func (se *SecretEntry) Init() (err error) {
G.Log.Debug("+ SecretEntry.Init()")
if se.initRes != nil {
G.Log.Debug("- SecretEntry.Init() -> cached %s", libkb.ErrToOk(*se.initRes))
return *se.initRes
}
if G.Env.GetNoPinentry() {
G.Log.Debug("| Pinentry skipped due to config")
} else {
pe := pinentry.New(G.Env.GetPinentry(), G.Log)
if e2, fatalerr := pe.Init(); fatalerr != nil {
err = fatalerr
} else if e2 != nil {
G.Log.Debug("| Pinentry initialization failed: %s", e2)
} else {
se.pinentry = pe
G.Log.Debug("| Pinentry initialized")
}
}
if err == nil {
if se.pinentry == nil && se.terminal == nil {
err = fmt.Errorf("No terminal and pinentry init; cannot input secrets")
}
}
se.initRes = &err
G.Log.Debug("- SecretEntry.Init() -> %s", libkb.ErrToOk(err))
return err
}
func (s *CmdSignup) prompt() (err error) {
s.G().Log.Debug("+ prompt")
defer func() {
s.G().Log.Debug("- prompt -> %s", libkb.ErrToOk(err))
}()
if !s.doPrompt {
return nil
}
if s.prompter == nil {
s.MakePrompter()
}
if err = s.prompter.Run(); err != nil {
s.G().Log.Debug("| Prompter failed\n")
return
}
f := s.fields.passphraseRetry
if f.Disabled || libkb.IsYes(f.GetValue()) {
var res keybase1.GetPassphraseRes
res, err = PromptPassphrase(s.G())
if err != nil {
return
}
s.passphrase = res.Passphrase
s.storeSecret = res.StoreSecret
}
return
}
func (s *CmdSignup) checkRegistered() (err error) {
s.G().Log.Debug("+ clientModeSignupEngine::CheckRegistered")
defer s.G().Log.Debug("- clientModeSignupEngine::CheckRegistered -> %s", libkb.ErrToOk(err))
var rres keybase1.GetCurrentStatusRes
if rres, err = s.ccli.GetCurrentStatus(context.TODO(), 0); err != nil {
return err
}
if !rres.Registered {
return
}
if !s.doPrompt {
return nil
}
prompt := "Already registered; do you want to reregister?"
if rereg, err := s.G().UI.GetTerminalUI().PromptYesNo(PromptDescriptorReregister, prompt, libkb.PromptDefaultNo); err != nil {
return err
} else if !rereg {
return NotConfirmedError{}
}
return nil
}
func (e *UntrackEngine) storeRemoteUntrack(them *libkb.User, ctx *Context) (err error) {
e.G().Log.Debug("+ StoreRemoteUntrack")
defer e.G().Log.Debug("- StoreRemoteUntrack -> %s", libkb.ErrToOk(err))
arg := libkb.SecretKeyArg{
Me: e.arg.Me,
KeyType: libkb.DeviceSigningKeyType,
}
var signingKeyPriv libkb.GenericKey
if signingKeyPriv, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, arg, ctx.SecretUI, "untracking signature"); err != nil {
return
}
var sig string
var sigid keybase1.SigID
if sig, sigid, err = signingKeyPriv.SignToString(e.untrackStatementBytes); err != nil {
return
}
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "follow",
NeedSession: true,
Args: libkb.HTTPArgs{
"sig_id_base": libkb.S{Val: sigid.ToString(false)},
"sig_id_short": libkb.S{Val: sigid.ToShortID()},
"sig": libkb.S{Val: sig},
"uid": libkb.UIDArg(them.GetUID()),
"type": libkb.S{Val: "untrack"},
"signing_kid": e.signingKeyPub.GetKID(),
},
})
return
}
// Run starts the engine.
func (e *XLogin) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ XLogin.Run()")
defer func() { e.G().Log.Debug("- XLogin.Run() -> %s", libkb.ErrToOk(err)) }()
// first see if this device is already provisioned and it is possible to log in:
eng := NewXLoginCurrentDevice(e.G(), e.username)
err = RunEngine(eng, ctx)
if err == nil {
// login successful
e.G().Log.Debug("XLoginCurrentDevice.Run() was successful")
return err
}
// if this device has been provisioned already and there was an error, then
// return that error. Otherwise, ignore it and keep going.
