github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/libkbfs/crypto_common.go (about) 1 // Copyright 2016 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package libkbfs 6 7 import ( 8 "crypto/rand" 9 10 "github.com/keybase/client/go/kbfs/data" 11 "github.com/keybase/client/go/kbfs/kbfsblock" 12 "github.com/keybase/client/go/kbfs/kbfscodec" 13 "github.com/keybase/client/go/kbfs/kbfscrypto" 14 "github.com/keybase/client/go/kbfs/kbfsmd" 15 "github.com/keybase/client/go/kbfs/tlf" 16 "github.com/pkg/errors" 17 "golang.org/x/crypto/nacl/box" 18 ) 19 20 // CryptoCommon contains many of the function implementations need for 21 // the Crypto interface, which can be reused by other implementations. 22 type CryptoCommon struct { 23 codec kbfscodec.Codec 24 blockCryptVersioner blockCryptVersioner 25 } 26 27 var _ cryptoPure = (*CryptoCommon)(nil) 28 29 // MakeCryptoCommon returns a default CryptoCommon object. 30 func MakeCryptoCommon( 31 codec kbfscodec.Codec, 32 blockCryptVersioner blockCryptVersioner) CryptoCommon { 33 return CryptoCommon{codec, blockCryptVersioner} 34 } 35 36 // MakeRandomTlfID implements the Crypto interface for CryptoCommon. 37 func (c CryptoCommon) MakeRandomTlfID(t tlf.Type) (tlf.ID, error) { 38 return tlf.MakeRandomID(t) 39 } 40 41 // MakeRandomBranchID implements the Crypto interface for CryptoCommon. 42 func (c CryptoCommon) MakeRandomBranchID() (kbfsmd.BranchID, error) { 43 return kbfsmd.MakeRandomBranchID() 44 } 45 46 // MakeTemporaryBlockID implements the Crypto interface for CryptoCommon. 47 func (c CryptoCommon) MakeTemporaryBlockID() (kbfsblock.ID, error) { 48 return kbfsblock.MakeTemporaryID() 49 } 50 51 // MakeBlockRefNonce implements the Crypto interface for CryptoCommon. 52 func (c CryptoCommon) MakeBlockRefNonce() (nonce kbfsblock.RefNonce, err error) { 53 return kbfsblock.MakeRefNonce() 54 } 55 56 // MakeRandomBlockCryptKeyServerHalf implements the Crypto interface 57 // for CryptoCommon. 58 func (c CryptoCommon) MakeRandomBlockCryptKeyServerHalf() ( 59 kbfscrypto.BlockCryptKeyServerHalf, error) { 60 return kbfscrypto.MakeRandomBlockCryptKeyServerHalf() 61 } 62 63 // MakeRandomTLFEphemeralKeys implements the Crypto interface for 64 // CryptoCommon. 65 func (c CryptoCommon) MakeRandomTLFEphemeralKeys() ( 66 kbfscrypto.TLFEphemeralPublicKey, kbfscrypto.TLFEphemeralPrivateKey, 67 error) { 68 return kbfscrypto.MakeRandomTLFEphemeralKeys() 69 } 70 71 // MakeRandomTLFKeys implements the Crypto interface for CryptoCommon. 72 func (c CryptoCommon) MakeRandomTLFKeys() (kbfscrypto.TLFPublicKey, 73 kbfscrypto.TLFPrivateKey, kbfscrypto.TLFCryptKey, error) { 74 publicKey, privateKey, err := box.GenerateKey(rand.Reader) 75 if err != nil { 76 return kbfscrypto.TLFPublicKey{}, kbfscrypto.TLFPrivateKey{}, 77 kbfscrypto.TLFCryptKey{}, errors.WithStack(err) 78 } 79 80 pubKey := kbfscrypto.MakeTLFPublicKey(*publicKey) 81 privKey := kbfscrypto.MakeTLFPrivateKey(*privateKey) 82 83 cryptKey, err := kbfscrypto.MakeRandomTLFCryptKey() 84 if err != nil { 85 return kbfscrypto.TLFPublicKey{}, kbfscrypto.TLFPrivateKey{}, 86 kbfscrypto.TLFCryptKey{}, err 87 } 88 89 return pubKey, privKey, cryptKey, nil 90 } 91 92 // EncryptPrivateMetadata implements the Crypto interface for CryptoCommon. 