// commonArgs must be called inside a LoginState().Account(...)
// closure
func (c *PassphraseChange) commonArgs(a *libkb.Account, oldClientHalf []byte, pgpKeys []libkb.GenericKey, existingGen libkb.PassphraseGeneration) (libkb.JSONPayload, error) {
// ensure that the login session is loaded
if err := a.LoadLoginSession(c.me.GetName()); err != nil {
return nil, err
}
salt, err := a.LoginSession().Salt()
if err != nil {
return nil, err
}
tsec, newPPStream, err := libkb.StretchPassphrase(c.arg.Passphrase, salt)
if err != nil {
return nil, err
}
newPWH := newPPStream.PWHash()
newClientHalf := newPPStream.LksClientHalf()
mask := make([]byte, len(oldClientHalf))
libkb.XORBytes(mask, oldClientHalf, newClientHalf)
lksch := make(map[keybase1.KID]string)
devices := c.me.GetComputedKeyFamily().GetAllDevices()
for _, dev := range devices {
if !dev.IsActive() {
continue
}
key, err := c.me.GetComputedKeyFamily().GetEncryptionSubkeyForDevice(dev.ID)
if err != nil {
return nil, err
}
ctext, err := key.EncryptToString(newClientHalf, nil)
if err != nil {
return nil, err
}
lksch[key.GetKID()] = ctext
}
payload := make(libkb.JSONPayload)
payload["pwh"] = libkb.HexArg(newPWH).String()
payload["pwh_version"] = triplesec.Version
payload["lks_mask"] = libkb.HexArg(mask).String()
payload["lks_client_halves"] = lksch
var encodedKeys []string
for _, key := range pgpKeys {
encoded, err := c.encodePrivatePGPKey(key, tsec, existingGen+1)
if err != nil {
return nil, err
}
encodedKeys = append(encodedKeys, encoded)
}
payload["private_keys"] = encodedKeys
return payload, nil
}
// runStandardUpdate is for when the user knows the current
// password.
func (c *PassphraseChange) runStandardUpdate(ctx *Context) (err error) {
c.G().Log.Debug("+ PassphraseChange.runStandardUpdate")
defer func() {
c.G().Log.Debug("- PassphraseChange.runStandardUpdate -> %s", libkb.ErrToOk(err))
}()
if len(c.arg.OldPassphrase) == 0 {
err = c.getVerifiedPassphraseHash(ctx)
} else {
err = c.verifySuppliedPassphrase(ctx)
}
if err != nil {
return err
}
pgpKeys, err := c.findAndDecryptPrivatePGPKeys(ctx)
if err != nil {
return err
}
var acctErr error
c.G().LoginState().Account(func(a *libkb.Account) {
gen := a.PassphraseStreamCache().PassphraseStream().Generation()
oldPWH := a.PassphraseStreamCache().PassphraseStream().PWHash()
oldClientHalf := a.PassphraseStreamCache().PassphraseStream().LksClientHalf()
payload, err := c.commonArgs(a, oldClientHalf, pgpKeys, gen)
if err != nil {
acctErr = err
return
}
payload["oldpwh"] = libkb.HexArg(oldPWH).String()
payload["ppgen"] = gen
postArg := libkb.APIArg{
Endpoint: "passphrase/replace",
NeedSession: true,
JSONPayload: payload,
SessionR: a.LocalSession(),
}
_, err = c.G().API.PostJSON(postArg)
if err != nil {
acctErr = err
return
}
}, "PassphraseChange.runStandardUpdate")
if acctErr != nil {
err = acctErr
return err
}
return nil
}
func ResetAccount(tc libkb.TestContext, u *FakeUser) {
pps, err := tc.G.LoginState().GetPassphraseStreamWithPassphrase(u.Passphrase)
if err != nil {
tc.T.Fatal(err)
}
arg := libkb.APIArg{
Endpoint: "nuke",
NeedSession: true,
Args: libkb.HTTPArgs{
"pwh": libkb.HexArg(pps.PWHash()),
},
}
res, err := tc.G.API.Post(arg)
if err != nil {
tc.T.Fatal(err)
}
tc.T.Logf("nuke api result: %+v", res)
Logout(tc)
}
