../smex", optional = true, registry = "distrust" }
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
//! Generate entropy of a given size, encoded as hex.
|
//!
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let bit_size: usize = std::env::args()
|
let bit_size: usize = std::env::args()
|
||||||
|
@ -10,12 +10,10 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
bit_size % 8 == 0,
|
bit_size % 8 == 0,
|
||||||
"Bit size must be divisible by 8, got: {bit_size}"
|
"Bit size must be divisible by 8, got: {bit_size}"
|
||||||
);
|
);
|
||||||
match bit_size {
|
assert!(
|
||||||
128 | 256 | 512 => {}
|
bit_size <= 256,
|
||||||
_ => {
|
"Maximum supported bit size is 256, got: {bit_size}"
|
||||||
eprintln!("reading entropy of uncommon size: {bit_size}");
|
);
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let entropy = keyfork_entropy::generate_entropy_of_size(bit_size / 8)?;
|
let entropy = keyfork_entropy::generate_entropy_of_size(bit_size / 8)?;
|
||||||
println!("{}", smex::encode(entropy));
|
println!("{}", smex::encode(entropy));
|
||||||
|
|
|
@ -12,13 +12,13 @@ async = ["dep:tokio"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
# Included in Rust
|
# Included in Rust
|
||||||
sha2 = { workspace = true }
|
sha2 = "0.10.7"
|
||||||
|
|
||||||
# Personally audited
|
# Personally audited
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.47"
|
||||||
|
|
||||||
# Optional, not personally audited
|
# Optional, not personally audited
|
||||||
tokio = { workspace = true, optional = true, features = ["io-util"] }
|
tokio = { version = "1.32.0", optional = true, features = ["io-util"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
insta = "1.31.0"
|
insta = "1.31.0"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-mnemonic"
|
name = "keyfork-mnemonic-util"
|
||||||
version = "0.4.0"
|
version = "0.2.0"
|
||||||
description = "Utilities to generate and manage seeds based on BIP-0039 mnemonics."
|
description = "Utilities to generate and manage seeds based on BIP-0039 mnemonics."
|
||||||
repository = "https://git.distrust.co/public/keyfork"
|
repository = "https://git.distrust.co/public/keyfork"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
@ -11,14 +11,14 @@ default = ["bin"]
|
||||||
bin = ["smex"]
|
bin = ["smex"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
smex = { workspace = true, optional = true }
|
smex = { version = "0.1.0", path = "../smex", optional = true, registry = "distrust" }
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../keyfork-bug", registry = "distrust" }
|
||||||
|
|
||||||
sha2 = { workspace = true }
|
sha2 = "0.10.7"
|
||||||
hmac = { workspace = true }
|
hmac = "0.12.1"
|
||||||
pbkdf2 = "0.12.2"
|
pbkdf2 = "0.12.2"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
bip39 = "2.0.0"
|
bip39 = "2.0.0"
|
||||||
hex = "0.4.3"
|
hex = "0.4.3"
|
||||||
serde_json = { workspace = true }
|
serde_json = "1.0.105"
|
|
@ -1,6 +1,6 @@
|
||||||
//! Generate a mnemonic from hex-encoded input.
|
//!
|
||||||
|
|
||||||
use keyfork_mnemonic::Mnemonic;
|
use keyfork_mnemonic_util::Mnemonic;
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let input = std::io::stdin();
|
let input = std::io::stdin();
|
||||||
|
@ -8,7 +8,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
input.read_line(&mut line)?;
|
input.read_line(&mut line)?;
|
||||||
let decoded = smex::decode(line.trim())?;
|
let decoded = smex::decode(line.trim())?;
|
||||||
|
|
||||||
let mnemonic = Mnemonic::from_raw_bytes(&decoded) ;
|
let mnemonic = unsafe { Mnemonic::from_raw_bytes(&decoded) };
|
||||||
|
|
||||||
println!("{mnemonic}");
|
println!("{mnemonic}");
|
||||||
|
|
|
@ -3,17 +3,17 @@
|
||||||
//! Mnemonics can be used to safely encode data of 32, 48, and 64 bytes as a phrase:
|
//! Mnemonics can be used to safely encode data of 32, 48, and 64 bytes as a phrase:
|
||||||
//!
|
//!
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use keyfork_mnemonic::Mnemonic;
|
//! use keyfork_mnemonic_util::Mnemonic;
|
||||||
//! let data = b"Hello, world! I am a mnemonic :)";
|
//! let data = b"Hello, world! I am a mnemonic :)";
|
||||||
//! assert_eq!(data.len(), 32);
|
//! assert_eq!(data.len(), 32);
|
||||||
//! let mnemonic = Mnemonic::try_from_slice(data).unwrap();
|
//! let mnemonic = Mnemonic::from_bytes(data).unwrap();
|
||||||
//! println!("Our mnemonic is: {mnemonic}");
|
//! println!("Our mnemonic is: {mnemonic}");
|
||||||
//! ```
|
//! ```
|
||||||
//!
|
//!
|
||||||
//! A mnemonic can also be parsed from a string:
|
//! A mnemonic can also be parsed from a string:
|
||||||
//!
|
//!
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use keyfork_mnemonic::Mnemonic;
|
//! use keyfork_mnemonic_util::Mnemonic;
|
||||||
//! use std::str::FromStr;
|
//! use std::str::FromStr;
|
||||||
//!
|
//!
|
||||||
//! let data = b"Hello, world! I am a mnemonic :)";
|
//! let data = b"Hello, world! I am a mnemonic :)";
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
//! verified to be safe:
|
//! verified to be safe:
|
||||||
//!
|
//!
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use keyfork_mnemonic::Mnemonic;
|
//! use keyfork_mnemonic_util::Mnemonic;
|
||||||
//! let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
//! let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
//! let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
//! let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
||||||
//! let mnemonic_text = mnemonic.to_string();
|
//! let mnemonic_text = mnemonic.to_string();
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
//! If given an invalid length, undefined behavior may follow, or code may panic.
|
//! If given an invalid length, undefined behavior may follow, or code may panic.
|
||||||
//!
|
//!
|
||||||
//! ```rust,should_panic
|
//! ```rust,should_panic
|
||||||
//! use keyfork_mnemonic::Mnemonic;
|
//! use keyfork_mnemonic_util::Mnemonic;
|
||||||
//! use std::str::FromStr;
|
//! use std::str::FromStr;
|
||||||
//!
|
//!
|
||||||
//! // NOTE: Data is of invalid length, 31
|
//! // NOTE: Data is of invalid length, 31
|
||||||
|
@ -125,13 +125,6 @@ impl Wordlist for English {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct AssertValidMnemonicSize<const N: usize>;
|
|
||||||
|
|
||||||
impl<const N: usize> AssertValidMnemonicSize<N> {
|
|
||||||
const OK_CHUNKS: () = assert!(N % 4 == 0, "bytes must be a length divisible by 4");
|
|
||||||
const OK_SIZE: () = assert!(N <= 1024, "bytes must be less-or-equal 1024");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// A BIP-0039 mnemonic with reference to a [`Wordlist`].
|
/// A BIP-0039 mnemonic with reference to a [`Wordlist`].
