Documentation ¶
Index ¶
- Constants
- func ForcePublishNewTeamEKForTesting(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, ...) (metadata keybase1.TeamEkMetadata, err error)
- func ForcePublishNewUserEKForTesting(ctx context.Context, g *libkb.GlobalContext, merkleRoot libkb.MerkleRoot) (metadata keybase1.UserEkMetadata, err error)
- func HandleNewTeamEK(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, ...) (err error)
- func NewEphemeralStorageAndInstall(g *libkb.GlobalContext)
- func ServiceInit(g *libkb.GlobalContext)
- type DeviceEKMap
- type DeviceEKSeed
- type DeviceEKStorage
- func (s *DeviceEKStorage) ClearCache()
- func (s *DeviceEKStorage) Delete(ctx context.Context, generation keybase1.EkGeneration) (err error)
- func (s *DeviceEKStorage) DeleteExpired(ctx context.Context, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
- func (s *DeviceEKStorage) ForceDeleteAll(ctx context.Context, username libkb.NormalizedUsername) (err error)
- func (s *DeviceEKStorage) Get(ctx context.Context, generation keybase1.EkGeneration) (deviceEK keybase1.DeviceEk, err error)
- func (s *DeviceEKStorage) GetAll(ctx context.Context) (deviceEKs DeviceEKMap, err error)
- func (s *DeviceEKStorage) GetAllActive(ctx context.Context, merkleRoot libkb.MerkleRoot) (metadatas []keybase1.DeviceEkMetadata, err error)
- func (s *DeviceEKStorage) ListAllForUser(ctx context.Context) (all []string, err error)
- func (s *DeviceEKStorage) MaxGeneration(ctx context.Context) (maxGeneration keybase1.EkGeneration, err error)
- func (s *DeviceEKStorage) Put(ctx context.Context, generation keybase1.EkGeneration, ...) (err error)
- type EKLib
- func (e *EKLib) BoxLatestTeamEK(ctx context.Context, teamID keybase1.TeamID, recipients []keybase1.UID) (teamEKBoxes *[]keybase1.TeamEkBoxMetadata, err error)
- func (e *EKLib) BoxLatestUserEK(ctx context.Context, receiverKey libkb.NaclDHKeyPair, ...) (userEKBox *keybase1.UserEkBoxed, err error)
- func (e *EKLib) CleanupStaleUserAndDeviceEKs(ctx context.Context) (err error)
- func (e *EKLib) DeriveDeviceDHKey(seed keybase1.Bytes32) *libkb.NaclDHKeyPair
- func (e *EKLib) GetOrCreateLatestTeamEK(ctx context.Context, teamID keybase1.TeamID) (teamEK keybase1.TeamEk, err error)
- func (e *EKLib) GetTeamEK(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (teamEK keybase1.TeamEk, err error)
- func (e *EKLib) KeygenIfNeeded(ctx context.Context) (err error)
- func (e *EKLib) NewDeviceEKNeeded(ctx context.Context) (needed bool, err error)
- func (e *EKLib) NewEphemeralSeed() (seed keybase1.Bytes32, err error)
- func (e *EKLib) NewMetaContext(ctx context.Context) libkb.MetaContext
- func (e *EKLib) NewTeamEKNeeded(ctx context.Context, teamID keybase1.TeamID) (needed bool, err error)
- func (e *EKLib) NewUserEKNeeded(ctx context.Context) (needed bool, err error)
- func (e *EKLib) OnLogin() error
- func (e *EKLib) OnLogout() error
- func (e *EKLib) PrepareNewTeamEK(ctx context.Context, teamID keybase1.TeamID, ...) (sig string, boxes *[]keybase1.TeamEkBoxMetadata, ...)
- func (e *EKLib) PrepareNewUserEK(ctx context.Context, merkleRoot libkb.MerkleRoot, pukSeed libkb.PerUserKeySeed) (sig string, boxes []keybase1.UserEkBoxMetadata, ...)
