ephemeral

package
v0.0.0-...-af03506 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: BSD-3-Clause Imports: 19 Imported by: 19

Documentation

Index

Constants

View Source
const (
	DefaultHumanErrMsg           = "This exploding message is not available"
	DefaultPluralHumanErrMsg     = "%d exploding messages are not available"
	DeviceCloneErrMsg            = "cloned devices do not support exploding messages"
	DeviceCloneWithOneshotErrMsg = "to support exploding messages in `oneshot` mode, you need a separate paper key for each running instance"
	DeviceAfterEKErrMsg          = "because this device was created after it was sent"
	MemberAfterEKErrMsg          = "because you joined the team after it was sent"
	DeviceStaleErrMsg            = "because this device wasn't online to generate an exploding key"
	UserStaleErrMsg              = "because you weren't online to generate new exploding keys"
)
View Source
const LibCacheEntryLifetime = time.Minute * 5
View Source
const MemCacheLRUSize = 1000
View Source
const SkipKeygenNilMerkleRoot = "Skipping key generation, unable to fetch merkle root"

Variables

This section is empty.

Functions

func ForcePublishNewTeamEKForTesting

func ForcePublishNewTeamEKForTesting(mctx libkb.MetaContext, teamID keybase1.TeamID,
	merkleRoot libkb.MerkleRoot) (metadata keybase1.TeamEkMetadata, err error)

func ForcePublishNewUserEKForTesting

func ForcePublishNewUserEKForTesting(mctx libkb.MetaContext, merkleRoot libkb.MerkleRoot) (metadata keybase1.UserEkMetadata, err error)

func HandleNewTeamEK

func HandleNewTeamEK(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration) (err error)

func HandleNewTeambotEK

func HandleNewTeambotEK(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration) (err error)

func HandleTeambotEKNeeded

func HandleTeambotEKNeeded(mctx libkb.MetaContext, teamID keybase1.TeamID, botUID keybase1.UID,
	generation keybase1.EkGeneration, forceCreateGen *keybase1.EkGeneration) (err error)

HandleTeambotEKNeeded forces a teambot ek to be generated since the bot does not have access. All team members are notified and race to publish the requested key.

func NewEphemeralStorageAndInstall

func NewEphemeralStorageAndInstall(mctx libkb.MetaContext)

Creates a ephemeral key storage and installs it into G.

func PluralizeErrorMessage

func PluralizeErrorMessage(msg string, count int) string

func ServiceInit

func ServiceInit(mctx libkb.MetaContext)

Types

type DeviceEKMap

type DeviceEKMap map[keybase1.EkGeneration]keybase1.DeviceEk

type DeviceEKSeed

type DeviceEKSeed keybase1.Bytes32

func (*DeviceEKSeed) DeriveDHKey

func (s *DeviceEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair

type DeviceEKStorage

type DeviceEKStorage struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewDeviceEKStorage

func NewDeviceEKStorage(mctx libkb.MetaContext) *DeviceEKStorage

func (*DeviceEKStorage) ClearCache

func (s *DeviceEKStorage) ClearCache()

func (*DeviceEKStorage) Delete

func (s *DeviceEKStorage) Delete(mctx libkb.MetaContext, generation keybase1.EkGeneration,
	reason string, args ...interface{}) (err error)

func (*DeviceEKStorage) DeleteExpired

func (s *DeviceEKStorage) DeleteExpired(mctx libkb.MetaContext, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)

func (*DeviceEKStorage) ForceDeleteAll

func (s *DeviceEKStorage) ForceDeleteAll(mctx libkb.MetaContext, username libkb.NormalizedUsername) (err error)

func (*DeviceEKStorage) Get

func (s *DeviceEKStorage) Get(mctx libkb.MetaContext, generation keybase1.EkGeneration) (deviceEK keybase1.DeviceEk, err error)

func (*DeviceEKStorage) GetAll

func (s *DeviceEKStorage) GetAll(mctx libkb.MetaContext) (deviceEKs DeviceEKMap, err error)

func (*DeviceEKStorage) GetAllActive

func (s *DeviceEKStorage) GetAllActive(mctx libkb.MetaContext, merkleRoot libkb.MerkleRoot) (metadatas []keybase1.DeviceEkMetadata, err error)

func (*DeviceEKStorage) ListAllForUser

func (s *DeviceEKStorage) ListAllForUser(mctx libkb.MetaContext) (all []string, err error)