|
||||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||||
pub struct MnemonicBase<W: Wordlist> {
|
pub struct MnemonicBase<W: Wordlist> {
|
||||||
|
@ -268,11 +261,11 @@ where
|
||||||
///
|
///
|
||||||
/// # Examples
|
/// # Examples
|
||||||
/// ```rust
|
/// ```rust
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
/// use keyfork_mnemonic_util::Mnemonic;
|
||||||
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let mnemonic = Mnemonic::try_from_slice(data.as_slice()).unwrap();
|
/// let mnemonic = Mnemonic::from_bytes(data.as_slice()).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
pub fn try_from_slice(bytes: &[u8]) -> Result<MnemonicBase<W>, MnemonicGenerationError> {
|
pub fn from_bytes(bytes: &[u8]) -> Result<MnemonicBase<W>, MnemonicGenerationError> {
|
||||||
let bit_count = bytes.len() * 8;
|
let bit_count = bytes.len() * 8;
|
||||||
|
|
||||||
if bit_count % 32 != 0 {
|
if bit_count % 32 != 0 {
|
||||||
|
@ -283,51 +276,31 @@ where
|
||||||
return Err(MnemonicGenerationError::InvalidByteLength(bit_count));
|
return Err(MnemonicGenerationError::InvalidByteLength(bit_count));
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok( Self::from_raw_bytes(bytes) )
|
Ok(unsafe { Self::from_raw_bytes(bytes) })
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Generate a [`Mnemonic`] from the provided data and [`Wordlist`]. The data may be of a size
|
/// Generate a [`Mnemonic`] from the provided data and [`Wordlist`]. The data is expected to be
|
||||||
/// of a factor of 4, up to 1024 bytes.
|
/// of 128, 192, or 256 bits, as per BIP-0039.
|
||||||
///
|
///
|
||||||
/// ```rust
|
/// # Errors
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
/// An error may be returned if the data is not within the expected lengths.
|
||||||
/// let data = b"hello world!";
|
#[deprecated = "use Mnemonic::from_bytes"]
|
||||||
/// let mnemonic = Mnemonic::from_array(*data);
|
pub fn from_entropy(bytes: &[u8]) -> Result<MnemonicBase<W>, MnemonicGenerationError> {
|
||||||
/// ```
|
MnemonicBase::from_bytes(bytes)
|
||||||
///
|
|
||||||
/// If an invalid size is requested, the code will fail to compile:
|
|
||||||
///
|
|
||||||
/// ```rust,compile_fail
|
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
|
||||||
/// let mnemonic = Mnemonic::from_array([0u8; 53]);
|
|
||||||
/// ```
|
|
||||||
///
|
|
||||||
/// ```rust,compile_fail
|
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
|
||||||
/// let mnemonic = Mnemonic::from_array([0u8; 1024 + 4]);
|
|
||||||
/// ```
|
|
||||||
pub fn from_array<const N: usize>(bytes: [u8; N]) -> MnemonicBase<W> {
|
|
||||||
#[allow(clippy::let_unit_value)]
|
|
||||||
{
|
|
||||||
let () = AssertValidMnemonicSize::<N>::OK_CHUNKS;
|
|
||||||
let () = AssertValidMnemonicSize::<N>::OK_SIZE;
|
|
||||||
}
|
|
||||||
Self::from_raw_bytes(&bytes)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Create a Mnemonic using an arbitrary length of given data. The length does not need to
|
/// Create a Mnemonic using an arbitrary length of given data. The length does not need to
|
||||||
/// conform to BIP-0039 standards, but should be a multiple of 32 bits or 4 bytes.
|
/// conform to BIP-0039 standards, but should be a multiple of 32 bits or 4 bytes.
|
||||||
///
|
///
|
||||||
/// # Panics
|
/// # Safety
|
||||||
|
///
|
||||||
/// This function can potentially produce mnemonics that are not BIP-0039 compliant or can't
|
/// This function can potentially produce mnemonics that are not BIP-0039 compliant or can't
|
||||||
/// properly be encoded as a mnemonic. It is assumed the caller asserts the byte count is `% 4
|
/// properly be encoded as a mnemonic. It is assumed the caller asserts the byte count is `% 4
|
||||||
/// == 0`. If the assumption is incorrect, code may panic. The
|
/// == 0`. If the assumption is incorrect, code may panic.
|
||||||
/// [`MnemonicBase::from_array`] function may be used to generate entropy if the length of the
|
|
||||||
/// data is known at compile-time.
|
|
||||||
///
|
///
|
||||||
/// # Examples
|
/// # Examples
|
||||||
/// ```rust
|
/// ```rust
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
/// use keyfork_mnemonic_util::Mnemonic;
|
||||||
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
/// let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
||||||
/// let mnemonic_text = mnemonic.to_string();
|
/// let mnemonic_text = mnemonic.to_string();
|
||||||
|
@ -336,16 +309,17 @@ where
|
||||||
/// If given an invalid length, undefined behavior may follow, or code may panic.
|
/// If given an invalid length, undefined behavior may follow, or code may panic.
|
||||||
///
|
///
|
||||||
/// ```rust,should_panic
|
/// ```rust,should_panic
|
||||||
/// use keyfork_mnemonic::Mnemonic;
|
/// use keyfork_mnemonic_util::Mnemonic;
|
||||||
/// use std::str::FromStr;
|
/// use std::str::FromStr;
|
||||||
///
|
///
|
||||||
/// // NOTE: Data is of invalid length, 31
|
/// // NOTE: Data is of invalid length, 31
|
||||||
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
/// let data = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||||
/// let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
/// let mnemonic = unsafe { Mnemonic::from_raw_bytes(data.as_slice()) };
|
||||||
|
/// let mnemonic_text = mnemonic.to_string();
|
||||||
|
/// // NOTE: panic happens here
|
||||||
|
/// let new_mnemonic = Mnemonic::from_str(&mnemonic_text).unwrap();
|
||||||
/// ```
|
/// ```
|
||||||
pub fn from_raw_bytes(bytes: &[u8]) -> MnemonicBase<W> {
|
pub unsafe fn from_raw_bytes(bytes: &[u8]) -> MnemonicBase<W> {
|
||||||
assert!(bytes.len() % 4 == 0);
|
|
||||||
assert!(bytes.len() <= 1024);
|
|
||||||
MnemonicBase {
|
MnemonicBase {
|
||||||
data: bytes.to_vec(),
|
data: bytes.to_vec(),
|
||||||
marker: PhantomData,
|
marker: PhantomData,
|
||||||
|
@ -373,31 +347,16 @@ where
|
||||||
&self.data
|
&self.data
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A view to internal representation of the decoded data.
|
|
||||||
pub fn as_slice(&self) -> &[u8] {
|
|
||||||
&self.data
|
|
||||||
}
|
|
||||||
|
|
||||||
/// A clone of the internal representation of the decoded data.
|
/// A clone of the internal representation of the decoded data.
|
||||||
pub fn to_bytes(&self) -> Vec<u8> {
|
pub fn to_bytes(&self) -> Vec<u8> {
|
||||||
self.data.to_vec()
|
self.data.to_vec()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A clone of the internal representation of the decoded data.
|
|
||||||
pub fn to_vec(&self) -> Vec<u8> {
|
|
||||||
self.data.to_vec()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Conver the Mnemonic into the internal representation of the decoded data.
|
/// Conver the Mnemonic into the internal representation of the decoded data.
|
||||||
pub fn into_bytes(self) -> Vec<u8> {
|
pub fn into_bytes(self) -> Vec<u8> {
|
||||||
self.data
|
self.data
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Conver the Mnemonic into the internal representation of the decoded data.
|
|
||||||
pub fn into_vec(self) -> Vec<u8> {
|
|
||||||
self.data
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Clone the existing data.
|
/// Clone the existing data.
|
||||||
#[deprecated = "Use as_bytes(), to_bytes(), or into_bytes() instead"]
|
#[deprecated = "Use as_bytes(), to_bytes(), or into_bytes() instead"]
|
||||||
pub fn entropy(&self) -> Vec<u8> {
|
pub fn entropy(&self) -> Vec<u8> {
|
||||||
|
@ -413,7 +372,7 @@ where
|
||||||
&self,
|
&self,
|
||||||
passphrase: impl Into<Option<&'a str>>,
|
passphrase: impl Into<Option<&'a str>>,
|
||||||
) -> Result<Vec<u8>, MnemonicGenerationError> {
|
) -> Result<Vec<u8>, MnemonicGenerationError> {
|
||||||
Ok(self.generate_seed(passphrase).to_vec())
|
Ok(self.generate_seed(passphrase))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Create a BIP-0032 seed from the provided data and an optional passphrase.