if !e.notProvisionedErr(err) {
return err
}
e.G().Log.Debug("XLoginProvisioned error: %s (continuing with device provisioning...)", err)
// this device needs to be provisioned:
deng := NewXLoginProvision(e.G(), e.deviceType)
err = RunEngine(deng, ctx)
return err
}
// GetHelloArg implements GetHelloArg in kex2.Provisioner.
func (e *Kex2Provisioner) GetHelloArg() (arg keybase1.HelloArg, err error) {
e.G().Log.Debug("+ GetHelloArg()")
defer func() { e.G().Log.Debug("- GetHelloArg() -> %s", libkb.ErrToOk(err)) }()
e.ctx.ProvisionUI.DisplaySecretExchanged(context.TODO(), 0)
// get a session token that device Y can use
token, csrf, err := e.sessionForY()
if err != nil {
return arg, err
}
// generate a skeleton key proof
sigBody, err := e.skeletonProof()
if err != nil {
return arg, err
}
// return the HelloArg
arg = keybase1.HelloArg{
Uid: e.me.GetUID(),
Pps: e.pps.Export(),
Token: keybase1.SessionToken(token),
Csrf: keybase1.CsrfToken(csrf),
SigBody: sigBody,
}
return arg, nil
}
// CounterSign implements CounterSign in kex2.Provisioner.
func (e *Kex2Provisioner) CounterSign(input keybase1.HelloRes) (sig []byte, err error) {
e.G().Log.Debug("+ CounterSign()")
defer func() { e.G().Log.Debug("- CounterSign() -> %s", libkb.ErrToOk(err)) }()
jw, err := jsonw.Unmarshal([]byte(input))
if err != nil {
return nil, err
}
// check the reverse signature
if err = e.checkReverseSig(jw); err != nil {
e.G().Log.Debug("provisioner failed to verify reverse sig: %s", err)
return nil, err
}
e.G().Log.Debug("provisioner verified reverse sig")
// remember some device information for ProvisionUI.ProvisionerSuccess()
if err = e.rememberDeviceInfo(jw); err != nil {
return nil, err
}
// sign the whole thing with provisioner's signing key
s, _, _, err := libkb.SignJSON(jw, e.signingKey)
if err != nil {
return nil, err
}
return []byte(s), nil
}
// Run the engine
func (c *PassphraseChange) Run(ctx *Context) (err error) {
c.G().Log.Debug("+ PassphraseChange.Run")
defer func() {
c.G().Log.Debug("- PassphraseChange.Run -> %s", libkb.ErrToOk(err))
}()
if len(c.arg.Passphrase) < libkb.MinPassphraseLength {
return libkb.PassphraseError{Msg: "too short"}
}
if err = c.loadMe(); err != nil {
return
}
c.G().LoginState().RunSecretSyncer(c.me.GetUID())
if c.arg.Force {
err = c.runForcedUpdate(ctx)
} else {
err = c.runStandardUpdate(ctx)
}
if err == nil {
c.G().LoginState().RunSecretSyncer(c.me.GetUID())
}
return
}
func (s *CmdTestFSNotify) Run() (err error) {
s.G().Log.Debug("+ CmdTestFSNotify.Run")
defer func() { s.G().Log.Debug("- CmdTestFSNotify.Run -> %s", libkb.ErrToOk(err)) }()
cli, err := GetKBFSClient(s.G())
if err != nil {
return err
}
arg := keybase1.FSNotification{
PublicTopLevelFolder: s.publicTLF,
Filename: s.filename,
NotificationType: s.action,
StatusCode: keybase1.FSStatusCode_START,
}
s.G().Log.Debug("sending start event")
err = cli.FSEvent(context.TODO(), arg)
if err != nil {
return err
}
s.G().Log.Debug("sleeping for %s", s.delay)
time.Sleep(s.delay)
arg.StatusCode = keybase1.FSStatusCode_FINISH
s.G().Log.Debug("sending finish event")
err = cli.FSEvent(context.TODO(), arg)
if err != nil {
return err
}
s.G().Log.Debug("done with event")
return err
}
func (p *Prove) checkExists2(ctx *Context) (err error) {
p.G().Log.Debug("+ CheckExists2")
defer func() { p.G().Log.Debug("- CheckExists2 -> %s", libkb.ErrToOk(err)) }()
if !p.st.LastWriterWins() {
var found libkb.RemoteProofChainLink
for _, proof := range p.me.IDTable().GetActiveProofsFor(p.st) {
_, name := proof.ToKeyValuePair()
if libkb.Cicmp(name, p.usernameNormalized) {
found = proof
break
}
}
if found != nil {
var redo bool
redo, err = ctx.ProveUI.PromptOverwrite(context.TODO(), keybase1.PromptOverwriteArg{
Account: found.ToDisplayString(),
Typ: keybase1.PromptOverwriteType_SITE,
})
if err != nil {
return
}
if !redo {
err = libkb.NotConfirmedError{}
return
}
p.supersede = true
}
}
return
}
// Run starts the engine.