- func (e *EKLib) PurgeTeamEKGenCache(teamID keybase1.TeamID, generation keybase1.EkGeneration)
- func (e *EKLib) SignedDeviceEKStatementFromSeed(ctx context.Context, generation keybase1.EkGeneration, seed keybase1.Bytes32, ...) (statement keybase1.DeviceEkStatement, signedStatement string, err error)
- type EKMissingBoxErr
- type EKType
- type EKUnboxErr
- type MemoryStorage
- type TeamEKBoxMap
- type TeamEKBoxStorage
- func (s *TeamEKBoxStorage) ClearCache()
- func (s *TeamEKBoxStorage) Delete(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (err error)
- func (s *TeamEKBoxStorage) DeleteExpired(ctx context.Context, teamID keybase1.TeamID, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
- func (s *TeamEKBoxStorage) Get(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (teamEK keybase1.TeamEk, err error)
- func (s *TeamEKBoxStorage) GetAll(ctx context.Context, teamID keybase1.TeamID) (teamEKs TeamEKMap, err error)
- func (s *TeamEKBoxStorage) MaxGeneration(ctx context.Context, teamID keybase1.TeamID) (maxGeneration keybase1.EkGeneration, err error)
- func (s *TeamEKBoxStorage) Put(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration, ...) (err error)
- type TeamEKBoxedResponse
- type TeamEKMap
- type TeamEKSeed
- type UserEKBoxMap
- type UserEKBoxStorage
- func (s *UserEKBoxStorage) ClearCache()
- func (s *UserEKBoxStorage) Delete(ctx context.Context, generation keybase1.EkGeneration) (err error)
- func (s *UserEKBoxStorage) DeleteExpired(ctx context.Context, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
- func (s *UserEKBoxStorage) Get(ctx context.Context, generation keybase1.EkGeneration) (userEK keybase1.UserEk, err error)
- func (s *UserEKBoxStorage) GetAll(ctx context.Context) (userEKs UserEKUnboxedMap, err error)
- func (s *UserEKBoxStorage) MaxGeneration(ctx context.Context) (maxGeneration keybase1.EkGeneration, err error)
- func (s *UserEKBoxStorage) Put(ctx context.Context, generation keybase1.EkGeneration, ...) (err error)
- type UserEKBoxedResponse
- type UserEKSeed
- type UserEKUnboxedMap
Constants ¶
const KeyGenLifetimeSecs = 60 * 60 * 24 // one day
Everyday we want to generate a new key if possible
const KeyLifetimeSecs = 60 * 60 * 24 * 7 // one week
NOTE: If you change this value you should change it in web/ephemeral.iced and go/ekreaperd/reaper.go as well. Keys last at most one week
const MemCacheLRUSize = 200
const SkipKeygenNilMerkleRoot = "Skipping key generation, unable to fetch merkle root"
Variables ¶
This section is empty.
Functions ¶
func ForcePublishNewTeamEKForTesting ¶
func ForcePublishNewTeamEKForTesting(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, merkleRoot libkb.MerkleRoot) (metadata keybase1.TeamEkMetadata, err error)
func ForcePublishNewUserEKForTesting ¶
func ForcePublishNewUserEKForTesting(ctx context.Context, g *libkb.GlobalContext, merkleRoot libkb.MerkleRoot) (metadata keybase1.UserEkMetadata, err error)
func HandleNewTeamEK ¶
func HandleNewTeamEK(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, generation keybase1.EkGeneration) (err error)
func NewEphemeralStorageAndInstall ¶
func NewEphemeralStorageAndInstall(g *libkb.GlobalContext)
Creates a ephemeral key storage and installs it into G.
func ServiceInit ¶
func ServiceInit(g *libkb.GlobalContext)
Types ¶
type DeviceEKMap ¶
type DeviceEKMap map[keybase1.EkGeneration]keybase1.DeviceEk
type DeviceEKSeed ¶
func (*DeviceEKSeed) DeriveDHKey ¶
func (s *DeviceEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair
type DeviceEKStorage ¶
type DeviceEKStorage struct { libkb.Contextified sync.Mutex // contains filtered or unexported fields }
func NewDeviceEKStorage ¶
func NewDeviceEKStorage(g *libkb.GlobalContext) *DeviceEKStorage
func (*DeviceEKStorage) ClearCache ¶
func (s *DeviceEKStorage) ClearCache()
func (*DeviceEKStorage) Delete ¶
func (s *DeviceEKStorage) Delete(ctx context.Context, generation keybase1.EkGeneration) (err error)
func (*DeviceEKStorage) DeleteExpired ¶
func (s *DeviceEKStorage) DeleteExpired(ctx context.Context, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
func (*DeviceEKStorage) ForceDeleteAll ¶
func (s *DeviceEKStorage) ForceDeleteAll(ctx context.Context, username libkb.NormalizedUsername) (err error)
func (*DeviceEKStorage) Get ¶
func (s *DeviceEKStorage) Get(ctx context.Context, generation keybase1.EkGeneration) (deviceEK keybase1.DeviceEk, err error)
func (*DeviceEKStorage) GetAll ¶
func (s *DeviceEKStorage) GetAll(ctx context.Context) (deviceEKs DeviceEKMap, err error)
func (*DeviceEKStorage) GetAllActive ¶
func (s *DeviceEKStorage) GetAllActive(ctx context.Context, merkleRoot libkb.MerkleRoot) (metadatas []keybase1.DeviceEkMetadata, err error)
func (*DeviceEKStorage) ListAllForUser ¶
func (s *DeviceEKStorage) ListAllForUser(ctx context.Context) (all []string, err error)
ListAllForUser lists the internal storage name of deviceEKs of the logged in user. This is used for logsend purposes to debug ek state.
