github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/teambot/bot_keyer.go (about) 1 package teambot 2 3 import ( 4 "context" 5 "errors" 6 "fmt" 7 "log" 8 "time" 9 10 lru "github.com/hashicorp/golang-lru" 11 "github.com/keybase/client/go/encrypteddb" 12 "github.com/keybase/client/go/libkb" 13 "github.com/keybase/client/go/protocol/keybase1" 14 "github.com/keybase/client/go/teams" 15 "github.com/keybase/clockwork" 16 ) 17 18 const botKeyStorageVersion = 1 19 20 type BotKeyer struct { 21 locktab *libkb.LockTable 22 lru *lru.Cache 23 edb *encrypteddb.EncryptedDB 24 clock clockwork.Clock 25 26 maxRemoteTries int 27 } 28 29 var _ libkb.TeambotBotKeyer = (*BotKeyer)(nil) 30 31 func NewBotKeyer(mctx libkb.MetaContext) *BotKeyer { 32 keyFn := func(ctx context.Context) ([32]byte, error) { 33 return encrypteddb.GetSecretBoxKey(ctx, mctx.G(), 34 libkb.EncryptionReasonTeambotKeyLocalStorage, "encrypting teambot keys cache") 35 } 36 dbFn := func(g *libkb.GlobalContext) *libkb.JSONLocalDb { 37 return g.LocalDb 38 } 39 nlru, err := lru.New(lruSize) 40 if err != nil { 41 // lru.New only panics if size <= 0 42 log.Panicf("Could not create lru cache: %v", err) 43 } 44 return &BotKeyer{ 45 edb: encrypteddb.New(mctx.G(), dbFn, keyFn), 46 lru: nlru, 47 locktab: libkb.NewLockTable(), 48 clock: clockwork.NewRealClock(), 49 maxRemoteTries: 10, 50 } 51 } 52 53 func (k *BotKeyer) SetClock(clock clockwork.Clock) { 54 k.clock = clock 55 } 56 57 func (k *BotKeyer) lockKey(teamID keybase1.TeamID) string { 58 return teamID.String() 59 } 60 61 func (k *BotKeyer) cacheKey(mctx libkb.MetaContext, teamID keybase1.TeamID, 62 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (string, error) { 63 uv, err := mctx.G().GetMeUV(mctx.Ctx()) 64 if err != nil { 65 return "", err 66 } 67 key := fmt.Sprintf("teambotKey-%d-%s-%s-%d-%d-%d", botKeyStorageVersion, teamID, uv.Uid, 68 uv.EldestSeqno, app, generation) 69 return key, nil 70 } 71 72 func (k *BotKeyer) dbKey(cacheKey string) libkb.DbKey { 73 return libkb.DbKey{ 74 Typ: libkb.DBTeambotKey, 75 Key: cacheKey, 76 } 77 } 78 79 func (k *BotKeyer) DeleteTeambotKeyForTest(mctx libkb.MetaContext, teamID keybase1.TeamID, 80 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (err error) { 81 defer mctx.Trace(fmt.Sprintf("botKeyer#DeleteTeambotKeyForTest: teamID:%v, app:%v, generation:%v", 82 teamID, app, generation), &err)() 83 84 lock := k.locktab.AcquireOnName(mctx.Ctx(), mctx.G(), k.lockKey(teamID)) 85 defer lock.Release(mctx.Ctx()) 86 87 boxKey, err := k.cacheKey(mctx, teamID, app, generation) 88 if err != nil { 89 return err 90 } 91 k.lru.Remove(boxKey) 92 93 dbKey := k.dbKey(boxKey) 94 err = k.edb.Delete(mctx.Ctx(), dbKey) 95 return err 96 } 97 98 func (k *BotKeyer) get(mctx libkb.MetaContext, teamID keybase1.TeamID, app keybase1.TeamApplication, 99 generation keybase1.TeambotKeyGeneration) (key keybase1.TeambotKey, wrongKID bool, err error) { 100 defer mctx.Trace(fmt.Sprintf("botKeyer#get: teamID:%v, app:%v, generation:%v, ", teamID, app, generation), 101 &err)() 102 103 key, found, err := k.getFromStorage(mctx, teamID, app, generation) 104 if err != nil { 105 return key, false, err 106 } else if found { 107 return key, false, nil 108 } 109 110 return k.fetchAndStore(mctx, teamID, app, generation) 111 } 112 113 func (k *BotKeyer) getFromStorage(mctx libkb.MetaContext, teamID keybase1.TeamID, 114 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (key keybase1.TeambotKey, found bool, err error) { 115 boxKey, err := k.cacheKey(mctx, teamID, app, generation) 116 if err != nil { 117 return key, false, err 118 } 119 120 res, found := k.lru.Get(boxKey) 121 if found { 122 key, ok := res.