ListAllForUser lists the internal storage name of deviceEKs of the logged in user. This is used for logsend purposes to debug ek state.

func (*DeviceEKStorage) MaxGeneration

func (s *DeviceEKStorage) MaxGeneration(mctx libkb.MetaContext, includeErrs bool) (maxGeneration keybase1.EkGeneration, err error)

func (*DeviceEKStorage) Put

func (s *DeviceEKStorage) Put(mctx libkb.MetaContext, generation keybase1.EkGeneration, deviceEK keybase1.DeviceEk) (err error)

func (*DeviceEKStorage) SetLogPrefix

func (s *DeviceEKStorage) SetLogPrefix(mctx libkb.MetaContext)

type EKLib

type EKLib struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewEKLib

func NewEKLib(mctx libkb.MetaContext) *EKLib

func (*EKLib) BoxLatestTeamEK

func (e *EKLib) BoxLatestTeamEK(mctx libkb.MetaContext, teamID keybase1.TeamID, recipients []keybase1.UID) (teamEKBoxes *[]keybase1.TeamEkBoxMetadata, err error)

func (*EKLib) BoxLatestUserEK

func (e *EKLib) BoxLatestUserEK(mctx libkb.MetaContext, receiverKey libkb.NaclDHKeyPair,
	deviceEKGeneration keybase1.EkGeneration) (userEKBox *keybase1.UserEkBoxed, err error)

For device provisioning

func (*EKLib) CleanupStaleUserAndDeviceEKs

func (e *EKLib) CleanupStaleUserAndDeviceEKs(mctx libkb.MetaContext) (err error)

func (*EKLib) ClearCaches

func (e *EKLib) ClearCaches(mctx libkb.MetaContext)

func (*EKLib) DeriveDeviceDHKey

func (e *EKLib) DeriveDeviceDHKey(seed keybase1.Bytes32) *libkb.NaclDHKeyPair

func (*EKLib) ForceCreateTeambotEK

func (e *EKLib) ForceCreateTeambotEK(mctx libkb.MetaContext, teamID keybase1.TeamID, gBotUID gregor1.UID,
	forceCreateGen keybase1.EkGeneration) (ek keybase1.TeamEphemeralKey, created bool, err error)

func (*EKLib) GetOrCreateLatestTeamEK

func (e *EKLib) GetOrCreateLatestTeamEK(mctx libkb.MetaContext, teamID keybase1.TeamID) (
	ek keybase1.TeamEphemeralKey, created bool, err error)

func (*EKLib) GetOrCreateLatestTeambotEK

func (e *EKLib) GetOrCreateLatestTeambotEK(mctx libkb.MetaContext, teamID keybase1.TeamID, gBotUID gregor1.UID) (
	ek keybase1.TeamEphemeralKey, created bool, err error)

GetOrCreateLatestTeambotEK handles two separate cases based on the `botUID` parameter. If `botUID == currentUID`, we are a bot member and thus can *only* get the latest known key, we do not have the ability to create new ones. Since bot members do not have access to the per-team-key, they must depend on team members who do to derive and publish a new key.

func (*EKLib) GetTeamEK

func (e *EKLib) GetTeamEK(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration,
	contentCtime *gregor1.Time) (ek keybase1.TeamEphemeralKey, err error)

GetTeamEK fetches the TeamEK for the given `generation`. If this fails and the `generation` is also the current maxGeneration, create a new teamEK.

func (*EKLib) GetTeambotEK

func (e *EKLib) GetTeambotEK(mctx libkb.MetaContext, teamID keybase1.TeamID, gBotUID gregor1.UID,
	generation keybase1.EkGeneration, contentCtime *gregor1.Time) (ek keybase1.TeamEphemeralKey, err error)

GetTeambotEK fetches the TeambotEK for the given `generation`. If `gBotUID` is the current UID we fetch the boxed teambotEK if it exists. Otherwise we derived the key from the teamEK at the given `generation`.

