func (k *KexProvisioner) handlePleaseSign(ctx *Context, m *kex.Msg) error {
eddsa := m.Args().SigningKey
sig := m.Args().Sig
keypair := libkb.NaclSigningKeyPair{Public: eddsa}
sigPayload, _, err := keypair.VerifyStringAndExtract(sig)
if err != nil {
return err
}
k.G().Log.Debug("Got PleaseSign() on verified JSON blob %s\n", string(sigPayload))
// k.deviceSibkey is public only
if k.sigKey == nil {
var err error
arg := libkb.SecretKeyArg{
Me: k.user,
KeyType: libkb.DeviceSigningKeyType,
}
k.sigKey, err = k.G().Keyrings.GetSecretKeyWithPrompt(nil, arg, k.engctx.SecretUI, "new device install")
if err != nil {
return err
}
}
jw, err := jsonw.Unmarshal(sigPayload)
if err != nil {
return err
}
var newKID keybase1.KID
var newKey libkb.GenericKey
if newKID, err = libkb.GetKID(jw.AtPath("body.sibkey.kid")); err != nil {
return err
}
if newKey, err = libkb.ImportKeypairFromKID(newKID); err != nil {
return err
}
if err = k.verifyPleaseSign(jw, newKID); err != nil {
return err
}
if err = jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil {
return err
}
del := libkb.Delegator{
NewKey: newKey,
ExistingKey: k.sigKey,
Me: k.user,
Expire: libkb.NaclEdDSAExpireIn,
DelegationType: libkb.SibkeyType,
EldestKID: k.user.GetEldestKID(),
Contextified: libkb.NewContextified(k.G()),
}
if err = del.CheckArgs(); err != nil {
return err
}
if err = del.SignAndPost(ctx.LoginContext, jw); err != nil {
return err
}
return nil
}
func (k *KexNewDevice) handleHello(ctx *Context, m *kex.Msg) (err error) {
k.xDevKey, err = libkb.ImportKeypairFromKID(m.Args().DevKeyID)
return
}