func (*DeviceEKStorage) MaxGeneration ¶
func (s *DeviceEKStorage) MaxGeneration(ctx context.Context) (maxGeneration keybase1.EkGeneration, err error)
func (*DeviceEKStorage) Put ¶
func (s *DeviceEKStorage) Put(ctx context.Context, generation keybase1.EkGeneration, deviceEK keybase1.DeviceEk) (err error)
type EKLib ¶
type EKLib struct { libkb.Contextified sync.Mutex // contains filtered or unexported fields }
func NewEKLib ¶
func NewEKLib(g *libkb.GlobalContext) *EKLib
func (*EKLib) BoxLatestTeamEK ¶ added in v1.0.48
func (*EKLib) BoxLatestUserEK ¶ added in v1.0.47
func (e *EKLib) BoxLatestUserEK(ctx context.Context, receiverKey libkb.NaclDHKeyPair, deviceEKGeneration keybase1.EkGeneration) (userEKBox *keybase1.UserEkBoxed, err error)
For device provisioning
func (*EKLib) CleanupStaleUserAndDeviceEKs ¶
func (*EKLib) DeriveDeviceDHKey ¶ added in v1.0.47
func (e *EKLib) DeriveDeviceDHKey(seed keybase1.Bytes32) *libkb.NaclDHKeyPair
func (*EKLib) GetOrCreateLatestTeamEK ¶
func (*EKLib) GetTeamEK ¶
func (e *EKLib) GetTeamEK(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (teamEK keybase1.TeamEk, err error)
Try to get the TeamEK for the given `generation`. If this fails and the `generation` is also the current maxGeneration, create a new teamEK.
func (*EKLib) NewDeviceEKNeeded ¶
func (*EKLib) NewEphemeralSeed ¶ added in v1.0.47
func (*EKLib) NewMetaContext ¶
func (e *EKLib) NewMetaContext(ctx context.Context) libkb.MetaContext
func (*EKLib) NewTeamEKNeeded ¶
func (*EKLib) NewUserEKNeeded ¶
func (*EKLib) PrepareNewTeamEK ¶ added in v1.0.48
func (e *EKLib) PrepareNewTeamEK(ctx context.Context, teamID keybase1.TeamID, signingKey libkb.NaclSigningKeyPair, recipients []keybase1.UID) (sig string, boxes *[]keybase1.TeamEkBoxMetadata, newMetadata keybase1.TeamEkMetadata, myBox *keybase1.TeamEkBoxed, err error)
func (*EKLib) PrepareNewUserEK ¶ added in v1.0.48
func (e *EKLib) PrepareNewUserEK(ctx context.Context, merkleRoot libkb.MerkleRoot, pukSeed libkb.PerUserKeySeed) (sig string, boxes []keybase1.UserEkBoxMetadata, newMetadata keybase1.UserEkMetadata, myBox *keybase1.UserEkBoxed, err error)
func (*EKLib) PurgeTeamEKGenCache ¶
func (e *EKLib) PurgeTeamEKGenCache(teamID keybase1.TeamID, generation keybase1.EkGeneration)
func (*EKLib) SignedDeviceEKStatementFromSeed ¶ added in v1.0.47
func (e *EKLib) SignedDeviceEKStatementFromSeed(ctx context.Context, generation keybase1.EkGeneration, seed keybase1.Bytes32, signingKey libkb.GenericKey, existingMetadata []keybase1.DeviceEkMetadata) (statement keybase1.DeviceEkStatement, signedStatement string, err error)
type EKMissingBoxErr ¶ added in v1.0.48
type EKMissingBoxErr struct {
// contains filtered or unexported fields
}
func (*EKMissingBoxErr) Error ¶ added in v1.0.48
func (e *EKMissingBoxErr) Error() string
type EKUnboxErr ¶
type EKUnboxErr struct {
// contains filtered or unexported fields
}
func (*EKUnboxErr) Error ¶
func (e *EKUnboxErr) Error() string
type MemoryStorage ¶
type MemoryStorage struct { libkb.Contextified sync.Mutex // contains filtered or unexported fields }
Store some TeamEKBoxes's in memory. Threadsafe.