func (*EKLib) KeygenIfNeeded

func (e *EKLib) KeygenIfNeeded(mctx libkb.MetaContext) (err error)

func (*EKLib) NewDeviceEKNeeded

func (e *EKLib) NewDeviceEKNeeded(mctx libkb.MetaContext) (needed bool, err error)

func (*EKLib) NewEphemeralSeed

func (e *EKLib) NewEphemeralSeed() (seed keybase1.Bytes32, err error)

func (*EKLib) NewTeamEKNeeded

func (e *EKLib) NewTeamEKNeeded(mctx libkb.MetaContext, teamID keybase1.TeamID) (needed bool, err error)

func (*EKLib) NewUserEKNeeded

func (e *EKLib) NewUserEKNeeded(mctx libkb.MetaContext) (needed bool, err error)

func (*EKLib) OnDbNuke

func (e *EKLib) OnDbNuke(mctx libkb.MetaContext) error

func (*EKLib) OnLogin

func (e *EKLib) OnLogin(mctx libkb.MetaContext) error

func (*EKLib) OnLogout

func (e *EKLib) OnLogout(mctx libkb.MetaContext) error

func (*EKLib) PrepareNewTeamEK

func (e *EKLib) PrepareNewTeamEK(mctx libkb.MetaContext, teamID keybase1.TeamID, signingKey libkb.NaclSigningKeyPair,
	recipients []keybase1.UID) (sig string, boxes *[]keybase1.TeamEkBoxMetadata, newMetadata keybase1.TeamEkMetadata, myBox *keybase1.TeamEkBoxed, err error)

func (*EKLib) PrepareNewUserEK

func (e *EKLib) PrepareNewUserEK(mctx libkb.MetaContext, merkleRoot libkb.MerkleRoot,
	pukSeed libkb.PerUserKeySeed) (sig string, boxes []keybase1.UserEkBoxMetadata,
	newMetadata keybase1.UserEkMetadata, myBox *keybase1.UserEkBoxed, err error)

func (*EKLib) PurgeAllTeambotMetadataCaches

func (e *EKLib) PurgeAllTeambotMetadataCaches(mctx libkb.MetaContext)

func (*EKLib) PurgeTeamEKCachesForTeamID

func (e *EKLib) PurgeTeamEKCachesForTeamID(mctx libkb.MetaContext, teamID keybase1.TeamID)

func (*EKLib) PurgeTeamEKCachesForTeamIDAndGeneration

func (e *EKLib) PurgeTeamEKCachesForTeamIDAndGeneration(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration)

func (*EKLib) PurgeTeambotEKCachesForTeamID

func (e *EKLib) PurgeTeambotEKCachesForTeamID(mctx libkb.MetaContext, teamID keybase1.TeamID)

func (*EKLib) PurgeTeambotEKCachesForTeamIDAndGeneration

func (e *EKLib) PurgeTeambotEKCachesForTeamIDAndGeneration(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration)

func (*EKLib) PurgeTeambotMetadataCache

func (e *EKLib) PurgeTeambotMetadataCache(mctx libkb.MetaContext, teamID keybase1.TeamID,
	botUID keybase1.UID, generation keybase1.EkGeneration)

func (*EKLib) SetClock

func (e *EKLib) SetClock(clock clockwork.Clock)

func (*EKLib) Shutdown

func (e *EKLib) Shutdown(mctx libkb.MetaContext) error

func (*EKLib) SignedDeviceEKStatementFromSeed

func (e *EKLib) SignedDeviceEKStatementFromSeed(mctx libkb.MetaContext, generation keybase1.EkGeneration,
	seed keybase1.Bytes32, signingKey libkb.GenericKey) (statement keybase1.DeviceEkStatement, signedStatement string, err error)

type EphemeralKeyError

type EphemeralKeyError struct {
	DebugMsg    string
	HumanMsg    string
	StatusCode  int
	Ctime       gregor1.Time
	ErrKind     EphemeralKeyErrorKind
	EKKind      EphemeralKeyKind
	IsTransient bool
}

func NewNotAuthenticatedForThisDeviceError

func NewNotAuthenticatedForThisDeviceError(mctx libkb.MetaContext, memberCtime *keybase1.Time, contentCtime gregor1.Time) EphemeralKeyError

func (EphemeralKeyError) AllowTransient

func (e EphemeralKeyError) AllowTransient() bool

AllowTransient determines if we allow the given error to be downgraded to a transient error. If we encounter a MISSINGBOX error for a TeambotEK we allow this to be marked as transient for a 24 hour window. The intention is to allow a chat message to be retried on send for this period instead of permanently failing.

