forked from keybase/client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
common.go
128 lines (111 loc) · 3.32 KB
/
common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package engine
import (
"fmt"
"github.com/keybase/client/go/libkb"
keybase1 "github.com/keybase/client/go/protocol"
)
func IsLoggedIn(e Engine, ctx *Context) (bool, error) {
if ctx.LoginContext != nil {
return ctx.LoginContext.LoggedInLoad()
}
return e.G().LoginState().LoggedInLoad()
}
func IsProvisioned(e Engine, ctx *Context) (bool, error) {
if ctx.LoginContext != nil {
return ctx.LoginContext.LoggedInProvisionedLoad()
}
return e.G().LoginState().LoggedInProvisionedLoad()
}
type keypair struct {
encKey libkb.GenericKey
sigKey libkb.GenericKey
}
// findPaperKeys checks if the user has paper backup keys. If he/she
// does, it prompts for a paperkey phrase. This is used to
// regenerate paper keys, which are then matched against the
// paper keys found in the keyfamily.
func findPaperKeys(ctx *Context, g *libkb.GlobalContext, me *libkb.User) (*keypair, error) {
cki := me.GetComputedKeyInfos()
if cki == nil {
return nil, fmt.Errorf("no computed key infos")
}
bdevs := cki.PaperDevices()
if len(bdevs) == 0 {
return nil, libkb.NoPaperKeysError{}
}
passphrase, err := ctx.SecretUI.GetPaperKeyPassphrase(keybase1.GetPaperKeyPassphraseArg{Username: me.GetName()})
if err != nil {
return nil, err
}
paperPhrase := libkb.NewPaperKeyPhrase(passphrase)
if paperPhrase.Version() != libkb.PaperKeyVersion {
g.Log.Debug("paper version mismatch: generated paper key version = %d, libkb version = %d", paperPhrase.Version(), libkb.PaperKeyVersion)
return nil, libkb.KeyVersionError{}
}
bkarg := &PaperKeyGenArg{
Passphrase: libkb.NewPaperKeyPhrase(passphrase),
SkipPush: true,
Me: me,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, ctx); err != nil {
return nil, err
}
sigKey := bkeng.SigKey()
encKey := bkeng.EncKey()
var match bool
ckf := me.GetComputedKeyFamily()
for _, bdev := range bdevs {
sk, err := ckf.GetSibkeyForDevice(bdev.ID)
if err != nil {
continue
}
ek, err := ckf.GetEncryptionSubkeyForDevice(bdev.ID)
if err != nil {
continue
}
if sk.GetKID().Equal(sigKey.GetKID()) && ek.GetKID().Equal(encKey.GetKID()) {
match = true
break
}
}
if !match {
return nil, libkb.PassphraseError{Msg: "no matching paper backup keys found"}
}
return &keypair{sigKey: sigKey, encKey: encKey}, nil
}
// fetchLKS gets the encrypted LKS client half from the server.
// It uses encKey to decrypt it. It also returns the passphrase
// generation.
func fetchLKS(ctx *Context, g *libkb.GlobalContext, encKey libkb.GenericKey) (libkb.PassphraseGeneration, []byte, error) {
arg := libkb.APIArg{
Endpoint: "passphrase/recover",
NeedSession: true,
Args: libkb.HTTPArgs{
"kid": encKey.GetKID(),
},
}
if ctx.LoginContext != nil {
arg.SessionR = ctx.LoginContext.LocalSession()
}
res, err := g.API.Get(arg)
if err != nil {
return 0, nil, err
}
ctext, err := res.Body.AtKey("ctext").GetString()
if err != nil {
return 0, nil, err
}
ppGen, err := res.Body.AtKey("passphrase_generation").GetInt()
if err != nil {
return 0, nil, err
}
// Now try to decrypt with the unlocked device key
msg, _, err := encKey.DecryptFromString(ctext)
if err != nil {
return 0, nil, err
}
return libkb.PassphraseGeneration(ppGen), msg, nil
}