func assertLoadSecretKeys(tc libkb.TestContext, u *FakeUser, msg string) {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G))
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if me == nil {
tc.T.Fatalf("%s: nil LoadMe result", msg)
}
skarg := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
sigKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing sig")
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if sigKey == nil {
tc.T.Fatalf("%s: got nil signing key", msg)
}
skarg.KeyType = libkb.DeviceEncryptionKeyType
encKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing enc")
if err != nil {
tc.T.Fatalf("%s: %s", msg, err)
}
if encKey == nil {
tc.T.Fatalf("%s: got nil encryption key", msg)
}
}
// findDeviceKeys looks for device keys and unlocks them.
func (c *PassphraseChange) findDeviceKeys(ctx *Context) (*keypair, error) {
// need to be logged in to get a device key (unlocked)
lin, err := IsLoggedIn(c, ctx)
if err != nil {
return nil, err
}
if !lin {
return nil, libkb.LoginRequiredError{}
}
// Get unlocked device for decryption and signing
ska := libkb.SecretKeyArg{
Me: c.me,
KeyType: libkb.DeviceEncryptionKeyType,
}
// passing in nil SecretUI since we don't know the passphrase.
c.G().Log.Debug("runForcedUpdate: getting device encryption key")
encKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase")
if err != nil {
return nil, err
}
c.G().Log.Debug("runForcedUpdate: got device encryption key")
c.G().Log.Debug("runForcedUpdate: getting device signing key")
ska.KeyType = libkb.DeviceSigningKeyType
sigKey, err := c.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, ska, nil, "change passphrase")
if err != nil {
return nil, err
}
c.G().Log.Debug("runForcedUpdate: got device signing key")
return &keypair{encKey: encKey, sigKey: sigKey}, nil
}
func (e *loginProvisionedDevice) unlockDeviceKeys(ctx *Context, me *libkb.User) error {
if me == nil {
var err error
me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
}
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
_, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
if err != nil {
return err
}
ska.KeyType = libkb.DeviceEncryptionKeyType
_, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys"))
if err != nil {
return err
}
return nil
}
func (e *SecretKeysEngine) Run(ctx *Context) (err error) {
e.G().Log.Debug("+ SecretKeysEngine Run")
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
// Clear out all the cached secret key state. This forces a password prompt
// below.
e.G().LoginState().Account(func(a *libkb.Account) {
a.ClearStreamCache()
a.ClearCachedSecretKeys()
a.ClearKeyring()
}, "clear stream cache")
ska := libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}
sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key"))
if err != nil {
return err
}
if err = sigKey.CheckSecretKey(); err != nil {
return err
}
sigNaclKey, ok := sigKey.(libkb.NaclSigningKeyPair)
if !ok {
return fmt.Errorf("Expected a NaCl signing key.")
}
e.G().Log.Debug("| got signing key")
ska.KeyType = libkb.DeviceEncryptionKeyType
encKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key"))
if err != nil {
return err
}
if err = encKey.CheckSecretKey(); err != nil {
return err
}
encNaclKey, ok := encKey.(libkb.NaclDHKeyPair)
if !ok {
return fmt.Errorf("Expected a NaCl encryption key.")
}
e.G().Log.Debug("| got encryption key")
e.result.Signing = [64]byte(*sigNaclKey.Private)
e.result.Encryption = [32]byte(*encNaclKey.Private)
return nil
}