func (e *Kex2Provisionee) Run(ctx *Context) error {
e.G().Log.Debug("+ Kex2Provisionee.Run()")
// check device struct:
if len(e.device.Type) == 0 {
return errors.New("provisionee device requires Type to be set")
}
if e.device.ID.IsNil() {
return errors.New("provisionee device requires ID to be set")
}
// ctx is needed in some of the kex2 functions:
e.ctx = ctx
karg := kex2.KexBaseArg{
Ctx: context.TODO(),
Mr: libkb.NewKexRouter(e.G()),
DeviceID: e.device.ID,
Secret: e.secret,
SecretChannel: e.secretCh,
Timeout: 5 * time.Minute,
}
parg := kex2.ProvisioneeArg{
KexBaseArg: karg,
Provisionee: e,
}
err := kex2.RunProvisionee(parg)
e.G().Log.Debug("- Kex2Provisionee.Run() -> %s", libkb.ErrToOk(err))
return err
}
func (e *PGPKeyImportEngine) generate(ctx *Context) (err error) {
e.G().Log.Debug("+ PGP::Generate")
defer func() {
e.G().Log.Debug("- PGP::Generate -> %s", libkb.ErrToOk(err))
}()
e.G().Log.Debug("| GenerateKey")
if e.arg.Pregen != nil {
e.bundle = e.arg.Pregen
} else if e.arg.Gen == nil {
err = libkb.InternalError{Msg: "PGPKeyImportEngine: need either Gen or Pregen"}
return
} else if err = e.generateKey(ctx); err != nil {
return
}
e.G().Log.Debug("| WriteKey (hasSecret = %v)", e.bundle.HasSecretKey())
if !e.arg.NoSave && e.bundle.HasSecretKey() {
if err = e.saveLKS(ctx); err != nil {
return
}
}
if e.arg.PushSecret {
if err = e.prepareSecretPush(ctx); err != nil {
return
}
}
return
}
// Run starts the engine.
func (e *DeviceAdd) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ DeviceAdd.Run()")
defer func() { e.G().Log.Debug("- DeviceAdd.Run() -> %s", libkb.ErrToOk(err)) }()
provisioneeType, err := ctx.ProvisionUI.ChooseDeviceType(context.TODO(), 0)
if err != nil {
return err
}
e.G().Log.Debug("provisionee device type: %v", provisioneeType)
// make a new secret:
secret, err := libkb.NewKex2Secret()
if err != nil {
return err
}
e.G().Log.Debug("secret phrase: %s", secret.Phrase())
// create provisioner engine
provisioner := NewKex2Provisioner(e.G(), secret.Secret())
var canceler func()
// display secret and prompt for secret from X in a goroutine:
go func() {
sb := secret.Secret()
arg := keybase1.DisplayAndPromptSecretArg{
Secret: sb[:],
Phrase: secret.Phrase(),
OtherDeviceType: provisioneeType,
}
var contxt context.Context
contxt, canceler = context.WithCancel(context.Background())
receivedSecret, err := ctx.ProvisionUI.DisplayAndPromptSecret(contxt, arg)
if err != nil {
// XXX ???