|
/// Create a BIP-0032 seed from the provided data and an optional passphrase.
|
||||||
|
@ -421,7 +380,8 @@ where
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// The function may panic if the HmacSha512 function returns an error. The only error the
|
/// The function may panic if the HmacSha512 function returns an error. The only error the
|
||||||
/// HmacSha512 function should return is an invalid length, which should not be possible.
|
/// HmacSha512 function should return is an invalid length, which should not be possible.
|
||||||
pub fn generate_seed<'a>(&self, passphrase: impl Into<Option<&'a str>>) -> [u8; 64] {
|
///
|
||||||
|
pub fn generate_seed<'a>(&self, passphrase: impl Into<Option<&'a str>>) -> Vec<u8> {
|
||||||
let passphrase = passphrase.into();
|
let passphrase = passphrase.into();
|
||||||
|
|
||||||
let mut seed = [0u8; 64];
|
let mut seed = [0u8; 64];
|
||||||
|
@ -429,7 +389,7 @@ where
|
||||||
let salt = ["mnemonic", passphrase.unwrap_or("")].join("");
|
let salt = ["mnemonic", passphrase.unwrap_or("")].join("");
|
||||||
pbkdf2::<Hmac<Sha512>>(mnemonic.as_bytes(), salt.as_bytes(), 2048, &mut seed)
|
pbkdf2::<Hmac<Sha512>>(mnemonic.as_bytes(), salt.as_bytes(), 2048, &mut seed)
|
||||||
.expect(bug!("HmacSha512 InvalidLength should be infallible"));
|
.expect(bug!("HmacSha512 InvalidLength should be infallible"));
|
||||||
seed
|
seed.to_vec()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encode the mnemonic into a list of integers 11 bits in length, matching the length of a
|
/// Encode the mnemonic into a list of integers 11 bits in length, matching the length of a
|
||||||
|
@ -466,39 +426,6 @@ where
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<W> MnemonicBase<W>
|
|
||||||
where
|
|
||||||
W: Wordlist,
|
|
||||||
{
|
|
||||||
/// Generate a [`Mnemonic`] from the provided data and [`Wordlist`]. The data is expected to be
|
|
||||||
/// of 128, 192, or 256 bits, as per BIP-0039.
|
|
||||||
///
|
|
||||||
/// # Errors
|
|
||||||
/// An error may be returned if the data is not within the expected lengths.
|
|
||||||
#[deprecated = "use Mnemonic::try_from_slice"]
|
|
||||||
pub fn from_bytes(bytes: &[u8]) -> Result<MnemonicBase<W>, MnemonicGenerationError> {
|
|
||||||
MnemonicBase::try_from_slice(bytes)
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Generate a [`Mnemonic`] from the provided data and [`Wordlist`]. The data is expected to be
|
|
||||||
/// of 128, 192, or 256 bits, as per BIP-0039.
|
|
||||||
///
|
|
||||||
/// # Errors
|
|
||||||
/// An error may be returned if the data is not within the expected lengths.
|
|
||||||
#[deprecated = "use Mnemonic::try_from_slice"]
|
|
||||||
pub fn from_entropy(bytes: &[u8]) -> Result<MnemonicBase<W>, MnemonicGenerationError> {
|
|
||||||
MnemonicBase::try_from_slice(bytes)
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Generate a [`Mnemonic`] from the provided data and [`Wordlist`]. The data may be of a size
|
|
||||||
/// of a factor of 4, up to 1024 bytes.
|
|
||||||
///
|
|
||||||
#[deprecated = "Use Mnemonic::from_array"]
|
|
||||||
pub fn from_nonstandard_bytes<const N: usize>(bytes: [u8; N]) -> MnemonicBase<W> {
|
|
||||||
MnemonicBase::from_array(bytes)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use std::{collections::HashSet, fs::File, io::Read};
|
use std::{collections::HashSet, fs::File, io::Read};
|
||||||
|
@ -515,7 +442,7 @@ mod tests {
|
||||||
let mut random_handle = File::open("/dev/random").unwrap();
|
let mut random_handle = File::open("/dev/random").unwrap();
|
||||||
let entropy = &mut [0u8; 256 / 8];
|
let entropy = &mut [0u8; 256 / 8];
|
||||||
random_handle.read_exact(&mut entropy[..]).unwrap();
|
random_handle.read_exact(&mut entropy[..]).unwrap();
|
||||||
let mnemonic = super::Mnemonic::try_from_slice(&entropy[..256 / 8]).unwrap();
|
let mnemonic = super::Mnemonic::from_bytes(&entropy[..256 / 8]).unwrap();
|
||||||
let new_entropy = mnemonic.as_bytes();
|
let new_entropy = mnemonic.as_bytes();
|
||||||
assert_eq!(new_entropy, entropy);
|
assert_eq!(new_entropy, entropy);
|
||||||
}
|
}
|
||||||
|
@ -531,7 +458,7 @@ mod tests {
|
||||||
};
|
};
|
||||||
let hex = hex::decode(hex_.as_str().unwrap()).unwrap();
|
let hex = hex::decode(hex_.as_str().unwrap()).unwrap();
|
||||||
|
|
||||||
let mnemonic = Mnemonic::try_from_slice(&hex).unwrap();
|
let mnemonic = Mnemonic::from_bytes(&hex).unwrap();
|
||||||
|
|
||||||
assert_eq!(mnemonic.to_string(), seed.as_str().unwrap());
|
assert_eq!(mnemonic.to_string(), seed.as_str().unwrap());
|
||||||
}
|
}
|
||||||
|
@ -542,7 +469,7 @@ mod tests {
|
||||||
let mut random_handle = File::open("/dev/random").unwrap();
|
let mut random_handle = File::open("/dev/random").unwrap();
|
||||||
let entropy = &mut [0u8; 256 / 8];
|
let entropy = &mut [0u8; 256 / 8];
|
||||||
random_handle.read_exact(&mut entropy[..]).unwrap();
|
random_handle.read_exact(&mut entropy[..]).unwrap();
|
||||||
let my_mnemonic = Mnemonic::try_from_slice(&entropy[..256 / 8]).unwrap();
|
let my_mnemonic = Mnemonic::from_bytes(&entropy[..256 / 8]).unwrap();
|
||||||
let their_mnemonic = bip39::Mnemonic::from_entropy(&entropy[..256 / 8]).unwrap();
|
let their_mnemonic = bip39::Mnemonic::from_entropy(&entropy[..256 / 8]).unwrap();
|
||||||
assert_eq!(my_mnemonic.to_string(), their_mnemonic.to_string());
|
assert_eq!(my_mnemonic.to_string(), their_mnemonic.to_string());
|
||||||
assert_eq!(my_mnemonic.generate_seed(None), their_mnemonic.to_seed(""));
|
assert_eq!(my_mnemonic.generate_seed(None), their_mnemonic.to_seed(""));
|
||||||
|
@ -566,7 +493,7 @@ mod tests {
|
||||||
|
|
||||||
for _ in 0..tests {
|
for _ in 0..tests {
|
||||||
random.read_exact(&mut entropy[..]).unwrap();
|
random.read_exact(&mut entropy[..]).unwrap();
|
||||||
let mnemonic = Mnemonic::try_from_slice(&entropy[..256 / 8]).unwrap();
|
let mnemonic = Mnemonic::from_bytes(&entropy[..256 / 8]).unwrap();
|
||||||
let words = mnemonic.words();
|
let words = mnemonic.words();
|
||||||
hs.clear();
|
hs.clear();
|
||||||
hs.extend(words);
|
hs.extend(words);
