func assertLoadSecretKeys(tc libkb.TestContext, u *FakeUser, msg string) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if me == nil { tc.T.Fatalf("%s: nil LoadMe result", msg) } skarg := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } sigKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing sig") if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if sigKey == nil { tc.T.Fatalf("%s: got nil signing key", msg) } skarg.KeyType = libkb.DeviceEncryptionKeyType encKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing enc") if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if encKey == nil { tc.T.Fatalf("%s: got nil encryption key", msg) } }
// findDeviceKeys looks for device keys and unlocks them. func (c *PassphraseChange) findDeviceKeys(ctx *Context) (*keypair, error) { // need to be logged in to get a device key (unlocked) lin, err := IsLoggedIn(c, ctx) if err != nil { return nil, err } if !lin { return nil, libkb.LoginRequiredError{} } // Get unlocked device for decryption and signing ska := libkb.SecretKeyArg{ Me: c.me, KeyType: libkb.DeviceEncryptionKeyType, } // passing in nil SecretUI since we don't know the passphrase. c.G().Log.Debug("runForcedUpdate: getting device encryption key") encKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase") if err != nil { return nil, err } c.G().Log.Debug("runForcedUpdate: got device encryption key") c.G().Log.Debug("runForcedUpdate: getting device signing key") ska.KeyType = libkb.DeviceSigningKeyType sigKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase") if err != nil { return nil, err } c.G().Log.Debug("runForcedUpdate: got device signing key") return &keypair{encKey: encKey, sigKey: sigKey}, nil }
func (e *loginProvisionedDevice) unlockDeviceKeys(ctx *Context, me *libkb.User) error { if me == nil { var err error me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } } ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } _, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys")) if err != nil { return err } ska.KeyType = libkb.DeviceEncryptionKeyType _, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys")) if err != nil { return err } return nil }
func (e *SecretKeysEngine) Run(ctx *Context) (err error) { e.G().Log.Debug("+ SecretKeysEngine Run") me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } // Clear out all the cached secret key state. This forces a password prompt // below. e.G().LoginState().Account(func(a *libkb.Account) { a.ClearStreamCache() a.ClearCachedSecretKeys() a.ClearKeyring() }, "clear stream cache") ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key")) if err != nil { return err } if err = sigKey.CheckSecretKey(); err != nil { return err } sigNaclKey, ok := sigKey.(libkb.NaclSigningKeyPair) if !ok { return fmt.Errorf("Expected a NaCl signing key.") } e.G().Log.Debug("| got signing key") ska.KeyType = libkb.DeviceEncryptionKeyType encKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key")) if err != nil { return err } if err = encKey.CheckSecretKey(); err != nil { return err } encNaclKey, ok := encKey.(libkb.NaclDHKeyPair) if !ok { return fmt.Errorf("Expected a NaCl encryption key.") } e.G().Log.Debug("| got encryption key") e.result.Signing = [64]byte(*sigNaclKey.Private) e.result.Encryption = [32]byte(*encNaclKey.Private) return nil }