Beispiel #1
0
func (e *PaperKeyGen) makeSigKey(seed []byte) error {
	pub, priv, err := ed25519.GenerateKey(bytes.NewBuffer(seed))
	if err != nil {
		return err
	}

	var key libkb.NaclSigningKeyPair
	copy(key.Public[:], (*pub)[:])
	key.Private = &libkb.NaclSigningKeyPrivate{}
	copy(key.Private[:], (*priv)[:])

	e.sigKey = key

	return nil
}
Beispiel #2
0
func TestSecretKeys(t *testing.T) {
	tc := SetupEngineTest(t, "secretkeys")
	defer tc.Cleanup()

	u := CreateAndSignupFakeUser(tc, "sk")

	ctx := &Context{
		LogUI:    tc.G.UI.GetLogUI(),
		SecretUI: u.NewSecretUI(),
	}

	// Get the secret keys.
	e := NewSecretKeysEngine(tc.G)
	err := RunEngine(e, ctx)
	if err != nil {
		t.Fatal(err)
	}
	signing := e.Result().Signing

	// Now we want to check that the keys we got actually belong to the user.
	// Below we just do this check with the signing key, since it's easier to
	// derive the public key.

	// Build the signing keypair. To do this, we exploit the fact that a NaCl
	// public signing key is the last 32 bytes of the private signing key.
	var public libkb.NaclSigningKeyPublic
	copy(public[:], signing[32:])
	pair := libkb.NaclSigningKeyPair{
		Public: public,
	}

	// Check the signing keypair's KID is in the user's KeyFamily.
	testUser, err := libkb.LoadUser(libkb.LoadUserArg{
		Name: u.Username,
	})
	if err != nil {
		t.Fatal(err)
	}
	if found := testUser.GetKeyFamily().AllKIDs[pair.GetKID()]; !found {
		t.Fatalf("Failed to find %s in the user's key family.", pair.GetKID().String())
	}
}
func (k *KexProvisioner) handlePleaseSign(ctx *Context, m *kex.Msg) error {
	eddsa := m.Args().SigningKey
	sig := m.Args().Sig

	keypair := libkb.NaclSigningKeyPair{Public: eddsa}
	sigPayload, _, err := keypair.VerifyStringAndExtract(sig)
	if err != nil {
		return err
	}

	k.G().Log.Debug("Got PleaseSign() on verified JSON blob %s\n", string(sigPayload))

	// k.deviceSibkey is public only
	if k.sigKey == nil {
		var err error
		arg := libkb.SecretKeyArg{
			Me:      k.user,
			KeyType: libkb.DeviceSigningKeyType,
		}
		k.sigKey, err = k.G().Keyrings.GetSecretKeyWithPrompt(nil, arg, k.engctx.SecretUI, "new device install")
		if err != nil {
			return err
		}
	}

	jw, err := jsonw.Unmarshal(sigPayload)
	if err != nil {
		return err
	}

	var newKID keybase1.KID
	var newKey libkb.GenericKey

	if newKID, err = libkb.GetKID(jw.AtPath("body.sibkey.kid")); err != nil {
		return err
	}

	if newKey, err = libkb.ImportKeypairFromKID(newKID); err != nil {
		return err
	}

	if err = k.verifyPleaseSign(jw, newKID); err != nil {
		return err
	}

	if err = jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil {
		return err
	}

	del := libkb.Delegator{
		NewKey:         newKey,
		ExistingKey:    k.sigKey,
		Me:             k.user,
		Expire:         libkb.NaclEdDSAExpireIn,
		DelegationType: libkb.SibkeyType,
		EldestKID:      k.user.GetEldestKID(),
		Contextified:   libkb.NewContextified(k.G()),
	}

	if err = del.CheckArgs(); err != nil {
		return err
	}

	if err = del.SignAndPost(ctx.LoginContext, jw); err != nil {
		return err
	}

	return nil
}