// checkReverseSig verifies that the reverse sig in jw is valid
// and matches jw.
func (e *Kex2Provisioner) checkReverseSig(jw *jsonw.Wrapper) error {
kid, err := jw.AtPath("body.sibkey.kid").GetString()
if err != nil {
return err
}
keypair, err := libkb.ImportKeypairFromKID(keybase1.KIDFromString(kid))
if err != nil {
return err
}
revsig, err := jw.AtPath("body.sibkey.reverse_sig").GetString()
if err != nil {
return err
}
// set reverse_sig to nil to verify it:
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewNil())
msg, err := jw.Marshal()
if err != nil {
return err
}
_, err = keypair.VerifyString(revsig, msg)
if err != nil {
return err
}
// put reverse_sig back in
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(revsig))
return nil
}
func (e *Kex2Provisionee) addDeviceSibkey(jw *jsonw.Wrapper) error {
if e.device.Description == nil {
e.G().Log.Debug("prompting for device name")
// TODO: get existing device names
arg := keybase1.PromptNewDeviceNameArg{}
name, err := e.ctx.ProvisionUI.PromptNewDeviceName(context.TODO(), arg)
if err != nil {
return err
}
e.device.Description = &name
e.G().Log.Debug("got device name: %q", name)
}
s := libkb.DeviceStatusActive
e.device.Status = &s
e.device.Kid = e.eddsa.GetKID()
dw, err := e.device.Export(libkb.SibkeyType)
if err != nil {
return err
}
jw.SetValueAtPath("body.device", dw)
if err = jw.SetValueAtPath("body.sibkey.kid", jsonw.NewString(e.eddsa.GetKID().String())); err != nil {
return err
}
return nil
}
func (e *Kex2Provisionee) reverseSig(jw *jsonw.Wrapper) error {
// need to set reverse_sig to nil before making reverse sig:
if err := jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewNil()); err != nil {
return err
}
sig, _, _, err := libkb.SignJSON(jw, e.eddsa)
if err != nil {
return err
}
// put the signature in reverse_sig
if err := jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil {
return err
}
return nil
}
func (e *Kex2Provisionee) addDeviceSibkey(jw *jsonw.Wrapper) error {
if e.device.Description == nil {
// need user to get existing device names
loadArg := libkb.NewLoadUserByNameArg(e.G(), e.username)
loadArg.LoginContext = e.ctx.LoginContext
user, err := libkb.LoadUser(loadArg)
if err != nil {
return err
}
existingDevices, err := user.DeviceNames()
if err != nil {
e.G().Log.Debug("proceeding despite error getting existing device names: %s", err)
}
e.G().Log.Debug("prompting for device name")
arg := keybase1.PromptNewDeviceNameArg{
ExistingDevices: existingDevices,
}
name, err := e.ctx.ProvisionUI.PromptNewDeviceName(context.TODO(), arg)
if err != nil {
return err
}
e.device.Description = &name
e.G().Log.Debug("got device name: %q", name)
}
s := libkb.DeviceStatusActive
e.device.Status = &s
e.device.Kid = e.eddsa.GetKID()
dw, err := e.device.Export(libkb.SibkeyType)
if err != nil {
return err
}
jw.SetValueAtPath("body.device", dw)
if err = jw.SetValueAtPath("body.sibkey.kid", jsonw.NewString(e.eddsa.GetKID().String())); err != nil {
return err
}
return nil
}