(keybase1.TeambotKey) 123 if !ok { 124 return key, false, fmt.Errorf("unable to load teambotkey from cache found %T, expected %T", res, keybase1.TeambotKey{}) 125 } 126 return key, true, nil 127 } 128 129 dbKey := k.dbKey(boxKey) 130 found, err = k.edb.Get(mctx.Ctx(), dbKey, &key) 131 if err != nil { 132 mctx.Debug("Unable to fetch from disk err: %v", err) 133 return keybase1.TeambotKey{}, false, nil 134 } 135 if !found { 136 return keybase1.TeambotKey{}, false, nil 137 } 138 139 // add to in-mem cache 140 k.lru.Add(boxKey, key) 141 return key, true, nil 142 } 143 144 func (k *BotKeyer) put(mctx libkb.MetaContext, teamID keybase1.TeamID, 145 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration, key keybase1.TeambotKey) error { 146 147 boxKey, err := k.cacheKey(mctx, teamID, app, generation) 148 if err != nil { 149 return err 150 } 151 dbKey := k.dbKey(boxKey) 152 if err = k.edb.Put(mctx.Ctx(), dbKey, key); err != nil { 153 return err 154 } 155 k.lru.Add(boxKey, key) 156 return nil 157 } 158 159 func (k *BotKeyer) fetchAndStore(mctx libkb.MetaContext, teamID keybase1.TeamID, 160 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (key keybase1.TeambotKey, wrongKID bool, err error) { 161 defer mctx.Trace(fmt.Sprintf("BotKeyer#fetchAndStore: teamID:%v, app: %v, generation:%v", teamID, app, generation), &err)() 162 163 boxed, wrongKID, err := k.fetch(mctx, teamID, app, generation) 164 if err != nil { 165 return key, false, err 166 } 167 key, err = k.unbox(mctx, boxed) 168 if err != nil { 169 return key, false, err 170 } 171 172 err = k.put(mctx, teamID, app, generation, key) 173 return key, wrongKID, err 174 } 175 176 // unbox decrypts the TeambotKey for the given PUK rengeration 177 func (k *BotKeyer) unbox(mctx libkb.MetaContext, boxed keybase1.TeambotKeyBoxed) ( 178 key keybase1.TeambotKey, err error) { 179 defer mctx.Trace(fmt.Sprintf("BotKeyer#unbox: generation: %v", 180 boxed.Metadata.Generation), &err)() 181 182 pukring, err := mctx.G().GetPerUserKeyring(mctx.Ctx()) 183 if err != nil { 184 return key, err 185 } 186 encKey, err := pukring.GetEncryptionKeyByGenerationOrSync(mctx, boxed.Metadata.PukGeneration) 187 if err != nil { 188 return key, err 189 } 190 191 msg, _, err := encKey.DecryptFromString(boxed.Box) 192 if err != nil { 193 return key, err 194 } 195 196 seed, err := newTeambotSeedFromBytes(msg) 197 if err != nil { 198 return key, err 199 } 200 201 keypair := deriveTeambotDHKey(seed) 202 if !keypair.GetKID().Equal(boxed.Metadata.Kid) { 203 return key, fmt.Errorf("Failed to verify server given seed against signed KID %s", 204 boxed.Metadata.Kid) 205 } 206 207 return keybase1.TeambotKey{ 208 Seed: seed, 209 Metadata: boxed.Metadata, 210 }, nil 211 } 212 213 type TeambotKeyBoxedResponse struct { 214 Result *struct { 215 Box string `json:"box"` 216 Sig string `json:"sig"` 217 } `json:"result"` 218 } 219 220 func (k *BotKeyer) remoteFetch(mctx libkb.MetaContext, teamID keybase1.TeamID, 221 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (res TeambotKeyBoxedResponse, err error) { 222 for i := 0; i < k.maxRemoteTries; i++ { 223 apiArg := libkb.APIArg{ 224 Endpoint: "teambot/box", 225 SessionType: libkb.APISessionTypeREQUIRED, 226 Args: libkb.HTTPArgs{ 227 "team_id": libkb.S{Val: string(teamID)}, 228 "application": libkb.I{Val: int(app)}, 229 "generation": libkb.U{Val: uint64(generation)}, 230 "is_ephemeral": libkb.B{Val: false}, 231 }, 232 } 233 resp, err := mctx.G().GetAPI().Get(mctx, apiArg) 234 if err != nil { 235 return res, err 236 } 237 if err = resp.Body.UnmarshalAgain(&res); err != nil { 238 return res, err 239 } 240 if res.Result == nil { 241 // we retry on these blank responses to avoid race conditions where the bot 242 // wants to send a message before the bot key has been created 243 mctx.Debug("not bot key found, trying again, attempt: %d", i) 244 time.Sleep(time.Second) 245 continue 246 } 247 return res, nil 248 } 249 return res, newTeambotTransientKeyError(errors.New("missing box"), generation) 250 } 251 252 func (k *BotKeyer) fetch(mctx libkb.MetaContext, teamID keybase1.TeamID, 253 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (boxed keybase1.TeambotKeyBoxed, wrongKID bool, err error) { 254 // fetch boxed key from server 255 resp, err := k.remoteFetch(mctx, teamID, app, generation) 256 if err != nil { 257 return boxed, false, err 258 } 259 // It's possible that this key was signed with a PTK that is not our latest 260 // and greatest. We allow this when we are using this key for *decryption*. 