// Issue CORE-2063: check that generated secret key is exported
// to user's GPG keyring.
func TestPGPImportGPGExport(t *testing.T) {
tc := SetupEngineTest(t, "pgpexp")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "pgp")
ctx := &Context{LogUI: tc.G.UI.GetLogUI(), SecretUI: u.NewSecretUI()}
// before running, they should have no pgp keys in key family or in gpg
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
t.Fatal(err)
}
if len(me.GetActivePGPKeys(false)) != 0 {
t.Fatalf("active pgp keys: %d, expected 0", len(me.GetActivePGPKeys(false)))
}
gpgPrivate, err := numPrivateGPGKeys(tc.G)
if err != nil {
t.Fatal(err)
}
if gpgPrivate != 0 {
t.Fatalf("private gpg keys: %d, expected 0", gpgPrivate)
}
// this is similar to how cmd_pgp_gen works:
genArg := &libkb.PGPGenArg{
PrimaryBits: 1024,
SubkeyBits: 1024,
}
if err := genArg.MakeAllIds(); err != nil {
t.Fatal(err)
}
arg := PGPKeyImportEngineArg{
Gen: genArg,
PushSecret: true,
AllowMulti: true,
DoExport: true,
Ctx: tc.G,
}
eng := NewPGPKeyImportEngine(arg)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
// after running, they should have one pgp keys in key family and in gpg
me, err = libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
t.Fatal(err)
}
if len(me.GetActivePGPKeys(false)) != 1 {
t.Errorf("active pgp keys: %d, expected 1", len(me.GetActivePGPKeys(false)))
}
gpgPrivate, err = numPrivateGPGKeys(tc.G)
if err != nil {
t.Fatal(err)
}
if gpgPrivate != 1 {
t.Errorf("private gpg keys: %d, expected 1", gpgPrivate)
}
}
func (e *ListTrackingEngine) Run(ctx *Context) (err error) {
var user *libkb.User
if len(e.arg.ForAssertion) > 0 {
user, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.arg.ForAssertion))
} else {
user, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
}
if err != nil {
return
}
var trackList TrackList
trackList = user.IDTable().GetTrackList()
trackList, err = filterRxx(trackList, e.arg.Filter)
if err != nil {
return
}
sort.Sort(trackList)
if e.arg.JSON {
err = e.runJSON(trackList, e.arg.Verbose)
} else {
err = e.runTable(trackList)
}
return
}
func (e *BTCEngine) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ BTCEngine Run")
defer func() {
e.G().Log.Debug("- BTCEngine Run")
}()
_, _, err = libkb.BtcAddrCheck(e.address, nil)
if err != nil {
return err
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
cryptocurrencyLink := me.IDTable().ActiveCryptocurrency()
if cryptocurrencyLink != nil && !e.force {
return fmt.Errorf("User already has a cryptocurrency address. To overwrite, use --force.")
}
var sigIDToRevoke keybase1.SigID
if cryptocurrencyLink != nil {
sigIDToRevoke = cryptocurrencyLink.GetSigID()
}
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to register a cryptocurrency address"))
if err != nil {
return err
}
if err = sigKey.CheckSecretKey(); err != nil {
return err
}
claim, err := me.CryptocurrencySig(sigKey, e.address, sigIDToRevoke)
if err != nil {
return err
}
sig, _, _, err := libkb.SignJSON(claim, sigKey)
if err != nil {
return err
}
kid := sigKey.GetKID()
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "sig/post",
NeedSession: true,
Args: libkb.HTTPArgs{
"sig": libkb.S{Val: sig},
"signing_kid": libkb.S{Val: kid.String()},
"is_remote_proof": libkb.B{Val: false},
"type": libkb.S{Val: "cryptocurrency"},
},
})
if err != nil {
return err
}
return nil
}
func TestTrackLocal(t *testing.T) {
tc := SetupEngineTest(t, "track")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "track")
_, them, err := runTrackWithOptions(tc, fu, "t_alice", keybase1.TrackOptions{LocalOnly: true, BypassConfirm: true}, fu.NewSecretUI(), false)
if err != nil {
t.Fatal(err)
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
t.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
t.Fatal(err)
}
if s == nil {
t.Fatal("no tracking statement")
}
if s.IsRemote() {
t.Errorf("tracking statement is remote, expected local")
}
}
// Run starts the engine.