e.G().Log.Warning("DisplayAndPromptSecret error: %s", err)
} else if receivedSecret != nil {
e.G().Log.Debug("received secret, adding to provisioner")
var ks kex2.Secret
copy(ks[:], receivedSecret)
provisioner.AddSecret(ks)
}
}()
defer func() {
if canceler != nil {
e.G().Log.Debug("canceling DisplayAndPromptSecret call")
canceler()
}
}()
// run provisioner
if err = RunEngine(provisioner, ctx); err != nil {
return err
}
return nil
}
func (s *SignupJoinEngine) CheckRegistered() (err error) {
s.G().Log.Debug("+ libkb.SignupJoinEngine::CheckRegistered")
if cr := s.G().Env.GetConfig(); cr == nil {
err = fmt.Errorf("No configuration file available")
} else if u := cr.GetUID(); u.Exists() {
err = libkb.AlreadyRegisteredError{UID: u}
}
s.G().Log.Debug("- libkb.SignupJoinEngine::CheckRegistered -> %s", libkb.ErrToOk(err))
return err
}
// runStandardUpdate is for when the user knows the current
// password.
func (c *PassphraseChange) runStandardUpdate(ctx *Context) (err error) {
c.G().Log.Debug("+ PassphraseChange.runStandardUpdate")
defer func() {
c.G().Log.Debug("- PassphraseChange.runStandardUpdate -> %s", libkb.ErrToOk(err))
}()
if len(c.arg.OldPassphrase) == 0 {
err = c.getVerifiedPassphraseHash(ctx)
} else {
err = c.verifySuppliedPassphrase(ctx)
}
if err != nil {
return err
}
pgpKeys, err := c.findAndDecryptPrivatePGPKeys(ctx)
if err != nil {
return err
}
var acctErr error
c.G().LoginState().Account(func(a *libkb.Account) {
gen := a.PassphraseStreamCache().PassphraseStream().Generation()
oldPWH := a.PassphraseStreamCache().PassphraseStream().PWHash()
oldClientHalf := a.PassphraseStreamCache().PassphraseStream().LksClientHalf()
payload, err := c.commonArgs(a, oldClientHalf, pgpKeys, gen)
if err != nil {
acctErr = err
return
}
payload["oldpwh"] = libkb.HexArg(oldPWH).String()
payload["ppgen"] = gen
postArg := libkb.APIArg{
Endpoint: "passphrase/replace",
NeedSession: true,
JSONPayload: payload,
SessionR: a.LocalSession(),
}
_, err = c.G().API.PostJSON(postArg)
if err != nil {
acctErr = err
return
}
}, "PassphraseChange.runStandardUpdate")
if acctErr != nil {
err = acctErr
return err
}
return nil
}
// Run starts the provisioner engine.