func NewMemoryStorage ¶
func NewMemoryStorage(g *libkb.GlobalContext) *MemoryStorage
func (*MemoryStorage) Clear ¶
func (s *MemoryStorage) Clear()
func (*MemoryStorage) GetMap ¶
func (s *MemoryStorage) GetMap(teamID keybase1.TeamID) (teamEKBoxes TeamEKBoxMap, found bool)
func (*MemoryStorage) PutMap ¶
func (s *MemoryStorage) PutMap(teamID keybase1.TeamID, teamEKBoxes TeamEKBoxMap)
type TeamEKBoxMap ¶
type TeamEKBoxMap map[keybase1.EkGeneration]keybase1.TeamEkBoxed
type TeamEKBoxStorage ¶
type TeamEKBoxStorage struct { libkb.Contextified sync.Mutex // contains filtered or unexported fields }
We cache TeamEKBoxes from the server in a LRU and a persist to a local KVStore.
func NewTeamEKBoxStorage ¶
func NewTeamEKBoxStorage(g *libkb.GlobalContext) *TeamEKBoxStorage
func (*TeamEKBoxStorage) ClearCache ¶
func (s *TeamEKBoxStorage) ClearCache()
func (*TeamEKBoxStorage) Delete ¶
func (s *TeamEKBoxStorage) Delete(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (err error)
func (*TeamEKBoxStorage) DeleteExpired ¶
func (s *TeamEKBoxStorage) DeleteExpired(ctx context.Context, teamID keybase1.TeamID, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
func (*TeamEKBoxStorage) Get ¶
func (s *TeamEKBoxStorage) Get(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration) (teamEK keybase1.TeamEk, err error)
func (*TeamEKBoxStorage) MaxGeneration ¶
func (s *TeamEKBoxStorage) MaxGeneration(ctx context.Context, teamID keybase1.TeamID) (maxGeneration keybase1.EkGeneration, err error)
func (*TeamEKBoxStorage) Put ¶
func (s *TeamEKBoxStorage) Put(ctx context.Context, teamID keybase1.TeamID, generation keybase1.EkGeneration, teamEKBoxed keybase1.TeamEkBoxed) (err error)
type TeamEKBoxedResponse ¶
type TeamEKBoxedResponse struct { Result *struct { Box string `json:"box"` UserEKGeneration keybase1.EkGeneration `json:"user_ek_generation"` Sig string `json:"sig"` } `json:"result"` }
type TeamEKSeed ¶
func (*TeamEKSeed) DeriveDHKey ¶
func (s *TeamEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair
type UserEKBoxMap ¶
type UserEKBoxMap map[keybase1.EkGeneration]keybase1.UserEkBoxed
type UserEKBoxStorage ¶
type UserEKBoxStorage struct { libkb.Contextified sync.Mutex // contains filtered or unexported fields }
We cache UserEKBoxes from the server in memory and a persist to a local KVStore.
func NewUserEKBoxStorage ¶
func NewUserEKBoxStorage(g *libkb.GlobalContext) *UserEKBoxStorage
func (*UserEKBoxStorage) ClearCache ¶
func (s *UserEKBoxStorage) ClearCache()
func (*UserEKBoxStorage) Delete ¶
func (s *UserEKBoxStorage) Delete(ctx context.Context, generation keybase1.EkGeneration) (err error)
func (*UserEKBoxStorage) DeleteExpired ¶
func (s *UserEKBoxStorage) DeleteExpired(ctx context.Context, merkleRoot libkb.MerkleRoot) (expired []keybase1.EkGeneration, err error)
func (*UserEKBoxStorage) Get ¶
func (s *UserEKBoxStorage) Get(ctx context.Context, generation keybase1.EkGeneration) (userEK keybase1.UserEk, err error)
func (*UserEKBoxStorage) GetAll ¶
func (s *UserEKBoxStorage) GetAll(ctx context.Context) (userEKs UserEKUnboxedMap, err error)
func (*UserEKBoxStorage) MaxGeneration ¶
func (s *UserEKBoxStorage) MaxGeneration(ctx context.Context) (maxGeneration keybase1.EkGeneration, err error)
func (*UserEKBoxStorage) Put ¶
func (s *UserEKBoxStorage) Put(ctx context.Context, generation keybase1.EkGeneration, userEKBoxed keybase1.UserEkBoxed) (err error)
type UserEKBoxedResponse ¶
type UserEKBoxedResponse struct { Result *struct { Box string `json:"box"` DeviceEKGeneration keybase1.EkGeneration `json:"device_ek_generation"` Sig string `json:"sig"` } `json:"result"` }
type UserEKSeed ¶
func (*UserEKSeed) DeriveDHKey ¶
func (s *UserEKSeed) DeriveDHKey() *libkb.NaclDHKeyPair
type UserEKUnboxedMap ¶
type UserEKUnboxedMap map[keybase1.EkGeneration]keybase1.UserEk