Beispiel #1
0
func assertLoadSecretKeys(tc libkb.TestContext, u *FakeUser, msg string) {
	me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
	if err != nil {
		tc.T.Fatalf("%s: %s", msg, err)
	}
	if me == nil {
		tc.T.Fatalf("%s: nil LoadMe result", msg)
	}
	skarg := libkb.SecretKeyArg{
		Me:      me,
		KeyType: libkb.DeviceSigningKeyType,
	}
	sigKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing sig")
	if err != nil {
		tc.T.Fatalf("%s: %s", msg, err)
	}
	if sigKey == nil {
		tc.T.Fatalf("%s: got nil signing key", msg)
	}

	skarg.KeyType = libkb.DeviceEncryptionKeyType
	encKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing enc")
	if err != nil {
		tc.T.Fatalf("%s: %s", msg, err)
	}
	if encKey == nil {
		tc.T.Fatalf("%s: got nil encryption key", msg)
	}
}
Beispiel #2
0
// findDeviceKeys looks for device keys and unlocks them.
func (c *PassphraseChange) findDeviceKeys(ctx *Context) (*keypair, error) {
	// need to be logged in to get a device key (unlocked)
	lin, err := IsLoggedIn(c, ctx)
	if err != nil {
		return nil, err
	}
	if !lin {
		return nil, libkb.LoginRequiredError{}
	}

	// Get unlocked device for decryption and signing
	ska := libkb.SecretKeyArg{
		Me:      c.me,
		KeyType: libkb.DeviceEncryptionKeyType,
	}
	// passing in nil SecretUI since we don't know the passphrase.
	c.G().Log.Debug("runForcedUpdate: getting device encryption key")
	encKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase")
	if err != nil {
		return nil, err
	}
	c.G().Log.Debug("runForcedUpdate: got device encryption key")
	c.G().Log.Debug("runForcedUpdate: getting device signing key")
	ska.KeyType = libkb.DeviceSigningKeyType
	sigKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase")
	if err != nil {
		return nil, err
	}
	c.G().Log.Debug("runForcedUpdate: got device signing key")

	return &keypair{encKey: encKey, sigKey: sigKey}, nil
}
func (e *loginProvisionedDevice) unlockDeviceKeys(ctx *Context, me *libkb.User) error {
	if me == nil {
		var err error
		me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
		if err != nil {
			return err
		}
	}

	ska := libkb.SecretKeyArg{
		Me:      me,
		KeyType: libkb.DeviceSigningKeyType,
	}
	_, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
	if err != nil {
		return err
	}
	ska.KeyType = libkb.DeviceEncryptionKeyType
	_, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
	if err != nil {
		return err
	}

	return nil
}
Beispiel #4
0
func (e *SecretKeysEngine) Run(ctx *Context) (err error) {
	e.G().Log.Debug("+ SecretKeysEngine Run")

	me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
	if err != nil {
		return err
	}

	// Clear out all the cached secret key state. This forces a password prompt
	// below.
	e.G().LoginState().Account(func(a *libkb.Account) {
		a.ClearStreamCache()
		a.ClearCachedSecretKeys()
		a.ClearKeyring()
	}, "clear stream cache")

	ska := libkb.SecretKeyArg{
		Me:      me,
		KeyType: libkb.DeviceSigningKeyType,
	}
	sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key"))
	if err != nil {
		return err
	}
	if err = sigKey.CheckSecretKey(); err != nil {
		return err
	}
	sigNaclKey, ok := sigKey.(libkb.NaclSigningKeyPair)
	if !ok {
		return fmt.Errorf("Expected a NaCl signing key.")
	}
	e.G().Log.Debug("| got signing key")

	ska.KeyType = libkb.DeviceEncryptionKeyType
	encKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key"))
	if err != nil {
		return err
	}
	if err = encKey.CheckSecretKey(); err != nil {
		return err
	}
	encNaclKey, ok := encKey.(libkb.NaclDHKeyPair)
	if !ok {
		return fmt.Errorf("Expected a NaCl encryption key.")
	}
	e.G().Log.Debug("| got encryption key")

	e.result.Signing = [64]byte(*sigNaclKey.Private)
	e.result.Encryption = [32]byte(*encNaclKey.Private)

	return nil
}