// check cached keys for arg.Bundles match.
func matchingCachedKey(g *libkb.GlobalContext, arg keybase1.UnboxBytes32AnyArg) (key libkb.GenericKey, index int, err error) {
err = g.LoginState().Account(func(a *libkb.Account) {
// check device key first
dkey, err := a.CachedSecretKey(libkb.SecretKeyArg{KeyType: libkb.DeviceEncryptionKeyType})
if err == nil {
if n, ok := kidMatch(dkey, arg.Bundles); ok {
key = dkey
index = n
return
}
}
// check paper key
pkey := a.GetUnlockedPaperEncKey()
if n, ok := kidMatch(pkey, arg.Bundles); ok {
key = pkey
index = n
return
}
}, "UnboxBytes32Any")
if err != nil {
return nil, 0, err
}
if key != nil {
return key, index, nil
}
return nil, 0, nil
}
func getMySecretKey(
g *libkb.GlobalContext, secretUI libkb.SecretUI,
secretKeyType libkb.SecretKeyType, reason string) (
libkb.GenericKey, error) {
var key libkb.GenericKey
var err error
aerr := g.LoginState().Account(func(a *libkb.Account) {
key, err = a.CachedSecretKey(libkb.SecretKeyArg{KeyType: secretKeyType})
}, "Keyrings - cachedSecretKey")
if key != nil && err == nil {
return key, nil
}
if aerr != nil {
g.Log.Debug("error getting account: %s", aerr)
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(g))
if err != nil {
return nil, err
}
arg := libkb.SecretKeyPromptArg{
Ska: libkb.SecretKeyArg{
Me: me,
KeyType: secretKeyType,
},
SecretUI: secretUI,
Reason: reason,
UseCancelCache: true,
}
return g.Keyrings.GetSecretKeyWithPrompt(arg)
}
func CurrentUID(g *libkb.GlobalContext) (keybase1.UID, error) {
var loggedIn bool
var err error
var uid keybase1.UID
aerr := g.LoginState().Account(func(a *libkb.Account) {
loggedIn, err = a.LoggedInProvisionedLoad()
if err != nil {
return
}
if !loggedIn {
return
}
uid = a.LocalSession().GetUID()
}, "Service - SessionHandler - CurrentUID")
if aerr != nil {
return uid, aerr
}
if err != nil {
return uid, err
}
if !loggedIn {
return uid, libkb.LoginRequiredError{}
}
return uid, nil
}
// This is used by SaltpackDecrypt as well.
func getPaperKey(g *libkb.GlobalContext, ctx *Context) (*keypair, error) {
passphrase, err := libkb.GetPaperKeyPassphrase(g, ctx.SecretUI, "")
if err != nil {
return nil, err
}
paperPhrase, err := libkb.NewPaperKeyPhraseCheckVersion(g, passphrase)
if err != nil {
return nil, err
}
bkarg := &PaperKeyGenArg{
Passphrase: paperPhrase,
SkipPush: true,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, ctx); err != nil {
return nil, err
}
kp := &keypair{sigKey: bkeng.SigKey(), encKey: bkeng.EncKey()}
if err := g.LoginState().Account(func(a *libkb.Account) {
a.SetUnlockedPaperKey(kp.sigKey, kp.encKey)
}, "UnlockedPaperKey"); err != nil {
return nil, err
}
return kp, nil
}
// check all the user's paper keys for arg.Bundles match
func matchingPaperKey(g *libkb.GlobalContext, secretUI libkb.SecretUI, arg keybase1.UnboxBytes32AnyArg, me *libkb.User) (key libkb.GenericKey, index int, err error) {
cki := me.GetComputedKeyInfos()
if cki == nil {
return nil, 0, nil
}
var matchingPaper []*libkb.Device
for _, pdev := range cki.PaperDevices() {
enckey, err := me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(pdev.ID)
if err != nil {
return nil, 0, err
}
if _, ok := kidMatch(enckey, arg.Bundles); ok {
