github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/kbfsmd/root_metadata_v2.go (about) 1 // Copyright 2016 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package kbfsmd 6 7 import ( 8 "errors" 9 "fmt" 10 11 "github.com/keybase/client/go/kbfs/kbfscodec" 12 "github.com/keybase/client/go/kbfs/kbfscrypto" 13 "github.com/keybase/client/go/kbfs/tlf" 14 "github.com/keybase/client/go/protocol/keybase1" 15 "github.com/keybase/go-codec/codec" 16 "golang.org/x/net/context" 17 ) 18 19 // WriterMetadataV2 stores the metadata for a TLF that is 20 // only editable by users with writer permissions. 21 // 22 // NOTE: Don't add new fields to this type! Instead, add them to 23 // WriterMetadataExtraV2. This is because we want old clients to 24 // preserve unknown fields, and we're unable to do that for 25 // WriterMetadata directly because it's embedded in RootMetadata. 26 type WriterMetadataV2 struct { 27 // Serialized, possibly encrypted, version of the PrivateMetadata 28 SerializedPrivateMetadata []byte `codec:"data"` 29 // The last KB user with writer permissions to this TLF 30 // who modified this WriterMetadata 31 LastModifyingWriter keybase1.UID 32 // For public and single-team TLFs (since those don't have any 33 // keys at all). 34 Writers []keybase1.UserOrTeamID `codec:",omitempty"` 35 // For private TLFs. Writer key generations for this metadata. The 36 // most recent one is last in the array. Must be same length as 37 // RootMetadata.RKeys. 38 WKeys TLFWriterKeyGenerationsV2 `codec:",omitempty"` 39 // The directory ID, signed over to make verification easier 40 ID tlf.ID 41 // The branch ID, currently only set if this is in unmerged per-device history. 42 BID BranchID 43 // Flags 44 WFlags WriterFlags 45 // Estimated disk usage at this revision 46 DiskUsage uint64 47 // Estimated MD disk usage at this revision (for testing only -- 48 // real v2 MDs in the wild won't ever have this set). 49 MDDiskUsage uint64 `codec:",omitempty"` 50 51 // The total number of bytes in new data blocks 52 RefBytes uint64 53 // The total number of bytes in unreferenced blocks 54 UnrefBytes uint64 55 // The total number of bytes in new MD blocks (for testing only -- 56 // real v2 MDs in the wild won't ever have this set). 57 MDRefBytes uint64 `codec:",omitempty"` 58 59 // TODO: Remove omitempty and omitemptycheckstruct once we use 60 // a version of go-codec that supports omitemptyrecursive. 61 Extra WriterMetadataExtraV2 `codec:"x,omitemptyrecursive,omitempty,omitemptycheckstruct"` 62 } 63 64 // ToWriterMetadataV3 converts the WriterMetadataV2 to a 65 // WriterMetadataV3. 66 func (wmdV2 *WriterMetadataV2) ToWriterMetadataV3() WriterMetadataV3 { 67 var wmdV3 WriterMetadataV3 68 wmdV3.Writers = make([]keybase1.UserOrTeamID, len(wmdV2.Writers)) 69 copy(wmdV3.Writers, wmdV2.Writers) 70 71 wmdV3.UnresolvedWriters = make([]keybase1.SocialAssertion, len(wmdV2.Extra.UnresolvedWriters)) 72 copy(wmdV3.UnresolvedWriters, wmdV2.Extra.UnresolvedWriters) 73 74 wmdV3.ID = wmdV2.ID 75 wmdV3.BID = wmdV2.BID 76 wmdV3.WFlags = wmdV2.WFlags 77 wmdV3.DiskUsage = wmdV2.DiskUsage 78 wmdV3.MDDiskUsage = wmdV2.MDDiskUsage 79 wmdV3.RefBytes = wmdV2.RefBytes 80 wmdV3.UnrefBytes = wmdV2.UnrefBytes 81 wmdV3.MDRefBytes = wmdV2.MDRefBytes 82 83 if wmdV2.ID.Type() == tlf.Public { 84 wmdV3.LatestKeyGen = PublicKeyGen 85 } else { 86 wmdV3.LatestKeyGen = wmdV2.WKeys.LatestKeyGeneration() 87 } 88 return wmdV3 89 } 90 91 // WriterMetadataExtraV2 stores more fields for WriterMetadataV2. (See 92 // WriterMetadataV2 comments as to why this type is needed.) 93 type WriterMetadataExtraV2 struct { 94 UnresolvedWriters []keybase1.SocialAssertion `codec:"uw,omitempty"` 95 codec.UnknownFieldSetHandler 96 } 97 98 // RootMetadataV2 is the MD that is signed by the reader or 99 // writer. Unlike RootMetadata, it contains exactly the serializable 100 // metadata. 101 type RootMetadataV2 struct { 102 // The metadata that is only editable by the writer. 103 // 104 // TODO: If we ever get a chance to update RootMetadata 105 // without having to be backwards-compatible, WriterMetadata 106 // should be unembedded; see comments to WriterMetadata as for 107 // why. 108 WriterMetadataV2 109 110 // The signature for the writer metadata, to prove 111 // that it's only been changed by writers. 112 WriterMetadataSigInfo kbfscrypto.SignatureInfo 113 114 // The last KB user who modified this RootMetadata 115 LastModifyingUser keybase1.UID 116 // Flags 117 Flags MetadataFlags 118 // The revision number 119 Revision Revision 120 // Pointer to the previous root block ID 121 PrevRoot ID 122 // For private TLFs. Reader key generations for this metadata. The 123 // most recent one is last in the array. Must be same length as 124 // WriterMetadata.WKeys. If there are no readers, each generation 125 // is empty. 126 RKeys TLFReaderKeyGenerationsV2 `codec:",omitempty"` 127 // For private TLFs. Any unresolved social assertions for readers. 128 UnresolvedReaders []keybase1.SocialAssertion `codec:"ur,omitempty"` 129 130 // ConflictInfo is set if there's a conflict for the given folder's 131 // handle after a social assertion resolution. 132 ConflictInfo *tlf.HandleExtension `codec:"ci,omitempty"` 133 134 // FinalizedInfo is set if there are no more valid writer keys capable 135 // of writing to the given folder. 136 FinalizedInfo *tlf.HandleExtension `codec:"fi,omitempty"` 137 138 codec.UnknownFieldSetHandler 139 } 140 141 // MakeInitialRootMetadataV2 creates a new RootMetadataV2 142 // object with revision RevisionInitial, and the given TLF ID 143 // and handle. Note that if the given ID/handle are private, rekeying 144 // must be done separately. 