func (e *Kex2Provisioner) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ Kex2Provisioner.Run()")
defer func() { e.G().Log.Debug("- Kex2Provisioner.Run() -> %s", libkb.ErrToOk(err)) }()
// before starting provisioning, need to load some information:
// load self:
e.me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
// get signing key (including secret key):
arg := libkb.SecretKeyArg{
Me: e.me,
KeyType: libkb.DeviceSigningKeyType,
}
e.signingKey, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, arg, ctx.SecretUI, "new device install")
if err != nil {
return err
}
// get current passphrase stream:
e.pps, err = e.G().LoginState().GetPassphraseStream(ctx.SecretUI)
if err != nil {
return err
}
// ctx needed by some kex2 functions
e.ctx = ctx
deviceID := e.G().Env.GetDeviceID()
// all set: start provisioner
karg := kex2.KexBaseArg{
Ctx: context.TODO(),
Mr: libkb.NewKexRouter(e.G()),
DeviceID: deviceID,
Secret: e.secret,
SecretChannel: e.secretCh,
Timeout: 5 * time.Minute,
}
parg := kex2.ProvisionerArg{
KexBaseArg: karg,
Provisioner: e,
}
err = kex2.RunProvisioner(parg)
if err == nil {
ctx.ProvisionUI.ProvisionSuccess(context.TODO(), 0)
}
return err
}
func (e *TrackToken) storeRemoteTrack(ctx *Context, pubKID keybase1.KID) (err error) {
e.G().Log.Debug("+ StoreRemoteTrack")
defer func() {
e.G().Log.Debug("- StoreRemoteTrack -> %s", libkb.ErrToOk(err))
}()
// need unlocked signing key
ska := libkb.SecretKeyArg{
Me: e.arg.Me,
KeyType: libkb.DeviceSigningKeyType,
}
arg := ctx.SecretKeyPromptArg(ska, "tracking signature")
signingKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(arg)
if err != nil {
return err
}
if signingKey == nil {
return libkb.NoSecretKeyError{}
}
// double-check that the KID of the unlocked key matches
if signingKey.GetKID().NotEqual(pubKID) {
return errors.New("unexpeceted KID mismatch between locked and unlocked signing key")
}
sig, sigid, err := signingKey.SignToString(e.trackStatementBytes)
if err != nil {
return err
}
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "follow",
NeedSession: true,
Args: libkb.HTTPArgs{
"sig_id_base": libkb.S{Val: sigid.ToString(false)},
"sig_id_short": libkb.S{Val: sigid.ToShortID()},
"sig": libkb.S{Val: sig},
"uid": libkb.UIDArg(e.them.GetUID()),
"type": libkb.S{Val: "track"},
"signing_kid": signingKey.GetKID(),
},
})
if err != nil {
e.G().Log.Info("api error: %s", err)
return err
}
linkid := libkb.ComputeLinkID(e.trackStatementBytes)
e.arg.Me.SigChainBump(linkid, sigid)
return err
}
func (e *PGPKeyImportEngine) unlock(ctx *Context) (err error) {
e.G().Log.Debug("+ PGPKeyImportEngine::unlock")
defer func() {
e.G().Log.Debug("- PGPKeyImportEngine::unlock -> %s", libkb.ErrToOk(err))
}()
if e.arg.Pregen == nil || !e.arg.DoUnlock || !e.arg.Pregen.HasSecretKey() {
e.G().Log.Debug("| short circuit unlock function")
} else {
err = e.arg.Pregen.Unlock("import into private keychain", ctx.SecretUI)
}
return
}
func RunEngine(e Engine, ctx *Context) (err error) {
e.G().Log.Debug("+ RunEngine(%s)", e.Name())
defer func() { e.G().Log.Debug("- RunEngine(%s) -> %s", e.Name(), libkb.ErrToOk(err)) }()
if err = check(e, ctx); err != nil {
return err
}
if err = runPrereqs(e, ctx); err != nil {
return err
}
err = e.Run(ctx)
return err
}
func (e *TrackToken) storeRemoteTrack(ctx *Context) (err error) {
e.G().Log.Debug("+ StoreRemoteTrack")
defer func() {
e.G().Log.Debug("- StoreRemoteTrack -> %s", libkb.ErrToOk(err))
}()
var secretStore libkb.SecretStore
if e.arg.Me != nil {
e.lockedKey.SetUID(e.arg.Me.GetUID())
secretStore = libkb.NewSecretStore(e.G(), e.arg.Me.GetNormalizedName())
}
// need to unlock private key
parg := ctx.SecretKeyPromptArg(libkb.SecretKeyArg{}, "tracking signature")
