github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/kbfsmd/root_metadata_v2.go (about)

     1  // Copyright 2016 Keybase Inc. All rights reserved.
     2  // Use of this source code is governed by a BSD
     3  // license that can be found in the LICENSE file.
     4  
     5  package kbfsmd
     6  
     7  import (
     8  	"errors"
     9  	"fmt"
    10  
    11  	"github.com/keybase/client/go/kbfs/kbfscodec"
    12  	"github.com/keybase/client/go/kbfs/kbfscrypto"
    13  	"github.com/keybase/client/go/kbfs/tlf"
    14  	"github.com/keybase/client/go/protocol/keybase1"
    15  	"github.com/keybase/go-codec/codec"
    16  	"golang.org/x/net/context"
    17  )
    18  
    19  // WriterMetadataV2 stores the metadata for a TLF that is
    20  // only editable by users with writer permissions.
    21  //
    22  // NOTE: Don't add new fields to this type! Instead, add them to
    23  // WriterMetadataExtraV2. This is because we want old clients to
    24  // preserve unknown fields, and we're unable to do that for
    25  // WriterMetadata directly because it's embedded in RootMetadata.
    26  type WriterMetadataV2 struct {
    27  	// Serialized, possibly encrypted, version of the PrivateMetadata
    28  	SerializedPrivateMetadata []byte `codec:"data"`
    29  	// The last KB user with writer permissions to this TLF
    30  	// who modified this WriterMetadata
    31  	LastModifyingWriter keybase1.UID
    32  	// For public and single-team TLFs (since those don't have any
    33  	// keys at all).
    34  	Writers []keybase1.UserOrTeamID `codec:",omitempty"`
    35  	// For private TLFs. Writer key generations for this metadata. The
    36  	// most recent one is last in the array. Must be same length as
    37  	// RootMetadata.RKeys.
    38  	WKeys TLFWriterKeyGenerationsV2 `codec:",omitempty"`
    39  	// The directory ID, signed over to make verification easier
    40  	ID tlf.ID
    41  	// The branch ID, currently only set if this is in unmerged per-device history.
    42  	BID BranchID
    43  	// Flags
    44  	WFlags WriterFlags
    45  	// Estimated disk usage at this revision
    46  	DiskUsage uint64
    47  	// Estimated MD disk usage at this revision (for testing only --
    48  	// real v2 MDs in the wild won't ever have this set).
    49  	MDDiskUsage uint64 `codec:",omitempty"`
    50  
    51  	// The total number of bytes in new data blocks
    52  	RefBytes uint64
    53  	// The total number of bytes in unreferenced blocks
    54  	UnrefBytes uint64
    55  	// The total number of bytes in new MD blocks (for testing only --
    56  	// real v2 MDs in the wild won't ever have this set).
    57  	MDRefBytes uint64 `codec:",omitempty"`
    58  
    59  	// TODO: Remove omitempty and omitemptycheckstruct once we use
    60  	// a version of go-codec that supports omitemptyrecursive.
    61  	Extra WriterMetadataExtraV2 `codec:"x,omitemptyrecursive,omitempty,omitemptycheckstruct"`
    62  }
    63  
    64  // ToWriterMetadataV3 converts the WriterMetadataV2 to a
    65  // WriterMetadataV3.
    66  func (wmdV2 *WriterMetadataV2) ToWriterMetadataV3() WriterMetadataV3 {
    67  	var wmdV3 WriterMetadataV3
    68  	wmdV3.Writers = make([]keybase1.UserOrTeamID, len(wmdV2.Writers))
    69  	copy(wmdV3.Writers, wmdV2.Writers)
    70  
    71  	wmdV3.UnresolvedWriters = make([]keybase1.SocialAssertion, len(wmdV2.Extra.UnresolvedWriters))
    72  	copy(wmdV3.UnresolvedWriters, wmdV2.Extra.UnresolvedWriters)
    73  
    74  	wmdV3.ID = wmdV2.ID
    75  	wmdV3.BID = wmdV2.BID
    76  	wmdV3.WFlags = wmdV2.WFlags
    77  	wmdV3.DiskUsage = wmdV2.DiskUsage
    78  	wmdV3.MDDiskUsage = wmdV2.MDDiskUsage
    79  	wmdV3.RefBytes = wmdV2.RefBytes
    80  	wmdV3.UnrefBytes = wmdV2.UnrefBytes
    81  	wmdV3.MDRefBytes = wmdV2.MDRefBytes
    82  
    83  	if wmdV2.ID.Type() == tlf.Public {
    84  		wmdV3.LatestKeyGen = PublicKeyGen
    85  	} else {
    86  		wmdV3.LatestKeyGen = wmdV2.WKeys.LatestKeyGeneration()
    87  	}
    88  	return wmdV3
    89  }
    90  
    91  // WriterMetadataExtraV2 stores more fields for WriterMetadataV2. (See
    92  // WriterMetadataV2 comments as to why this type is needed.)
    93  type WriterMetadataExtraV2 struct {
    94  	UnresolvedWriters []keybase1.SocialAssertion `codec:"uw,omitempty"`
    95  	codec.UnknownFieldSetHandler
    96  }
    97  
    98  // RootMetadataV2 is the MD that is signed by the reader or
    99  // writer. Unlike RootMetadata, it contains exactly the serializable
   100  // metadata.
   101  type RootMetadataV2 struct {
   102  	// The metadata that is only editable by the writer.
   103  	//
   104  	// TODO: If we ever get a chance to update RootMetadata
   105  	// without having to be backwards-compatible, WriterMetadata
   106  	// should be unembedded; see comments to WriterMetadata as for
   107  	// why.
   108  	WriterMetadataV2
   109  
   110  	// The signature for the writer metadata, to prove
   111  	// that it's only been changed by writers.
   112  	WriterMetadataSigInfo kbfscrypto.SignatureInfo
   113  
   114  	// The last KB user who modified this RootMetadata
   115  	LastModifyingUser keybase1.UID
   116  	// Flags
   117  	Flags MetadataFlags
   118  	// The revision number
   119  	Revision Revision
   120  	// Pointer to the previous root block ID
   121  	PrevRoot ID
   122  	// For private TLFs. Reader key generations for this metadata. The
   123  	// most recent one is last in the array. Must be same length as
   124  	// WriterMetadata.WKeys. If there are no readers, each generation
   125  	// is empty.
   126  	RKeys TLFReaderKeyGenerationsV2 `codec:",omitempty"`
   127  	// For private TLFs. Any unresolved social assertions for readers.
   128  	UnresolvedReaders []keybase1.SocialAssertion `codec:"ur,omitempty"`
   129  
   130  	// ConflictInfo is set if there's a conflict for the given folder's
   131  	// handle after a social assertion resolution.
   132  	ConflictInfo *tlf.HandleExtension `codec:"ci,omitempty"`
   133  
   134  	// FinalizedInfo is set if there are no more valid writer keys capable
   135  	// of writing to the given folder.
   136  	FinalizedInfo *tlf.HandleExtension `codec:"fi,omitempty"`
   137  
   138  	codec.UnknownFieldSetHandler
   139  }
   140  
   141  // MakeInitialRootMetadataV2 creates a new RootMetadataV2
   142  // object with revision RevisionInitial, and the given TLF ID
   143  // and handle. Note that if the given ID/handle are private, rekeying
   144  // must be done separately.
