github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/ephemeral/common.go (about) 1 package ephemeral 2 3 import ( 4 "fmt" 5 "time" 6 7 "github.com/keybase/client/go/libkb" 8 "github.com/keybase/client/go/protocol/keybase1" 9 ) 10 11 func ctimeIsStale(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool { 12 return keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime) >= libkb.MaxEphemeralKeyStaleness 13 } 14 15 // If a teamEK is almost expired we allow it to be created in the background so 16 // content generation is not blocked by key generation. We *cannot* create a 17 // teamEK in the background if the key is expired however since the current 18 // teamEK's lifetime (and supporting device/user EKs) is less than the maximum 19 // lifetime of ephemeral content. This can result in content loss once the keys 20 // are deleted. 21 func backgroundKeygenPossible(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool { 22 keyAge := keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime) 23 isOneHourFromExpiration := keyAge >= (libkb.EphemeralKeyGenInterval - time.Hour) 24 isExpired := keyAge >= libkb.EphemeralKeyGenInterval 25 return isOneHourFromExpiration && !isExpired 26 } 27 28 func keygenNeeded(ctime time.Time, currentMerkleRoot libkb.MerkleRoot) bool { 29 return keybase1.TimeFromSeconds(currentMerkleRoot.Ctime()).Time().Sub(ctime) >= libkb.EphemeralKeyGenInterval 30 } 31 32 func nextKeygenTime(ctime time.Time) time.Time { 33 return ctime.Add(libkb.EphemeralKeyGenInterval) 34 } 35 36 func makeNewRandomSeed() (seed keybase1.Bytes32, err error) { 37 bs, err := libkb.RandBytes(libkb.NaclDHKeysize) 38 if err != nil { 39 return seed, err 40 } 41 return libkb.MakeByte32(bs), nil 42 43 } 44 45 func deriveDHKey(k keybase1.Bytes32, reason libkb.DeriveReason) *libkb.NaclDHKeyPair { 46 derived, err := libkb.DeriveFromSecret(k, reason) 47 if err != nil { 48 panic("This should never fail: " + err.Error()) 49 } 50 keypair, err := libkb.MakeNaclDHKeyPairFromSecret(derived) 51 if err != nil { 52 panic("This should never fail: " + err.Error()) 53 } 54 return &keypair 55 } 56 57 func newEKSeedFromBytes(b []byte) (seed keybase1.Bytes32, err error) { 58 if len(b) != libkb.NaclDHKeysize { 59 err = fmt.Errorf("Wrong EkSeed len: %d != %d", len(b), libkb.NaclDHKeysize) 60 return seed, err 61 } 62 copy(seed[:], b) 63 return seed, nil 64 } 65 66 // Map generations to their creation time 67 type keyExpiryMap map[keybase1.EkGeneration]keybase1.Time