145 func MakeInitialRootMetadataV2(tlfID tlf.ID, h tlf.Handle) ( 146 *RootMetadataV2, error) { 147 if tlfID.Type() != h.Type() { 148 return nil, errors.New("TlfID and TlfHandle disagree on TLF type") 149 } 150 151 var writers []keybase1.UserOrTeamID 152 var wKeys TLFWriterKeyGenerationsV2 153 var rKeys TLFReaderKeyGenerationsV2 154 if tlfID.Type() == tlf.Private { 155 wKeys = make(TLFWriterKeyGenerationsV2, 0, 1) 156 rKeys = make(TLFReaderKeyGenerationsV2, 0, 1) 157 } else { 158 writers = make([]keybase1.UserOrTeamID, len(h.Writers)) 159 copy(writers, h.Writers) 160 } 161 162 var unresolvedWriters, unresolvedReaders []keybase1.SocialAssertion 163 if len(h.UnresolvedWriters) > 0 { 164 unresolvedWriters = make( 165 []keybase1.SocialAssertion, len(h.UnresolvedWriters)) 166 copy(unresolvedWriters, h.UnresolvedWriters) 167 } 168 169 if len(h.UnresolvedReaders) > 0 { 170 unresolvedReaders = make( 171 []keybase1.SocialAssertion, len(h.UnresolvedReaders)) 172 copy(unresolvedReaders, h.UnresolvedReaders) 173 } 174 175 return &RootMetadataV2{ 176 WriterMetadataV2: WriterMetadataV2{ 177 Writers: writers, 178 WKeys: wKeys, 179 ID: tlfID, 180 Extra: WriterMetadataExtraV2{ 181 UnresolvedWriters: unresolvedWriters, 182 }, 183 }, 184 Revision: RevisionInitial, 185 RKeys: rKeys, 186 UnresolvedReaders: unresolvedReaders, 187 // Normally an MD wouldn't start out with extensions, but this 188 // is useful for tests. 189 ConflictInfo: h.ConflictInfo, 190 FinalizedInfo: h.FinalizedInfo, 191 }, nil 192 } 193 194 // TlfID implements the RootMetadata interface for RootMetadataV2. 195 func (md *RootMetadataV2) TlfID() tlf.ID { 196 return md.ID 197 } 198 199 // TypeForKeying implements the RootMetadata interface for RootMetadataV2. 200 func (md *RootMetadataV2) TypeForKeying() tlf.KeyingType { 201 return md.TlfID().Type().ToKeyingType() 202 } 203 204 // KeyGenerationsToUpdate implements the RootMetadata interface 205 // for RootMetadataV2. 206 func (md *RootMetadataV2) KeyGenerationsToUpdate() (KeyGen, KeyGen) { 207 latest := md.LatestKeyGeneration() 208 if latest < FirstValidKeyGen { 209 return 0, 0 210 } 211 // We keep track of all known key generations. 212 return FirstValidKeyGen, latest + 1 213 } 214 215 // LatestKeyGeneration implements the RootMetadata interface for 216 // RootMetadataV2. 217 func (md *RootMetadataV2) LatestKeyGeneration() KeyGen { 218 if md.ID.Type() == tlf.Public { 219 return PublicKeyGen 220 } 221 return md.WKeys.LatestKeyGeneration() 222 } 223 224 func (md *RootMetadataV2) haveOnlyUserRKeysChanged( 225 codec kbfscodec.Codec, prevMD *RootMetadataV2, 226 user keybase1.UID) (bool, error) { 227 // Require the same number of generations 228 if len(md.RKeys) != len(prevMD.RKeys) { 229 return false, nil 230 } 231 for i, gen := range md.RKeys { 232 prevMDGen := prevMD.RKeys[i] 233 if len(gen.RKeys) != len(prevMDGen.RKeys) { 234 return false, nil 235 } 236 for u, keys := range gen.RKeys { 237 if u != user { 238 prevKeys := prevMDGen.RKeys[u] 239 keysEqual, err := 240 kbfscodec.Equal(codec, keys, prevKeys) 241 if err != nil { 242 return false, err 243 } 244 if !keysEqual { 245 return false, nil 246 } 247 } 248 } 249 } 250 return true, nil 251 } 252 253 // IsValidRekeyRequest implements the RootMetadata interface for RootMetadataV2. 254 func (md *RootMetadataV2) IsValidRekeyRequest( 255 codec kbfscodec.Codec, prevBareMd RootMetadata, 256 user keybase1.UID, _, _ ExtraMetadata) (bool, error) { 257 if !md.IsWriterMetadataCopiedSet() { 258 // Not a copy. 259 return false, nil 260 } 261 prevMd, ok := prevBareMd.(*RootMetadataV2) 262 if !ok { 263 // Not the same type so not a copy. 264 return false, nil 265 } 266 writerEqual, err := kbfscodec.Equal( 267 codec, md.WriterMetadataV2, prevMd.WriterMetadataV2) 268 if err != nil { 269 return false, err 270 } 271 if !writerEqual { 272 // Copy mismatch. 273 return false, nil 274 } 275 writerSigInfoEqual, err := kbfscodec.Equal(codec, 276 md.WriterMetadataSigInfo, prevMd.WriterMetadataSigInfo) 277 if err != nil { 278 return false, err 279 } 280 if !writerSigInfoEqual { 281 // Signature/public key mismatch. 282 return false, nil 283 } 284 onlyUserRKeysChanged, err := md.haveOnlyUserRKeysChanged( 285 codec, prevMd, user) 286 if err != nil { 287 return false, err 288 } 289 if !onlyUserRKeysChanged { 290 // Keys outside of this user's reader key set have changed. 291 return false, nil 292 } 293 return true, nil 294 } 295 296 // MergedStatus implements the RootMetadata interface for RootMetadataV2. 297 func (md *RootMetadataV2) MergedStatus() MergeStatus { 298 if md.WFlags&MetadataFlagUnmerged != 0 { 299 return Unmerged 300 } 301 return Merged 302 } 303 304 // IsRekeySet implements the RootMetadata interface for RootMetadataV2. 305 func (md *RootMetadataV2) IsRekeySet() bool { 306 return md.Flags&MetadataFlagRekey != 0 307 } 308 309 // IsWriterMetadataCopiedSet implements the RootMetadata interface for RootMetadataV2. 310 func (md *RootMetadataV2) IsWriterMetadataCopiedSet() bool { 311 return md.Flags&MetadataFlagWriterMetadataCopied != 0 312 } 313 314 // IsFinal implements the RootMetadata interface for RootMetadataV2. 315 func (md *RootMetadataV2) IsFinal() bool { 316 return md.Flags&MetadataFlagFinal != 0 317 } 318 319 // IsWriter implements the RootMetadata interface for RootMetadataV2. 320 func (md *RootMetadataV2) IsWriter( 321 _ context.Context, user keybase1.UID, deviceKey kbfscrypto.CryptPublicKey, 322 _ kbfscrypto.VerifyingKey, _ TeamMembershipChecker, _ ExtraMetadata, 323 _ keybase1.OfflineAvailability) (bool, error) { 324 if md.ID.Type() != tlf.Private { 325 for _, w := range md.Writers { 326 if w == user.AsUserOrTeam() { 327 return true, nil 328 } 329 } 330 return false, nil 331 } 332 return md.WKeys.IsWriter(user, deviceKey), nil 333 } 334 335 // IsReader implements the RootMetadata interface for RootMetadataV2. 336 func (md *RootMetadataV2) IsReader( 337 _ context.Context, user keybase1.UID, deviceKey kbfscrypto.CryptPublicKey, 338 _ TeamMembershipChecker, _ ExtraMetadata, 339 _ keybase1.OfflineAvailability) (bool, error) { 340 switch md.ID.Type() { 341 case tlf.Public: 342 return true, nil 343 case tlf.Private: 344 return md.RKeys.IsReader(user, deviceKey), nil 345 case tlf.SingleTeam: 346 // There are no read-only users of single-team TLFs. 347 return false, nil 348 default: 349 panic(fmt.Sprintf("Unexpected TLF type: %s", md.ID.Type())) 350 } 351 } 352 353 func (md *RootMetadataV2) deepCopy( 354 codec kbfscodec.Codec) (*RootMetadataV2, error) { 355 var newMd RootMetadataV2 356 if err := kbfscodec.Update(codec, &newMd, md); err != nil { 357 return nil, err 358 } 359 return &newMd, nil 360 } 361 362 // DeepCopy implements the RootMetadata interface for RootMetadataV2. 