   145  func MakeInitialRootMetadataV2(tlfID tlf.ID, h tlf.Handle) (
   146  	*RootMetadataV2, error) {
   147  	if tlfID.Type() != h.Type() {
   148  		return nil, errors.New("TlfID and TlfHandle disagree on TLF type")
   149  	}
   150  
   151  	var writers []keybase1.UserOrTeamID
   152  	var wKeys TLFWriterKeyGenerationsV2
   153  	var rKeys TLFReaderKeyGenerationsV2
   154  	if tlfID.Type() == tlf.Private {
   155  		wKeys = make(TLFWriterKeyGenerationsV2, 0, 1)
   156  		rKeys = make(TLFReaderKeyGenerationsV2, 0, 1)
   157  	} else {
   158  		writers = make([]keybase1.UserOrTeamID, len(h.Writers))
   159  		copy(writers, h.Writers)
   160  	}
   161  
   162  	var unresolvedWriters, unresolvedReaders []keybase1.SocialAssertion
   163  	if len(h.UnresolvedWriters) > 0 {
   164  		unresolvedWriters = make(
   165  			[]keybase1.SocialAssertion, len(h.UnresolvedWriters))
   166  		copy(unresolvedWriters, h.UnresolvedWriters)
   167  	}
   168  
   169  	if len(h.UnresolvedReaders) > 0 {
   170  		unresolvedReaders = make(
   171  			[]keybase1.SocialAssertion, len(h.UnresolvedReaders))
   172  		copy(unresolvedReaders, h.UnresolvedReaders)
   173  	}
   174  
   175  	return &RootMetadataV2{
   176  		WriterMetadataV2: WriterMetadataV2{
   177  			Writers: writers,
   178  			WKeys:   wKeys,
   179  			ID:      tlfID,
   180  			Extra: WriterMetadataExtraV2{
   181  				UnresolvedWriters: unresolvedWriters,
   182  			},
   183  		},
   184  		Revision:          RevisionInitial,
   185  		RKeys:             rKeys,
   186  		UnresolvedReaders: unresolvedReaders,
   187  		// Normally an MD wouldn't start out with extensions, but this
   188  		// is useful for tests.
   189  		ConflictInfo:  h.ConflictInfo,
   190  		FinalizedInfo: h.FinalizedInfo,
   191  	}, nil
   192  }
   193  
   194  // TlfID implements the RootMetadata interface for RootMetadataV2.
   195  func (md *RootMetadataV2) TlfID() tlf.ID {
   196  	return md.ID
   197  }
   198  
   199  // TypeForKeying implements the RootMetadata interface for RootMetadataV2.
   200  func (md *RootMetadataV2) TypeForKeying() tlf.KeyingType {
   201  	return md.TlfID().Type().ToKeyingType()
   202  }
   203  
   204  // KeyGenerationsToUpdate implements the RootMetadata interface
   205  // for RootMetadataV2.
   206  func (md *RootMetadataV2) KeyGenerationsToUpdate() (KeyGen, KeyGen) {
   207  	latest := md.LatestKeyGeneration()
   208  	if latest < FirstValidKeyGen {
   209  		return 0, 0
   210  	}
   211  	// We keep track of all known key generations.
   212  	return FirstValidKeyGen, latest + 1
   213  }
   214  
   215  // LatestKeyGeneration implements the RootMetadata interface for
   216  // RootMetadataV2.
   217  func (md *RootMetadataV2) LatestKeyGeneration() KeyGen {
   218  	if md.ID.Type() == tlf.Public {
   219  		return PublicKeyGen
   220  	}
   221  	return md.WKeys.LatestKeyGeneration()
   222  }
   223  
   224  func (md *RootMetadataV2) haveOnlyUserRKeysChanged(
   225  	codec kbfscodec.Codec, prevMD *RootMetadataV2,
   226  	user keybase1.UID) (bool, error) {
   227  	// Require the same number of generations
   228  	if len(md.RKeys) != len(prevMD.RKeys) {
   229  		return false, nil
   230  	}
   231  	for i, gen := range md.RKeys {
   232  		prevMDGen := prevMD.RKeys[i]
   233  		if len(gen.RKeys) != len(prevMDGen.RKeys) {
   234  			return false, nil
   235  		}
   236  		for u, keys := range gen.RKeys {
   237  			if u != user {
   238  				prevKeys := prevMDGen.RKeys[u]
   239  				keysEqual, err :=
   240  					kbfscodec.Equal(codec, keys, prevKeys)
   241  				if err != nil {
   242  					return false, err
   243  				}
   244  				if !keysEqual {
   245  					return false, nil
   246  				}
   247  			}
   248  		}
   249  	}
   250  	return true, nil
   251  }
   252  
   253  // IsValidRekeyRequest implements the RootMetadata interface for RootMetadataV2.
   254  func (md *RootMetadataV2) IsValidRekeyRequest(
   255  	codec kbfscodec.Codec, prevBareMd RootMetadata,
   256  	user keybase1.UID, _, _ ExtraMetadata) (bool, error) {
   257  	if !md.IsWriterMetadataCopiedSet() {
   258  		// Not a copy.
   259  		return false, nil
   260  	}
   261  	prevMd, ok := prevBareMd.(*RootMetadataV2)
   262  	if !ok {
   263  		// Not the same type so not a copy.
   264  		return false, nil
   265  	}
   266  	writerEqual, err := kbfscodec.Equal(
   267  		codec, md.WriterMetadataV2, prevMd.WriterMetadataV2)
   268  	if err != nil {
   269  		return false, err
   270  	}
   271  	if !writerEqual {
   272  		// Copy mismatch.
   273  		return false, nil
   274  	}
   275  	writerSigInfoEqual, err := kbfscodec.Equal(codec,
   276  		md.WriterMetadataSigInfo, prevMd.WriterMetadataSigInfo)
   277  	if err != nil {
   278  		return false, err
   279  	}
   280  	if !writerSigInfoEqual {
   281  		// Signature/public key mismatch.
   282  		return false, nil
   283  	}
   284  	onlyUserRKeysChanged, err := md.haveOnlyUserRKeysChanged(
   285  		codec, prevMd, user)
   286  	if err != nil {
   287  		return false, err
   288  	}
   289  	if !onlyUserRKeysChanged {
   290  		// Keys outside of this user's reader key set have changed.
   291  		return false, nil
   292  	}
   293  	return true, nil
   294  }
   295  
   296  // MergedStatus implements the RootMetadata interface for RootMetadataV2.
   297  func (md *RootMetadataV2) MergedStatus() MergeStatus {
   298  	if md.WFlags&MetadataFlagUnmerged != 0 {
   299  		return Unmerged
   300  	}
   301  	return Merged
   302  }
   303  
   304  // IsRekeySet implements the RootMetadata interface for RootMetadataV2.
   305  func (md *RootMetadataV2) IsRekeySet() bool {
   306  	return md.Flags&MetadataFlagRekey != 0
   307  }
   308  
   309  // IsWriterMetadataCopiedSet implements the RootMetadata interface for RootMetadataV2.
   310  func (md *RootMetadataV2) IsWriterMetadataCopiedSet() bool {
   311  	return md.Flags&MetadataFlagWriterMetadataCopied != 0
   312  }
   313  
   314  // IsFinal implements the RootMetadata interface for RootMetadataV2.
   315  func (md *RootMetadataV2) IsFinal() bool {
   316  	return md.Flags&MetadataFlagFinal != 0
   317  }
   318  
   319  // IsWriter implements the RootMetadata interface for RootMetadataV2.
   320  func (md *RootMetadataV2) IsWriter(
   321  	_ context.Context, user keybase1.UID, deviceKey kbfscrypto.CryptPublicKey,
   322  	_ kbfscrypto.VerifyingKey, _ TeamMembershipChecker, _ ExtraMetadata,
   323  	_ keybase1.OfflineAvailability) (bool, error) {
   324  	if md.ID.Type() != tlf.Private {
   325  		for _, w := range md.Writers {
   326  			if w == user.AsUserOrTeam() {
   327  				return true, nil
   328  			}
   329  		}
   330  		return false, nil
   331  	}
   332  	return md.WKeys.IsWriter(user, deviceKey), nil
   333  }
   334  
   335  // IsReader implements the RootMetadata interface for RootMetadataV2.
   336  func (md *RootMetadataV2) IsReader(
   337  	_ context.Context, user keybase1.UID, deviceKey kbfscrypto.CryptPublicKey,
   338  	_ TeamMembershipChecker, _ ExtraMetadata,
   339  	_ keybase1.OfflineAvailability) (bool, error) {
   340  	switch md.ID.Type() {
   341  	case tlf.Public:
   342  		return true, nil
   343  	case tlf.Private:
   344  		return md.RKeys.IsReader(user, deviceKey), nil
   345  	case tlf.SingleTeam:
   346  		// There are no read-only users of single-team TLFs.
   347  		return false, nil
   348  	default:
   349  		panic(fmt.Sprintf("Unexpected TLF type: %s", md.ID.Type()))
   350  	}
   351  }
   352  
   353  func (md *RootMetadataV2) deepCopy(
   354  	codec kbfscodec.Codec) (*RootMetadataV2, error) {
   355  	var newMd RootMetadataV2
   356  	if err := kbfscodec.Update(codec, &newMd, md); err != nil {
   357  		return nil, err
   358  	}
   359  	return &newMd, nil
   360  }
   361  
   362  // DeepCopy implements the RootMetadata interface for RootMetadataV2.
