func (e *Kex2Provisionee) pushLKSServerHalf() error { // make new lks ppstream := libkb.NewPassphraseStream(e.pps.PassphraseStream) ppstream.SetGeneration(libkb.PassphraseGeneration(e.pps.Generation)) e.lks = libkb.NewLKSec(ppstream, e.uid, e.G()) e.lks.GenerateServerHalf() // make client half recovery chrKID := e.dh.GetKID() chrText, err := e.lks.EncryptClientHalfRecovery(e.dh) if err != nil { return err } err = libkb.PostDeviceLKS(e, e.device.ID, e.device.Type, e.lks.GetServerHalf(), e.lks.Generation(), chrText, chrKID) if err != nil { return err } // Sync the LKS stuff back from the server, so that subsequent // attempts to use public key login will work. /* err = e.G().LoginState().RunSecretSyncer(e.uid) if err != nil { return err } */ return nil }
// Run starts the engine. func (e *PaperKeyGen) Run(ctx *Context) error { // make the passphrase stream key, err := scrypt.Key(e.arg.Passphrase.Bytes(), nil, libkb.PaperKeyScryptCost, libkb.PaperKeyScryptR, libkb.PaperKeyScryptP, libkb.PaperKeyScryptKeylen) if err != nil { return err } ppStream := libkb.NewPassphraseStream(key) // make keys for the paper device if err := e.makeSigKey(ppStream.EdDSASeed()); err != nil { return err } if err := e.makeEncKey(ppStream.DHSeed()); err != nil { return err } // push everything to the server if err := e.push(ctx); err != nil { return err } return nil }
// Run starts the engine. func (e *PaperKeyGen) Run(ctx *Context) error { // make the passphrase stream key, err := scrypt.Key(e.arg.Passphrase.Bytes(), nil, libkb.PaperKeyScryptCost, libkb.PaperKeyScryptR, libkb.PaperKeyScryptP, libkb.PaperKeyScryptKeylen) if err != nil { return err } ppStream := libkb.NewPassphraseStream(key) // make keys for the paper device if err := e.makeSigKey(ppStream.EdDSASeed()); err != nil { return err } if err := e.makeEncKey(ppStream.DHSeed()); err != nil { return err } // push everything to the server if err := e.push(ctx); err != nil { return err } // no need to notify if key wasn't pushed to server // (e.g. in the case of using this engine to verify a key) if e.arg.SkipPush { return nil } e.G().NotifyRouter.HandleKeyfamilyChanged(e.arg.Me.GetUID()) // Remove this after kbfs notification change complete e.G().NotifyRouter.HandleUserChanged(e.arg.Me.GetUID()) return nil }
func (e *Kex2Provisionee) pushLKSServerHalf() error { // make new lks ppstream := libkb.NewPassphraseStream(e.pps.PassphraseStream) ppstream.SetGeneration(libkb.PassphraseGeneration(e.pps.Generation)) e.lks = libkb.NewLKSec(ppstream, e.uid, e.G()) e.lks.GenerateServerHalf() // make client half recovery chrKID := e.dh.GetKID() chrText, err := e.lks.EncryptClientHalfRecovery(e.dh) if err != nil { return err } err = libkb.PostDeviceLKS(e, e.device.ID, e.device.Type, e.lks.GetServerHalf(), e.lks.Generation(), chrText, chrKID) if err != nil { return err } // Sync the LKS stuff back from the server, so that subsequent // attempts to use public key login will work. err = e.ctx.LoginContext.RunSecretSyncer(e.uid) if err != nil { return err } // Cache the passphrase stream. Note that we don't have the triplesec // portion of the stream cache, and that the only bytes in ppstream // are the lksec portion (no pwhash, eddsa, dh). Currently passes // all tests with this situation and code that uses those portions // looks to be ok. e.ctx.LoginContext.CreateStreamCache(nil, ppstream) return nil }