e.signingKeyPriv, err = e.lockedKey.PromptAndUnlock(parg, e.lockedWhich, secretStore, nil, e.arg.Me)
if err != nil {
return err
}
if e.signingKeyPriv == nil {
return libkb.NoSecretKeyError{}
}
sig, sigid, err := e.signingKeyPriv.SignToString(e.trackStatementBytes)
if err != nil {
return err
}
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "follow",
NeedSession: true,
Args: libkb.HTTPArgs{
"sig_id_base": libkb.S{Val: sigid.ToString(false)},
"sig_id_short": libkb.S{Val: sigid.ToShortID()},
"sig": libkb.S{Val: sig},
"uid": libkb.UIDArg(e.them.GetUID()),
"type": libkb.S{Val: "track"},
"signing_kid": e.signingKeyPub.GetKID(),
},
})
if err != nil {
e.G().Log.Info("api error: %s", err)
return err
}
linkid := libkb.ComputeLinkID(e.trackStatementBytes)
e.arg.Me.SigChainBump(linkid, sigid)
return err
}
func (n *signupTerminalUI) PromptYesNo(pd libkb.PromptDescriptor, s string, def libkb.PromptDefault) (ret bool, err error) {
switch pd {
case client.PromptDescriptorLoginWritePaper:
ret = true
case client.PromptDescriptorLoginWallet:
ret = true
case client.PromptDescriptorGPGOKToAdd:
ret = false
default:
err = fmt.Errorf("unknown prompt %v", pd)
}
n.G().Log.Debug("Terminal PromptYesNo %d: %s -> %s (%v)\n", pd, s, ret, libkb.ErrToOk(err))
return ret, err
}
func (e *PGPKeyImportEngine) saveLKS(ctx *Context) (err error) {
e.G().Log.Debug("+ PGPKeyImportEngine::saveLKS")
defer func() {
e.G().Log.Debug("- PGPKeyImportEngine::saveLKS -> %v", libkb.ErrToOk(err))
}()
lks := e.arg.Lks
if lks == nil {
lks, err = libkb.NewLKSForEncrypt(ctx.SecretUI, e.me.GetUID(), e.G())
if err != nil {
return err
}
}
_, err = libkb.WriteLksSKBToKeyring(e.bundle, lks, ctx.LoginContext)
return
}
func (n *signupTerminalUI) Prompt(pd libkb.PromptDescriptor, s string) (ret string, err error) {
switch pd {
case client.PromptDescriptorSignupUsername:
ret = n.info.username
case client.PromptDescriptorSignupEmail:
ret = n.info.email
case client.PromptDescriptorSignupDevice:
ret = "work computer"
case client.PromptDescriptorSignupCode:
ret = "202020202020202020202020"
default:
err = fmt.Errorf("unknown prompt %v", pd)
}
n.G().Log.Debug("Terminal Prompt %d: %s -> %s (%v)\n", pd, s, ret, libkb.ErrToOk(err))
return ret, err
}
func (e *PGPKeyImportEngine) push(ctx *Context) (err error) {
e.G().Log.Debug("+ PGP::Push")
e.del.NewKey = e.bundle
e.del.EncodedPrivateKey = e.epk
if err = e.del.Run(ctx.LoginContext); err != nil {
return err
}
e.G().Log.Debug("- PGP::Push -> %s", libkb.ErrToOk(err))
ctx.LogUI.Info("Generated new PGP key:")
d := e.bundle.VerboseDescription()
for _, line := range strings.Split(d, "\n") {
ctx.LogUI.Info(" %s", line)
}
return nil
}
func (s *CmdTestPassphrase) Run() (err error) {
s.G().Log.Debug("+ CmdTestPassphrase.Run")
defer func() { s.G().Log.Debug("- CmdTestPassphrase.Run -> %s", libkb.ErrToOk(err)) }()
protocols := []rpc.Protocol{
NewSecretUIProtocol(s.G()),
}
if err = RegisterProtocols(protocols); err != nil {
return err
}
cli, err := GetAccountClient(s.G())
if err != nil {
return err
}
err = cli.PassphrasePrompt(context.TODO(), 0)
return err
}
// 1. Get keys for decryption and signing
// 2. If necessary, log in with backup keys
// 3. Get lks client half from server
// 4. Post an update passphrase proof
func (c *PassphraseChange) runForcedUpdate(ctx *Context) (err error) {
c.G().Log.Debug("+ PassphraseChange.runForcedUpdate")
defer func() {
c.G().Log.Debug("- PassphraseChange.runForcedUpdate -> %s", libkb.ErrToOk(err))
}()
kp, err := c.findUpdateKeys(ctx)
if err != nil {
return
}
if kp == nil {
return libkb.NoSecretKeyError{}
}
ppGen, oldClientHalf, err := fetchLKS(ctx, c.G(), kp.encKey)
if err != nil {
return
}
return c.updatePassphrase(ctx, kp.sigKey, ppGen, oldClientHalf)
}
// HandleHello implements HandleHello in kex2.Provisionee.