   363  func (md *RootMetadataV2) DeepCopy(
   364  	codec kbfscodec.Codec) (MutableRootMetadata, error) {
   365  	return md.deepCopy(codec)
   366  }
   367  
   368  // MakeSuccessorCopy implements the ImmutableRootMetadata interface for RootMetadataV2.
   369  func (md *RootMetadataV2) MakeSuccessorCopy(
   370  	codec kbfscodec.Codec, extra ExtraMetadata, latestMDVer MetadataVer,
   371  	tlfCryptKeyGetter func() ([]kbfscrypto.TLFCryptKey, error),
   372  	isReadableAndWriter bool) (
   373  	MutableRootMetadata, ExtraMetadata, error) {
   374  
   375  	if !isReadableAndWriter || (latestMDVer < SegregatedKeyBundlesVer) {
   376  		// Continue with the current version.  If we're just a reader,
   377  		// or can't decrypt the MD, we have to continue with v2
   378  		// because we can't just copy a v2 signature into a v3 MD
   379  		// blindly.
   380  		mdCopy, err := md.makeSuccessorCopyV2(
   381  			codec, isReadableAndWriter)
   382  		if err != nil {
   383  			return nil, nil, err
   384  		}
   385  		return mdCopy, nil, nil
   386  	}
   387  
   388  	// Upconvert to the new version.
   389  	return md.makeSuccessorCopyV3(codec, tlfCryptKeyGetter)
   390  }
   391  
   392  func (md *RootMetadataV2) makeSuccessorCopyV2(
   393  	codec kbfscodec.Codec, isReadableAndWriter bool) (
   394  	*RootMetadataV2, error) {
   395  	mdCopy, err := md.deepCopy(codec)
   396  	if err != nil {
   397  		return nil, err
   398  	}
   399  	if isReadableAndWriter {
   400  		mdCopy.WriterMetadataSigInfo = kbfscrypto.SignatureInfo{}
   401  	}
   402  	return mdCopy, nil
   403  }
   404  
   405  func (md *RootMetadataV2) makeSuccessorCopyV3(
   406  	codec kbfscodec.Codec,
   407  	tlfCryptKeyGetter func() ([]kbfscrypto.TLFCryptKey, error)) (
   408  	*RootMetadataV3, ExtraMetadata, error) {
   409  	mdV3 := &RootMetadataV3{}
   410  
   411  	// Fill out the writer metadata.
   412  	mdV3.WriterMetadata = md.WriterMetadataV2.ToWriterMetadataV3()
   413  
   414  	// Have this as ExtraMetadata so we return an untyped nil
   415  	// instead of a typed nil.
   416  	var extraCopy ExtraMetadata
   417  	if md.LatestKeyGeneration() != PublicKeyGen && md.WKeys != nil {
   418  		// Fill out the writer key bundle.
   419  		wkbV2, wkbV3, err := md.WKeys.ToTLFWriterKeyBundleV3(
   420  			codec, tlfCryptKeyGetter)
   421  		if err != nil {
   422  			return nil, nil, err
   423  		}
   424  
   425  		mdV3.WriterMetadata.WKeyBundleID, err =
   426  			MakeTLFWriterKeyBundleID(codec, wkbV3)
   427  		if err != nil {
   428  			return nil, nil, err
   429  		}
   430  
   431  		// Fill out the reader key bundle.  wkbV2 is passed
   432  		// because in V2 metadata ephemeral public keys for
   433  		// readers were sometimes in the writer key bundles.
   434  		rkbV3, err := md.RKeys.ToTLFReaderKeyBundleV3(codec, wkbV2)
   435  		if err != nil {
   436  			return nil, nil, err
   437  		}
   438  		mdV3.RKeyBundleID, err =
   439  			MakeTLFReaderKeyBundleID(codec, rkbV3)
   440  		if err != nil {
   441  			return nil, nil, err
   442  		}
   443  
   444  		extraCopy = NewExtraMetadataV3(wkbV3, rkbV3, true, true)
   445  	}
   446  
   447  	mdV3.LastModifyingUser = md.LastModifyingUser
   448  	mdV3.Flags = md.Flags
   449  	mdV3.Revision = md.Revision // Incremented by the caller.
   450  	// PrevRoot is set by the caller.
   451  	mdV3.UnresolvedReaders = make([]keybase1.SocialAssertion, len(md.UnresolvedReaders))
   452  	copy(mdV3.UnresolvedReaders, md.UnresolvedReaders)
   453  
   454  	if md.ConflictInfo != nil {
   455  		ci := *md.ConflictInfo
   456  		mdV3.ConflictInfo = &ci
   457  	}
   458  
   459  	// Metadata with finalized info is never succeeded.
   460  	if md.FinalizedInfo != nil {
   461  		// Shouldn't be possible.
   462  		return nil, nil, errors.New("Non-nil finalized info")
   463  	}
   464  
   465  	return mdV3, extraCopy, nil
   466  }
   467  
   468  // CheckValidSuccessor implements the RootMetadata interface for RootMetadataV2.
   469  func (md *RootMetadataV2) CheckValidSuccessor(
   470  	currID ID, nextMd RootMetadata) error {
   471  	// (1) Verify current metadata is non-final.
   472  	if md.IsFinal() {
   473  		return MetadataIsFinalError{}
   474  	}
   475  
   476  	// (2) Check TLF ID.
   477  	if nextMd.TlfID() != md.ID {
   478  		return MDTlfIDMismatch{
   479  			CurrID: md.ID,
   480  			NextID: nextMd.TlfID(),
   481  		}
   482  	}
   483  
   484  	// (3) Check revision.
   485  	if nextMd.RevisionNumber() != md.RevisionNumber()+1 {
   486  		return MDRevisionMismatch{
   487  			Rev:  nextMd.RevisionNumber(),
   488  			Curr: md.RevisionNumber(),
   489  		}
   490  	}
   491  
   492  	// (4) Check PrevRoot pointer.
   493  	expectedPrevRoot := currID
   494  	if nextMd.IsFinal() {
   495  		expectedPrevRoot = md.GetPrevRoot()
   496  	}
   497  	if nextMd.GetPrevRoot() != expectedPrevRoot {
   498  		return MDPrevRootMismatch{
   499  			prevRoot:         nextMd.GetPrevRoot(),
   500  			expectedPrevRoot: expectedPrevRoot,
   501  		}
   502  	}
   503  
   504  	// (5) Check branch ID.
   505  	if md.MergedStatus() == nextMd.MergedStatus() && md.BID() != nextMd.BID() {
   506  		return fmt.Errorf("Unexpected branch ID on successor: %s vs. %s",
   507  			md.BID(), nextMd.BID())
   508  	} else if md.MergedStatus() == Unmerged && nextMd.MergedStatus() == Merged {
   509  		return errors.New("merged MD can't follow unmerged MD")
   510  	}
   511  
   512  	// (6) Check disk usage.
   513  	expectedUsage := md.DiskUsage()
   514  	if !nextMd.IsWriterMetadataCopiedSet() {
   515  		expectedUsage += nextMd.RefBytes() - nextMd.UnrefBytes()
   516  	}
   517  	if nextMd.DiskUsage() != expectedUsage {
   518  		return MDDiskUsageMismatch{
   519  			expectedDiskUsage: expectedUsage,
   520  			actualDiskUsage:   nextMd.DiskUsage(),
   521  		}
   522  	}
   523  	expectedMDUsage := md.MDDiskUsage()
   524  	if !nextMd.IsWriterMetadataCopiedSet() {
   525  		expectedMDUsage += nextMd.MDRefBytes()
   526  	}
   527  	if nextMd.MDDiskUsage() != expectedMDUsage {
   528  		return MDDiskUsageMismatch{
   529  			expectedDiskUsage: expectedMDUsage,
   530  			actualDiskUsage:   nextMd.MDDiskUsage(),
   531  		}
   532  	}
   533  
   534  	// TODO: Check that the successor (bare) TLF handle is the
   535  	// same or more resolved.
   536  
   537  	return nil
   538  }
   539  
   540  // CheckValidSuccessorForServer implements the RootMetadata interface for RootMetadataV2.