363 func (md *RootMetadataV2) DeepCopy( 364 codec kbfscodec.Codec) (MutableRootMetadata, error) { 365 return md.deepCopy(codec) 366 } 367 368 // MakeSuccessorCopy implements the ImmutableRootMetadata interface for RootMetadataV2. 369 func (md *RootMetadataV2) MakeSuccessorCopy( 370 codec kbfscodec.Codec, extra ExtraMetadata, latestMDVer MetadataVer, 371 tlfCryptKeyGetter func() ([]kbfscrypto.TLFCryptKey, error), 372 isReadableAndWriter bool) ( 373 MutableRootMetadata, ExtraMetadata, error) { 374 375 if !isReadableAndWriter || (latestMDVer < SegregatedKeyBundlesVer) { 376 // Continue with the current version. If we're just a reader, 377 // or can't decrypt the MD, we have to continue with v2 378 // because we can't just copy a v2 signature into a v3 MD 379 // blindly. 380 mdCopy, err := md.makeSuccessorCopyV2( 381 codec, isReadableAndWriter) 382 if err != nil { 383 return nil, nil, err 384 } 385 return mdCopy, nil, nil 386 } 387 388 // Upconvert to the new version. 389 return md.makeSuccessorCopyV3(codec, tlfCryptKeyGetter) 390 } 391 392 func (md *RootMetadataV2) makeSuccessorCopyV2( 393 codec kbfscodec.Codec, isReadableAndWriter bool) ( 394 *RootMetadataV2, error) { 395 mdCopy, err := md.deepCopy(codec) 396 if err != nil { 397 return nil, err 398 } 399 if isReadableAndWriter { 400 mdCopy.WriterMetadataSigInfo = kbfscrypto.SignatureInfo{} 401 } 402 return mdCopy, nil 403 } 404 405 func (md *RootMetadataV2) makeSuccessorCopyV3( 406 codec kbfscodec.Codec, 407 tlfCryptKeyGetter func() ([]kbfscrypto.TLFCryptKey, error)) ( 408 *RootMetadataV3, ExtraMetadata, error) { 409 mdV3 := &RootMetadataV3{} 410 411 // Fill out the writer metadata. 412 mdV3.WriterMetadata = md.WriterMetadataV2.ToWriterMetadataV3() 413 414 // Have this as ExtraMetadata so we return an untyped nil 415 // instead of a typed nil. 416 var extraCopy ExtraMetadata 417 if md.LatestKeyGeneration() != PublicKeyGen && md.WKeys != nil { 418 // Fill out the writer key bundle. 419 wkbV2, wkbV3, err := md.WKeys.ToTLFWriterKeyBundleV3( 420 codec, tlfCryptKeyGetter) 421 if err != nil { 422 return nil, nil, err 423 } 424 425 mdV3.WriterMetadata.WKeyBundleID, err = 426 MakeTLFWriterKeyBundleID(codec, wkbV3) 427 if err != nil { 428 return nil, nil, err 429 } 430 431 // Fill out the reader key bundle. wkbV2 is passed 432 // because in V2 metadata ephemeral public keys for 433 // readers were sometimes in the writer key bundles. 434 rkbV3, err := md.RKeys.ToTLFReaderKeyBundleV3(codec, wkbV2) 435 if err != nil { 436 return nil, nil, err 437 } 438 mdV3.RKeyBundleID, err = 439 MakeTLFReaderKeyBundleID(codec, rkbV3) 440 if err != nil { 441 return nil, nil, err 442 } 443 444 extraCopy = NewExtraMetadataV3(wkbV3, rkbV3, true, true) 445 } 446 447 mdV3.LastModifyingUser = md.LastModifyingUser 448 mdV3.Flags = md.Flags 449 mdV3.Revision = md.Revision // Incremented by the caller. 450 // PrevRoot is set by the caller. 451 mdV3.UnresolvedReaders = make([]keybase1.SocialAssertion, len(md.UnresolvedReaders)) 452 copy(mdV3.UnresolvedReaders, md.UnresolvedReaders) 453 454 if md.ConflictInfo != nil { 455 ci := *md.ConflictInfo 456 mdV3.ConflictInfo = &ci 457 } 458 459 // Metadata with finalized info is never succeeded. 460 if md.FinalizedInfo != nil { 461 // Shouldn't be possible. 462 return nil, nil, errors.New("Non-nil finalized info") 463 } 464 465 return mdV3, extraCopy, nil 466 } 467 468 // CheckValidSuccessor implements the RootMetadata interface for RootMetadataV2. 469 func (md *RootMetadataV2) CheckValidSuccessor( 470 currID ID, nextMd RootMetadata) error { 471 // (1) Verify current metadata is non-final. 472 if md.IsFinal() { 473 return MetadataIsFinalError{} 474 } 475 476 // (2) Check TLF ID. 477 if nextMd.TlfID() != md.ID { 478 return MDTlfIDMismatch{ 479 CurrID: md.ID, 480 NextID: nextMd.TlfID(), 481 } 482 } 483 484 // (3) Check revision. 485 if nextMd.RevisionNumber() != md.RevisionNumber()+1 { 486 return MDRevisionMismatch{ 487 Rev: nextMd.RevisionNumber(), 488 Curr: md.RevisionNumber(), 489 } 490 } 491 492 // (4) Check PrevRoot pointer. 493 expectedPrevRoot := currID 494 if nextMd.IsFinal() { 495 expectedPrevRoot = md.GetPrevRoot() 496 } 497 if nextMd.GetPrevRoot() != expectedPrevRoot { 498 return MDPrevRootMismatch{ 499 prevRoot: nextMd.GetPrevRoot(), 500 expectedPrevRoot: expectedPrevRoot, 501 } 502 } 503 504 // (5) Check branch ID. 505 if md.MergedStatus() == nextMd.MergedStatus() && md.BID() != nextMd.BID() { 506 return fmt.Errorf("Unexpected branch ID on successor: %s vs. %s", 507 md.BID(), nextMd.BID()) 508 } else if md.MergedStatus() == Unmerged && nextMd.MergedStatus() == Merged { 509 return errors.New("merged MD can't follow unmerged MD") 510 } 511 512 // (6) Check disk usage. 513 expectedUsage := md.DiskUsage() 514 if !nextMd.IsWriterMetadataCopiedSet() { 515 expectedUsage += nextMd.RefBytes() - nextMd.UnrefBytes() 516 } 517 if nextMd.DiskUsage() != expectedUsage { 518 return MDDiskUsageMismatch{ 519 expectedDiskUsage: expectedUsage, 520 actualDiskUsage: nextMd.DiskUsage(), 521 } 522 } 523 expectedMDUsage := md.MDDiskUsage() 524 if !nextMd.IsWriterMetadataCopiedSet() { 525 expectedMDUsage += nextMd.MDRefBytes() 526 } 527 if nextMd.MDDiskUsage() != expectedMDUsage { 528 return MDDiskUsageMismatch{ 529 expectedDiskUsage: expectedMDUsage, 530 actualDiskUsage: nextMd.MDDiskUsage(), 531 } 532 } 533 534 // TODO: Check that the successor (bare) TLF handle is the 535 // same or more resolved. 536 537 return nil 538 } 539 540 // CheckValidSuccessorForServer implements the RootMetadata interface for RootMetadataV2. 541 func (md *RootMetadataV2) CheckValidSuccessorForServer( 542 currID ID, nextMd RootMetadata) error { 543 err := md.CheckValidSuccessor(currID, nextMd) 544 switch err := err.(type) { 545 case nil: 546 break 547 548 case MDRevisionMismatch: 549 return ServerErrorConflictRevision{ 550 Expected: err.Curr + 1, 551 Actual: err.Rev, 552 } 553 554 case MDPrevRootMismatch: 555 return ServerErrorConflictPrevRoot{ 556 Expected: err.expectedPrevRoot, 557 Actual: err.prevRoot, 558 } 559 560 case MDDiskUsageMismatch: 561 return ServerErrorConflictDiskUsage{ 562 Expected: err.expectedDiskUsage, 563 Actual: err.actualDiskUsage, 564 } 565 566 default: 567 return ServerError{Err: err} 568 } 569 570 return nil 571 } 572 573 // MakeBareTlfHandle implements the RootMetadata interface for RootMetadataV2. 574 func (md *RootMetadataV2) MakeBareTlfHandle(_ ExtraMetadata) ( 575 tlf.Handle, error) { 576 var writers, readers []keybase1.UserOrTeamID 577 if md.ID.Type() == tlf.Private { 578 if len(md.WKeys) == 0 { 579 return tlf.Handle{}, errors.New("No writer key generations; need rekey?") 580 } 581 582 if len(md.RKeys) == 0 { 583 return tlf.Handle{}, errors.New("No reader key generations; need rekey?") 584 } 585 586 wkb := md.WKeys[len(md.WKeys)-1] 587 rkb := md.RKeys[len(md.RKeys)-1] 588 writers = make([]keybase1.UserOrTeamID, 0, len(wkb.WKeys)) 589 readers = make([]keybase1.UserOrTeamID, 0, len(rkb.RKeys)) 590 for w := range wkb.WKeys { 591 writers = append(writers, w.AsUserOrTeam()) 592 } 593 for r := range rkb.RKeys { 594 // TODO: Return an error instead if r is 595 // PublicUID. Maybe return an error if r is in 596 // WKeys also. Or do all this in 597 // MakeBareTlfHandle. 598 if _, ok := wkb.WKeys[r]; !ok && 599 r != keybase1.PublicUID { 600 readers = append(readers, r.AsUserOrTeam()) 601 } 602 } 603 } else { 604 writers = md.Writers 605 if md.ID.Type() == tlf.Public { 606 readers = []keybase1.UserOrTeamID{keybase1.PublicUID.AsUserOrTeam()} 607 } 608 } 609 610 return tlf.MakeHandle( 611 writers, readers, 612 md.Extra.UnresolvedWriters, md.UnresolvedReaders, 613 md.TlfHandleExtensions()) 614 } 615 616 // TlfHandleExtensions implements the RootMetadata interface for RootMetadataV2. 617 func (md *RootMetadataV2) TlfHandleExtensions() ( 618 extensions []tlf.HandleExtension) { 619 if md.ConflictInfo != nil { 620 extensions = append(extensions, *md.ConflictInfo) 621 } 622 if md.FinalizedInfo != nil { 623 extensions = append(extensions, *md.FinalizedInfo) 624 } 625 return extensions 626 } 627 628 // PromoteReaders implements the RootMetadata interface for 629 // RootMetadataV2. 630 func (md *RootMetadataV2) PromoteReaders( 631 readersToPromote map[keybase1.UID]bool, 632 _ ExtraMetadata) error { 633 if md.TlfID().Type() != tlf.Private { 634 return InvalidNonPrivateTLFOperation{md.TlfID(), "PromoteReaders", md.Version()} 635 } 636 637 for i, rkb := range md.RKeys { 638 for reader := range readersToPromote { 639 dkim, ok := rkb.RKeys[reader] 640 if !ok { 641 return fmt.Errorf("Could not find %s in key gen %d", 642 reader, FirstValidKeyGen+KeyGen(i)) 643 } 644 // TODO: This may be incorrect, since dkim may 645 // contain negative EPubKey indices, and the 646 // upconversion code assumes that writers will 647 // only contain non-negative EPubKey indices. 648 // 649 // See KBFS-1719. 650 md.WKeys[i].WKeys[reader] = dkim 651 delete(rkb.RKeys, reader) 652 } 653 } 654 655 return nil 656 } 657 658 // RevokeRemovedDevices implements the RootMetadata interface for 659 // RootMetadataV2. 660 func (md *RootMetadataV2) RevokeRemovedDevices( 661 updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys, 662 _ ExtraMetadata) (ServerHalfRemovalInfo, error) { 663 if md.TlfID().Type() != tlf.Private { 664 return nil, InvalidNonPrivateTLFOperation{ 665 md.TlfID(), "RevokeRemovedDevices", md.Version()} 666 } 667 668 var wRemovalInfo ServerHalfRemovalInfo 669 for _, wkb := range md.WKeys { 670 removalInfo := wkb.WKeys.RemoveDevicesNotIn(updatedWriterKeys) 671 if wRemovalInfo == nil { 672 wRemovalInfo = removalInfo 673 } else { 674 err := wRemovalInfo.AddGeneration(removalInfo) 675 if err != nil { 676 return nil, err 677 } 678 } 679 } 680 681 var rRemovalInfo ServerHalfRemovalInfo 682 for _, rkb := range md.RKeys { 683 removalInfo := rkb.RKeys.RemoveDevicesNotIn(updatedReaderKeys) 684 if rRemovalInfo == nil { 685 rRemovalInfo = removalInfo 686 } else { 687 err := rRemovalInfo.AddGeneration(removalInfo) 688 if err != nil { 689 return nil, err 690 } 691 } 692 } 693 694 return wRemovalInfo.MergeUsers(rRemovalInfo) 695 } 696 697 // getTLFKeyBundles returns the bundles for a given key generation. 698 // Note that it is legal a writer or a reader to have no keys in their 699 // bundle, if they only have a Keybase username with no device keys 700 // yet. 701 func (md *RootMetadataV2) getTLFKeyBundles(keyGen KeyGen) ( 702 *TLFWriterKeyBundleV2, *TLFReaderKeyBundleV2, error) { 703 if md.ID.Type() != tlf.Private { 704 return nil, nil, InvalidNonPrivateTLFOperation{md.ID, "getTLFKeyBundles", md.Version()} 705 } 706 707 if keyGen < FirstValidKeyGen { 708 return nil, nil, InvalidKeyGenerationError{md.ID, keyGen} 709 } 710 i := int(keyGen - FirstValidKeyGen) 711 if i >= len(md.WKeys) || i >= len(md.RKeys) { 712 return nil, nil, NewKeyGenerationError{md.ID, keyGen} 713 } 714 return &md.WKeys[i], &md.RKeys[i], nil 715 } 716 717 // GetUserDevicePublicKeys implements the RootMetadata interface 718 // for RootMetadataV2. 719 func (md *RootMetadataV2) GetUserDevicePublicKeys(_ ExtraMetadata) ( 720 writerDeviceKeys, readerDeviceKeys UserDevicePublicKeys, err error) { 721 if md.TlfID().Type() != tlf.Private { 722 return nil, nil, InvalidNonPrivateTLFOperation{ 723 md.TlfID(), "GetUserDevicePublicKeys", md.Version()} 724 } 725 726 if len(md.WKeys) == 0 || len(md.RKeys) == 0 { 727 return nil, nil, errors.New( 728 "GetUserDevicePublicKeys called with no key generations (V2)") 729 } 730 731 wUDKIM := md.WKeys[len(md.WKeys)-1] 732 rUDKIM := md.RKeys[len(md.RKeys)-1] 733 734 return wUDKIM.WKeys.ToPublicKeys(), rUDKIM.RKeys.ToPublicKeys(), nil 735 } 736 737 // GetTLFCryptKeyParams implements the RootMetadata interface for RootMetadataV2. 738 func (md *RootMetadataV2) GetTLFCryptKeyParams( 739 keyGen KeyGen, user keybase1.UID, key kbfscrypto.CryptPublicKey, 740 _ ExtraMetadata) ( 741 kbfscrypto.TLFEphemeralPublicKey, kbfscrypto.EncryptedTLFCryptKeyClientHalf, 742 kbfscrypto.TLFCryptKeyServerHalfID, bool, error) { 743 wkb, rkb, err := md.getTLFKeyBundles(keyGen) 744 if err != nil { 745 return kbfscrypto.TLFEphemeralPublicKey{}, 746 kbfscrypto.EncryptedTLFCryptKeyClientHalf{}, 747 kbfscrypto.TLFCryptKeyServerHalfID{}, false, err 748 } 749 750 dkim := wkb.WKeys[user] 751 if dkim == nil { 752 dkim = rkb.RKeys[user] 753 if dkim == nil { 754 return kbfscrypto.TLFEphemeralPublicKey{}, 755 kbfscrypto.EncryptedTLFCryptKeyClientHalf{}, 756 kbfscrypto.TLFCryptKeyServerHalfID{}, false, nil 757 } 758 } 759 info, ok := dkim[key.KID()] 760 if !ok { 761 return kbfscrypto.TLFEphemeralPublicKey{}, 762 kbfscrypto.EncryptedTLFCryptKeyClientHalf{}, 763 kbfscrypto.TLFCryptKeyServerHalfID{}, false, nil 764 } 765 766 _, _, ePubKey, err := GetEphemeralPublicKeyInfoV2(info, *wkb, *rkb) 767 if err != nil { 768 return kbfscrypto.TLFEphemeralPublicKey{}, 769 kbfscrypto.EncryptedTLFCryptKeyClientHalf{}, 770 kbfscrypto.TLFCryptKeyServerHalfID{}, false, err 771 } 772 773 return ePubKey, info.ClientHalf, info.ServerHalfID, true, nil 774 } 775 776 // IsValidAndSigned implements the RootMetadata interface for RootMetadataV2. 777 func (md *RootMetadataV2) IsValidAndSigned( 778 _ context.Context, codec kbfscodec.Codec, 779 _ TeamMembershipChecker, extra ExtraMetadata, 780 _ kbfscrypto.VerifyingKey, _ keybase1.OfflineAvailability) error { 781 // Optimization -- if the WriterMetadata signature is nil, it 782 // will fail verification. 783 if md.WriterMetadataSigInfo.IsNil() { 784 return errors.New("Missing WriterMetadata signature") 785 } 786 787 if md.IsFinal() { 788 if md.Revision < RevisionInitial+1 { 789 return fmt.Errorf("Invalid final revision %d", md.Revision) 790 } 791 792 if md.Revision == (RevisionInitial + 1) { 793 if md.PrevRoot != (ID{}) { 794 return fmt.Errorf("Invalid PrevRoot %s for initial final revision", md.PrevRoot) 795 } 796 } else { 797 if md.PrevRoot == (ID{}) { 798 return errors.New("No PrevRoot for non-initial final revision") 799 } 800 } 801 } else { 802 if md.Revision < RevisionInitial { 803 return fmt.Errorf("Invalid revision %d", md.Revision) 804 } 805 806 if md.Revision == RevisionInitial { 807 if md.PrevRoot != (ID{}) { 808 return fmt.Errorf("Invalid PrevRoot %s for initial revision", md.PrevRoot) 809 } 810 } else { 811 if md.PrevRoot == (ID{}) { 812 return errors.New("No PrevRoot for non-initial revision") 813 } 814 } 815 } 816 817 if len(md.SerializedPrivateMetadata) == 0 { 818 return errors.New("No private metadata") 819 } 820 821 if (md.MergedStatus() == Merged) != (md.BID() == NullBranchID) { 822 return fmt.Errorf("Branch ID %s doesn't match merged status %s", 823 md.BID(), md.MergedStatus()) 824 } 825 826 handle, err := md.MakeBareTlfHandle(extra) 827 if err != nil { 828 return err 829 } 830 831 // Make sure the last writer is valid. TODO(KBFS-2185): for a 832 // team TLF, check that the writer is part of the team. 833 writer := md.LastModifyingWriter() 834 if !handle.IsWriter(writer.AsUserOrTeam()) { 835 return fmt.Errorf("Invalid modifying writer %s", writer) 836 } 837 838 // Make sure the last modifier is valid. 839 user := md.LastModifyingUser 840 if !handle.IsReader(user.AsUserOrTeam()) { 841 return fmt.Errorf("Invalid modifying user %s", user) 842 } 843 844 // Verify signature. We have to re-marshal the WriterMetadata, 845 // since it's embedded. 846 buf, err := codec.Encode(md.WriterMetadataV2) 847 if err != nil { 848 return err 849 } 850 851 err = kbfscrypto.Verify(buf, md.WriterMetadataSigInfo) 852 if err != nil { 853 return fmt.Errorf("Could not verify writer metadata: %v", err) 854 } 855 856 return nil 857 } 858 859 // IsLastModifiedBy implements the RootMetadata interface for 860 // RootMetadataV2. 861 func (md *RootMetadataV2) IsLastModifiedBy( 862 uid keybase1.UID, key kbfscrypto.VerifyingKey) error { 863 // Verify the user and device are the writer. 864 writer := md.LastModifyingWriter() 865 if !md.IsWriterMetadataCopiedSet() { 866 if writer != uid { 867 return fmt.Errorf("Last writer %s != %s", writer, uid) 868 } 869 if md.WriterMetadataSigInfo.VerifyingKey != key { 870 return fmt.Errorf( 871 "Last writer verifying key %v != %v", 872 md.WriterMetadataSigInfo.VerifyingKey, key) 873 } 874 } 875 876 // Verify the user and device are the last modifier. 877 user := md.GetLastModifyingUser() 878 if user != uid { 879 return fmt.Errorf("Last modifier %s != %s", user, uid) 880 } 881 882 return nil 883 } 884 885 // LastModifyingWriter implements the RootMetadata interface for RootMetadataV2. 886 func (md *RootMetadataV2) LastModifyingWriter() keybase1.UID { 887 return md.WriterMetadataV2.LastModifyingWriter 888 } 889 890 // GetLastModifyingUser implements the RootMetadata interface for RootMetadataV2. 891 func (md *RootMetadataV2) GetLastModifyingUser() keybase1.UID { 892 return md.LastModifyingUser 893 } 894 895 // RefBytes implements the RootMetadata interface for RootMetadataV2. 896 func (md *RootMetadataV2) RefBytes() uint64 { 897 return md.WriterMetadataV2.RefBytes 898 } 899 900 // UnrefBytes implements the RootMetadata interface for RootMetadataV2. 901 func (md *RootMetadataV2) UnrefBytes() uint64 { 902 return md.WriterMetadataV2.UnrefBytes 903 } 904 905 // MDRefBytes implements the RootMetadata interface for RootMetadataV2. 906 func (md *RootMetadataV2) MDRefBytes() uint64 { 907 return md.WriterMetadataV2.MDRefBytes 908 } 909 910 // DiskUsage implements the RootMetadata interface for RootMetadataV2. 911 func (md *RootMetadataV2) DiskUsage() uint64 { 912 return md.WriterMetadataV2.DiskUsage 913 } 914 915 // MDDiskUsage implements the RootMetadata interface for RootMetadataV2. 916 func (md *RootMetadataV2) MDDiskUsage() uint64 { 917 return md.WriterMetadataV2.MDDiskUsage 918 } 919 920 // SetRefBytes implements the MutableRootMetadata interface for RootMetadataV2. 921 func (md *RootMetadataV2) SetRefBytes(refBytes uint64) { 922 md.WriterMetadataV2.RefBytes = refBytes 923 } 924 925 // SetUnrefBytes implements the MutableRootMetadata interface for RootMetadataV2. 926 func (md *RootMetadataV2) SetUnrefBytes(unrefBytes uint64) { 927 md.WriterMetadataV2.UnrefBytes = unrefBytes 928 } 929 930 // SetMDRefBytes implements the MutableRootMetadata interface for RootMetadataV2. 931 func (md *RootMetadataV2) SetMDRefBytes(mdRefBytes uint64) { 932 md.WriterMetadataV2.MDRefBytes = mdRefBytes 933 } 934 935 // SetDiskUsage implements the MutableRootMetadata interface for RootMetadataV2. 936 func (md *RootMetadataV2) SetDiskUsage(diskUsage uint64) { 937 md.WriterMetadataV2.DiskUsage = diskUsage 938 } 939 940 // SetMDDiskUsage implements the MutableRootMetadata interface for RootMetadataV2. 941 func (md *RootMetadataV2) SetMDDiskUsage(mdDiskUsage uint64) { 942 md.WriterMetadataV2.MDDiskUsage = mdDiskUsage 943 } 944 945 // AddRefBytes implements the MutableRootMetadata interface for RootMetadataV2. 946 func (md *RootMetadataV2) AddRefBytes(refBytes uint64) { 947 md.WriterMetadataV2.RefBytes += refBytes 948 } 949 950 // AddUnrefBytes implements the MutableRootMetadata interface for RootMetadataV2. 951 func (md *RootMetadataV2) AddUnrefBytes(unrefBytes uint64) { 952 md.WriterMetadataV2.UnrefBytes += unrefBytes 953 } 954 955 // AddMDRefBytes implements the MutableRootMetadata interface for RootMetadataV2. 956 func (md *RootMetadataV2) AddMDRefBytes(mdRefBytes uint64) { 957 md.WriterMetadataV2.MDRefBytes += mdRefBytes 958 } 959 960 // AddDiskUsage implements the MutableRootMetadata interface for RootMetadataV2. 961 func (md *RootMetadataV2) AddDiskUsage(diskUsage uint64) { 962 md.WriterMetadataV2.DiskUsage += diskUsage 963 } 964 965 // AddMDDiskUsage implements the MutableRootMetadata interface for RootMetadataV2. 966 func (md *RootMetadataV2) AddMDDiskUsage(mdDiskUsage uint64) { 967 md.WriterMetadataV2.MDDiskUsage += mdDiskUsage 968 } 969 970 // RevisionNumber implements the RootMetadata interface for RootMetadataV2. 971 func (md *RootMetadataV2) RevisionNumber() Revision { 972 return md.Revision 973 } 974 975 // BID implements the RootMetadata interface for RootMetadataV2. 976 func (md *RootMetadataV2) BID() BranchID { 977 return md.WriterMetadataV2.BID 978 } 979 980 // GetPrevRoot implements the RootMetadata interface for RootMetadataV2. 981 func (md *RootMetadataV2) GetPrevRoot() ID { 982 return md.PrevRoot 983 } 984 985 // ClearRekeyBit implements the MutableRootMetadata interface for RootMetadataV2. 986 func (md *RootMetadataV2) ClearRekeyBit() { 987 md.Flags &= ^MetadataFlagRekey 988 } 989 990 // ClearWriterMetadataCopiedBit implements the MutableRootMetadata interface for RootMetadataV2. 991 func (md *RootMetadataV2) ClearWriterMetadataCopiedBit() { 992 md.Flags &= ^MetadataFlagWriterMetadataCopied 993 } 994 995 // IsUnmergedSet implements the MutableRootMetadata interface for RootMetadataV2. 996 func (md *RootMetadataV2) IsUnmergedSet() bool { 997 return (md.WriterMetadataV2.WFlags & MetadataFlagUnmerged) != 0 998 } 999 1000 // SetUnmerged implements the MutableRootMetadata interface for RootMetadataV2. 1001 func (md *RootMetadataV2) SetUnmerged() { 1002 md.WriterMetadataV2.WFlags |= MetadataFlagUnmerged 1003 } 1004 1005 // SetBranchID implements the MutableRootMetadata interface for RootMetadataV2. 1006 func (md *RootMetadataV2) SetBranchID(bid BranchID) { 1007 md.WriterMetadataV2.BID = bid 1008 } 1009 1010 // SetPrevRoot implements the MutableRootMetadata interface for RootMetadataV2. 1011 func (md *RootMetadataV2) SetPrevRoot(mdID ID) { 1012 md.PrevRoot = mdID 1013 } 1014 1015 // GetSerializedPrivateMetadata implements the RootMetadata interface for RootMetadataV2. 1016 func (md *RootMetadataV2) GetSerializedPrivateMetadata() []byte { 1017 return md.SerializedPrivateMetadata 1018 } 1019 1020 // SetSerializedPrivateMetadata implements the MutableRootMetadata interface for RootMetadataV2. 1021 func (md *RootMetadataV2) SetSerializedPrivateMetadata(spmd []byte) { 1022 md.SerializedPrivateMetadata = spmd 1023 } 1024 1025 // GetSerializedWriterMetadata implements the RootMetadata interface for RootMetadataV2. 1026 func (md *RootMetadataV2) GetSerializedWriterMetadata( 1027 codec kbfscodec.Codec) ([]byte, error) { 1028 return codec.Encode(md.WriterMetadataV2) 1029 } 1030 1031 // SignWriterMetadataInternally implements the MutableRootMetadata interface for RootMetadataV2. 1032 func (md *RootMetadataV2) SignWriterMetadataInternally( 1033 ctx context.Context, codec kbfscodec.Codec, 1034 signer kbfscrypto.Signer) error { 1035 buf, err := codec.Encode(md.WriterMetadataV2) 1036 if err != nil { 1037 return err 1038 } 1039 1040 sigInfo, err := signer.Sign(ctx, buf) 1041 if err != nil { 1042 return err 1043 } 1044 md.WriterMetadataSigInfo = sigInfo 1045 return nil 1046 } 1047 1048 // SetLastModifyingWriter implements the MutableRootMetadata interface for RootMetadataV2. 1049 func (md *RootMetadataV2) SetLastModifyingWriter(user keybase1.UID) { 1050 md.WriterMetadataV2.LastModifyingWriter = user 1051 } 1052 1053 // SetLastModifyingUser implements the MutableRootMetadata interface for RootMetadataV2. 1054 func (md *RootMetadataV2) SetLastModifyingUser(user keybase1.UID) { 1055 md.LastModifyingUser = user 1056 } 1057 1058 // SetRekeyBit implements the MutableRootMetadata interface for RootMetadataV2. 1059 func (md *RootMetadataV2) SetRekeyBit() { 1060 md.Flags |= MetadataFlagRekey 1061 } 1062 1063 // SetFinalBit implements the MutableRootMetadata interface for RootMetadataV2. 1064 func (md *RootMetadataV2) SetFinalBit() { 1065 md.Flags |= MetadataFlagFinal 1066 } 1067 1068 // SetWriterMetadataCopiedBit implements the MutableRootMetadata interface for RootMetadataV2. 