github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/engine/device_wrap.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package engine 5 6 import ( 7 "github.com/keybase/client/go/libkb" 8 keybase1 "github.com/keybase/client/go/protocol/keybase1" 9 ) 10 11 // DeviceWrap is an engine that wraps DeviceRegister and 12 // DeviceKeygen. 13 type DeviceWrap struct { 14 libkb.Contextified 15 16 args *DeviceWrapArgs 17 18 signingKey libkb.GenericKey 19 encryptionKey libkb.NaclDHKeyPair 20 deviceID keybase1.DeviceID 21 } 22 23 type DeviceWrapArgs struct { 24 Me *libkb.User 25 DeviceName string 26 DeviceType keybase1.DeviceTypeV2 27 Lks *libkb.LKSec 28 IsEldest bool 29 IsSelfProvision bool 30 Signer libkb.GenericKey 31 EldestKID keybase1.KID 32 PerUserKeyring *libkb.PerUserKeyring 33 EkReboxer *ephemeralKeyReboxer 34 DeviceID keybase1.DeviceID 35 36 // Used in tests for reproducible key generation 37 naclSigningKeyPair libkb.NaclKeyPair 38 naclEncryptionKeyPair libkb.NaclKeyPair 39 } 40 41 // NewDeviceWrap creates a DeviceWrap engine. 42 func NewDeviceWrap(g *libkb.GlobalContext, args *DeviceWrapArgs) *DeviceWrap { 43 return &DeviceWrap{ 44 args: args, 45 Contextified: libkb.NewContextified(g), 46 } 47 } 48 49 // Name is the unique engine name. 50 func (e *DeviceWrap) Name() string { 51 return "DeviceWrap" 52 } 53 54 // GetPrereqs returns the engine prereqs. 55 func (e *DeviceWrap) Prereqs() Prereqs { 56 return Prereqs{} 57 } 58 59 // RequiredUIs returns the required UIs. 60 func (e *DeviceWrap) RequiredUIs() []libkb.UIKind { 61 return []libkb.UIKind{} 62 } 63 64 // SubConsumers returns the other UI consumers for this engine. 65 func (e *DeviceWrap) SubConsumers() []libkb.UIConsumer { 66 return []libkb.UIConsumer{ 67 &DeviceKeygen{}, 68 } 69 } 70 71 func (e *DeviceWrap) registerDevice(m libkb.MetaContext) (err error) { 72 defer m.Trace("DeviceWrap#registerDevice", &err)() 73 74 if e.args.Me.HasCurrentDeviceInCurrentInstall() && !e.args.IsSelfProvision { 75 return libkb.DeviceAlreadyProvisionedError{} 76 } 77 78 if e.deviceID, err = libkb.NewDeviceID(); err != nil { 79 return err 80 } 81 m.Debug("Device name: %s", e.args.DeviceName) 82 m.Debug("Device ID: %s", e.deviceID) 83 return e.args.Lks.GenerateServerHalf() 84 } 85 86 func (e *DeviceWrap) genKeys(m libkb.MetaContext) (err error) { 87 defer m.Trace("DeviceWrap#genKeys", &err)() 88 89 kgArgs := &DeviceKeygenArgs{ 90 Me: e.args.Me, 91 DeviceID: e.deviceID, 92 DeviceName: e.args.DeviceName, 93 DeviceType: e.args.DeviceType, 94 Lks: e.args.Lks, 95 IsEldest: e.args.IsEldest, 96 IsSelfProvision: e.args.IsSelfProvision, 97 PerUserKeyring: e.args.PerUserKeyring, 98 EkReboxer: e.args.EkReboxer, 99 naclSigningKeyPair: e.args.naclSigningKeyPair, 100 naclEncryptionKeyPair: e.args.naclEncryptionKeyPair, 101 } 102 kgEng := NewDeviceKeygen(m.G(), kgArgs) 103 if err = RunEngine2(m, kgEng); err != nil { 104 return err 105 } 106 107 pargs := &DeviceKeygenPushArgs{ 108 Signer: e.args.Signer, 109 EldestKID: e.args.EldestKID, 110 } 111 112 if err = kgEng.Push(m, pargs); err != nil { 113 return err 114 } 115 116 e.signingKey = kgEng.SigningKey() 117 e.encryptionKey = kgEng.EncryptionKey() 118 return nil 119 } 120 121 func (e *DeviceWrap) refreshMe(m libkb.MetaContext) (err error) { 122 defer m.Trace("DeviceWrap#refreshMe", &err)() 123 if !(e.args.IsEldest || e.args.IsSelfProvision) { 124 return nil 125 } 126 m.Debug("reloading Me because we just bumped eldest seqno or self provisioned") 127 me, err := libkb.LoadMe(libkb.NewLoadUserArgWithMetaContext(m)) 128 if err != nil { 129 return err 130 } 131 e.args.Me = me 132 return nil 133 } 134 135 func (e *DeviceWrap) deviceWithKeys(m libkb.MetaContext, mode libkb.KeychainMode) *libkb.DeviceWithKeys { 136 return libkb.NewDeviceWithKeys(e.signingKey, e.encryptionKey, e.deviceID, e.args.DeviceName, mode) 137 } 138 139 // SwitchConfigAndActiveDevice changes active device to the one 140 // generated by DeviceWrap. It switches UserConfig and sets global 141 // ActiveDevice. 142 func (e *DeviceWrap) SwitchConfigAndActiveDevice(m libkb.MetaContext) (err error) { 143 defer m.Trace("DeviceWrap#SwitchConfigAndActiveDevice", &err)() 144 145 if err = e.refreshMe(m); err != nil { 146 return err 147 } 148 149 salt, err := e.args.Me.GetSalt() 150 if err != nil { 151 return err 152 } 153 me := e.args.Me 154 155 // Atomically swap to the new config and active device 156 if e.args.DeviceType == keybase1.DeviceTypeV2_PAPER { 157 err = m.SwitchUserToActiveOneshotDevice(me.ToUserVersion(), me.GetNormalizedName(), e.deviceWithKeys(m, libkb.KeychainModeNone)) 158 } else { 159 err = m.SwitchUserNewConfigActiveDevice(me.ToUserVersion(), me.GetNormalizedName(), salt, 160 e.deviceID, e.signingKey, e.encryptionKey, e.args.DeviceName, libkb.KeychainModeOS) 161 } 162 if err != nil { 163 return err 164 } 165 166 // Sync down secrets for future offline login attempts to work. 167 // This will largely just download what we just uploaded, but it's 168 // easy to do this way. 169 _, w := m.ActiveDevice().SyncSecrets(m) 170 if w != nil { 171 m.Warning("Error sync secrets: %s", w.Error()) 172 } 173 return nil 174 } 175 176 // Run starts the engine. 177 func (e *DeviceWrap) Run(m libkb.MetaContext) (err error) { 178 179 defer m.Trace("DeviceWrap#Run", &err)() 180 181 if err = e.registerDevice(m); err != nil { 182 return err 183 } 184 185 return e.genKeys(m) 186 } 187 188 func (e *DeviceWrap) SigningKey() libkb.GenericKey { 189 return e.signingKey 190 } 191 192 func (e *DeviceWrap) EncryptionKey() libkb.NaclDHKeyPair { 193 return e.encryptionKey 194 } 195 196 func (e *DeviceWrap) DeviceID() keybase1.DeviceID { 197 return e.deviceID 198 }