// commonArgs must be called inside a LoginState().Account(...)
// closure
func (c *PassphraseChange) commonArgs(a *libkb.Account, oldClientHalf []byte, pgpKeys []libkb.GenericKey, existingGen libkb.PassphraseGeneration) (libkb.JSONPayload, error) {
// ensure that the login session is loaded
if err := a.LoadLoginSession(c.me.GetName()); err != nil {
return nil, err
}
salt, err := a.LoginSession().Salt()
if err != nil {
return nil, err
}
tsec, newPPStream, err := libkb.StretchPassphrase(c.arg.Passphrase, salt)
if err != nil {
return nil, err
}
newPWH := newPPStream.PWHash()
newClientHalf := newPPStream.LksClientHalf()
mask := make([]byte, len(oldClientHalf))
libkb.XORBytes(mask, oldClientHalf, newClientHalf)
lksch := make(map[keybase1.KID]string)
devices := c.me.GetComputedKeyFamily().GetAllDevices()
for _, dev := range devices {
if !dev.IsActive() {
continue
}
key, err := c.me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(dev.ID)
if err != nil {
return nil, err
}
ctext, err := key.EncryptToString(newClientHalf, nil)
if err != nil {
return nil, err
}
lksch[key.GetKID()] = ctext
}
payload := make(libkb.JSONPayload)
payload["pwh"] = libkb.HexArg(newPWH).String()
payload["pwh_version"] = triplesec.Version
payload["lks_mask"] = libkb.HexArg(mask).String()
payload["lks_client_halves"] = lksch
var encodedKeys []string
for _, key := range pgpKeys {
encoded, err := c.encodePrivatePGPKey(key, tsec, existingGen+1)
if err != nil {
return nil, err
}
encodedKeys = append(encodedKeys, encoded)
}
payload["private_keys"] = encodedKeys
return payload, nil
}
func (s *SignupEngine) genPassphraseStream(a libkb.LoginContext, passphrase string) error {
salt, err := libkb.RandBytes(triplesec.SaltLen)
if err != nil {
return err
}
s.pwsalt = salt
s.tsec, s.ppStream, err = libkb.StretchPassphrase(passphrase, salt)
if err != nil {
return err
}
return nil
}
func Fuzz(data []byte) int {
split := len(data) / 2
pp := string(data[0:split])
salt := data[split:]
tsec, pps, err := libkb.StretchPassphrase(pp, salt)
if err != nil {
if tsec != nil {
panic("tsec not nil on error")
}
if pps != nil {
panic("pps not nil on error")
}
return 0
}
return 1
}
// makeDeviceWrapArgs creates a base set of args for DeviceWrap.
func (e *PGPProvision) makeDeviceWrapArgs(ctx *Context) (*DeviceWrapArgs, error) {
// generate lks
salt, err := ctx.LoginContext.LoginSession().Salt()
if err != nil {
return nil, err
}
_, pps, err := libkb.StretchPassphrase(e.G(), e.passphrase, salt)
if err != nil {
return nil, err
}
// since this is just for testing, ok to set this explicitly
pps.SetGeneration(1)
lks := libkb.NewLKSec(pps, e.user.GetUID(), e.G())
return &DeviceWrapArgs{
Me: e.user,
DeviceName: e.deviceName,
DeviceType: libkb.DeviceTypeDesktop,
Lks: lks,
}, nil
}