   541  func (md *RootMetadataV2) CheckValidSuccessorForServer(
   542  	currID ID, nextMd RootMetadata) error {
   543  	err := md.CheckValidSuccessor(currID, nextMd)
   544  	switch err := err.(type) {
   545  	case nil:
   546  		break
   547  
   548  	case MDRevisionMismatch:
   549  		return ServerErrorConflictRevision{
   550  			Expected: err.Curr + 1,
   551  			Actual:   err.Rev,
   552  		}
   553  
   554  	case MDPrevRootMismatch:
   555  		return ServerErrorConflictPrevRoot{
   556  			Expected: err.expectedPrevRoot,
   557  			Actual:   err.prevRoot,
   558  		}
   559  
   560  	case MDDiskUsageMismatch:
   561  		return ServerErrorConflictDiskUsage{
   562  			Expected: err.expectedDiskUsage,
   563  			Actual:   err.actualDiskUsage,
   564  		}
   565  
   566  	default:
   567  		return ServerError{Err: err}
   568  	}
   569  
   570  	return nil
   571  }
   572  
   573  // MakeBareTlfHandle implements the RootMetadata interface for RootMetadataV2.
   574  func (md *RootMetadataV2) MakeBareTlfHandle(_ ExtraMetadata) (
   575  	tlf.Handle, error) {
   576  	var writers, readers []keybase1.UserOrTeamID
   577  	if md.ID.Type() == tlf.Private {
   578  		if len(md.WKeys) == 0 {
   579  			return tlf.Handle{}, errors.New("No writer key generations; need rekey?")
   580  		}
   581  
   582  		if len(md.RKeys) == 0 {
   583  			return tlf.Handle{}, errors.New("No reader key generations; need rekey?")
   584  		}
   585  
   586  		wkb := md.WKeys[len(md.WKeys)-1]
   587  		rkb := md.RKeys[len(md.RKeys)-1]
   588  		writers = make([]keybase1.UserOrTeamID, 0, len(wkb.WKeys))
   589  		readers = make([]keybase1.UserOrTeamID, 0, len(rkb.RKeys))
   590  		for w := range wkb.WKeys {
   591  			writers = append(writers, w.AsUserOrTeam())
   592  		}
   593  		for r := range rkb.RKeys {
   594  			// TODO: Return an error instead if r is
   595  			// PublicUID. Maybe return an error if r is in
   596  			// WKeys also. Or do all this in
   597  			// MakeBareTlfHandle.
   598  			if _, ok := wkb.WKeys[r]; !ok &&
   599  				r != keybase1.PublicUID {
   600  				readers = append(readers, r.AsUserOrTeam())
   601  			}
   602  		}
   603  	} else {
   604  		writers = md.Writers
   605  		if md.ID.Type() == tlf.Public {
   606  			readers = []keybase1.UserOrTeamID{keybase1.PublicUID.AsUserOrTeam()}
   607  		}
   608  	}
   609  
   610  	return tlf.MakeHandle(
   611  		writers, readers,
   612  		md.Extra.UnresolvedWriters, md.UnresolvedReaders,
   613  		md.TlfHandleExtensions())
   614  }
   615  
   616  // TlfHandleExtensions implements the RootMetadata interface for RootMetadataV2.
   617  func (md *RootMetadataV2) TlfHandleExtensions() (
   618  	extensions []tlf.HandleExtension) {
   619  	if md.ConflictInfo != nil {
   620  		extensions = append(extensions, *md.ConflictInfo)
   621  	}
   622  	if md.FinalizedInfo != nil {
   623  		extensions = append(extensions, *md.FinalizedInfo)
   624  	}
   625  	return extensions
   626  }
   627  
   628  // PromoteReaders implements the RootMetadata interface for
   629  // RootMetadataV2.
   630  func (md *RootMetadataV2) PromoteReaders(
   631  	readersToPromote map[keybase1.UID]bool,
   632  	_ ExtraMetadata) error {
   633  	if md.TlfID().Type() != tlf.Private {
   634  		return InvalidNonPrivateTLFOperation{md.TlfID(), "PromoteReaders", md.Version()}
   635  	}
   636  
   637  	for i, rkb := range md.RKeys {
   638  		for reader := range readersToPromote {
   639  			dkim, ok := rkb.RKeys[reader]
   640  			if !ok {
   641  				return fmt.Errorf("Could not find %s in key gen %d",
   642  					reader, FirstValidKeyGen+KeyGen(i))
   643  			}
   644  			// TODO: This may be incorrect, since dkim may
   645  			// contain negative EPubKey indices, and the
   646  			// upconversion code assumes that writers will
   647  			// only contain non-negative EPubKey indices.
   648  			//
   649  			// See KBFS-1719.
   650  			md.WKeys[i].WKeys[reader] = dkim
   651  			delete(rkb.RKeys, reader)
   652  		}
   653  	}
   654  
   655  	return nil
   656  }
   657  
   658  // RevokeRemovedDevices implements the RootMetadata interface for
   659  // RootMetadataV2.
   660  func (md *RootMetadataV2) RevokeRemovedDevices(
   661  	updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys,
   662  	_ ExtraMetadata) (ServerHalfRemovalInfo, error) {
   663  	if md.TlfID().Type() != tlf.Private {
   664  		return nil, InvalidNonPrivateTLFOperation{
   665  			md.TlfID(), "RevokeRemovedDevices", md.Version()}
   666  	}
   667  
   668  	var wRemovalInfo ServerHalfRemovalInfo
   669  	for _, wkb := range md.WKeys {
   670  		removalInfo := wkb.WKeys.RemoveDevicesNotIn(updatedWriterKeys)
   671  		if wRemovalInfo == nil {
   672  			wRemovalInfo = removalInfo
   673  		} else {
   674  			err := wRemovalInfo.AddGeneration(removalInfo)
   675  			if err != nil {
   676  				return nil, err
   677  			}
   678  		}
   679  	}
   680  
   681  	var rRemovalInfo ServerHalfRemovalInfo
   682  	for _, rkb := range md.RKeys {
   683  		removalInfo := rkb.RKeys.RemoveDevicesNotIn(updatedReaderKeys)
   684  		if rRemovalInfo == nil {
   685  			rRemovalInfo = removalInfo
   686  		} else {
   687  			err := rRemovalInfo.AddGeneration(removalInfo)
   688  			if err != nil {
   689  				return nil, err
   690  			}
   691  		}
   692  	}
   693  
   694  	return wRemovalInfo.MergeUsers(rRemovalInfo)
   695  }
   696  
   697  // getTLFKeyBundles returns the bundles for a given key generation.
   698  // Note that it is legal a writer or a reader to have no keys in their
   699  // bundle, if they only have a Keybase username with no device keys
   700  // yet.
   701  func (md *RootMetadataV2) getTLFKeyBundles(keyGen KeyGen) (
   702  	*TLFWriterKeyBundleV2, *TLFReaderKeyBundleV2, error) {
   703  	if md.ID.Type() != tlf.Private {
   704  		return nil, nil, InvalidNonPrivateTLFOperation{md.ID, "getTLFKeyBundles", md.Version()}
   705  	}
   706  
   707  	if keyGen < FirstValidKeyGen {
   708  		return nil, nil, InvalidKeyGenerationError{md.ID, keyGen}
   709  	}
   710  	i := int(keyGen - FirstValidKeyGen)
   711  	if i >= len(md.WKeys) || i >= len(md.RKeys) {
   712  		return nil, nil, NewKeyGenerationError{md.ID, keyGen}
   713  	}
   714  	return &md.WKeys[i], &md.RKeys[i], nil
   715  }
   716  
   717  // GetUserDevicePublicKeys implements the RootMetadata interface
   718  // for RootMetadataV2.
   719  func (md *RootMetadataV2) GetUserDevicePublicKeys(_ ExtraMetadata) (
   720  	writerDeviceKeys, readerDeviceKeys UserDevicePublicKeys, err error) {
   721  	if md.TlfID().Type() != tlf.Private {
   722  		return nil, nil, InvalidNonPrivateTLFOperation{
   723  			md.TlfID(), "GetUserDevicePublicKeys", md.Version()}
   724  	}
   725  
   726  	if len(md.WKeys) == 0 || len(md.RKeys) == 0 {
   727  		return nil, nil, errors.New(
   728  			"GetUserDevicePublicKeys called with no key generations (V2)")
   729  	}
   730  
   731  	wUDKIM := md.WKeys[len(md.WKeys)-1]
   732  	rUDKIM := md.RKeys[len(md.RKeys)-1]
   733  
   734  	return wUDKIM.WKeys.ToPublicKeys(), rUDKIM.RKeys.ToPublicKeys(), nil
   735  }
   736  
   737  // GetTLFCryptKeyParams implements the RootMetadata interface for RootMetadataV2.
