// GetTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) GetTLFCryptKeyServerHalfID(
user keybase1.UID, deviceKID keybase1.KID,
serverHalf TLFCryptKeyServerHalf) (TLFCryptKeyServerHalfID, error) {
key := serverHalf.data[:]
data := append(user.ToBytes(), deviceKID.ToBytes()...)
hmac, err := DefaultHMAC(key, data)
if err != nil {
return TLFCryptKeyServerHalfID{}, err
}
return TLFCryptKeyServerHalfID{
ID: hmac,
}, nil
}
func (g *gregorHandler) auth(ctx context.Context, cli rpc.GenericClient) (err error) {
var token string
var uid keybase1.UID
// Check to see if we have been shutdown,
select {
case <-g.shutdownCh:
g.Debug("server is dead, not authenticating")
return errors.New("server is dead, not authenticating")
default:
// if we were going to block, then that means we are still alive
}
// Continue on and authenticate
aerr := g.G().LoginState().LocalSession(func(s *libkb.Session) {
token = s.GetToken()
uid = s.GetUID()
}, "gregor handler - login session")
if aerr != nil {
g.skipRetryConnect = true
return aerr
}
g.Debug("have session token")
g.Debug("authenticating")
ac := gregor1.AuthClient{Cli: cli}
auth, err := ac.AuthenticateSessionToken(ctx, gregor1.SessionToken(token))
if err != nil {
g.Debug("auth error: %s", err)
return err
}
g.Debug("auth result: %+v", auth)
if !bytes.Equal(auth.Uid, uid.ToBytes()) {
g.skipRetryConnect = true
return fmt.Errorf("auth result uid %x doesn't match session uid %q", auth.Uid, uid)
}
g.sessionID = auth.Sid
return nil
}
// VerifyTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) VerifyTLFCryptKeyServerHalfID(serverHalfID TLFCryptKeyServerHalfID,
user keybase1.UID, deviceKID keybase1.KID, serverHalf TLFCryptKeyServerHalf) error {
key := serverHalf.data[:]
data := append(user.ToBytes(), deviceKID.ToBytes()...)
return serverHalfID.ID.Verify(key, data)
}