func (e *Kex2Provisionee) pushLKSServerHalf() error {
// make new lks
ppstream := libkb.NewPassphraseStream(e.pps.PassphraseStream)
ppstream.SetGeneration(libkb.PassphraseGeneration(e.pps.Generation))
e.lks = libkb.NewLKSec(ppstream, e.uid, e.G())
e.lks.GenerateServerHalf()
// make client half recovery
chrKID := e.dh.GetKID()
chrText, err := e.lks.EncryptClientHalfRecovery(e.dh)
if err != nil {
return err
}
err = libkb.PostDeviceLKS(e, e.device.ID, e.device.Type, e.lks.GetServerHalf(), e.lks.Generation(), chrText, chrKID)
if err != nil {
return err
}
// Sync the LKS stuff back from the server, so that subsequent
// attempts to use public key login will work.
/*
err = e.G().LoginState().RunSecretSyncer(e.uid)
if err != nil {
return err
}
*/
return nil
}
// Run starts the engine.
func (e *PaperKeyGen) Run(ctx *Context) error {
// make the passphrase stream
key, err := scrypt.Key(e.arg.Passphrase.Bytes(), nil,
libkb.PaperKeyScryptCost, libkb.PaperKeyScryptR, libkb.PaperKeyScryptP, libkb.PaperKeyScryptKeylen)
if err != nil {
return err
}
ppStream := libkb.NewPassphraseStream(key)
// make keys for the paper device
if err := e.makeSigKey(ppStream.EdDSASeed()); err != nil {
return err
}
if err := e.makeEncKey(ppStream.DHSeed()); err != nil {
return err
}
// push everything to the server
if err := e.push(ctx); err != nil {
return err
}
return nil
}
// Run starts the engine.
func (e *PaperKeyGen) Run(ctx *Context) error {
// make the passphrase stream
key, err := scrypt.Key(e.arg.Passphrase.Bytes(), nil,
libkb.PaperKeyScryptCost, libkb.PaperKeyScryptR, libkb.PaperKeyScryptP, libkb.PaperKeyScryptKeylen)
if err != nil {
return err
}
ppStream := libkb.NewPassphraseStream(key)
// make keys for the paper device
if err := e.makeSigKey(ppStream.EdDSASeed()); err != nil {
return err
}
if err := e.makeEncKey(ppStream.DHSeed()); err != nil {
return err
}
// push everything to the server
if err := e.push(ctx); err != nil {
return err
}
// no need to notify if key wasn't pushed to server
// (e.g. in the case of using this engine to verify a key)
if e.arg.SkipPush {
return nil
}
e.G().NotifyRouter.HandleKeyfamilyChanged(e.arg.Me.GetUID())
// Remove this after kbfs notification change complete
e.G().NotifyRouter.HandleUserChanged(e.arg.Me.GetUID())
return nil
}
func (e *Kex2Provisionee) pushLKSServerHalf() error {
// make new lks
ppstream := libkb.NewPassphraseStream(e.pps.PassphraseStream)
ppstream.SetGeneration(libkb.PassphraseGeneration(e.pps.Generation))
e.lks = libkb.NewLKSec(ppstream, e.uid, e.G())
e.lks.GenerateServerHalf()
// make client half recovery
chrKID := e.dh.GetKID()
chrText, err := e.lks.EncryptClientHalfRecovery(e.dh)
if err != nil {
return err
}
err = libkb.PostDeviceLKS(e, e.device.ID, e.device.Type, e.lks.GetServerHalf(), e.lks.Generation(), chrText, chrKID)
if err != nil {
return err
}
// Sync the LKS stuff back from the server, so that subsequent
// attempts to use public key login will work.
err = e.ctx.LoginContext.RunSecretSyncer(e.uid)
if err != nil {
return err
}
// Cache the passphrase stream. Note that we don't have the triplesec
// portion of the stream cache, and that the only bytes in ppstream
// are the lksec portion (no pwhash, eddsa, dh). Currently passes
// all tests with this situation and code that uses those portions
// looks to be ok.
e.ctx.LoginContext.CreateStreamCache(nil, ppstream)
return nil
}
