github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/libkey/key_ops.go

github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/libkey/key_ops.go (about)

     1  // Copyright 2016 Keybase Inc. All rights reserved.
     2  // Use of this source code is governed by a BSD
     3  // license that can be found in the LICENSE file.
     4  
     5  package libkey
     6  
     7  import (
     8  	"context"
     9  
    10  	"github.com/keybase/client/go/kbfs/idutil"
    11  	"github.com/keybase/client/go/kbfs/kbfscrypto"
    12  	"github.com/keybase/client/go/kbfs/kbfsmd"
    13  	"github.com/keybase/client/go/protocol/keybase1"
    14  )
    15  
    16  // KeyOpsConfig is a config object containing the outside helper
    17  // instances needed by KeyOps.
    18  type KeyOpsConfig interface {
    19  	KeyServer() KeyServer
    20  	KBPKI() idutil.KBPKI
    21  }
    22  
    23  // KeyOpsStandard implements the KeyOps interface and relays get/put
    24  // requests for server-side key halves from/to the key server.
    25  type KeyOpsStandard struct {
    26  	config KeyOpsConfig
    27  }
    28  
    29  // NewKeyOpsStandard creates a new KeyOpsStandard instance.
    30  func NewKeyOpsStandard(config KeyOpsConfig) *KeyOpsStandard {
    31  	return &KeyOpsStandard{config}
    32  }
    33  
    34  // Test that KeyOps standard fully implements the KeyOps interface.
    35  var _ KeyOps = (*KeyOpsStandard)(nil)
    36  
    37  // GetTLFCryptKeyServerHalf is an implementation of the KeyOps interface.
    38  func (k *KeyOpsStandard) GetTLFCryptKeyServerHalf(
    39  	ctx context.Context, serverHalfID kbfscrypto.TLFCryptKeyServerHalfID,
    40  	key kbfscrypto.CryptPublicKey) (kbfscrypto.TLFCryptKeyServerHalf, error) {
    41  	// get the key half from the server
    42  	serverHalf, err := k.config.KeyServer().GetTLFCryptKeyServerHalf(
    43  		ctx, serverHalfID, key)
    44  	if err != nil {
    45  		return kbfscrypto.TLFCryptKeyServerHalf{}, err
    46  	}
    47  	// get current uid and deviceKID
    48  	session, err := k.config.KBPKI().GetCurrentSession(ctx)
    49  	if err != nil {
    50  		return kbfscrypto.TLFCryptKeyServerHalf{}, err
    51  	}
    52  
    53  	// verify we got the expected key
    54  	err = kbfscrypto.VerifyTLFCryptKeyServerHalfID(
    55  		serverHalfID, session.UID, key, serverHalf)
    56  	if err != nil {
    57  		return kbfscrypto.TLFCryptKeyServerHalf{}, err
    58  	}
    59  	return serverHalf, nil
    60  }
    61  
    62  // PutTLFCryptKeyServerHalves is an implementation of the KeyOps interface.
    63  func (k *KeyOpsStandard) PutTLFCryptKeyServerHalves(
    64  	ctx context.Context,
    65  	keyServerHalves kbfsmd.UserDeviceKeyServerHalves) error {
    66  	// upload the keys
    67  	return k.config.KeyServer().PutTLFCryptKeyServerHalves(ctx, keyServerHalves)
    68  }
    69  
    70  // DeleteTLFCryptKeyServerHalf is an implementation of the KeyOps interface.
    71  func (k *KeyOpsStandard) DeleteTLFCryptKeyServerHalf(
    72  	ctx context.Context, uid keybase1.UID, key kbfscrypto.CryptPublicKey,
    73  	serverHalfID kbfscrypto.TLFCryptKeyServerHalfID) error {
    74  	return k.config.KeyServer().DeleteTLFCryptKeyServerHalf(
    75  		ctx, uid, key, serverHalfID)
    76  }