   738  func (md *RootMetadataV2) GetTLFCryptKeyParams(
   739  	keyGen KeyGen, user keybase1.UID, key kbfscrypto.CryptPublicKey,
   740  	_ ExtraMetadata) (
   741  	kbfscrypto.TLFEphemeralPublicKey, kbfscrypto.EncryptedTLFCryptKeyClientHalf,
   742  	kbfscrypto.TLFCryptKeyServerHalfID, bool, error) {
   743  	wkb, rkb, err := md.getTLFKeyBundles(keyGen)
   744  	if err != nil {
   745  		return kbfscrypto.TLFEphemeralPublicKey{},
   746  			kbfscrypto.EncryptedTLFCryptKeyClientHalf{},
   747  			kbfscrypto.TLFCryptKeyServerHalfID{}, false, err
   748  	}
   749  
   750  	dkim := wkb.WKeys[user]
   751  	if dkim == nil {
   752  		dkim = rkb.RKeys[user]
   753  		if dkim == nil {
   754  			return kbfscrypto.TLFEphemeralPublicKey{},
   755  				kbfscrypto.EncryptedTLFCryptKeyClientHalf{},
   756  				kbfscrypto.TLFCryptKeyServerHalfID{}, false, nil
   757  		}
   758  	}
   759  	info, ok := dkim[key.KID()]
   760  	if !ok {
   761  		return kbfscrypto.TLFEphemeralPublicKey{},
   762  			kbfscrypto.EncryptedTLFCryptKeyClientHalf{},
   763  			kbfscrypto.TLFCryptKeyServerHalfID{}, false, nil
   764  	}
   765  
   766  	_, _, ePubKey, err := GetEphemeralPublicKeyInfoV2(info, *wkb, *rkb)
   767  	if err != nil {
   768  		return kbfscrypto.TLFEphemeralPublicKey{},
   769  			kbfscrypto.EncryptedTLFCryptKeyClientHalf{},
   770  			kbfscrypto.TLFCryptKeyServerHalfID{}, false, err
   771  	}
   772  
   773  	return ePubKey, info.ClientHalf, info.ServerHalfID, true, nil
   774  }
   775  
   776  // IsValidAndSigned implements the RootMetadata interface for RootMetadataV2.
   777  func (md *RootMetadataV2) IsValidAndSigned(
   778  	_ context.Context, codec kbfscodec.Codec,
   779  	_ TeamMembershipChecker, extra ExtraMetadata,
   780  	_ kbfscrypto.VerifyingKey, _ keybase1.OfflineAvailability) error {
   781  	// Optimization -- if the WriterMetadata signature is nil, it
   782  	// will fail verification.
   783  	if md.WriterMetadataSigInfo.IsNil() {
   784  		return errors.New("Missing WriterMetadata signature")
   785  	}
   786  
   787  	if md.IsFinal() {
   788  		if md.Revision < RevisionInitial+1 {
   789  			return fmt.Errorf("Invalid final revision %d", md.Revision)
   790  		}
   791  
   792  		if md.Revision == (RevisionInitial + 1) {
   793  			if md.PrevRoot != (ID{}) {
   794  				return fmt.Errorf("Invalid PrevRoot %s for initial final revision", md.PrevRoot)
   795  			}
   796  		} else {
   797  			if md.PrevRoot == (ID{}) {
   798  				return errors.New("No PrevRoot for non-initial final revision")
   799  			}
   800  		}
   801  	} else {
   802  		if md.Revision < RevisionInitial {
   803  			return fmt.Errorf("Invalid revision %d", md.Revision)
   804  		}
   805  
   806  		if md.Revision == RevisionInitial {
   807  			if md.PrevRoot != (ID{}) {
   808  				return fmt.Errorf("Invalid PrevRoot %s for initial revision", md.PrevRoot)
   809  			}
   810  		} else {
   811  			if md.PrevRoot == (ID{}) {
   812  				return errors.New("No PrevRoot for non-initial revision")
   813  			}
   814  		}
   815  	}
   816  
   817  	if len(md.SerializedPrivateMetadata) == 0 {
   818  		return errors.New("No private metadata")
   819  	}
   820  
   821  	if (md.MergedStatus() == Merged) != (md.BID() == NullBranchID) {
   822  		return fmt.Errorf("Branch ID %s doesn't match merged status %s",
   823  			md.BID(), md.MergedStatus())
   824  	}
   825  
   826  	handle, err := md.MakeBareTlfHandle(extra)
   827  	if err != nil {
   828  		return err
   829  	}
   830  
   831  	// Make sure the last writer is valid.  TODO(KBFS-2185): for a
   832  	// team TLF, check that the writer is part of the team.
   833  	writer := md.LastModifyingWriter()
   834  	if !handle.IsWriter(writer.AsUserOrTeam()) {
   835  		return fmt.Errorf("Invalid modifying writer %s", writer)
   836  	}
   837  
   838  	// Make sure the last modifier is valid.
   839  	user := md.LastModifyingUser
   840  	if !handle.IsReader(user.AsUserOrTeam()) {
   841  		return fmt.Errorf("Invalid modifying user %s", user)
   842  	}
   843  
   844  	// Verify signature. We have to re-marshal the WriterMetadata,
   845  	// since it's embedded.
   846  	buf, err := codec.Encode(md.WriterMetadataV2)
   847  	if err != nil {
   848  		return err
   849  	}
   850  
   851  	err = kbfscrypto.Verify(buf, md.WriterMetadataSigInfo)
   852  	if err != nil {
   853  		return fmt.Errorf("Could not verify writer metadata: %v", err)
   854  	}
   855  
   856  	return nil
   857  }
   858  
   859  // IsLastModifiedBy implements the RootMetadata interface for
   860  // RootMetadataV2.
   861  func (md *RootMetadataV2) IsLastModifiedBy(
   862  	uid keybase1.UID, key kbfscrypto.VerifyingKey) error {
   863  	// Verify the user and device are the writer.
   864  	writer := md.LastModifyingWriter()
   865  	if !md.IsWriterMetadataCopiedSet() {
   866  		if writer != uid {
   867  			return fmt.Errorf("Last writer %s != %s", writer, uid)
   868  		}
   869  		if md.WriterMetadataSigInfo.VerifyingKey != key {
   870  			return fmt.Errorf(
   871  				"Last writer verifying key %v != %v",
   872  				md.WriterMetadataSigInfo.VerifyingKey, key)
   873  		}
   874  	}
   875  
   876  	// Verify the user and device are the last modifier.
   877  	user := md.GetLastModifyingUser()
   878  	if user != uid {
   879  		return fmt.Errorf("Last modifier %s != %s", user, uid)
   880  	}
   881  
   882  	return nil
   883  }
   884  
   885  // LastModifyingWriter implements the RootMetadata interface for RootMetadataV2.
   886  func (md *RootMetadataV2) LastModifyingWriter() keybase1.UID {
   887  	return md.WriterMetadataV2.LastModifyingWriter
   888  }
   889  
   890  // GetLastModifyingUser implements the RootMetadata interface for RootMetadataV2.
   891  func (md *RootMetadataV2) GetLastModifyingUser() keybase1.UID {
   892  	return md.LastModifyingUser
   893  }
   894  
   895  // RefBytes implements the RootMetadata interface for RootMetadataV2.
   896  func (md *RootMetadataV2) RefBytes() uint64 {
   897  	return md.WriterMetadataV2.RefBytes
   898  }
   899  
   900  // UnrefBytes implements the RootMetadata interface for RootMetadataV2.
   901  func (md *RootMetadataV2) UnrefBytes() uint64 {
   902  	return md.WriterMetadataV2.UnrefBytes
   903  }
   904  
   905  // MDRefBytes implements the RootMetadata interface for RootMetadataV2.
   906  func (md *RootMetadataV2) MDRefBytes() uint64 {
   907  	return md.WriterMetadataV2.MDRefBytes
   908  }
   909  
   910  // DiskUsage implements the RootMetadata interface for RootMetadataV2.
   911  func (md *RootMetadataV2) DiskUsage() uint64 {
   912  	return md.WriterMetadataV2.DiskUsage
   913  }
   914  
   915  // MDDiskUsage implements the RootMetadata interface for RootMetadataV2.
   916  func (md *RootMetadataV2) MDDiskUsage() uint64 {
   917  	return md.WriterMetadataV2.MDDiskUsage
   918  }
   919  
   920  // SetRefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   921  func (md *RootMetadataV2) SetRefBytes(refBytes uint64) {
   922  	md.WriterMetadataV2.RefBytes = refBytes
   923  }
   924  
   925  // SetUnrefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   926  func (md *RootMetadataV2) SetUnrefBytes(unrefBytes uint64) {
   927  	md.WriterMetadataV2.UnrefBytes = unrefBytes
   928  }
   929  
   930  // SetMDRefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   931  func (md *RootMetadataV2) SetMDRefBytes(mdRefBytes uint64) {
   932  	md.WriterMetadataV2.MDRefBytes = mdRefBytes
   933  }
   934  
   935  // SetDiskUsage implements the MutableRootMetadata interface for RootMetadataV2.
   936  func (md *RootMetadataV2) SetDiskUsage(diskUsage uint64) {
   937  	md.WriterMetadataV2.DiskUsage = diskUsage
   938  }
   939  
   940  // SetMDDiskUsage implements the MutableRootMetadata interface for RootMetadataV2.
   941  func (md *RootMetadataV2) SetMDDiskUsage(mdDiskUsage uint64) {
   942  	md.WriterMetadataV2.MDDiskUsage = mdDiskUsage
   943  }
   944  
   945  // AddRefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   946  func (md *RootMetadataV2) AddRefBytes(refBytes uint64) {
   947  	md.WriterMetadataV2.RefBytes += refBytes
   948  }
   949  
   950  // AddUnrefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   951  func (md *RootMetadataV2) AddUnrefBytes(unrefBytes uint64) {
   952  	md.WriterMetadataV2.UnrefBytes += unrefBytes
   953  }
   954  
   955  // AddMDRefBytes implements the MutableRootMetadata interface for RootMetadataV2.
   956  func (md *RootMetadataV2) AddMDRefBytes(mdRefBytes uint64) {
   957  	md.WriterMetadataV2.MDRefBytes += mdRefBytes
   958  }
   959  
   960  // AddDiskUsage implements the MutableRootMetadata interface for RootMetadataV2.
   961  func (md *RootMetadataV2) AddDiskUsage(diskUsage uint64) {
   962  	md.WriterMetadataV2.DiskUsage += diskUsage
   963  }
   964  
   965  // AddMDDiskUsage implements the MutableRootMetadata interface for RootMetadataV2.
   966  func (md *RootMetadataV2) AddMDDiskUsage(mdDiskUsage uint64) {
   967  	md.WriterMetadataV2.MDDiskUsage += mdDiskUsage
   968  }
   969  
   970  // RevisionNumber implements the RootMetadata interface for RootMetadataV2.
   971  func (md *RootMetadataV2) RevisionNumber() Revision {
   972  	return md.Revision
   973  }
   974  
   975  // BID implements the RootMetadata interface for RootMetadataV2.
   976  func (md *RootMetadataV2) BID() BranchID {
   977  	return md.WriterMetadataV2.BID
   978  }
   979  
   980  // GetPrevRoot implements the RootMetadata interface for RootMetadataV2.
   981  func (md *RootMetadataV2) GetPrevRoot() ID {
   982  	return md.PrevRoot
   983  }
   984  
   985  // ClearRekeyBit implements the MutableRootMetadata interface for RootMetadataV2.
   986  func (md *RootMetadataV2) ClearRekeyBit() {
   987  	md.Flags &= ^MetadataFlagRekey
   988  }
   989  
   990  // ClearWriterMetadataCopiedBit implements the MutableRootMetadata interface for RootMetadataV2.
   991  func (md *RootMetadataV2) ClearWriterMetadataCopiedBit() {
   992  	md.Flags &= ^MetadataFlagWriterMetadataCopied
   993  }
   994  
   995  // IsUnmergedSet implements the MutableRootMetadata interface for RootMetadataV2.
   996  func (md *RootMetadataV2) IsUnmergedSet() bool {
   997  	return (md.WriterMetadataV2.WFlags & MetadataFlagUnmerged) != 0
   998  }
   999  
  1000  // SetUnmerged implements the MutableRootMetadata interface for RootMetadataV2.
  1001  func (md *RootMetadataV2) SetUnmerged() {
  1002  	md.WriterMetadataV2.WFlags |= MetadataFlagUnmerged
  1003  }
  1004  
  1005  // SetBranchID implements the MutableRootMetadata interface for RootMetadataV2.
  1006  func (md *RootMetadataV2) SetBranchID(bid BranchID) {
  1007  	md.WriterMetadataV2.BID = bid
  1008  }
  1009  
  1010  // SetPrevRoot implements the MutableRootMetadata interface for RootMetadataV2.
  1011  func (md *RootMetadataV2) SetPrevRoot(mdID ID) {
  1012  	md.PrevRoot = mdID
  1013  }
  1014  
  1015  // GetSerializedPrivateMetadata implements the RootMetadata interface for RootMetadataV2.
  1016  func (md *RootMetadataV2) GetSerializedPrivateMetadata() []byte {
  1017  	return md.SerializedPrivateMetadata
  1018  }
  1019  
  1020  // SetSerializedPrivateMetadata implements the MutableRootMetadata interface for RootMetadataV2.
  1021  func (md *RootMetadataV2) SetSerializedPrivateMetadata(spmd []byte) {
  1022  	md.SerializedPrivateMetadata = spmd
  1023  }
  1024  
  1025  // GetSerializedWriterMetadata implements the RootMetadata interface for RootMetadataV2.
  1026  func (md *RootMetadataV2) GetSerializedWriterMetadata(
  1027  	codec kbfscodec.Codec) ([]byte, error) {
  1028  	return codec.Encode(md.WriterMetadataV2)
  1029  }
  1030  
  1031  // SignWriterMetadataInternally implements the MutableRootMetadata interface for RootMetadataV2.
  1032  func (md *RootMetadataV2) SignWriterMetadataInternally(
  1033  	ctx context.Context, codec kbfscodec.Codec,
  1034  	signer kbfscrypto.Signer) error {
  1035  	buf, err := codec.Encode(md.WriterMetadataV2)
  1036  	if err != nil {
  1037  		return err
  1038  	}
  1039  
  1040  	sigInfo, err := signer.Sign(ctx, buf)
  1041  	if err != nil {
  1042  		return err
  1043  	}
  1044  	md.WriterMetadataSigInfo = sigInfo
  1045  	return nil
  1046  }
  1047  
  1048  // SetLastModifyingWriter implements the MutableRootMetadata interface for RootMetadataV2.
  1049  func (md *RootMetadataV2) SetLastModifyingWriter(user keybase1.UID) {
  1050  	md.WriterMetadataV2.LastModifyingWriter = user
  1051  }
  1052  
  1053  // SetLastModifyingUser implements the MutableRootMetadata interface for RootMetadataV2.
  1054  func (md *RootMetadataV2) SetLastModifyingUser(user keybase1.UID) {
  1055  	md.LastModifyingUser = user
  1056  }
  1057  
  1058  // SetRekeyBit implements the MutableRootMetadata interface for RootMetadataV2.
  1059  func (md *RootMetadataV2) SetRekeyBit() {
  1060  	md.Flags |= MetadataFlagRekey
  1061  }
  1062  
  1063  // SetFinalBit implements the MutableRootMetadata interface for RootMetadataV2.
  1064  func (md *RootMetadataV2) SetFinalBit() {
  1065  	md.Flags |= MetadataFlagFinal
  1066  }
  1067  
  1068  // SetWriterMetadataCopiedBit implements the MutableRootMetadata interface for RootMetadataV2.
  1069  func (md *RootMetadataV2) SetWriterMetadataCopiedBit() {
  1070  	md.Flags |= MetadataFlagWriterMetadataCopied
  1071  }
  1072  
  1073  // SetRevision implements the MutableRootMetadata interface for RootMetadataV2.
  1074  func (md *RootMetadataV2) SetRevision(revision Revision) {
  1075  	md.Revision = revision
  1076  }
  1077  
  1078  // SetUnresolvedReaders implements the MutableRootMetadata interface for RootMetadataV2.