1069 func (md *RootMetadataV2) SetWriterMetadataCopiedBit() { 1070 md.Flags |= MetadataFlagWriterMetadataCopied 1071 } 1072 1073 // SetRevision implements the MutableRootMetadata interface for RootMetadataV2. 1074 func (md *RootMetadataV2) SetRevision(revision Revision) { 1075 md.Revision = revision 1076 } 1077 1078 // SetUnresolvedReaders implements the MutableRootMetadata interface for RootMetadataV2. 1079 func (md *RootMetadataV2) SetUnresolvedReaders(readers []keybase1.SocialAssertion) { 1080 md.UnresolvedReaders = readers 1081 } 1082 1083 // SetUnresolvedWriters implements the MutableRootMetadata interface for RootMetadataV2. 1084 func (md *RootMetadataV2) SetUnresolvedWriters(writers []keybase1.SocialAssertion) { 1085 md.Extra.UnresolvedWriters = writers 1086 } 1087 1088 // SetConflictInfo implements the MutableRootMetadata interface for RootMetadataV2. 1089 func (md *RootMetadataV2) SetConflictInfo(ci *tlf.HandleExtension) { 1090 md.ConflictInfo = ci 1091 } 1092 1093 // SetFinalizedInfo implements the MutableRootMetadata interface for RootMetadataV2. 1094 func (md *RootMetadataV2) SetFinalizedInfo(fi *tlf.HandleExtension) { 1095 md.FinalizedInfo = fi 1096 } 1097 1098 // SetWriters implements the MutableRootMetadata interface for RootMetadataV2. 1099 func (md *RootMetadataV2) SetWriters(writers []keybase1.UserOrTeamID) { 1100 md.Writers = writers 1101 } 1102 1103 // ClearForV4Migration implements the MutableRootMetadata interface 1104 // for RootMetadataV2. 1105 func (md *RootMetadataV2) ClearForV4Migration() { 1106 md.WKeys = nil 1107 md.RKeys = nil 1108 md.Extra.UnresolvedWriters = nil 1109 md.UnresolvedReaders = nil 1110 } 1111 1112 // SetTlfID implements the MutableRootMetadata interface for RootMetadataV2. 1113 func (md *RootMetadataV2) SetTlfID(tlf tlf.ID) { 1114 md.ID = tlf 1115 } 1116 1117 // ClearFinalBit implements the MutableRootMetadata interface for RootMetadataV2. 1118 func (md *RootMetadataV2) ClearFinalBit() { 1119 md.Flags &= ^MetadataFlagFinal 1120 } 1121 1122 // Version implements the MutableRootMetadata interface for RootMetadataV2. 1123 func (md *RootMetadataV2) Version() MetadataVer { 1124 // Only folders with unresolved assertions or conflict info get the 1125 // new version. 1126 if len(md.Extra.UnresolvedWriters) > 0 || len(md.UnresolvedReaders) > 0 || 1127 md.ConflictInfo != nil || 1128 md.FinalizedInfo != nil { 1129 return InitialExtraMetadataVer 1130 } 1131 // Let other types of MD objects use the older version since they 1132 // are still compatible with older clients. 1133 return PreExtraMetadataVer 1134 } 1135 1136 // GetCurrentTLFPublicKey implements the RootMetadata interface 1137 // for RootMetadataV2. 1138 func (md *RootMetadataV2) GetCurrentTLFPublicKey( 1139 _ ExtraMetadata) (kbfscrypto.TLFPublicKey, error) { 1140 if len(md.WKeys) == 0 { 1141 return kbfscrypto.TLFPublicKey{}, errors.New( 1142 "No key generations in GetCurrentTLFPublicKey") 1143 } 1144 return md.WKeys[len(md.WKeys)-1].TLFPublicKey, nil 1145 } 1146 1147 // GetUnresolvedParticipants implements the RootMetadata interface 1148 // for RootMetadataV2. 1149 func (md *RootMetadataV2) GetUnresolvedParticipants() []keybase1.SocialAssertion { 1150 writers := md.WriterMetadataV2.Extra.UnresolvedWriters 1151 readers := md.UnresolvedReaders 1152 users := make([]keybase1.SocialAssertion, 0, len(writers)+len(readers)) 1153 users = append(users, writers...) 1154 users = append(users, readers...) 1155 return users 1156 } 1157 1158 func (md *RootMetadataV2) updateKeyGenerationForReaderRekey( 1159 codec kbfscodec.Codec, keyGen KeyGen, 1160 updatedReaderKeys UserDevicePublicKeys, 1161 ePubKey kbfscrypto.TLFEphemeralPublicKey, 1162 ePrivKey kbfscrypto.TLFEphemeralPrivateKey, 1163 tlfCryptKey kbfscrypto.TLFCryptKey) (UserDeviceKeyServerHalves, error) { 1164 if len(updatedReaderKeys) != 1 { 1165 return nil, fmt.Errorf("Expected updatedReaderKeys to have only one entry, got %d", 1166 len(updatedReaderKeys)) 1167 } 1168 1169 _, rkb, err := md.getTLFKeyBundles(keyGen) 1170 if err != nil { 1171 return nil, err 1172 } 1173 1174 // This is VERY ugly, but we need it in order to avoid 1175 // having to version the metadata. The index will be 1176 // strictly negative for reader ephemeral public keys. 1177 newIndex := -len(rkb.TLFReaderEphemeralPublicKeys) - 1 1178 1179 rServerHalves, err := rkb.RKeys.FillInUserInfos( 1180 newIndex, updatedReaderKeys, ePrivKey, tlfCryptKey) 1181 if err != nil { 1182 return nil, err 1183 } 1184 1185 // If we didn't fill in any new user infos, don't add a new 1186 // ephemeral key. 1187 if len(rServerHalves) > 0 { 1188 rkb.TLFReaderEphemeralPublicKeys = append( 1189 rkb.TLFReaderEphemeralPublicKeys, ePubKey) 1190 } 1191 1192 return rServerHalves, nil 1193 } 1194 1195 func (md *RootMetadataV2) updateKeyGeneration( 1196 keyGen KeyGen, 1197 updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys, 1198 ePubKey kbfscrypto.TLFEphemeralPublicKey, 1199 ePrivKey kbfscrypto.TLFEphemeralPrivateKey, 1200 tlfCryptKey kbfscrypto.TLFCryptKey) (UserDeviceKeyServerHalves, error) { 1201 if len(updatedWriterKeys) == 0 { 1202 return nil, errors.New( 1203 "updatedWriterKeys unexpectedly non-empty") 1204 } 1205 1206 wkb, rkb, err := md.getTLFKeyBundles(keyGen) 1207 if err != nil { 1208 return nil, err 1209 } 1210 1211 newIndex := len(wkb.TLFEphemeralPublicKeys) 1212 1213 wServerHalves, err := wkb.WKeys.FillInUserInfos( 1214 newIndex, updatedWriterKeys, ePrivKey, tlfCryptKey) 1215 if err != nil { 1216 return nil, err 1217 } 1218 1219 rServerHalves, err := rkb.RKeys.FillInUserInfos( 1220 newIndex, updatedReaderKeys, ePrivKey, tlfCryptKey) 1221 if err != nil { 1222 return nil, err 1223 } 1224 1225 serverHalves, err := wServerHalves.MergeUsers(rServerHalves) 1226 if err != nil { 1227 return nil, err 1228 } 1229 1230 // If we didn't fill in any new user infos, don't add a new 1231 // ephemeral key. 1232 if len(serverHalves) > 0 { 1233 wkb.TLFEphemeralPublicKeys = 1234 append(wkb.TLFEphemeralPublicKeys, ePubKey) 1235 } 1236 1237 return serverHalves, nil 1238 } 1239 1240 // AddKeyGeneration implements the MutableRootMetadata interface 1241 // for RootMetadataV2. 