func (EphemeralKeyError) Error

func (e EphemeralKeyError) Error() string

func (EphemeralKeyError) HumanError

func (e EphemeralKeyError) HumanError() string

func (EphemeralKeyError) IsPermanent

func (e EphemeralKeyError) IsPermanent() bool

type EphemeralKeyErrorKind

type EphemeralKeyErrorKind int
const (
	EphemeralKeyErrorKindDEVICENOTAUTHENTICATED EphemeralKeyErrorKind = iota
	EphemeralKeyErrorKindUNBOX
	EphemeralKeyErrorKindMISSINGBOX
	EphemeralKeyErrorKindWRONGKID
	EphemeralKeyErrorKindCORRUPTEDGEN
	EphemeralKeyErrorKindDEVICEAFTEREK
	EphemeralKeyErrorKindMEMBERAFTEREK
	EphemeralKeyErrorKindDEVICESTALE
	EphemeralKeyErrorKindUSERSTALE
	EphemeralKeyErrorKindUNKNOWN
)

type EphemeralKeyKind

type EphemeralKeyKind string
const (
	DeviceEKKind  EphemeralKeyKind = "deviceEK"
	UserEKKind    EphemeralKeyKind = "userEK"
	TeamEKKind    EphemeralKeyKind = "teamEK"
	TeambotEKKind EphemeralKeyKind = "teambotEK"
)

type EphemeralKeyer

type EphemeralKeyer interface {
	Fetch(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration, contentCtime *gregor1.Time) (keybase1.TeamEphemeralKeyBoxed, error)
	Unbox(mctx libkb.MetaContext, boxed keybase1.TeamEphemeralKeyBoxed, contentCtime *gregor1.Time) (keybase1.TeamEphemeralKey, error)
	Type() keybase1.TeamEphemeralKeyType
}

type IncorrectTeamEphemeralKeyTypeError

type IncorrectTeamEphemeralKeyTypeError struct {
	// contains filtered or unexported fields
}

func NewIncorrectTeamEphemeralKeyTypeError

func NewIncorrectTeamEphemeralKeyTypeError(expected, actual keybase1.TeamEphemeralKeyType) IncorrectTeamEphemeralKeyTypeError

func (IncorrectTeamEphemeralKeyTypeError) Error

type TeamEKBoxStorage

type TeamEKBoxStorage struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

We cache TeamEKBoxes from the server in a LRU and a persist to a local KVStore.

func NewTeamEKBoxStorage

func NewTeamEKBoxStorage(keyer EphemeralKeyer) *TeamEKBoxStorage

func (*TeamEKBoxStorage) ClearCache

func (s *TeamEKBoxStorage) ClearCache()

func (*TeamEKBoxStorage) Delete

func (s *TeamEKBoxStorage) Delete(mctx libkb.MetaContext, teamID keybase1.TeamID,
	generation keybase1.EkGeneration) (err error)

func (*TeamEKBoxStorage) DeleteExpired

func (s *TeamEKBoxStorage) DeleteExpired(mctx libkb.MetaContext, teamID keybase1.TeamID,
	merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)

func (*TeamEKBoxStorage) Get

func (s *TeamEKBoxStorage) Get(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration,
	contentCtime *gregor1.Time) (teamEK keybase1.TeamEphemeralKey, err error)

func (*TeamEKBoxStorage) GetAll

func (s *TeamEKBoxStorage) GetAll(mctx libkb.MetaContext, teamID keybase1.TeamID) (teamEKs TeamEKMap, err error)

func (*TeamEKBoxStorage) MaxGeneration

func (s *TeamEKBoxStorage) MaxGeneration(mctx libkb.MetaContext, teamID keybase1.TeamID, includeErrs bool) (maxGeneration keybase1.EkGeneration, err error)

func (*TeamEKBoxStorage) PurgeCacheForTeamID

func (s *TeamEKBoxStorage) PurgeCacheForTeamID(mctx libkb.MetaContext, teamID keybase1.TeamID) (err error)