  1079  func (md *RootMetadataV2) SetUnresolvedReaders(readers []keybase1.SocialAssertion) {
  1080  	md.UnresolvedReaders = readers
  1081  }
  1082  
  1083  // SetUnresolvedWriters implements the MutableRootMetadata interface for RootMetadataV2.
  1084  func (md *RootMetadataV2) SetUnresolvedWriters(writers []keybase1.SocialAssertion) {
  1085  	md.Extra.UnresolvedWriters = writers
  1086  }
  1087  
  1088  // SetConflictInfo implements the MutableRootMetadata interface for RootMetadataV2.
  1089  func (md *RootMetadataV2) SetConflictInfo(ci *tlf.HandleExtension) {
  1090  	md.ConflictInfo = ci
  1091  }
  1092  
  1093  // SetFinalizedInfo implements the MutableRootMetadata interface for RootMetadataV2.
  1094  func (md *RootMetadataV2) SetFinalizedInfo(fi *tlf.HandleExtension) {
  1095  	md.FinalizedInfo = fi
  1096  }
  1097  
  1098  // SetWriters implements the MutableRootMetadata interface for RootMetadataV2.
  1099  func (md *RootMetadataV2) SetWriters(writers []keybase1.UserOrTeamID) {
  1100  	md.Writers = writers
  1101  }
  1102  
  1103  // ClearForV4Migration implements the MutableRootMetadata interface
  1104  // for RootMetadataV2.
  1105  func (md *RootMetadataV2) ClearForV4Migration() {
  1106  	md.WKeys = nil
  1107  	md.RKeys = nil
  1108  	md.Extra.UnresolvedWriters = nil
  1109  	md.UnresolvedReaders = nil
  1110  }
  1111  
  1112  // SetTlfID implements the MutableRootMetadata interface for RootMetadataV2.
  1113  func (md *RootMetadataV2) SetTlfID(tlf tlf.ID) {
  1114  	md.ID = tlf
  1115  }
  1116  
  1117  // ClearFinalBit implements the MutableRootMetadata interface for RootMetadataV2.
  1118  func (md *RootMetadataV2) ClearFinalBit() {
  1119  	md.Flags &= ^MetadataFlagFinal
  1120  }
  1121  
  1122  // Version implements the MutableRootMetadata interface for RootMetadataV2.
  1123  func (md *RootMetadataV2) Version() MetadataVer {
  1124  	// Only folders with unresolved assertions or conflict info get the
  1125  	// new version.
  1126  	if len(md.Extra.UnresolvedWriters) > 0 || len(md.UnresolvedReaders) > 0 ||
  1127  		md.ConflictInfo != nil ||
  1128  		md.FinalizedInfo != nil {
  1129  		return InitialExtraMetadataVer
  1130  	}
  1131  	// Let other types of MD objects use the older version since they
  1132  	// are still compatible with older clients.
  1133  	return PreExtraMetadataVer
  1134  }
  1135  
  1136  // GetCurrentTLFPublicKey implements the RootMetadata interface
  1137  // for RootMetadataV2.
  1138  func (md *RootMetadataV2) GetCurrentTLFPublicKey(
  1139  	_ ExtraMetadata) (kbfscrypto.TLFPublicKey, error) {
  1140  	if len(md.WKeys) == 0 {
  1141  		return kbfscrypto.TLFPublicKey{}, errors.New(
  1142  			"No key generations in GetCurrentTLFPublicKey")
  1143  	}
  1144  	return md.WKeys[len(md.WKeys)-1].TLFPublicKey, nil
  1145  }
  1146  
  1147  // GetUnresolvedParticipants implements the RootMetadata interface
  1148  // for RootMetadataV2.
  1149  func (md *RootMetadataV2) GetUnresolvedParticipants() []keybase1.SocialAssertion {
  1150  	writers := md.WriterMetadataV2.Extra.UnresolvedWriters
  1151  	readers := md.UnresolvedReaders
  1152  	users := make([]keybase1.SocialAssertion, 0, len(writers)+len(readers))
  1153  	users = append(users, writers...)
  1154  	users = append(users, readers...)
  1155  	return users
  1156  }
  1157  
  1158  func (md *RootMetadataV2) updateKeyGenerationForReaderRekey(
  1159  	codec kbfscodec.Codec, keyGen KeyGen,
  1160  	updatedReaderKeys UserDevicePublicKeys,
  1161  	ePubKey kbfscrypto.TLFEphemeralPublicKey,
  1162  	ePrivKey kbfscrypto.TLFEphemeralPrivateKey,
  1163  	tlfCryptKey kbfscrypto.TLFCryptKey) (UserDeviceKeyServerHalves, error) {
  1164  	if len(updatedReaderKeys) != 1 {
  1165  		return nil, fmt.Errorf("Expected updatedReaderKeys to have only one entry, got %d",
  1166  			len(updatedReaderKeys))
  1167  	}
  1168  
  1169  	_, rkb, err := md.getTLFKeyBundles(keyGen)
  1170  	if err != nil {
  1171  		return nil, err
  1172  	}
  1173  
  1174  	// This is VERY ugly, but we need it in order to avoid
  1175  	// having to version the metadata. The index will be
  1176  	// strictly negative for reader ephemeral public keys.
  1177  	newIndex := -len(rkb.TLFReaderEphemeralPublicKeys) - 1
  1178  
  1179  	rServerHalves, err := rkb.RKeys.FillInUserInfos(
  1180  		newIndex, updatedReaderKeys, ePrivKey, tlfCryptKey)
  1181  	if err != nil {
  1182  		return nil, err
  1183  	}
  1184  
  1185  	// If we didn't fill in any new user infos, don't add a new
  1186  	// ephemeral key.
  1187  	if len(rServerHalves) > 0 {
  1188  		rkb.TLFReaderEphemeralPublicKeys = append(
  1189  			rkb.TLFReaderEphemeralPublicKeys, ePubKey)
  1190  	}
  1191  
  1192  	return rServerHalves, nil
  1193  }
  1194  
  1195  func (md *RootMetadataV2) updateKeyGeneration(
  1196  	keyGen KeyGen,
  1197  	updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys,
  1198  	ePubKey kbfscrypto.TLFEphemeralPublicKey,
  1199  	ePrivKey kbfscrypto.TLFEphemeralPrivateKey,
  1200  	tlfCryptKey kbfscrypto.TLFCryptKey) (UserDeviceKeyServerHalves, error) {
  1201  	if len(updatedWriterKeys) == 0 {
  1202  		return nil, errors.New(
  1203  			"updatedWriterKeys unexpectedly non-empty")
  1204  	}
  1205  
  1206  	wkb, rkb, err := md.getTLFKeyBundles(keyGen)
  1207  	if err != nil {
  1208  		return nil, err
  1209  	}
  1210  
  1211  	newIndex := len(wkb.TLFEphemeralPublicKeys)
  1212  
  1213  	wServerHalves, err := wkb.WKeys.FillInUserInfos(
  1214  		newIndex, updatedWriterKeys, ePrivKey, tlfCryptKey)
  1215  	if err != nil {
  1216  		return nil, err
  1217  	}
  1218  
  1219  	rServerHalves, err := rkb.RKeys.FillInUserInfos(
  1220  		newIndex, updatedReaderKeys, ePrivKey, tlfCryptKey)
  1221  	if err != nil {
  1222  		return nil, err
  1223  	}
  1224  
  1225  	serverHalves, err := wServerHalves.MergeUsers(rServerHalves)
  1226  	if err != nil {
  1227  		return nil, err
  1228  	}
  1229  
  1230  	// If we didn't fill in any new user infos, don't add a new
  1231  	// ephemeral key.
  1232  	if len(serverHalves) > 0 {
  1233  		wkb.TLFEphemeralPublicKeys =
  1234  			append(wkb.TLFEphemeralPublicKeys, ePubKey)
  1235  	}
  1236  
  1237  	return serverHalves, nil
  1238  }
  1239  
  1240  // AddKeyGeneration implements the MutableRootMetadata interface
  1241  // for RootMetadataV2.
