// commonArgs must be called inside a LoginState().Account(...)
// closure
func (c *PassphraseChange) commonArgs(a *libkb.Account, oldClientHalf []byte, pgpKeys []libkb.GenericKey, existingGen libkb.PassphraseGeneration) (libkb.JSONPayload, error) {
// ensure that the login session is loaded
if err := a.LoadLoginSession(c.me.GetName()); err != nil {
return nil, err
}
salt, err := a.LoginSession().Salt()
if err != nil {
return nil, err
}
tsec, newPPStream, err := libkb.StretchPassphrase(c.arg.Passphrase, salt)
if err != nil {
return nil, err
}
newPWH := newPPStream.PWHash()
newClientHalf := newPPStream.LksClientHalf()
mask := make([]byte, len(oldClientHalf))
libkb.XORBytes(mask, oldClientHalf, newClientHalf)
lksch := make(map[keybase1.KID]string)
devices := c.me.GetComputedKeyFamily().GetAllDevices()
for _, dev := range devices {
if !dev.IsActive() {
continue
}
key, err := c.me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(dev.ID)
if err != nil {
return nil, err
}
ctext, err := key.EncryptToString(newClientHalf, nil)
if err != nil {
return nil, err
}
lksch[key.GetKID()] = ctext
}
payload := make(libkb.JSONPayload)
payload["pwh"] = libkb.HexArg(newPWH).String()
payload["pwh_version"] = triplesec.Version
payload["lks_mask"] = libkb.HexArg(mask).String()
payload["lks_client_halves"] = lksch
var encodedKeys []string
for _, key := range pgpKeys {
encoded, err := c.encodePrivatePGPKey(key, tsec, existingGen+1)
if err != nil {
return nil, err
}
encodedKeys = append(encodedKeys, encoded)
}
payload["private_keys"] = encodedKeys
return payload, nil
}
func (e *PaperKeyGen) getClientHalfFromSecretStore() ([]byte, libkb.PassphraseGeneration, error) {
zeroGen := libkb.PassphraseGeneration(0)
secretStore := libkb.NewSecretStore(e.G(), e.arg.Me.GetNormalizedName())
if secretStore == nil {
return nil, zeroGen, errors.New("No secret store available")
}
secret, err := secretStore.RetrieveSecret()
if err != nil {
return nil, zeroGen, err
}
devid := e.G().Env.GetDeviceID()
if devid.IsNil() {
return nil, zeroGen, fmt.Errorf("no device id set")
}
var dev libkb.DeviceKey
aerr := e.G().LoginState().Account(func(a *libkb.Account) {
if err = libkb.RunSyncer(a.SecretSyncer(), e.arg.Me.GetUID(), a.LoggedIn(), a.LocalSession()); err != nil {
return
}
dev, err = a.SecretSyncer().FindDevice(devid)
}, "BackupKeygen.Run() -- retrieving passphrase generation)")
if aerr != nil {
return nil, zeroGen, aerr
}
if err != nil {
return nil, zeroGen, err
}
serverHalf, err := hex.DecodeString(dev.LksServerHalf)
if err != nil {
return nil, zeroGen, err
}
if len(secret) != len(serverHalf) {
return nil, zeroGen, fmt.Errorf("secret has length %d, server half has length %d", len(secret), len(serverHalf))
}
clientHalf := make([]byte, len(secret))
libkb.XORBytes(clientHalf, secret, serverHalf)
return clientHalf, dev.PPGen, nil
}