// commonArgs must be called inside a LoginState().Account(...) // closure func (c *PassphraseChange) commonArgs(a *libkb.Account, oldClientHalf []byte, pgpKeys []libkb.GenericKey, existingGen libkb.PassphraseGeneration) (libkb.JSONPayload, error) { // ensure that the login session is loaded if err := a.LoadLoginSession(c.me.GetName()); err != nil { return nil, err } salt, err := a.LoginSession().Salt() if err != nil { return nil, err } tsec, newPPStream, err := libkb.StretchPassphrase(c.arg.Passphrase, salt) if err != nil { return nil, err } newPWH := newPPStream.PWHash() newClientHalf := newPPStream.LksClientHalf() mask := make([]byte, len(oldClientHalf)) libkb.XORBytes(mask, oldClientHalf, newClientHalf) lksch := make(map[keybase1.KID]string) devices := c.me.GetComputedKeyFamily().GetAllDevices() for _, dev := range devices { if !dev.IsActive() { continue } key, err := c.me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(dev.ID) if err != nil { return nil, err } ctext, err := key.EncryptToString(newClientHalf, nil) if err != nil { return nil, err } lksch[key.GetKID()] = ctext } payload := make(libkb.JSONPayload) payload["pwh"] = libkb.HexArg(newPWH).String() payload["pwh_version"] = triplesec.Version payload["lks_mask"] = libkb.HexArg(mask).String() payload["lks_client_halves"] = lksch var encodedKeys []string for _, key := range pgpKeys { encoded, err := c.encodePrivatePGPKey(key, tsec, existingGen+1) if err != nil { return nil, err } encodedKeys = append(encodedKeys, encoded) } payload["private_keys"] = encodedKeys return payload, nil }
// runStandardUpdate is for when the user knows the current // password. func (c *PassphraseChange) runStandardUpdate(ctx *Context) (err error) { c.G().Log.Debug("+ PassphraseChange.runStandardUpdate") defer func() { c.G().Log.Debug("- PassphraseChange.runStandardUpdate -> %s", libkb.ErrToOk(err)) }() if len(c.arg.OldPassphrase) == 0 { err = c.getVerifiedPassphraseHash(ctx) } else { err = c.verifySuppliedPassphrase(ctx) } if err != nil { return err } pgpKeys, err := c.findAndDecryptPrivatePGPKeys(ctx) if err != nil { return err } var acctErr error c.G().LoginState().Account(func(a *libkb.Account) { gen := a.PassphraseStreamCache().PassphraseStream().Generation() oldPWH := a.PassphraseStreamCache().PassphraseStream().PWHash() oldClientHalf := a.PassphraseStreamCache().PassphraseStream().LksClientHalf() payload, err := c.commonArgs(a, oldClientHalf, pgpKeys, gen) if err != nil { acctErr = err return } payload["oldpwh"] = libkb.HexArg(oldPWH).String() payload["ppgen"] = gen postArg := libkb.APIArg{ Endpoint: "passphrase/replace", NeedSession: true, JSONPayload: payload, SessionR: a.LocalSession(), } _, err = c.G().API.PostJSON(postArg) if err != nil { acctErr = err return } }, "PassphraseChange.runStandardUpdate") if acctErr != nil { err = acctErr return err } return nil }
func ResetAccount(tc libkb.TestContext, u *FakeUser) { pps, err := tc.G.LoginState().GetPassphraseStreamWithPassphrase(u.Passphrase) if err != nil { tc.T.Fatal(err) } arg := libkb.APIArg{ Endpoint: "nuke", NeedSession: true, Args: libkb.HTTPArgs{ "pwh": libkb.HexArg(pps.PWHash()), }, } res, err := tc.G.API.Post(arg) if err != nil { tc.T.Fatal(err) } tc.T.Logf("nuke api result: %+v", res) Logout(tc) }