1242 func (md *RootMetadataV2) AddKeyGeneration( 1243 codec kbfscodec.Codec, extra ExtraMetadata, 1244 updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys, 1245 ePubKey kbfscrypto.TLFEphemeralPublicKey, 1246 ePrivKey kbfscrypto.TLFEphemeralPrivateKey, 1247 pubKey kbfscrypto.TLFPublicKey, 1248 currCryptKey, nextCryptKey kbfscrypto.TLFCryptKey) ( 1249 nextExtra ExtraMetadata, 1250 serverHalves UserDeviceKeyServerHalves, err error) { 1251 if md.TlfID().Type() != tlf.Private { 1252 return nil, nil, InvalidNonPrivateTLFOperation{ 1253 md.TlfID(), "AddKeyGeneration", md.Version()} 1254 } 1255 1256 if len(updatedWriterKeys) == 0 { 1257 return nil, nil, errors.New( 1258 "updatedWriterKeys unexpectedly non-empty") 1259 } 1260 1261 if currCryptKey != (kbfscrypto.TLFCryptKey{}) { 1262 return nil, nil, errors.New("currCryptKey unexpectedly non-zero") 1263 } 1264 1265 if len(md.WKeys) != len(md.RKeys) { 1266 return nil, nil, fmt.Errorf( 1267 "Have %d writer key gens, but %d reader key gens", 1268 len(md.WKeys), len(md.RKeys)) 1269 } 1270 1271 if len(md.WKeys) > 0 { 1272 existingWriterKeys := 1273 md.WKeys[len(md.WKeys)-1].WKeys.ToPublicKeys() 1274 if !existingWriterKeys.Equals(updatedWriterKeys) { 1275 return nil, nil, fmt.Errorf( 1276 "existingWriterKeys=%+v != updatedWriterKeys=%+v", 1277 existingWriterKeys, updatedWriterKeys) 1278 } 1279 1280 existingReaderKeys := 1281 md.RKeys[len(md.RKeys)-1].RKeys.ToPublicKeys() 1282 if !existingReaderKeys.Equals(updatedReaderKeys) { 1283 return nil, nil, fmt.Errorf( 1284 "existingReaderKeys=%+v != updatedReaderKeys=%+v", 1285 existingReaderKeys, updatedReaderKeys) 1286 } 1287 } 1288 1289 newWriterKeys := TLFWriterKeyBundleV2{ 1290 WKeys: make(UserDeviceKeyInfoMapV2), 1291 TLFPublicKey: pubKey, 1292 } 1293 md.WKeys = append(md.WKeys, newWriterKeys) 1294 1295 newReaderKeys := TLFReaderKeyBundleV2{ 1296 RKeys: make(UserDeviceKeyInfoMapV2), 1297 } 1298 md.RKeys = append(md.RKeys, newReaderKeys) 1299 1300 serverHalves, err = md.updateKeyGeneration( 1301 md.LatestKeyGeneration(), updatedWriterKeys, 1302 updatedReaderKeys, ePubKey, ePrivKey, nextCryptKey) 1303 if err != nil { 1304 return nil, nil, err 1305 } 1306 1307 return nil, serverHalves, nil 1308 } 1309 1310 // SetLatestKeyGenerationForTeamTLF implements the 1311 // MutableRootMetadata interface for RootMetadataV2. 1312 func (md *RootMetadataV2) SetLatestKeyGenerationForTeamTLF(keyGen KeyGen) { 1313 panic("RootMetadataV2 doesn't support team TLFs") 1314 } 1315 1316 // UpdateKeyBundles implements the MutableRootMetadata interface 1317 // for RootMetadataV2. 1318 func (md *RootMetadataV2) UpdateKeyBundles(codec kbfscodec.Codec, 1319 _ ExtraMetadata, 1320 updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys, 1321 ePubKey kbfscrypto.TLFEphemeralPublicKey, 1322 ePrivKey kbfscrypto.TLFEphemeralPrivateKey, 1323 tlfCryptKeys []kbfscrypto.TLFCryptKey) ( 1324 []UserDeviceKeyServerHalves, error) { 1325 if md.TlfID().Type() != tlf.Private { 1326 return nil, InvalidNonPrivateTLFOperation{ 1327 md.TlfID(), "UpdateKeyBundles", md.Version()} 1328 } 1329 1330 expectedTLFCryptKeyCount := int( 1331 md.LatestKeyGeneration() - FirstValidKeyGen + 1) 1332 if len(tlfCryptKeys) != expectedTLFCryptKeyCount { 1333 return nil, fmt.Errorf( 1334 "(MDv2) Expected %d TLF crypt keys, got %d", 1335 expectedTLFCryptKeyCount, len(tlfCryptKeys)) 1336 } 1337 1338 serverHalves := make([]UserDeviceKeyServerHalves, len(tlfCryptKeys)) 1339 if len(updatedWriterKeys) == 0 { 1340 // Reader rekey case. 1341 1342 for keyGen := FirstValidKeyGen; keyGen <= md.LatestKeyGeneration(); keyGen++ { 1343 serverHalvesGen, err := 1344 md.updateKeyGenerationForReaderRekey(codec, 1345 keyGen, updatedReaderKeys, 1346 ePubKey, ePrivKey, 1347 tlfCryptKeys[keyGen-FirstValidKeyGen]) 1348 if err != nil { 1349 return nil, err 1350 } 1351 1352 serverHalves[keyGen-FirstValidKeyGen] = serverHalvesGen 1353 } 1354 1355 return serverHalves, nil 1356 } 1357 1358 // Usual rekey case. 1359 1360 for keyGen := FirstValidKeyGen; keyGen <= md.LatestKeyGeneration(); keyGen++ { 1361 serverHalvesGen, err := md.updateKeyGeneration( 1362 keyGen, updatedWriterKeys, updatedReaderKeys, 1363 ePubKey, ePrivKey, 1364 tlfCryptKeys[keyGen-FirstValidKeyGen]) 1365 if err != nil { 1366 return nil, err 1367 } 1368 1369 serverHalves[keyGen-FirstValidKeyGen] = serverHalvesGen 1370 } 1371 return serverHalves, nil 1372 1373 } 1374 1375 // GetTLFWriterKeyBundleID implements the RootMetadata interface for RootMetadataV2. 1376 func (md *RootMetadataV2) GetTLFWriterKeyBundleID() TLFWriterKeyBundleID { 1377 // Since key bundles are stored internally, just return the zero value. 1378 return TLFWriterKeyBundleID{} 1379 } 1380 1381 // GetTLFReaderKeyBundleID implements the RootMetadata interface for RootMetadataV2. 1382 func (md *RootMetadataV2) GetTLFReaderKeyBundleID() TLFReaderKeyBundleID { 1383 // Since key bundles are stored internally, just return the zero value. 1384 return TLFReaderKeyBundleID{} 1385 } 1386 1387 // FinalizeRekey implements the MutableRootMetadata interface for RootMetadataV2. 1388 func (md *RootMetadataV2) FinalizeRekey( 1389 _ kbfscodec.Codec, _ ExtraMetadata) error { 1390 // Nothing to do. 1391 return nil 1392 } 1393 1394 // StoresHistoricTLFCryptKeys implements the RootMetadata interface for RootMetadataV2. 1395 func (md *RootMetadataV2) StoresHistoricTLFCryptKeys() bool { 1396 // MDv2 metadata contains only per device encrypted keys. 1397 return false 1398 } 1399 1400 // GetHistoricTLFCryptKey implements the RootMetadata interface for RootMetadataV2. 1401 func (md *RootMetadataV2) GetHistoricTLFCryptKey( 1402 _ kbfscodec.Codec, _ KeyGen, _ kbfscrypto.TLFCryptKey, _ ExtraMetadata) ( 1403 kbfscrypto.TLFCryptKey, error) { 1404 return kbfscrypto.TLFCryptKey{}, errors.New( 1405 "TLF crypt key not symmetrically encrypted") 1406 }