|
||||||
|
@ -593,30 +520,12 @@ mod tests {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn can_do_up_to_8192_bits() {
|
fn can_do_up_to_1024_bits() {
|
||||||
let mut entropy = [0u8; 1024];
|
let entropy = &mut [0u8; 128];
|
||||||
let mut random = std::fs::File::open("/dev/urandom").unwrap();
|
let mut random = std::fs::File::open("/dev/urandom").unwrap();
|
||||||
random.read_exact(&mut entropy[..]).unwrap();
|
random.read_exact(&mut entropy[..]).unwrap();
|
||||||
let mnemonic = Mnemonic::from_array(entropy);
|
let mnemonic = unsafe { Mnemonic::from_raw_bytes(&entropy[..]) };
|
||||||
let words = mnemonic.words();
|
let words = mnemonic.words();
|
||||||
assert_eq!(words.len(), 768);
|
assert!(words.len() == 96);
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
#[should_panic]
|
|
||||||
fn fails_over_8192_bits() {
|
|
||||||
let entropy = &mut [0u8; 1024 + 4];
|
|
||||||
let mut random = std::fs::File::open("/dev/urandom").unwrap();
|
|
||||||
random.read_exact(&mut entropy[..]).unwrap();
|
|
||||||
let _mnemonic = Mnemonic::from_raw_bytes(&entropy[..]);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
#[should_panic]
|
|
||||||
fn fails_over_invalid_size() {
|
|
||||||
let entropy = &mut [0u8; 255];
|
|
||||||
let mut random = std::fs::File::open("/dev/urandom").unwrap();
|
|
||||||
random.read_exact(&mut entropy[..]).unwrap();
|
|
||||||
let _mnemonic = Mnemonic::from_raw_bytes(&entropy[..]);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "keyfork-prompt"
|
name = "keyfork-prompt"
|
||||||
version = "0.1.2"
|
version = "0.1.0"
|
||||||
description = "Prompt management utilities for Keyfork"
|
description = "Prompt management utilities for Keyfork"
|
||||||
repository = "https://git.distrust.co/public/keyfork"
|
repository = "https://git.distrust.co/public/keyfork"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
@ -10,10 +10,10 @@ license = "MIT"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["mnemonic"]
|
default = ["mnemonic"]
|
||||||
mnemonic = ["keyfork-mnemonic"]
|
mnemonic = ["keyfork-mnemonic-util"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
keyfork-bug = { workspace = true }
|
keyfork-bug = { version = "0.1.0", path = "../keyfork-bug", registry = "distrust" }
|
||||||
keyfork-crossterm = { workspace = true, default-features = false, features = ["use-dev-tty", "events", "bracketed-paste"] }
|
keyfork-crossterm = { version = "0.27.1", path = "../keyfork-crossterm", default-features = false, features = ["use-dev-tty", "events", "bracketed-paste"], registry = "distrust" }
|
||||||
keyfork-mnemonic = { workspace = true, optional = true }
|
keyfork-mnemonic-util = { version = "0.2.0", path = "../keyfork-mnemonic-util", optional = true, registry = "distrust" }
|
||||||
thiserror = { workspace = true }
|
thiserror = "1.0.51"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#![allow(missing_docs)]
|
//!
|
||||||
|
|
||||||
use std::io::{stdin, stdout};
|
use std::io::{stdin, stdout};
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ use keyfork_prompt::{
|
||||||
Terminal, PromptHandler,
|
Terminal, PromptHandler,
|
||||||
};
|
};
|
||||||
|
|
||||||
use keyfork_mnemonic::English;
|
use keyfork_mnemonic_util::English;
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let mut mgr = Terminal::new(stdin(), stdout())?;
|
let mut mgr = Terminal::new(stdin(), stdout())?;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
use std::borrow::Borrow;
|
use std::borrow::Borrow;
|
||||||
|
|
||||||
#[cfg(feature = "mnemonic")]
|
#[cfg(feature = "mnemonic")]
|
||||||
use keyfork_mnemonic::Wordlist;
|
use keyfork_mnemonic_util::Wordlist;
|
||||||
|
|
||||||
///
|
///
|
||||||
pub mod terminal;
|
pub mod terminal;
|
||||||
|
|
|
@ -1,9 +1,3 @@
|
||||||
//! A terminal prompt handler.
|
|
||||||
//!
|
|
||||||
//! This prompt handler uses a raw terminal device to read inputs and uses ANSI escape codes to
|
|
||||||
//! provide formatting for prompts. Because of these reasons, it is not intended to be
|
|
||||||
//! machine-readable.
|
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
borrow::Borrow,
|
borrow::Borrow,
|
||||||
io::{stderr, stdin, BufRead, BufReader, Read, Stderr, Stdin, Write},
|
io::{stderr, stdin, BufRead, BufReader, Read, Stderr, Stdin, Write},
|
||||||
|
|
|
@ -29,84 +29,6 @@ pub enum PinError {
|
||||||
/// The PIN contained invalid characters.
|
/// The PIN contained invalid characters.
|
||||||
#[error("PIN contained invalid characters (found {0} at position {1})")]
|
#[error("PIN contained invalid characters (found {0} at position {1})")]
|
||||||
InvalidCharacters(char, usize),
|
InvalidCharacters(char, usize),
|
||||||
|
|
||||||
/// The provided PIN had either too many repeated characters or too many sequential characters.
|
|
||||||
#[error("PIN contained too many repeated or sequential characters")]
|
|
||||||
InsecurePIN,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Validate that a PIN is of a certain length, matches a range of characters, and does not use
|
|
||||||
/// incrementing or decrementing sequences of characters.
|
|
||||||
///
|
|
||||||
/// The validator determines a score for a passphrase and, if the score is high enough, returns an
|
|
||||||
/// error.
|
|
||||||
///
|
|
||||||
/// Score is calculated based on:
|
|
||||||
/// * how many sequential characters are in the passphrase (ascending or descending)
|
|
||||||
/// * how many repeated characters are in the passphrase
|
|
||||||
#[derive(Default, Clone)]
|
|
||||||
pub struct SecurePinValidator {
|
|
||||||
/// The minimum length of provided PINs.
|
|
||||||
pub min_length: Option<usize>,
|
|
||||||
|
|
||||||
/// The maximum length of provided PINs.
|
|
||||||
pub max_length: Option<usize>,
|
|
||||||
|
|
||||||
/// The characters allowed by the PIN parser.
|
|
||||||
pub range: Option<RangeInclusive<char>>,
|
|
||||||
|
|
||||||
/// Whether repeated characters count against the PIN.
|
|
||||||
pub ignore_repeated_characters: bool,
|
|
||||||
|
|
||||||
/// Whether sequential characters count against the PIN.