func (e *Kex2Provisionee) HandleHello(harg keybase1.HelloArg) (res keybase1.HelloRes, err error) {
e.G().Log.Debug("+ HandleHello()")
defer func() { e.G().Log.Debug("- HandleHello() -> %s", libkb.ErrToOk(err)) }()
// save parts of the hello arg for later:
e.uid = harg.Uid
e.sessionToken = harg.Token
e.csrfToken = harg.Csrf
e.pps = harg.Pps
jw, err := jsonw.Unmarshal([]byte(harg.SigBody))
if err != nil {
return res, err
}
// need the username later:
e.username, err = jw.AtPath("body.key.username").GetString()
if err != nil {
return res, err
}
e.eddsa, err = libkb.GenerateNaclSigningKeyPair()
if err != nil {
return res, err
}
if err = e.addDeviceSibkey(jw); err != nil {
return res, err
}
if err = e.reverseSig(jw); err != nil {
return res, err
}
out, err := jw.Marshal()
if err != nil {
return res, err
}
return keybase1.HelloRes(out), err
}
// Run starts the engine.
func (e *XLoginProvision) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ XLoginProvision.Run()")
defer func() { e.G().Log.Debug("- XLoginProvision.Run() -> %s", libkb.ErrToOk(err)) }()
// check we have a good device type:
if e.deviceType != libkb.DeviceTypeDesktop && e.deviceType != libkb.DeviceTypeMobile {
err = fmt.Errorf("device type must be %q or %q, not %q", libkb.DeviceTypeDesktop, libkb.DeviceTypeMobile, e.deviceType)
return err
}
availableGPGPrivateKeyUsers, err := e.searchGPG(ctx)
if err != nil {
return err
}
e.G().Log.Debug("available private gpg key users: %v", availableGPGPrivateKeyUsers)
arg := keybase1.ChooseProvisioningMethodArg{
GpgUsers: availableGPGPrivateKeyUsers,
}
method, err := ctx.ProvisionUI.ChooseProvisioningMethod(context.TODO(), arg)
if err != nil {
return err
}
e.G().Log.Debug("chosen method: %v", method)
switch method {
case keybase1.ProvisionMethod_DEVICE:
err = e.device(ctx)
case keybase1.ProvisionMethod_GPG:
err = e.gpg(ctx)
case keybase1.ProvisionMethod_PAPER_KEY:
err = e.paper(ctx)
case keybase1.ProvisionMethod_PASSPHRASE:
err = e.passphrase(ctx)
default:
err = fmt.Errorf("unhandled provisioning method: %v", method)
}
return err
}
// coalesceBlocks puts the synced pgp key block and all the pgp key
// blocks in ring into s.skbs.
func (s *ScanKeys) coalesceBlocks(ring *libkb.SKBKeyringFile, synced *libkb.SKB) error {
var err error
s.G().Log.Debug("+ ScanKeys::coalesceBlocks")
defer func() {
s.G().Log.Debug("- ScanKeys::coalesceBlocks -> %s", libkb.ErrToOk(err))
}()
if synced != nil {
s.skbs = append(s.skbs, synced)
}
for _, b := range ring.Blocks {
if !libkb.IsPGPAlgo(b.Type) {
continue
}
// make sure uid set on each block:
b.SetUID(s.me.GetUID())
s.skbs = append(s.skbs, b)
}
return nil
}
func (e *PGPKeyExportEngine) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ PGPKeyExportEngine::Run")
defer func() {
e.G().Log.Debug("- PGPKeyExportEngine::Run -> %s", libkb.ErrToOk(err))
}()
if e.qtype == unset {
return fmt.Errorf("PGPKeyExportEngine: query type not set")
}
if err = e.loadMe(); err != nil {
return
}
if e.arg.Secret {
err = e.exportSecret(ctx)
} else {
err = e.exportPublic()
}
return
}