g.Log.Debug("matching paper key: %s", *pdev.Description)
matchingPaper = append(matchingPaper, pdev)
}
}
if len(matchingPaper) == 0 {
g.Log.Debug("no matching paper keys found")
return nil, 0, nil
}
phrase, err := libkb.GetPaperKeyForCryptoPassphrase(secretUI, arg.Reason, matchingPaper)
if err != nil {
return nil, 0, err
}
paperPhrase, err := libkb.NewPaperKeyPhraseCheckVersion(g, phrase)
if err != nil {
return nil, 0, err
}
bkarg := &PaperKeyGenArg{
Passphrase: paperPhrase,
SkipPush: true,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, &Context{}); err != nil {
return nil, 0, err
}
// find the index for the key they entered (and make sure the key they entered matches)
if n, ok := kidMatch(bkeng.EncKey(), arg.Bundles); ok {
// this key matches, so cache this paper key
if err := g.LoginState().Account(func(a *libkb.Account) {
a.SetUnlockedPaperKey(bkeng.SigKey(), bkeng.EncKey())
}, "UnboxBytes32Any - cache paper key"); err != nil {
return nil, 0, err
}
return bkeng.EncKey(), n, nil
}
return nil, 0, nil
}
// NewScanKeys creates a ScanKeys type. If there is a login
// session, it will load the pgp keys for that user.
func NewScanKeys(secui libkb.SecretUI, idui libkb.IdentifyUI, opts *keybase1.TrackOptions, g *libkb.GlobalContext) (*ScanKeys, error) {
sk := &ScanKeys{
secui: secui,
idui: idui,
opts: opts,
Contextified: libkb.NewContextified(g),
}
var err error
g.Log.Debug("+ NewScanKeys")
defer func() {
g.Log.Debug("- NewScanKeys -> %s", err)
}()
lin, err := g.LoginState().LoggedInLoad()
if err != nil {
return nil, err
}
if !lin {
return sk, nil
}
// logged in:
sk.me, err = libkb.LoadMe(libkb.NewLoadUserArg(sk.G()))
if err != nil {
return nil, fmt.Errorf("loadme error: %s", err)
}
// if user provided, then load their local keys, and their synced secret key:
synced, err := sk.me.GetSyncedSecretKey()
if err != nil {
return nil, fmt.Errorf("getsyncedsecret err: %s", err)
}
aerr := sk.G().LoginState().Account(func(a *libkb.Account) {
var ring *libkb.SKBKeyringFile
ring, err = a.Keyring()
if err != nil {
return
}
err = sk.coalesceBlocks(ring, synced)
}, "NewScanKeys - coalesceBlocks")
if aerr != nil {
return nil, err
}
if err != nil {
return nil, err
}
return sk, nil
}
func getMySecretKey(g *libkb.GlobalContext, getSecretUI func() libkb.SecretUI, secretKeyType libkb.SecretKeyType, reason string) (libkb.GenericKey, error) {
g.Log.Debug("getMySecretKey: acquiring lock")
getKeyMu.Lock()
defer func() {
getKeyMu.Unlock()
g.Log.Debug("getMySecretKey: lock released")
}()
g.Log.Debug("getMySecretKey: lock acquired")
// check cache after acquiring lock
var key libkb.GenericKey
var err error
aerr := g.LoginState().Account(func(a *libkb.Account) {
key, err = a.CachedSecretKey(libkb.SecretKeyArg{KeyType: secretKeyType})
}, "Keyrings - cachedSecretKey")
if key != nil && err == nil {
return key, nil
}
if aerr != nil {
g.Log.Debug("error getting account: %s", aerr)
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(g))
if err != nil {
return nil, err
}
arg := libkb.SecretKeyPromptArg{
Ska: libkb.SecretKeyArg{
Me: me,
KeyType: secretKeyType,
},
SecretUI: getSecretUI(),
Reason: reason,
UseCancelCache: true,
}
return g.Keyrings.GetSecretKeyWithPrompt(arg)
}