|
|
||||||
pub ignore_sequential_characters: bool,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Validator for SecurePinValidator {
|
|
||||||
type Output = String;
|
|
||||||
type Error = PinError;
|
|
||||||
|
|
||||||
fn to_fn(&self) -> Box<dyn Fn(String) -> Result<String, Box<dyn std::error::Error>>> {
|
|
||||||
let min_len = self.min_length.unwrap_or(usize::MIN);
|
|
||||||
let max_len = self.max_length.unwrap_or(usize::MAX);
|
|
||||||
let range = self.range.clone().unwrap_or('0'..='9');
|
|
||||||
let ignore_repeated_characters = self.ignore_repeated_characters;
|
|
||||||
let ignore_sequential_characters = self.ignore_sequential_characters;
|
|
||||||
Box::new(move |mut s: String| {
|
|
||||||
s.truncate(s.trim_end().len());
|
|
||||||
let len = s.len();
|
|
||||||
if len < min_len {
|
|
||||||
return Err(Box::new(PinError::TooShort(len, min_len)));
|
|
||||||
}
|
|
||||||
if len > max_len {
|
|
||||||
return Err(Box::new(PinError::TooLong(len, max_len)));
|
|
||||||
}
|
|
||||||
let mut last_char = 0;
|
|
||||||
let mut score = 0;
|
|
||||||
for (index, ch) in s.chars().enumerate() {
|
|
||||||
if !range.contains(&ch) {
|
|
||||||
return Err(Box::new(PinError::InvalidCharacters(ch, index)));
|
|
||||||
}
|
|
||||||
if [-1, 1].contains(&(ch as i32 - last_char))
|
|
||||||
&& !ignore_sequential_characters
|
|
||||||
{
|
|
||||||
score += 1;
|
|
||||||
}
|
|
||||||
last_char = ch as i32;
|
|
||||||
}
|
|
||||||
let mut chars = s.chars().collect::<Vec<_>>();
|
|
||||||
chars.sort();
|
|
||||||
chars.dedup();
|
|
||||||
if !ignore_repeated_characters {
|
|
||||||
// SAFETY: the amount of characters can't have _increased_ since deduping
|
|
||||||
score += s.chars().count() - chars.len();
|
|
||||||
}
|
|
||||||
if score * 2 > s.chars().count() {
|
|
||||||
return Err(Box::new(PinError::InsecurePIN))
|
|
||||||
}
|
|
||||||
Ok(s)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Validate that a PIN is of a certain length and matches a range of characters.
|
/// Validate that a PIN is of a certain length and matches a range of characters.
|
||||||
|
@ -157,8 +79,8 @@ pub mod mnemonic {
|
||||||
|
|
||||||
use super::Validator;
|
use super::Validator;
|
||||||
|
|
||||||
|
use keyfork_mnemonic_util::{Mnemonic, MnemonicFromStrError};
|
||||||
use keyfork_bug::bug;
|
use keyfork_bug::bug;
|
||||||
use keyfork_mnemonic::{Mnemonic, MnemonicFromStrError};
|
|
||||||
|
|
||||||
/// A mnemonic could not be validated from the given input.
|
/// A mnemonic could not be validated from the given input.
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
|
|
|
@ -5,4 +5,4 @@ edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
smex = { workspace = true }
|
smex = { version = "0.1.0", path = "../smex", registry = "distrust" }
|
||||||
|
|
105
deny.toml
105
deny.toml
|
@ -11,9 +11,6 @@
|
||||||
|
|
||||||
# Root options
|
# Root options
|
||||||
|
|
||||||
# The graph table configures how the dependency graph is constructed and thus
|
|
||||||
# which crates the checks are performed against
|
|
||||||
[graph]
|
|
||||||
# If 1 or more target triples (and optionally, target_features) are specified,
|
# If 1 or more target triples (and optionally, target_features) are specified,
|
||||||
# only the specified targets will be checked when running `cargo deny check`.
|
# only the specified targets will be checked when running `cargo deny check`.
|
||||||
# This means, if a particular package is only ever used as a target specific
|
# This means, if a particular package is only ever used as a target specific
|
||||||
|
@ -25,7 +22,7 @@
|
||||||
targets = [
|
targets = [
|
||||||
# The triple can be any string, but only the target triples built in to
|
# The triple can be any string, but only the target triples built in to
|
||||||
# rustc (as of 1.40) can be checked against actual config expressions
|
# rustc (as of 1.40) can be checked against actual config expressions
|
||||||
#"x86_64-unknown-linux-musl",
|
#{ triple = "x86_64-unknown-linux-musl" },
|
||||||
# You can also specify which target_features you promise are enabled for a
|
# You can also specify which target_features you promise are enabled for a
|
||||||
# particular target. target_features are currently not validated against
|
# particular target. target_features are currently not validated against
|
||||||
# the actual valid features supported by the target architecture.
|
# the actual valid features supported by the target architecture.
|
||||||
|
@ -49,9 +46,6 @@ no-default-features = false
|
||||||
# If set, these feature will be enabled when collecting metadata. If `--features`
|
# If set, these feature will be enabled when collecting metadata. If `--features`
|
||||||
# is specified on the cmd line they will take precedence over this option.
|
# is specified on the cmd line they will take precedence over this option.
|
||||||
#features = []
|
#features = []
|
||||||
|
|
||||||
# The output table provides options for how/if diagnostics are outputted
|
|
||||||
[output]
|
|
||||||
# When outputting inclusion graphs in diagnostics that include features, this
|
# When outputting inclusion graphs in diagnostics that include features, this
|
||||||
# option can be used to specify the depth at which feature edges will be added.
|
# option can be used to specify the depth at which feature edges will be added.
|
||||||
# This option is included since the graphs can be quite large and the addition
|
# This option is included since the graphs can be quite large and the addition
|
||||||
|
@ -63,20 +57,38 @@ feature-depth = 1
|
||||||
# More documentation for the advisories section can be found here:
|
# More documentation for the advisories section can be found here:
|
||||||
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
|
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
|
||||||
[advisories]
|
[advisories]
|
||||||
# The path where the advisory databases are cloned/fetched into
|
# The path where the advisory database is cloned/fetched into
|
||||||
#db-path = "$CARGO_HOME/advisory-dbs"
|
db-path = "~/.cargo/advisory-db"
|
||||||
# The url(s) of the advisory databases to use
|
# The url(s) of the advisory databases to use
|
||||||
#db-urls = ["https://github.com/rustsec/advisory-db"]
|
db-urls = ["https://github.com/rustsec/advisory-db"]
|
||||||
|
# The lint level for security vulnerabilities
|
||||||
|
vulnerability = "deny"
|
||||||
|
# The lint level for unmaintained crates
|
||||||
|
unmaintained = "warn"
|
||||||
|
# The lint level for crates that have been yanked from their source registry
|
||||||
|
yanked = "warn"
|
||||||
|
# The lint level for crates with security notices. Note that as of
|
||||||
|
# 2019-12-17 there are no security notice advisories in
|
||||||
|
# https://github.com/rustsec/advisory-db
|
||||||
|
notice = "warn"
|
||||||
# A list of advisory IDs to ignore. Note that ignored advisories will still
|
# A list of advisory IDs to ignore. Note that ignored advisories will still
|
||||||
# output a note when they are encountered.
|
# output a note when they are encountered.
|
||||||
ignore = [
|
ignore = [
|
||||||
#"RUSTSEC-0000-0000",
|
#"RUSTSEC-0000-0000",
|
||||||
#{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
|
# Not applicable, RSA is not used for crypto operations in the dep it's
|
||||||
#"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
|
# used for, openpgp-card
|
||||||
#{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
|
"RUSTSEC-2023-0071",
|
||||||
|
|
||||||
{ id = "RUSTSEC-2023-0071", reason = "Not applicable, vulnerable path is not used" },
|
|
||||||
]
|
]