93 func (c CryptoCommon) EncryptPrivateMetadata( 94 pmd PrivateMetadata, key kbfscrypto.TLFCryptKey) ( 95 encryptedPmd kbfscrypto.EncryptedPrivateMetadata, err error) { 96 encodedPmd, err := c.codec.Encode(pmd) 97 if err != nil { 98 return kbfscrypto.EncryptedPrivateMetadata{}, err 99 } 100 101 return kbfscrypto.EncryptEncodedPrivateMetadata(encodedPmd, key) 102 } 103 104 // DecryptPrivateMetadata implements the Crypto interface for CryptoCommon. 105 func (c CryptoCommon) DecryptPrivateMetadata( 106 encryptedPmd kbfscrypto.EncryptedPrivateMetadata, key kbfscrypto.TLFCryptKey) ( 107 PrivateMetadata, error) { 108 encodedPrivateMetadata, err := kbfscrypto.DecryptPrivateMetadata( 109 encryptedPmd, key) 110 if err != nil { 111 return PrivateMetadata{}, err 112 } 113 114 var pmd PrivateMetadata 115 err = c.codec.Decode(encodedPrivateMetadata, &pmd) 116 if err != nil { 117 return PrivateMetadata{}, err 118 } 119 120 return pmd, nil 121 } 122 123 // EncryptBlock implements the Crypto interface for CryptoCommon. 124 func (c CryptoCommon) EncryptBlock( 125 block data.Block, tlfCryptKey kbfscrypto.TLFCryptKey, 126 blockServerHalf kbfscrypto.BlockCryptKeyServerHalf) ( 127 plainSize int, encryptedBlock kbfscrypto.EncryptedBlock, err error) { 128 encodedBlock, err := c.codec.Encode(block) 129 if err != nil { 130 return -1, kbfscrypto.EncryptedBlock{}, err 131 } 132 133 paddedBlock, err := kbfscrypto.PadBlock(encodedBlock) 134 if err != nil { 135 return -1, kbfscrypto.EncryptedBlock{}, err 136 } 137 138 encryptedBlock, err = 139 kbfscrypto.EncryptPaddedEncodedBlock( 140 paddedBlock, tlfCryptKey, blockServerHalf, 141 c.blockCryptVersioner.BlockCryptVersion()) 142 if err != nil { 143 return -1, kbfscrypto.EncryptedBlock{}, err 144 } 145 146 plainSize = len(encodedBlock) 147 return plainSize, encryptedBlock, nil 148 } 149 150 // DecryptBlock implements the Crypto interface for CryptoCommon. 151 func (c CryptoCommon) DecryptBlock( 152 encryptedBlock kbfscrypto.EncryptedBlock, 153 tlfCryptKey kbfscrypto.TLFCryptKey, 154 blockServerHalf kbfscrypto.BlockCryptKeyServerHalf, block data.Block) error { 155 var paddedBlock []byte 156 paddedBlock, err := kbfscrypto.DecryptBlock( 157 encryptedBlock, tlfCryptKey, blockServerHalf) 158 if err != nil { 159 return err 160 } 161 162 encodedBlock, err := kbfscrypto.DepadBlock(paddedBlock) 163 if err != nil { 164 return err 165 } 166 167 err = c.codec.Decode(encodedBlock, &block) 168 if err != nil { 169 return errors.WithStack(BlockDecodeError{err}) 170 } 171 return nil 172 }