func (e *PaperKeySubmit) Run(ctx *Context) error {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
e.pair, err = matchPaperKey(ctx, e.G(), me, e.paperPhrase)
if err != nil {
return err
}
aerr := e.G().LoginState().Account(func(a *libkb.Account) {
err = a.SetUnlockedPaperKey(e.pair.sigKey, e.pair.encKey)
}, "PaperKeySubmit - cache paper key")
if aerr != nil {
return aerr
}
if err != nil {
return err
}
// send a notification that a paper key has been cached
// for rekey purposes
e.G().NotifyRouter.HandlePaperKeyCached(me.GetUID(), e.pair.encKey.GetKID(), e.pair.sigKey.GetKID())
// XXX - this is temporary until KBFS handles the above notification
e.G().NotifyRouter.HandleUserChanged(me.GetUID())
return nil
}
func (e *PGPKeyImportEngine) loadMe() (err error) {
if e.me = e.arg.Me; e.me != nil {
return
}
e.me, err = libkb.LoadMe(libkb.NewLoadUserPubOptionalArg(e.G()))
return err
}
// currentDeviceSolvesProblemSet returns true if the current device can fix all
// of the folders in the ProblemSet.
func currentDeviceSolvesProblemSet(g *libkb.GlobalContext, ps keybase1.ProblemSet) (ret bool) {
g.Log.Debug("+ currentDeviceSolvesProblemSet")
defer func() {
g.Log.Debug("- currentDeviceSolvesProblemSet -> %v\n", ret)
}()
me, err := libkb.LoadMe(libkb.NewLoadUserArg(g))
if err != nil {
g.Log.Info("| Problem loading me: %s\n", err)
return ret
}
key, err := me.GetDeviceSubkey()
if err != nil {
g.Log.Info("| Problem getting device subkey: %s\n", err)
return ret
}
for _, tlf := range ps.Tlfs {
if !keySolvesProblemTLF(key, tlf) {
g.Log.Debug("| Doesn't solve problem TLF: %s (%s)\n", tlf.Tlf.Name, tlf.Tlf.Id)
return ret
}
}
ret = true
return ret
}
func getMySecretKey(
g *libkb.GlobalContext, secretUI libkb.SecretUI,
secretKeyType libkb.SecretKeyType, reason string) (
libkb.GenericKey, error) {
var key libkb.GenericKey
var err error
aerr := g.LoginState().Account(func(a *libkb.Account) {
key, err = a.CachedSecretKey(libkb.SecretKeyArg{KeyType: secretKeyType})
}, "Keyrings - cachedSecretKey")
if key != nil && err == nil {
return key, nil
}
if aerr != nil {
g.Log.Debug("error getting account: %s", aerr)
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(g))
if err != nil {
return nil, err
}
arg := libkb.SecretKeyPromptArg{
Ska: libkb.SecretKeyArg{
Me: me,
KeyType: secretKeyType,
},
SecretUI: secretUI,
Reason: reason,
UseCancelCache: true,
}
return g.Keyrings.GetSecretKeyWithPrompt(arg)
}
// Run starts the engine.
func (e *ProveCheck) Run(ctx *Context) error {
found, status, err := libkb.CheckPostedViaSigID(e.sigID)
if err != nil {
return err
}
e.found = found
e.status = keybase1.ProofStatus(status)
e.G().Log.Debug("looking for ChainLink for %s", e.sigID)
me, err := libkb.LoadMe(libkb.NewLoadUserPubOptionalArg(e.G()))
if err != nil {
return err
}
link := me.LinkFromSigID(e.sigID)
if link == nil {
return fmt.Errorf("no chain link found for %s", e.sigID)
}
e.G().Log.Debug("chain link found: (%T)", link.Typed())
if rlink, ok := link.Typed().(libkb.RemoteProofChainLink); ok {
e.proofText = rlink.ProofText()
e.G().Log.Debug("chain link proof text: %q", e.proofText)
} else {
e.G().Log.Warning("chain link had invalid type: %T", link.Typed())
}
return nil
}
func assertLoadPGPKeys(tc libkb.TestContext, u *FakeUser) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatal(err)
}
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.PGPKeyType,
}
parg := libkb.SecretKeyPromptArg{
Ska: ska,
SecretUI: u.NewSecretUI(),
Reason: "pgp test",
}
key, err := tc.G.Keyrings.GetSecretKeyWithPrompt(parg)
if err != nil {
tc.T.Fatal(err)
}
var ok bool
_, ok = key.(*libkb.PGPKeyBundle)
if !ok {
tc.T.Errorf("key type: %T, expected libkb.PGPKeyBundle", key)
}
}
func assertUntracked(tc libkb.TestContext, username string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatal(err)
}
them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username))
if err != nil {
tc.T.Fatal(err)
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
tc.T.Fatal(err)
}
if s != nil {
tc.T.Fatal("expected not to get a tracking statement; but got one")
}
s, err = libkb.LocalTrackChainLinkFor(me.GetUID(), them.GetUID(), tc.G)
if err != nil {
tc.T.Fatal(err)
}
if s != nil {
tc.T.Fatal("expected not to get a local tracking statement; but got one")
}
}
func (e *loginProvisionedDevice) unlockDeviceKeys(ctx *Context, me *libkb.User) error {
if me == nil {
var err error
me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
}
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
_, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
if err != nil {
return err
}
ska.KeyType = libkb.DeviceEncryptionKeyType
_, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
if err != nil {
return err
}
return nil
}
func TestPaperKeyPrimary(t *testing.T) {
tc := SetupEngineTest(t, "paper")
defer tc.Cleanup()
f := func(arg *SignupEngineRunArg) {
arg.SkipPaper = true
}
fu, signingKey := CreateAndSignupFakeUserCustomArg(tc, "paper", f)
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
t.Fatal(err)
}
ctx := &Context{
LoginUI: libkb.TestLoginUI{},
}
args := &PaperKeyPrimaryArgs{
Me: me,
SigningKey: signingKey,
}
eng := NewPaperKeyPrimary(tc.G, args)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
hasOnePaperDev(tc, fu)
}
func assertLoadSecretKeys(tc libkb.TestContext, u *FakeUser, msg string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if me == nil {
tc.T.Fatalf("%s: nil LoadMe result", msg)
}
skarg := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
sigKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing sig")
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if sigKey == nil {
tc.T.Fatalf("%s: got nil signing key", msg)
}
skarg.KeyType = libkb.DeviceEncryptionKeyType
encKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing enc")
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if encKey == nil {
tc.T.Fatalf("%s: got nil encryption key", msg)
}
}
func (e *ListTrackingEngine) Run(ctx *Context) (err error) {
user, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return
}
var trackList TrackList
trackList = user.IDTable().GetTrackList()
trackList, err = filterRxx(trackList, e.arg.Filter)
if err != nil {
return
}
sort.Sort(trackList)
if e.arg.JSON {
err = e.runJSON(trackList, e.arg.Verbose)
} else {
err = e.runTable(trackList)
}
return
}
func TestDeviceKey(t *testing.T) {
tc := SetupEngineTest(t, "dkal")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "dkal")
check := func() {
u, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
t.Fatal(err)
}
if u == nil {
t.Fatalf("Can't load current user")
}
if subkey, err := u.GetDeviceSubkey(); err != nil {
t.Fatal(err)
} else if subkey == nil {
t.Fatalf("Failed to load device subkey right after signup")
}
}
check()
Logout(tc)
fu.LoginOrBust(tc)
check()
}
func (e *SaltpackEncrypt) loadMe(ctx *Context) error {
loggedIn, err := IsLoggedIn(e, ctx)
if err != nil || !loggedIn {
return err
}
e.me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
return err
}
func (e *RevokeEngine) Run(ctx *Context) error {
currentDevice := e.G().Env.GetDeviceID()
var deviceID keybase1.DeviceID
if e.mode == RevokeDevice {
deviceID = e.deviceID
if e.deviceID == currentDevice && !e.force {
return fmt.Errorf("Can't revoke the current device.")
}
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
kidsToRevoke, err := e.getKIDsToRevoke(me)
if err != nil {
return err
}
ctx.LogUI.Info("Revoking KIDs:")
for _, kid := range kidsToRevoke {
ctx.LogUI.Info(" %s", kid)
}
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key"))
if err != nil {
return err
}
if err = sigKey.CheckSecretKey(); err != nil {
return err
}
proof, err := me.RevokeKeysProof(sigKey, kidsToRevoke, deviceID)
if err != nil {
return err
}
sig, _, _, err := libkb.SignJSON(proof, sigKey)
if err != nil {
return err
}
kid := sigKey.GetKID()
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "sig/revoke",
NeedSession: true,
Args: libkb.HTTPArgs{
"signing_kid": libkb.S{Val: kid.String()},
"sig": libkb.S{Val: sig},
},
})
if err != nil {
return err
}
return nil
}
// Run starts the engine.
func (k *KexProvisioner) Run(ctx *Context) error {
k.engctx = ctx
var err error
uarg := libkb.NewLoadUserPubOptionalArg(k.G())
uarg.LoginContext = ctx.LoginContext
k.user, err = libkb.LoadMe(uarg)
if err != nil {
return err
}
dp := k.G().Env.GetDeviceID()
if dp.IsNil() {
// Prereqs w/ Device: true should catch this earlier, but just in case:
return libkb.DeviceRequiredError{}
}
k.deviceID = dp
k.G().Log.Debug("device id: %s", k.deviceID)
if k.user.GetComputedKeyFamily() == nil {
return libkb.KeyFamilyError{Msg: "nil ckf"}
}
k.deviceSibkey, err = k.user.GetComputedKeyFamily().GetSibkeyForDevice(k.deviceID)
if err != nil {
k.G().Log.Warning("KexProvisioner.Run: error getting device sibkey: %s", err)
return err
}
token, csrf := k.sessionArgs(ctx)
k.sec, err = kex.SecretFromPhrase(k.user.GetName(), k.secretPhrase)
if err != nil {
return err
}
k.serverMu.Lock()
k.server = kex.NewSender(kex.DirectionXtoY, k.sec.Secret(), token, csrf, k.G())
k.serverMu.Unlock()
arg := libkb.SecretKeyArg{
Me: k.user,
KeyType: libkb.DeviceSigningKeyType,
}
k.sigKey, err = k.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, arg, ctx.SecretUI, "new device install")
if err != nil {
k.G().Log.Warning("KexProvisioner.Run: GetSecretKey error: %s", err)
return err
}
k.G().Log.Debug("KexProvisioner: starting receive loop")
var nilDeviceID keybase1.DeviceID
m := kex.NewMeta(k.user.GetUID(), k.sec.StrongID(), nilDeviceID, k.deviceID, kex.DirectionYtoX)
err = k.loopReceives(ctx, m, k.sec)
if err != nil {
k.G().Log.Warning("Error in KEX receive: %s", err)
}
return err
}
func checkTrackCommon(tc libkb.TestContext, blocks []sb, outcome *keybase1.IdentifyOutcome, them *libkb.User, ui *FakeIdentifyUI) error {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
return err
}
if them == nil {
tc.T.Fatal("checkTrackCommon called with nil 'them' user")
}
s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID())
if err != nil {
return err
}
if s == nil {
tc.T.Fatal("me.TrackChainLinkFor(...) returned nil, nil")
}
tc.T.Logf("payload json:\n%s", s.GetPayloadJSON().MarshalPretty())
sbs := s.ToServiceBlocks()
if len(sbs) != len(blocks) {
return fmt.Errorf("num service blocks: %d, expected %d", len(sbs), len(blocks))
}
sort.Sort(byID(sbs))
for i, sb := range sbs {
tsb := blocks[i]
if sb.IsSocial() != tsb.social {
return fmt.Errorf("(sb %d): social: %v, expected %v", i, sb.IsSocial(), tsb.social)
}
if sb.ToIDString() != tsb.id {
return fmt.Errorf("(sb %d): id: %s, expected %s", i, sb.ToIDString(), tsb.id)
}
if sb.GetProofState() != tsb.proofState {
return fmt.Errorf("(sb %d): proof state: %d, expected %d", i, sb.GetProofState(), tsb.proofState)
}
}
if ui.Outcome.TrackStatus != outcome.TrackStatus {
return fmt.Errorf("track status: %d, expected %d", ui.Outcome.TrackStatus, outcome.TrackStatus)
}
if ui.Outcome.NumTrackFailures != outcome.NumTrackFailures {
return fmt.Errorf("num track failures: %d, expected %d", ui.Outcome.NumTrackFailures, outcome.NumTrackFailures)
}
if ui.Outcome.NumTrackChanges != outcome.NumTrackChanges {
return fmt.Errorf("num track changes: %d, expected %d", ui.Outcome.NumTrackChanges, outcome.NumTrackChanges)
}
if ui.Outcome.NumProofFailures != outcome.NumProofFailures {
return fmt.Errorf("num proof failures: %d, expected %d", ui.Outcome.NumProofFailures, outcome.NumProofFailures)
}
if ui.Outcome.NumProofSuccesses != outcome.NumProofSuccesses {
return fmt.Errorf("num proof successes: %d, expected %d", ui.Outcome.NumProofSuccesses, outcome.NumProofSuccesses)
}
if ui.Outcome.NumRevoked != outcome.NumRevoked {
return fmt.Errorf("num revoked: %d, expected %d", ui.Outcome.NumRevoked, outcome.NumRevoked)
}
return nil
}
func (k *KexNewDevice) handleDone(ctx *Context, m *kex.Msg) error {
// device X changed the sigchain, so reload the user to get the latest sigchain.
var err error
k.user, err = libkb.LoadMe(libkb.LoadUserArg{PublicKeyOptional: true, LoginContext: ctx.LoginContext, Contextified: libkb.NewContextified(k.G())})
if err != nil {
return err
}
return nil
}
// Run starts the engine.
func (e *SaltpackDecrypt) Run(ctx *Context) (err error) {
defer e.G().Trace("SaltpackDecrypt::Run", func() error { return err })()
// We don't load this in the --paperkey case.
var me *libkb.User
var key libkb.GenericKey
if e.arg.Opts.UsePaperKey {
// Prompt the user for a paper key. This doesn't require you to be
// logged in.
keypair, err := getPaperKey(e.G(), ctx)
if err != nil {
return err
}
key = keypair.encKey
} else {
// Load self so that we can get device keys. This does require you to
// be logged in.
me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
// Get the device encryption key, maybe prompting the user.
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceEncryptionKeyType,
}
e.G().Log.Debug("| GetSecretKeyWithPrompt")
key, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "decrypting a message/file"))
if err != nil {
return err
}
}
kp, ok := key.(libkb.NaclDHKeyPair)
if !ok || kp.Private == nil {
return libkb.KeyCannotDecryptError{}
}
hook := func(mki *saltpack.MessageKeyInfo) error {
return e.promptForDecrypt(ctx, mki)
}
e.G().Log.Debug("| SaltpackDecrypt")
var mki *saltpack.MessageKeyInfo
mki, err = libkb.SaltpackDecrypt(e.G(), e.arg.Source, e.arg.Sink, kp, hook)
if err == saltpack.ErrNoDecryptionKey {
err = libkb.NoDecryptionKeyError{Msg: "no suitable device key found"}
}
// It's ok if me is nil here.
e.makeMessageInfo(me, mki)
return err
}
func (h *RekeyHandler) GetPendingRekeyStatus(ctx context.Context, sessionID int) (keybase1.ProblemSetDevices, error) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(h.G()))
if err != nil {
return keybase1.ProblemSetDevices{}, err
}
pset, err := h.scorer(h.G(), keybase1.ProblemSet{})
if err != nil {
return keybase1.ProblemSetDevices{}, err
}
return newProblemSetDevices(me, pset)
}
// Run starts the provisioner engine.
func (e *Kex2Provisioner) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ Kex2Provisioner.Run()")
defer func() { e.G().Log.Debug("- Kex2Provisioner.Run() -> %s", libkb.ErrToOk(err)) }()
// before starting provisioning, need to load some information:
// load self:
e.me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
// get signing key (including secret key):
arg := libkb.SecretKeyArg{
Me: e.me,
KeyType: libkb.DeviceSigningKeyType,
}
e.signingKey, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, arg, ctx.SecretUI, "new device install")
if err != nil {
return err
}
// get current passphrase stream:
e.pps, err = e.G().LoginState().GetPassphraseStream(ctx.SecretUI)
if err != nil {
return err
}
// ctx needed by some kex2 functions
e.ctx = ctx
deviceID := e.G().Env.GetDeviceID()
// all set: start provisioner
karg := kex2.KexBaseArg{
Ctx: context.TODO(),
Mr: libkb.NewKexRouter(e.G()),
DeviceID: deviceID,
Secret: e.secret,
SecretChannel: e.secretCh,
Timeout: 5 * time.Minute,
}
parg := kex2.ProvisionerArg{
KexBaseArg: karg,
Provisioner: e,
}
err = kex2.RunProvisioner(parg)
if err == nil {
ctx.ProvisionUI.ProvisionSuccess(context.TODO(), 0)
}
return err
}
func (e *IDEngine) run(ctx *Context) (*IDRes, error) {
iarg := NewIdentifyArg(e.arg.UserAssertion, e.arg.TrackStatement, e.arg.ForceRemoteCheck)
iarg.Source = e.arg.Source
ieng := NewIdentify(iarg, e.G())
if err := RunEngine(ieng, ctx); err != nil {
return nil, err
}
user := ieng.User()
res := &IDRes{Outcome: ieng.Outcome(), User: user, TrackToken: ieng.TrackToken(), ComputedKeyFamily: user.GetComputedKeyFamily()}
res.Outcome.Reason = e.arg.Reason
if ieng.DidShortCircuit() {
return res, nil
}
// need to tell any ui clients the track token
if err := ctx.IdentifyUI.ReportTrackToken(ieng.TrackToken()); err != nil {
return nil, err
}
if !e.arg.TrackStatement {
ctx.IdentifyUI.Finish()
return res, nil
}
// they want a json tracking statement:
// check to make sure they aren't identifying themselves
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return nil, err
}
if me.Equal(user) {
e.G().Log.Warning("can't generate track statement on yourself")
// but let's not call this an error...they'll see the warning.
ctx.IdentifyUI.Finish()
return res, nil
}
stmt, err := me.TrackStatementJSON(user, ieng.Outcome())
if err != nil {
e.G().Log.Warning("error getting track statement: %s", err)
return nil, err
}
if err = ctx.IdentifyUI.DisplayTrackStatement(stmt); err != nil {
return nil, err
}
ctx.IdentifyUI.Finish()
return res, nil
}
func (u *rekeyStatusUpdater) problemSetDevices() (keybase1.ProblemSetDevices, error) {
if u.me == nil {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(u.G()))
if err != nil {
return keybase1.ProblemSetDevices{}, err
}
u.me = me
}
return newProblemSetDevices(u.me, u.problemSet)
}
func (e *TrackToken) loadMe() error {
if e.arg.Me != nil {
return nil
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
e.arg.Me = me
return nil
}
func (e *SecretKeysEngine) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ SecretKeysEngine Run")
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
// Clear out all the cached secret key state. This forces a password prompt
// below.
e.G().LoginState().Account(func(a *libkb.Account) {
a.ClearStreamCache()
a.ClearCachedSecretKeys()
a.ClearKeyring()
}, "clear stream cache")
sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}, ctx.SecretUI, "to revoke another key")
if err != nil {
return err
}
if err = sigKey.CheckSecretKey(); err != nil {
return err
}
sigNaclKey, ok := sigKey.(libkb.NaclSigningKeyPair)
if !ok {
return fmt.Errorf("Expected a NaCl signing key.")
}
e.G().Log.Debug("| got signing key")
encKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceEncryptionKeyType,
}, ctx.SecretUI, "to revoke another key")
if err != nil {
return err
}
if err = encKey.CheckSecretKey(); err != nil {
return err
}
encNaclKey, ok := encKey.(libkb.NaclDHKeyPair)
if !ok {
return fmt.Errorf("Expected a NaCl encryption key.")
}
e.G().Log.Debug("| got encryption key")
e.result.Signing = [64]byte(*sigNaclKey.Private)
e.result.Encryption = [32]byte(*encNaclKey.Private)
return nil
}
func (h ConfigHandler) GetExtendedStatus(_ context.Context, sessionID int) (res keybase1.ExtendedStatus, err error) {
defer h.G().Trace("ConfigHandler::GetExtendedStatus", func() error { return err })()
res.Standalone = h.G().Env.GetStandalone()
res.LogDir = h.G().Env.GetLogDir()
// Should work in standalone mode too
if h.G().ConnectionManager != nil {
res.Clients = h.G().ConnectionManager.ListAllLabeledConnections()
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(h.G()))
if err != nil {
h.G().Log.Debug("| could not load me user")
} else {
device, err := me.GetComputedKeyFamily().GetCurrentDevice(h.G())
if err != nil {
h.G().Log.Debug("| GetCurrentDevice failed: %s", err)
} else {
res.Device = device.ProtExport()
}
}
h.G().LoginState().Account(func(a *libkb.Account) {
res.PassphraseStreamCached = a.PassphraseStreamCache().Valid()
if a.LoginSession() != nil {
res.Session = a.LoginSession().Status()
}
}, "ConfigHandler::GetExtendedStatus")
// this isn't quite ideal, but if there's a delegated UpdateUI available, then electron is running and connected.
if h.G().UIRouter != nil {
updateUI, err := h.G().UIRouter.GetUpdateUI()
if err == nil && updateUI != nil {
res.DesktopUIConnected = true
}
}
current, all, err := h.G().GetAllUserNames()
if err != nil {
h.G().Log.Debug("| died in GetAllUseranmes()")
return res, err
}
res.DefaultUsername = current.String()
p := make([]string, len(all))
for i, u := range all {
p[i] = u.String()
}
res.ProvisionedUsernames = p
res.PlatformInfo = getPlatformInfo()
return res, nil
}
func (e *PGPEncrypt) loadSelfKey() (*libkb.PGPKeyBundle, error) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return nil, err
}
keys := me.FilterActivePGPKeys(true, e.arg.KeyQuery)
if len(keys) == 0 {
return nil, libkb.NoKeyError{Msg: "No PGP key found for encrypting for self"}
}
return keys[0], nil
}