|
||||||
|
# Threshold for security vulnerabilities, any vulnerability with a CVSS score
|
||||||
|
# lower than the range specified will be ignored. Note that ignored advisories
|
||||||
|
# will still output a note when they are encountered.
|
||||||
|
# * None - CVSS Score 0.0
|
||||||
|
# * Low - CVSS Score 0.1 - 3.9
|
||||||
|
# * Medium - CVSS Score 4.0 - 6.9
|
||||||
|
# * High - CVSS Score 7.0 - 8.9
|
||||||
|
# * Critical - CVSS Score 9.0 - 10.0
|
||||||
|
#severity-threshold =
|
||||||
|
|
||||||
# If this is true, then cargo deny will use the git executable to fetch advisory database.
|
# If this is true, then cargo deny will use the git executable to fetch advisory database.
|
||||||
# If this is false, then it uses a built-in git library.
|
# If this is false, then it uses a built-in git library.
|
||||||
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
|
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
|
||||||
|
@ -87,6 +99,8 @@ ignore = [
|
||||||
# More documentation for the licenses section can be found here:
|
# More documentation for the licenses section can be found here:
|
||||||
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
|
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
|
||||||
[licenses]
|
[licenses]
|
||||||
|
# The lint level for crates which do not have a detectable license
|
||||||
|
unlicensed = "deny"
|
||||||
# List of explicitly allowed licenses
|
# List of explicitly allowed licenses
|
||||||
# See https://spdx.org/licenses/ for list of possible licenses
|
# See https://spdx.org/licenses/ for list of possible licenses
|
||||||
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
|
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
|
||||||
|
@ -99,9 +113,30 @@ allow = [
|
||||||
"Unicode-DFS-2016",
|
"Unicode-DFS-2016",
|
||||||
"LGPL-2.0",
|
"LGPL-2.0",
|
||||||
"LGPL-3.0",
|
"LGPL-3.0",
|
||||||
"Unicode-3.0",
|
#"Apache-2.0 WITH LLVM-exception",
|
||||||
]
|
]
|
||||||
|
# List of explicitly disallowed licenses
|
||||||
|
# See https://spdx.org/licenses/ for list of possible licenses
|
||||||
|
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
|
||||||
|
deny = [
|
||||||
|
#"Nokia",
|
||||||
|
]
|
||||||
|
# Lint level for licenses considered copyleft
|
||||||
|
copyleft = "warn"
|
||||||
|
# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
|
||||||
|
# * both - The license will be approved if it is both OSI-approved *AND* FSF
|
||||||
|
# * either - The license will be approved if it is either OSI-approved *OR* FSF
|
||||||
|
# * osi - The license will be approved if it is OSI approved
|
||||||
|
# * fsf - The license will be approved if it is FSF Free
|
||||||
|
# * osi-only - The license will be approved if it is OSI-approved *AND NOT* FSF
|
||||||
|
# * fsf-only - The license will be approved if it is FSF *AND NOT* OSI-approved
|
||||||
|
# * neither - This predicate is ignored and the default lint level is used
|
||||||
|
allow-osi-fsf-free = "neither"
|
||||||
|
# Lint level used when no other predicates are matched
|
||||||
|
# 1. License isn't in the allow or deny lists
|
||||||
|
# 2. License isn't copyleft
|
||||||
|
# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
|
||||||
|
default = "deny"
|
||||||
# The confidence threshold for detecting a license from license text.
|
# The confidence threshold for detecting a license from license text.
|
||||||
# The higher the value, the more closely the license text must be to the
|
# The higher the value, the more closely the license text must be to the
|
||||||
# canonical license text of a valid SPDX license file.
|
# canonical license text of a valid SPDX license file.
|
||||||
|
@ -112,17 +147,18 @@ confidence-threshold = 0.8
|
||||||
exceptions = [
|
exceptions = [
|
||||||
# Each entry is the crate and version constraint, and its specific allow
|
# Each entry is the crate and version constraint, and its specific allow
|
||||||
# list
|
# list
|
||||||
#{ allow = ["Zlib"], crate = "adler32" },
|
#{ allow = ["Zlib"], name = "adler32", version = "*" },
|
||||||
{ allow = ["BSL-1.0"], name = "xxhash-rust", version = "*" },
|
{ allow = ["BSL-1.0"], name = "xxhash-rust", version = "*" },
|
||||||
{ allow = ["Zlib"], name = "foldhash", version = "*" },
|
|
||||||
]
|
]
|
||||||
|
|
||||||
# Some crates don't have (easily) machine readable licensing information,
|
# Some crates don't have (easily) machine readable licensing information,
|
||||||
# adding a clarification entry for it allows you to manually specify the
|
# adding a clarification entry for it allows you to manually specify the
|
||||||
# licensing information
|
# licensing information
|
||||||
#[[licenses.clarify]]
|
#[[licenses.clarify]]
|
||||||
# The package spec the clarification applies to
|
# The name of the crate the clarification applies to
|
||||||
#crate = "ring"
|
#name = "ring"
|
||||||
|
# The optional version constraint for the crate
|
||||||
|
#version = "*"
|
||||||
# The SPDX expression for the license requirements of the crate
|
# The SPDX expression for the license requirements of the crate
|
||||||
#expression = "MIT AND ISC AND OpenSSL"
|
#expression = "MIT AND ISC AND OpenSSL"
|
||||||
# One or more files in the crate's source used as the "source of truth" for
|
# One or more files in the crate's source used as the "source of truth" for
|
||||||
|
@ -131,8 +167,8 @@ exceptions = [
|
||||||
# and the crate will be checked normally, which may produce warnings or errors
|
# and the crate will be checked normally, which may produce warnings or errors
|
||||||
# depending on the rest of your configuration
|
# depending on the rest of your configuration
|
||||||
#license-files = [
|
#license-files = [
|
||||||
# Each entry is a crate relative path, and the (opaque) hash of its contents
|
# Each entry is a crate relative path, and the (opaque) hash of its contents
|
||||||
#{ path = "LICENSE", hash = 0xbd0eed23 }
|
#{ path = "LICENSE", hash = 0xbd0eed23 }
|
||||||
#]
|
#]
|
||||||
|
|
||||||
[licenses.private]
|
[licenses.private]
|
||||||
|
@ -172,24 +208,25 @@ workspace-default-features = "allow"
|
||||||
external-default-features = "allow"
|
external-default-features = "allow"
|
||||||
# List of crates that are allowed. Use with care!
|
# List of crates that are allowed. Use with care!
|
||||||
allow = [
|
allow = [
|
||||||
#"ansi_term@0.11.0",
|
#{ name = "ansi_term", version = "=0.11.0" },
|
||||||
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
|
|
||||||
]
|
]
|
||||||
# List of crates to deny
|
# List of crates to deny
|
||||||
deny = [
|
deny = [
|
||||||
#"ansi_term@0.11.0",
|
# Each entry the name of a crate and a version range. If version is
|
||||||
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
|
# not specified, all versions will be matched.
|
||||||
|
#{ name = "ansi_term", version = "=0.11.0" },
|
||||||
|
#
|
||||||
# Wrapper crates can optionally be specified to allow the crate when it
|
# Wrapper crates can optionally be specified to allow the crate when it
|
||||||
# is a direct dependency of the otherwise banned crate
|
# is a direct dependency of the otherwise banned crate
|
||||||
#{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
|
#{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
|
||||||
{ name = "serde", version = ">1.0.171, <1.0.184", reason = "ships with prebuilt binaries" }
|
{ name = "serde", version = ">1.0.171, <1.0.184" }
|
||||||
]
|
]
|
||||||
|
|
||||||
# List of features to allow/deny
|
# List of features to allow/deny
|
||||||
# Each entry the name of a crate and a version range. If version is
|
# Each entry the name of a crate and a version range. If version is
|
||||||
# not specified, all versions will be matched.
|
# not specified, all versions will be matched.
|
||||||
#[[bans.features]]
|
#[[bans.features]]
|
||||||
#crate = "reqwest"
|
#name = "reqwest"
|
||||||
# Features to not allow
|
# Features to not allow
|
||||||
#deny = ["json"]
|
#deny = ["json"]