  1242  func (md *RootMetadataV2) AddKeyGeneration(
  1243  	codec kbfscodec.Codec, extra ExtraMetadata,
  1244  	updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys,
  1245  	ePubKey kbfscrypto.TLFEphemeralPublicKey,
  1246  	ePrivKey kbfscrypto.TLFEphemeralPrivateKey,
  1247  	pubKey kbfscrypto.TLFPublicKey,
  1248  	currCryptKey, nextCryptKey kbfscrypto.TLFCryptKey) (
  1249  	nextExtra ExtraMetadata,
  1250  	serverHalves UserDeviceKeyServerHalves, err error) {
  1251  	if md.TlfID().Type() != tlf.Private {
  1252  		return nil, nil, InvalidNonPrivateTLFOperation{
  1253  			md.TlfID(), "AddKeyGeneration", md.Version()}
  1254  	}
  1255  
  1256  	if len(updatedWriterKeys) == 0 {
  1257  		return nil, nil, errors.New(
  1258  			"updatedWriterKeys unexpectedly non-empty")
  1259  	}
  1260  
  1261  	if currCryptKey != (kbfscrypto.TLFCryptKey{}) {
  1262  		return nil, nil, errors.New("currCryptKey unexpectedly non-zero")
  1263  	}
  1264  
  1265  	if len(md.WKeys) != len(md.RKeys) {
  1266  		return nil, nil, fmt.Errorf(
  1267  			"Have %d writer key gens, but %d reader key gens",
  1268  			len(md.WKeys), len(md.RKeys))
  1269  	}
  1270  
  1271  	if len(md.WKeys) > 0 {
  1272  		existingWriterKeys :=
  1273  			md.WKeys[len(md.WKeys)-1].WKeys.ToPublicKeys()
  1274  		if !existingWriterKeys.Equals(updatedWriterKeys) {
  1275  			return nil, nil, fmt.Errorf(
  1276  				"existingWriterKeys=%+v != updatedWriterKeys=%+v",
  1277  				existingWriterKeys, updatedWriterKeys)
  1278  		}
  1279  
  1280  		existingReaderKeys :=
  1281  			md.RKeys[len(md.RKeys)-1].RKeys.ToPublicKeys()
  1282  		if !existingReaderKeys.Equals(updatedReaderKeys) {
  1283  			return nil, nil, fmt.Errorf(
  1284  				"existingReaderKeys=%+v != updatedReaderKeys=%+v",
  1285  				existingReaderKeys, updatedReaderKeys)
  1286  		}
  1287  	}
  1288  
  1289  	newWriterKeys := TLFWriterKeyBundleV2{
  1290  		WKeys:        make(UserDeviceKeyInfoMapV2),
  1291  		TLFPublicKey: pubKey,
  1292  	}
  1293  	md.WKeys = append(md.WKeys, newWriterKeys)
  1294  
  1295  	newReaderKeys := TLFReaderKeyBundleV2{
  1296  		RKeys: make(UserDeviceKeyInfoMapV2),
  1297  	}
  1298  	md.RKeys = append(md.RKeys, newReaderKeys)
  1299  
  1300  	serverHalves, err = md.updateKeyGeneration(
  1301  		md.LatestKeyGeneration(), updatedWriterKeys,
  1302  		updatedReaderKeys, ePubKey, ePrivKey, nextCryptKey)
  1303  	if err != nil {
  1304  		return nil, nil, err
  1305  	}
  1306  
  1307  	return nil, serverHalves, nil
  1308  }
  1309  
  1310  // SetLatestKeyGenerationForTeamTLF implements the
  1311  // MutableRootMetadata interface for RootMetadataV2.
  1312  func (md *RootMetadataV2) SetLatestKeyGenerationForTeamTLF(keyGen KeyGen) {
  1313  	panic("RootMetadataV2 doesn't support team TLFs")
  1314  }
  1315  
  1316  // UpdateKeyBundles implements the MutableRootMetadata interface
  1317  // for RootMetadataV2.
  1318  func (md *RootMetadataV2) UpdateKeyBundles(codec kbfscodec.Codec,
  1319  	_ ExtraMetadata,
  1320  	updatedWriterKeys, updatedReaderKeys UserDevicePublicKeys,
  1321  	ePubKey kbfscrypto.TLFEphemeralPublicKey,
  1322  	ePrivKey kbfscrypto.TLFEphemeralPrivateKey,
  1323  	tlfCryptKeys []kbfscrypto.TLFCryptKey) (
  1324  	[]UserDeviceKeyServerHalves, error) {
  1325  	if md.TlfID().Type() != tlf.Private {
  1326  		return nil, InvalidNonPrivateTLFOperation{
  1327  			md.TlfID(), "UpdateKeyBundles", md.Version()}
  1328  	}
  1329  
  1330  	expectedTLFCryptKeyCount := int(
  1331  		md.LatestKeyGeneration() - FirstValidKeyGen + 1)
  1332  	if len(tlfCryptKeys) != expectedTLFCryptKeyCount {
  1333  		return nil, fmt.Errorf(
  1334  			"(MDv2) Expected %d TLF crypt keys, got %d",
  1335  			expectedTLFCryptKeyCount, len(tlfCryptKeys))
  1336  	}
  1337  
  1338  	serverHalves := make([]UserDeviceKeyServerHalves, len(tlfCryptKeys))
  1339  	if len(updatedWriterKeys) == 0 {
  1340  		// Reader rekey case.
  1341  
  1342  		for keyGen := FirstValidKeyGen; keyGen <= md.LatestKeyGeneration(); keyGen++ {
  1343  			serverHalvesGen, err :=
  1344  				md.updateKeyGenerationForReaderRekey(codec,
  1345  					keyGen, updatedReaderKeys,
  1346  					ePubKey, ePrivKey,
  1347  					tlfCryptKeys[keyGen-FirstValidKeyGen])
  1348  			if err != nil {
  1349  				return nil, err
  1350  			}
  1351  
  1352  			serverHalves[keyGen-FirstValidKeyGen] = serverHalvesGen
  1353  		}
  1354  
  1355  		return serverHalves, nil
  1356  	}
  1357  
  1358  	// Usual rekey case.
  1359  
  1360  	for keyGen := FirstValidKeyGen; keyGen <= md.LatestKeyGeneration(); keyGen++ {
  1361  		serverHalvesGen, err := md.updateKeyGeneration(
  1362  			keyGen, updatedWriterKeys, updatedReaderKeys,
  1363  			ePubKey, ePrivKey,
  1364  			tlfCryptKeys[keyGen-FirstValidKeyGen])
  1365  		if err != nil {
  1366  			return nil, err
  1367  		}
  1368  
  1369  		serverHalves[keyGen-FirstValidKeyGen] = serverHalvesGen
  1370  	}
  1371  	return serverHalves, nil
  1372  
  1373  }
  1374  
  1375  // GetTLFWriterKeyBundleID implements the RootMetadata interface for RootMetadataV2.
  1376  func (md *RootMetadataV2) GetTLFWriterKeyBundleID() TLFWriterKeyBundleID {
  1377  	// Since key bundles are stored internally, just return the zero value.
  1378  	return TLFWriterKeyBundleID{}
  1379  }
  1380  
  1381  // GetTLFReaderKeyBundleID implements the RootMetadata interface for RootMetadataV2.
  1382  func (md *RootMetadataV2) GetTLFReaderKeyBundleID() TLFReaderKeyBundleID {
  1383  	// Since key bundles are stored internally, just return the zero value.
  1384  	return TLFReaderKeyBundleID{}
  1385  }
  1386  
  1387  // FinalizeRekey implements the MutableRootMetadata interface for RootMetadataV2.
  1388  func (md *RootMetadataV2) FinalizeRekey(
  1389  	_ kbfscodec.Codec, _ ExtraMetadata) error {
  1390  	// Nothing to do.
  1391  	return nil
  1392  }
  1393  
  1394  // StoresHistoricTLFCryptKeys implements the RootMetadata interface for RootMetadataV2.
  1395  func (md *RootMetadataV2) StoresHistoricTLFCryptKeys() bool {
  1396  	// MDv2 metadata contains only per device encrypted keys.
  1397  	return false
  1398  }
  1399  
  1400  // GetHistoricTLFCryptKey implements the RootMetadata interface for RootMetadataV2.
  1401  func (md *RootMetadataV2) GetHistoricTLFCryptKey(
  1402  	_ kbfscodec.Codec, _ KeyGen, _ kbfscrypto.TLFCryptKey, _ ExtraMetadata) (
  1403  	kbfscrypto.TLFCryptKey, error) {
  1404  	return kbfscrypto.TLFCryptKey{}, errors.New(
  1405  		"TLF crypt key not symmetrically encrypted")
  1406  }