// findPaperKeys checks if the user has paper backup keys. If he/she
// does, it prompts for a paperkey phrase. This is used to
// regenerate paper keys, which are then matched against the
// paper keys found in the keyfamily.
func findPaperKeys(ctx *Context, g *libkb.GlobalContext, me *libkb.User) (*keypair, error) {
cki := me.GetComputedKeyInfos()
if cki == nil {
return nil, fmt.Errorf("no computed key infos")
}
bdevs := cki.PaperDevices()
if len(bdevs) == 0 {
return nil, libkb.NoPaperKeysError{}
}
passphrase, err := ctx.SecretUI.GetPaperKeyPassphrase(keybase1.GetPaperKeyPassphraseArg{Username: me.GetName()})
if err != nil {
return nil, err
}
paperPhrase := libkb.NewPaperKeyPhrase(passphrase)
if paperPhrase.Version() != libkb.PaperKeyVersion {
g.Log.Debug("paper version mismatch: generated paper key version = %d, libkb version = %d", paperPhrase.Version(), libkb.PaperKeyVersion)
return nil, libkb.KeyVersionError{}
}
bkarg := &PaperKeyGenArg{
Passphrase: libkb.NewPaperKeyPhrase(passphrase),
SkipPush: true,
Me: me,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, ctx); err != nil {
return nil, err
}
sigKey := bkeng.SigKey()
encKey := bkeng.EncKey()
var match bool
ckf := me.GetComputedKeyFamily()
for _, bdev := range bdevs {
sk, err := ckf.GetSibkeyForDevice(bdev.ID)
if err != nil {
continue
}
ek, err := ckf.GetEncryptionSubkeyForDevice(bdev.ID)
if err != nil {
continue
}
if sk.GetKID().Equal(sigKey.GetKID()) && ek.GetKID().Equal(encKey.GetKID()) {
match = true
break
}
}
if !match {
return nil, libkb.PassphraseError{Msg: "no matching paper backup keys found"}
}
return &keypair{sigKey: sigKey, encKey: encKey}, nil
}
// check all the user's paper keys for arg.Bundles match
func matchingPaperKey(g *libkb.GlobalContext, secretUI libkb.SecretUI, arg keybase1.UnboxBytes32AnyArg, me *libkb.User) (key libkb.GenericKey, index int, err error) {
cki := me.GetComputedKeyInfos()
if cki == nil {
return nil, 0, nil
}
var matchingPaper []*libkb.Device
for _, pdev := range cki.PaperDevices() {
enckey, err := me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(pdev.ID)
if err != nil {
return nil, 0, err
}
if _, ok := kidMatch(enckey, arg.Bundles); ok {
g.Log.Debug("matching paper key: %s", *pdev.Description)
matchingPaper = append(matchingPaper, pdev)
}
}
if len(matchingPaper) == 0 {
g.Log.Debug("no matching paper keys found")
return nil, 0, nil
}
phrase, err := libkb.GetPaperKeyForCryptoPassphrase(secretUI, arg.Reason, matchingPaper)
if err != nil {
return nil, 0, err
}
paperPhrase, err := libkb.NewPaperKeyPhraseCheckVersion(g, phrase)
if err != nil {
return nil, 0, err
}
bkarg := &PaperKeyGenArg{
Passphrase: paperPhrase,
SkipPush: true,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, &Context{}); err != nil {
return nil, 0, err
}
// find the index for the key they entered (and make sure the key they entered matches)
if n, ok := kidMatch(bkeng.EncKey(), arg.Bundles); ok {
// this key matches, so cache this paper key
if err := g.LoginState().Account(func(a *libkb.Account) {
a.SetUnlockedPaperKey(bkeng.SigKey(), bkeng.EncKey())
}, "UnboxBytes32Any - cache paper key"); err != nil {
return nil, 0, err
}
return bkeng.EncKey(), n, nil
}
return nil, 0, nil
}