|
||||||
# Features to allow
|
# Features to allow
|
||||||
|
@ -210,18 +247,14 @@ deny = [
|
||||||
|
|
||||||
# Certain crates/versions that will be skipped when doing duplicate detection.
|
# Certain crates/versions that will be skipped when doing duplicate detection.
|
||||||
skip = [
|
skip = [
|
||||||
#"ansi_term@0.11.0",
|
#{ name = "ansi_term", version = "=0.11.0" },
|
||||||
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
|
|
||||||
]
|
]
|
||||||
# Similarly to `skip` allows you to skip certain crates during duplicate
|
# Similarly to `skip` allows you to skip certain crates during duplicate
|
||||||
# detection. Unlike skip, it also includes the entire tree of transitive
|
# detection. Unlike skip, it also includes the entire tree of transitive
|
||||||
# dependencies starting at the specified crate, up to a certain depth, which is
|
# dependencies starting at the specified crate, up to a certain depth, which is
|
||||||
# by default infinite.
|
# by default infinite.
|
||||||
skip-tree = [
|
skip-tree = [
|
||||||
{ name = "windows-sys" },
|
#{ name = "ansi_term", version = "=0.11.0", depth = 20 },
|
||||||
{ name = "windows-targets" },
|
|
||||||
#"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
|
|
||||||
#{ crate = "ansi_term@0.11.0", depth = 20 },
|
|
||||||
]
|
]
|
||||||
|
|
||||||
# This section is considered when running `cargo deny check sources`.
|
# This section is considered when running `cargo deny check sources`.
|
||||||
|
|
|
@ -33,4 +33,3 @@
|
||||||
- [Provisioners](./dev-guide/provisioners.md)
|
- [Provisioners](./dev-guide/provisioners.md)
|
||||||
- [Auditing Dependencies](./dev-guide/auditing.md)
|
- [Auditing Dependencies](./dev-guide/auditing.md)
|
||||||
- [Entropy Guide](./dev-guide/entropy.md)
|
- [Entropy Guide](./dev-guide/entropy.md)
|
||||||
- [The Shard Protocol](./dev-guide/shard-protocol.md)
|
|
||||||
|
|
|
@ -45,7 +45,7 @@ A command line interface for generating, deriving from, and managing secrets.
|
||||||
* [`keyfork-derive-openpgp`]
|
* [`keyfork-derive-openpgp`]
|
||||||
* [`keyfork-derive-util`]
|
* [`keyfork-derive-util`]
|
||||||
* [`keyfork-entropy`]
|
* [`keyfork-entropy`]
|
||||||
* [`keyfork-mnemonic`]
|
* [`keyfork-mnemonic-util`]
|
||||||
* [`keyfork-prompt`]
|
* [`keyfork-prompt`]
|
||||||
* [`keyfork-qrcode`]
|
* [`keyfork-qrcode`]
|
||||||
* [`keyfork-shard`]
|
* [`keyfork-shard`]
|
||||||
|
@ -68,7 +68,7 @@ seed or close-to-root derivations.
|
||||||
* [`keyfork-derive-path-data`]
|
* [`keyfork-derive-path-data`]
|
||||||
* [`keyfork-derive-util`]
|
* [`keyfork-derive-util`]
|
||||||
* [`keyfork-frame`]
|
* [`keyfork-frame`]
|
||||||
* [`keyfork-mnemonic`]
|
* [`keyfork-mnemonic-util`]
|
||||||
* [`keyforkd-models`]
|
* [`keyforkd-models`]
|
||||||
* [`serde`]
|
* [`serde`]
|
||||||
* [`thiserror`]
|
* [`thiserror`]
|
||||||
|
@ -129,7 +129,7 @@ BIP-0032 derivation.
|
||||||
* [`ed25519-dalek`]: Ed25519 key parsing and arithmetic.
|
* [`ed25519-dalek`]: Ed25519 key parsing and arithmetic.
|
||||||
* [`hmac`]: Derivation of keys using HMAC.
|
* [`hmac`]: Derivation of keys using HMAC.
|
||||||
* [`k256`]: secp256k1 (K-256) key parsing and arithmetic.
|
* [`k256`]: secp256k1 (K-256) key parsing and arithmetic.
|
||||||
* [`keyfork-mnemonic`]
|
* [`keyfork-mnemonic-util`]
|
||||||
* [`ripemd`]: Generating hash for fingerprinting of BIP-0032 derived data.
|
* [`ripemd`]: Generating hash for fingerprinting of BIP-0032 derived data.
|
||||||
* [`serde`]
|
* [`serde`]
|
||||||
* [`sha2`]: Generating hashes for fingerprinting and derivation of data.
|
* [`sha2`]: Generating hashes for fingerprinting and derivation of data.
|
||||||
|
@ -145,7 +145,7 @@ M-of-N recombination of secret data using Shamir's Secret Sharing.
|
||||||
* [`card-backend-pcsc`]: PCSC support for OpenPGP-card.
|
* [`card-backend-pcsc`]: PCSC support for OpenPGP-card.
|
||||||
* [`hkdf`]: Key derivation for transport encryption keys.
|
* [`hkdf`]: Key derivation for transport encryption keys.
|
||||||
* [`keyfork-derive-openpgp`]
|
* [`keyfork-derive-openpgp`]
|
||||||
* [`keyfork-mnemonic`]: Encoding encrypted shards using mnemonics.
|
* [`keyfork-mnemonic-util`]: Encoding encrypted shards using mnemonics.
|
||||||
* [`keyfork-prompt`]
|
* [`keyfork-prompt`]
|
||||||
* [`keyfork-qrcode`]: Encoding and decoding of encrypted shards using QR codes.
|
* [`keyfork-qrcode`]: Encoding and decoding of encrypted shards using QR codes.
|
||||||
* [`openpgp-card`]: OpenPGP card support.
|
* [`openpgp-card`]: OpenPGP card support.
|
||||||
|
@ -193,7 +193,7 @@ Frame data in a length-storing checksum-verified format.
|
||||||
* [`thiserror`]
|
* [`thiserror`]
|
||||||
* [`tokio`]: Read and write from AsyncRead and AsyncWrite sources.
|
* [`tokio`]: Read and write from AsyncRead and AsyncWrite sources.
|
||||||
|
|
||||||
## `keyfork-mnemonic`
|
## `keyfork-mnemonic-util`
|
||||||
|
|
||||||
* [`hmac`]: Hash utilities.
|
* [`hmac`]: Hash utilities.
|
||||||
* [`sha2`]: Checksum of mnemonic data and hash for pbkdf2
|
* [`sha2`]: Checksum of mnemonic data and hash for pbkdf2
|
||||||
|
@ -202,7 +202,7 @@ Frame data in a length-storing checksum-verified format.
|
||||||
## `keyfork-prompt`
|
## `keyfork-prompt`
|
||||||
|
|
||||||
* [`keyfork-crossterm`]: Interacting with the terminal.
|
* [`keyfork-crossterm`]: Interacting with the terminal.
|
||||||
* [`keyfork-mnemonic`]
|
* [`keyfork-mnemonic-util`]
|
||||||
* [`thiserror`]
|
* [`thiserror`]
|
||||||
|
|
||||||
## `keyfork-plumbing`
|
## `keyfork-plumbing`
|
||||||
|
@ -210,7 +210,7 @@ Frame data in a length-storing checksum-verified format.
|
||||||
Binaries for `keyfork-entropy` and `keyfork-mnemonic-from-seed`.
|
Binaries for `keyfork-entropy` and `keyfork-mnemonic-from-seed`.
|
||||||
|
|
||||||
* [`keyfork-entropy`]
|
* [`keyfork-entropy`]
|
||||||
* [`keyfork-mnemonic`]
|
* [`keyfork-mnemonic-util`]
|
||||||
* [`smex`]
|
* [`smex`]
|
||||||
|
|
||||||
## `keyfork-slip10-test-data`
|
## `keyfork-slip10-test-data`
|
||||||
|
@ -229,7 +229,7 @@ Zero-dependency hex encoding and decoding.
|
||||||
[`keyfork-derive-util`]: #keyfork-derive-util
|
[`keyfork-derive-util`]: #keyfork-derive-util
|
||||||
[`keyfork-entropy`]: #keyfork-entropy
|
[`keyfork-entropy`]: #keyfork-entropy
|
||||||
[`keyfork-frame`]: #keyfork-frame
|
[`keyfork-frame`]: #keyfork-frame
|
||||||
[`keyfork-mnemonic`]: #keyfork-mnemonic
|
[`keyfork-mnemonic-util`]: #keyfork-mnemonic-util
|
||||||
[`keyfork-prompt`]: #keyfork-prompt
|
[`keyfork-prompt`]: #keyfork-prompt
|
||||||
[`keyfork-qrcode`]: #keyfork-qrcode
|
[`keyfork-qrcode`]: #keyfork-qrcode
|
||||||
[`keyfork-shard`]: #keyfork-shard
|
[`keyfork-shard`]: #keyfork-shard
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
# The Shard Protocol
|
|
||||||
|
|
||||||
Keyfork Shard uses a single-handshake protocol to transfer encrypted shards.
|
|
||||||
The initial payload is generated by the program combining the shards, while the
|
|
||||||
response is generated by the program transport-encrypting the shards.
|
|
||||||
|
|
||||||
## Combiner Payload
|
|
||||||
|
|
||||||
The combiner payload consists of a 12-byte nonce and a 32-byte x25519 public
|
|
||||||
key. The payload is then either encoded to hex and displayed as a QR code, and
|
|
||||||
encoded as a mnemonic and printed on-screen.
|
|
||||||
|
|
||||||
```
|
|
||||||
[12-byte nonce | 32-byte public key]
|
|
||||||
```
|
|
||||||
|
|
||||||
The transporter receives the 12-byte nonce and 32-byte x25519 key and generates
|
|
||||||
their own x25519 key. Using HKDF-Sha256 with no salt on the resulting key
|
|
||||||
generates the AES-256-GCM key used to encrypt the now-decrypted shard, along
|
|
||||||
with the received nonce.
|
|
||||||
|
|
||||||
## Transporter Payload
|
|
||||||
|
|
||||||
The transporter payload consists of a 32-byte x25519 public key and a
|
|
||||||
64-byte-padded encrypted "hunk". The hunk contains a version byte, a threshold
|
|
||||||
byte, and the encrypted shard. The last byte of the 64-byte sequence is the
|
|
||||||
total length of the encrypted hunk.
|
|
||||||
|
|
||||||
```
|
|
||||||
Handshake:
|
|
||||||
[32-byte public key | 63-byte-padded encrypted hunk | 1-byte hunk length ]
|
|
||||||
|
|
||||||
Hunk:
|
|
||||||
[1-byte version | 1-byte threshold | variable-length shard ]
|
|
||||||
```
|
|
||||||
|
|
||||||
The combiner receives the 32-byte x25519 key and the 64-byte hunk, and uses the
|
|
||||||
same key derivation scheme as above to generate the decryption key. The
|
|
||||||
threshold byte is used to determine how many shares (in total) are needed.
|
|
|
@ -1,37 +0,0 @@
|
||||||
import json
|
|
||||||
import sys
|
|
||||||
|
|
||||||
# pipe `cargo metadata --format-version=1` into this
|
|
||||||
|
|
||||||
priority_queue = []
|
|
||||||
packages = json.load(sys.stdin)["packages"]
|
|
||||||
|
|
||||||
def sort_graph(unsorted):
|
|
||||||
sorted = []
|
|
||||||
while unsorted:
|
|
||||||
deadlock = True
|
|
||||||
for node, edges in list(unsorted.items()):
|
|
||||||
for edge in edges:
|
|
||||||
if edge in unsorted:
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
del unsorted[node]
|
|
||||||
sorted.append((node, edges))
|
|
||||||
deadlock = False
|
|
||||||
if deadlock:
|
|
||||||
raise Exception("deadlock")
|
|
||||||
return sorted
|
|
||||||
|
|
||||||
packages_dict = {
|
|
||||||
package["name"]: [
|
|
||||||
dep["name"] for dep in package["dependencies"]
|
|
||||||
if dep["kind"] is None
|
|
||||||
]
|
|
||||||
for package in packages if package["source"] is None
|
|
||||||
}
|
|
||||||
|
|
||||||
# iter_packages("keyfork")
|
|
||||||
priority_queue = sort_graph(packages_dict.copy())
|
|
||||||
for key, _ in priority_queue:
|
|
||||||
version = next(p["version"] for p in packages if p["name"] == key)
|
|
||||||
print(" ".join([key, version]))
|
|
|
@ -1,21 +0,0 @@
|
||||||
set -eu
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
LAST_REF="$1"
|
|
||||||
CURRENT_REF="${2:-HEAD}"
|
|
||||||
IGNORE="${3:-ABCDEFG}"
|
|
||||||
|
|
||||||
cargo metadata --format-version=1 | \
|
|
||||||
jq -r '.packages[] | select(.source == null) | .name + " " + .manifest_path' | \
|
|
||||||
while read crate manifest_path; do
|
|
||||||
crate_path="$(dirname $manifest_path)"
|
|
||||||
git_log="$(git log --format='%h %s' "$LAST_REF".."$CURRENT_REF" "$crate_path" | { grep -v "$IGNORE" || true; })"
|
|
||||||
if test ! -z "$git_log"; then
|
|
||||||
echo "### Changes in $crate:"
|
|
||||||
echo ""
|
|
||||||
echo "\`\`\`"
|
|
||||||
echo "$git_log"
|
|
||||||
echo "\`\`\`"
|
|
||||||
echo ""
|
|
||||||
fi
|
|
||||||
done
|
|
|
@ -1,15 +0,0 @@
|
||||||
set -eu
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
scripts_dir="$(dirname $0)"
|
|
||||||
python_script="$scripts_dir/generate-dependency-queue.py"
|
|
||||||
registry_url="https://git.distrust.co/api/packages/public/cargo"
|
|
||||||
search_url="${registry_url}/api/v1/crates"
|
|
||||||
|
|
||||||
cargo metadata --format-version=1 | python3 "$python_script" | while read crate version; do
|
|
||||||
# Verify the package does not exist
|
|
||||||
if ! curl "${search_url}?q=${crate}" 2>/dev/null | jq -e "$(printf '.crates | .[] | select(.name == "%s" and .max_version == "%s")' "$crate" "$version")" >/dev/null; then
|
|
||||||
cargo publish --registry distrust -p "$crate"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
set -eu
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
LAST_REF="$1"
|
|
||||||
CURRENT_REF="${2:-HEAD}"
|
|
||||||
|
|
||||||
temp_file="$(mktemp)"
|
|
||||||
|
|
||||||
cargo metadata --format-version=1 | jq -r '.packages[] | select(.source == null) | .name + " " + .manifest_path + " " + .version' > "$temp_file"
|
|
||||||
|
|
||||||
while read crate manifest_path version <&3; do
|
|
||||||
crate_path="$(dirname $manifest_path)"
|
|
||||||
git_log="$(git log --format='%h %s' "$LAST_REF".."$CURRENT_REF" "$crate_path")"
|
|
||||||
git_tag="$(git tag --list "$crate-v${version}")"
|
|
||||||
if test ! -z "$git_log" -a -z "$git_tag"; then
|
|
||||||
{
|
|
||||||
echo "${crate} v${version}"
|
|
||||||
echo ""
|
|
||||||
echo "\`\`\`"
|
|
||||||
echo "$git_log"
|
|
||||||
echo "\`\`\`"
|
|
||||||
echo ""
|
|
||||||
echo "# Crate: ${crate} ${version}"
|
|
||||||
} | git tag --sign "${crate}-v${version}" -F - -e
|
|
||||||
echo "Making new tag: ${crate}-v${version}"
|
|
||||||
fi
|
|
||||||
done 3<"$temp_file"
|
|
||||||
|
|
||||||
rm "$temp_file"
|
|
Loading…
Reference in New Issue