github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/sig3/prot.go (about) 1 package sig3 2 3 import ( 4 keybase1 "github.com/keybase/client/go/protocol/keybase1" 5 ) 6 7 type UID [16]byte 8 type LinkType int 9 type ChainType = keybase1.SeqType 10 type SigVersion int 11 type LinkID [32]byte 12 type Seqno = keybase1.Seqno 13 type Time = keybase1.Time 14 type TimeSec int64 15 type IgnoreIfUnsupported bool 16 type KID = keybase1.BinaryKID 17 type TeamID [16]byte 18 type PerTeamKeyGeneration = keybase1.PerTeamKeyGeneration 19 type Entropy []byte 20 type Sig [64]byte 21 type PTKType = keybase1.PTKType 22 type AppkeyDerivationVersion int 23 24 const ( 25 SigVersion3 SigVersion = 3 26 ) 27 28 const ( 29 AppkeyDerivationXOR AppkeyDerivationVersion = 1 30 ) 31 32 // These values are picked so they don't conflict with Sigchain V1 and V2 link types 33 const ( 34 LinkTypeNone LinkType = 0 35 LinkTypeUserPeg LinkType = 65 36 LinkTypeRotateKey LinkType = 81 37 ) 38 39 // The values are picked so they don't conflict with Sigchain V1 and V2 SeqType's 40 const ( 41 ChainTypeUserPrivateHidden = keybase1.SeqType_USER_PRIVATE_HIDDEN 42 ChainTypeTeamPrivateHidden = keybase1.SeqType_TEAM_PRIVATE_HIDDEN 43 ) 44 45 // OuterLink V3 is the third version of Keybase sigchain signatures, it roughly approximates 46 // the outer link v2s that we have previously used. 47 type OuterLink struct { 48 _struct bool `codec:",toarray"` //nolint 49 Version SigVersion `codec:"version"` // should be 3 50 Seqno Seqno `codec:"seqno"` 51 Prev *LinkID `codec:"prev"` 52 InnerLinkID LinkID `codec:"curr"` // hash of the msgpack of the InnerLink 53 LinkType LinkType `codec:"type"` // hash of the msgpack of the previous OuterLink 54 ChainType ChainType `codec:"chaintype"` 55 IgnoreIfUnsupported IgnoreIfUnsupported `codec:"ignore_if_unsupported"` 56 // New field for V3; if this link is encrypted, specify the format, nonce and PUK 57 EncryptionParameters *EncryptionParameters `codec:"encryption_parameters"` 58 } 59 60 type InnerLink struct { 61 Body interface{} `codec:"b"` // The actual body, which varies based on the type in the outer link 62 Ctime TimeSec `codec:"c"` // Seconds since 1970 UTC. 63 Entropy Entropy `codec:"e"` // entropy for hiding the value of the inner link 64 ClientInfo *ClientInfo `codec:"i,omitempty"` // Optional client type making sig 65 MerkleRoot MerkleRoot `codec:"m"` // Optional snapshot of merkle root at time of sig 66 ParentChain Tail `codec:"p"` // grab of the most-recent chain tail of the corresponding parent chain 67 Signer Signer `codec:"s"` // Info on the signer, including UID, KID and eldest 68 Team *Team `codec:"t"` // for teams, and null otherwise 69 } 70 71 type Signer struct { 72 EldestSeqno keybase1.Seqno `codec:"e"` 73 KID KID `codec:"k"` 74 UID UID `codec:"u"` 75 } 76 77 type Team struct { 78 Admin *ChainLocation `codec:"a,omitempty"` // If working as an implicit admin, where that permission comes from 79 TeamID TeamID `codec:"i"` 80 IsImplicit bool `codec:"m"` 81 IsPublic bool `codec:"p"` 82 } 83 84 type ChainLocation struct { 85 TeamID TeamID `codec:"i"` 86 Seqno Seqno `codec:"s"` 87 ChainType ChainType `codec:"t"` 88 } 89 90 type MerkleRoot struct { 91 Ctime TimeSec `codec:"c"` 92 Hash []byte `codec:"h"` // HashMeta of the MerkleRoot 93 Seqno Seqno `codec:"s"` 94 } 95 96 type ClientInfo struct { 97 Desc string `codec:"d"` 98 Version string `codec:"v"` 99 } 100 101 // If the inner link is encrypted, we specify the encryption parameters 102 // with this offloaded structure. So far, we don't know of any such encrypted 103 // payloads, but we'll allow it. 104 type EncryptionParameters struct { 105 KID KID `codec:"k"` 106 Nonce []byte `codec:"n"` 107 Version int `codec:"v"` 108 } 109 110 type Tail struct { 111 Hash LinkID `codec:"h" json:"link_id"` // hash of the outer link 112 Seqno Seqno `codec:"s" json:"seqno"` 113 ChainType ChainType `codec:"t" json:"chain_type"` 114 } 115 116 type RotateKeyBody struct { 117 PTKs []PerTeamKey `codec:"k"` 118 } 119 120 type PerTeamKey struct { 121 AppkeyDerivationVersion AppkeyDerivationVersion `codec:"a"` 122 SeedCheck keybase1.PerTeamSeedCheckPostImage `codec:"c"` // SHA256(f(i)); see teams.avdl for f(i) definition 123 EncryptionKID KID `codec:"e"` 124 Generation PerTeamKeyGeneration `codec:"g"` 125 ReverseSig *Sig `codec:"r"` // Can be null if we are checking sigs 126 SigningKID KID `codec:"s"` 127 PTKType PTKType `codec:"t"` 128 } 129 130 // Sig3ExportJSON is for communicating with the API server. 131 type ExportJSON struct { 132 Inner string `json:"i,omitempty"` 133 Outer string `json:"o,omitempty"` 134 Sig string `json:"s,omitempty"` 135 } 136 137 // Sig3Bundle is for storing sig3 links locally 138 type Sig3Bundle struct { 139 Inner *InnerLink `json:"i,omitempty"` 140 Outer OuterLink `json:"o"` 141 Sig *Sig `json:"s,omitempty"` 142 }