func (*TeamEKBoxStorage) Put

func (s *TeamEKBoxStorage) Put(mctx libkb.MetaContext, teamID keybase1.TeamID,
	generation keybase1.EkGeneration, teamEKBoxed keybase1.TeamEphemeralKeyBoxed) (err error)

type TeamEKBoxedResponse

type TeamEKBoxedResponse struct {
	Result *struct {
		Box              string                `json:"box"`
		UserEKGeneration keybase1.EkGeneration `json:"user_ek_generation"`
		Sig              string                `json:"sig"`
	} `json:"result"`
}

type TeamEKSeed

type TeamEKSeed keybase1.Bytes32

func (*TeamEKSeed) DeriveDHKey

func (s *TeamEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair

type TeamEphemeralKeyer

type TeamEphemeralKeyer struct{}

func NewTeamEphemeralKeyer

func NewTeamEphemeralKeyer() *TeamEphemeralKeyer

func (*TeamEphemeralKeyer) Fetch

func (k *TeamEphemeralKeyer) Fetch(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration, contentCtime *gregor1.Time) (teamEK keybase1.TeamEphemeralKeyBoxed, err error)

func (*TeamEphemeralKeyer) Type

func (*TeamEphemeralKeyer) Unbox

type TeambotEKSeed

type TeambotEKSeed keybase1.Bytes32

func (*TeambotEKSeed) DeriveDHKey

func (s *TeambotEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair

type TeambotEphemeralKeyer

type TeambotEphemeralKeyer struct{}

func NewTeambotEphemeralKeyer

func NewTeambotEphemeralKeyer() *TeambotEphemeralKeyer

func (*TeambotEphemeralKeyer) Fetch

func (k *TeambotEphemeralKeyer) Fetch(mctx libkb.MetaContext, teamID keybase1.TeamID, generation keybase1.EkGeneration,
	contentCtime *gregor1.Time) (teambotEK keybase1.TeamEphemeralKeyBoxed, err error)

func (*TeambotEphemeralKeyer) Type

func (*TeambotEphemeralKeyer) Unbox

type UserEKBoxStorage

type UserEKBoxStorage struct {
	sync.Mutex
	// contains filtered or unexported fields
}

We cache UserEKBoxes from the server in memory and a persist to a local KVStore.

func NewUserEKBoxStorage

func NewUserEKBoxStorage() *UserEKBoxStorage

func (*UserEKBoxStorage) ClearCache

func (s *UserEKBoxStorage) ClearCache()

func (*UserEKBoxStorage) Delete

func (s *UserEKBoxStorage) Delete(mctx libkb.MetaContext, generation keybase1.EkGeneration) (err error)

func (*UserEKBoxStorage) DeleteExpired

func (s *UserEKBoxStorage) DeleteExpired(mctx libkb.MetaContext, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)

func (*UserEKBoxStorage) Get

func (s *UserEKBoxStorage) Get(mctx libkb.MetaContext, generation keybase1.EkGeneration,
	contentCtime *gregor1.Time) (userEK keybase1.UserEk, err error)

func (*UserEKBoxStorage) GetAll

func (s *UserEKBoxStorage) GetAll(mctx libkb.MetaContext) (userEKs UserEKUnboxedMap, err error)

func (*UserEKBoxStorage) MaxGeneration

func (s *UserEKBoxStorage) MaxGeneration(mctx libkb.MetaContext, includeErrs bool) (maxGeneration keybase1.EkGeneration, err error)

func (*UserEKBoxStorage) Put

func (s *UserEKBoxStorage) Put(mctx libkb.MetaContext, generation keybase1.EkGeneration, userEKBoxed keybase1.UserEkBoxed) (err error)

type UserEKBoxedResponse

type UserEKBoxedResponse struct {
	Result *struct {
		Box                string                `json:"box"`
		DeviceEKGeneration keybase1.EkGeneration `json:"device_ek_generation"`
		Sig                string                `json:"sig"`
	} `json:"result"`
}

type UserEKSeed

type UserEKSeed keybase1.Bytes32

func (*UserEKSeed) DeriveDHKey

func (s *UserEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair

type UserEKUnboxedMap

type UserEKUnboxedMap map[keybase1.EkGeneration]keybase1.UserEk

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL