github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/ephemeral/common.go

github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/ephemeral/common.go (about)

     1  package ephemeral
     2  
     3  import (
     4  	"fmt"
     5  	"time"
     6  
     7  	"github.com/keybase/client/go/libkb"
     8  	"github.com/keybase/client/go/protocol/keybase1"
     9  )
    10  
    11  func ctimeIsStale(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool {
    12  	return keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime) >= libkb.MaxEphemeralKeyStaleness
    13  }
    14  
    15  // If a teamEK is almost expired we allow it to be created in the background so
    16  // content generation is not blocked by key generation. We *cannot* create a
    17  // teamEK in the background if the key is expired however since the current
    18  // teamEK's lifetime (and supporting device/user EKs) is less than the maximum
    19  // lifetime of ephemeral content. This can result in content loss once the keys
    20  // are deleted.
    21  func backgroundKeygenPossible(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool {
    22  	keyAge := keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime)
    23  	isOneHourFromExpiration := keyAge >= (libkb.EphemeralKeyGenInterval - time.Hour)
    24  	isExpired := keyAge >= libkb.EphemeralKeyGenInterval
    25  	return isOneHourFromExpiration && !isExpired
    26  }
    27  
    28  func keygenNeeded(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool {
    29  	return keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime) >= libkb.EphemeralKeyGenInterval
    30  }
    31  
    32  func nextKeygenTime(ctime time.Time) time.Time {
    33  	return ctime.Add(libkb.EphemeralKeyGenInterval)
    34  }
    35  
    36  func makeNewRandomSeed() (seed keybase1.Bytes32, err error) {
    37  	bs, err := libkb.RandBytes(libkb.NaclDHKeysize)
    38  	if err != nil {
    39  		return seed, err
    40  	}
    41  	return libkb.MakeByte32(bs), nil
    42  
    43  }
    44  
    45  func deriveDHKey(k keybase1.Bytes32, reason libkb.DeriveReason) *libkb.NaclDHKeyPair {
    46  	derived, err := libkb.DeriveFromSecret(k, reason)
    47  	if err != nil {
    48  		panic("This should never fail: " + err.Error())
    49  	}
    50  	keypair, err := libkb.MakeNaclDHKeyPairFromSecret(derived)
    51  	if err != nil {
    52  		panic("This should never fail: " + err.Error())
    53  	}
    54  	return &keypair
    55  }
    56  
    57  func newEKSeedFromBytes(b []byte) (seed keybase1.Bytes32, err error) {
    58  	if len(b) != libkb.NaclDHKeysize {
    59  		err = fmt.Errorf("Wrong EkSeed len: %d != %d", len(b), libkb.NaclDHKeysize)
    60  		return seed, err
    61  	}
    62  	copy(seed[:], b)
    63  	return seed, nil
    64  }
    65  
    66  // Map generations to their creation time
    67  type keyExpiryMap map[keybase1.EkGeneration]keybase1.Time