// SignED25519 signs the given message with the current user's private
// signing key.
func SignED25519(g *libkb.GlobalContext, getSecretUI func() libkb.SecretUI, arg keybase1.SignED25519Arg) (ret keybase1.ED25519SignatureInfo, err error) {
signingKey, err := getMySecretKey(g, getSecretUI, libkb.DeviceSigningKeyType, arg.Reason)
if err != nil {
return
}
kp, ok := signingKey.(libkb.NaclSigningKeyPair)
if !ok || kp.Private == nil {
err = libkb.KeyCannotSignError{}
return
}
sig := *kp.Private.Sign(arg.Msg)
publicKey := kp.Public
ret = keybase1.ED25519SignatureInfo{
Sig: keybase1.ED25519Signature(sig),
PublicKey: keybase1.ED25519PublicKey(publicKey),
}
return
}
func (fc FakeCryptoClient) Call(ctx context.Context, s string, args interface{}, res interface{}) error {
switch s {
case "keybase.1.crypto.signED25519":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.SignED25519Arg)
sigInfo, err := fc.Local.Sign(context.Background(), arg.Msg)
if err != nil {
return err
}
sigRes := res.(*keybase1.ED25519SignatureInfo)
// Normally, we'd have to validate all the parameters
// in sigInfo, but since this is used in tests only,
// there's no need.
var ed25519Signature keybase1.ED25519Signature
copy(ed25519Signature[:], sigInfo.Signature)
publicKey :=
libkb.KIDToNaclSigningKeyPublic(sigInfo.VerifyingKey.kid.ToBytes())
*sigRes = keybase1.ED25519SignatureInfo{
Sig: ed25519Signature,
PublicKey: keybase1.ED25519PublicKey(*publicKey),
}
return nil
case "keybase.1.crypto.unboxBytes32":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.UnboxBytes32Arg)
publicKey := MakeTLFEphemeralPublicKey(arg.PeersPublicKey)
encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{
Version: EncryptionSecretbox,
EncryptedData: arg.EncryptedBytes32[:],
Nonce: arg.Nonce[:],
}
clientHalf, err := fc.Local.DecryptTLFCryptKeyClientHalf(
context.Background(), publicKey, encryptedClientHalf)
if err != nil {
return err
}
res := res.(*keybase1.Bytes32)
*res = clientHalf.data
return nil
case "keybase.1.crypto.unboxBytes32Any":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.UnboxBytes32AnyArg)
keys := make([]EncryptedTLFCryptKeyClientAndEphemeral, 0, len(arg.Bundles))
for _, k := range arg.Bundles {
ePublicKey := MakeTLFEphemeralPublicKey(k.PublicKey)
encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{
Version: EncryptionSecretbox,
EncryptedData: make([]byte, len(k.Ciphertext)),
Nonce: make([]byte, len(k.Nonce)),
}
copy(encryptedClientHalf.EncryptedData, k.Ciphertext[:])
copy(encryptedClientHalf.Nonce, k.Nonce[:])
keys = append(keys, EncryptedTLFCryptKeyClientAndEphemeral{
EPubKey: ePublicKey,
ClientHalf: encryptedClientHalf,
PubKey: MakeCryptPublicKey(k.Kid),
})
}
clientHalf, index, err := fc.Local.DecryptTLFCryptKeyClientHalfAny(
context.Background(), keys, arg.PromptPaper)
if err != nil {
return err
}
res := res.(*keybase1.UnboxAnyRes)
res.Plaintext = clientHalf.data
res.Index = index
res.Kid = keys[index].PubKey.kidContainer.kid
return nil
default:
return fmt.Errorf("Unknown call: %s %v %v", s, args, res)
}
}