261 // When getting a key for *encryption* callers are responsible for 262 // verifying the signature is signed by the latest PTK or requesting a new 263 // key. This logic currently lives in 264 // teambot/bot_keyer.go#getTeambotKeyLocked 265 metadata, wrongKID, err := verifyTeambotKeySigWithLatestPTK(mctx, teamID, resp.Result.Sig) 266 switch { 267 case wrongKID: 268 // charge forward, caller handles wrongKID 269 mctx.Debug("signed with wrongKID, bubbling up to caller") 270 case err != nil: 271 return boxed, false, err 272 case metadata == nil: // shouldn't happen 273 return boxed, false, fmt.Errorf("unable to fetch valid teambotKeyMetadata") 274 } 275 276 if generation != metadata.Generation { 277 // sanity check that we got the right generation 278 return boxed, false, fmt.Errorf("generation mismatch, expected:%d vs actual:%d", 279 generation, metadata.Generation) 280 } 281 return keybase1.TeambotKeyBoxed{ 282 Box: resp.Result.Box, 283 Metadata: *metadata, 284 }, wrongKID, nil 285 } 286 287 type TeambotKeyResponse struct { 288 Result *struct { 289 Sig string `json:"sig"` 290 } `json:"result"` 291 } 292 293 // GetLatestTeambotKey finds the latest TeambotKey for *encryption*. Since bots 294 // depend on team members to derive a key for them, if the key is signed by an 295 // old PTK we allow it to be used for a short window before permanently 296 // failing, while we ask politely for a new key. If we don't have access to the 297 // latest generation we fall back to the first key we do as long as it's within 298 // the signing window. 299 func (k *BotKeyer) GetLatestTeambotKey(mctx libkb.MetaContext, teamID keybase1.TeamID, 300 app keybase1.TeamApplication) (key keybase1.TeambotKey, err error) { 301 mctx = mctx.WithLogTag("GLTBK") 302 defer mctx.Trace(fmt.Sprintf("BotKeyer#GetLatestTeambotKey teamID: %v, app %v", 303 teamID, app), &err)() 304 305 lock := k.locktab.AcquireOnName(mctx.Ctx(), mctx.G(), k.lockKey(teamID)) 306 defer lock.Release(mctx.Ctx()) 307 308 team, err := teams.Load(mctx.Ctx(), mctx.G(), keybase1.LoadTeamArg{ 309 ID: teamID, 310 }) 311 if err != nil { 312 return key, err 313 } 314 gen := keybase1.TeambotKeyGeneration(team.Generation()) 315 // If we need to use an older generation, force the wrongKID checks to 316 // happen so we don't use it for too long 317 forceWrongKID := false 318 for i := gen; i > 0; i-- { 319 if i < gen { 320 forceWrongKID = true 321 } 322 key, err = k.getTeambotKeyLocked(mctx, teamID, i, app, forceWrongKID) 323 switch err.(type) { 324 case nil: 325 return key, nil 326 case TeambotTransientKeyError: 327 // Ping team members to generate the key for us 328 if err2 := NotifyTeambotKeyNeeded(mctx, teamID, app, i); err2 != nil { 329 mctx.Debug("BotKeyer#GetLatestTeambotKey: Unable to NotifyTeambotKeyNeeded %v", err2) 330 } 331 mctx.Debug("BotKeyer#GetLatestTeambotKey Unable get team key at generation %d, retrying with previous generation. %v", 332 i, err) 333 default: 334 return key, err 335 } 336 } 337 return key, err 338 } 339 340 func (k *BotKeyer) getTeambotKeyLocked(mctx libkb.MetaContext, teamID keybase1.TeamID, 341 generation keybase1.TeambotKeyGeneration, app keybase1.TeamApplication, forceWrongKID bool) (key keybase1.TeambotKey, err error) { 342 defer mctx.Trace(fmt.Sprintf("BotKeyer#getTeambotKeyLocked teamID: %v, app %v, generation %d", 343 teamID, app, generation), &err)() 344 345 key, wrongKID, err := k.get(mctx, teamID, app, generation) 346 if wrongKID || forceWrongKID { 347 now := keybase1.ToTime(k.clock.Now()) 348 permitted, ctime, err := TeambotKeyWrongKIDPermitted(mctx, teamID, 349 mctx.G().Env.GetUID(), key.Metadata.Application, key.Metadata.Generation, now) 350 if err != nil { 351 return key, err 352 } 353 mctx.Debug("getTeambotKey: wrongKID set, permitted: %v, ctime: %v", 354 permitted, ctime) 355 if !permitted { 356 err = fmt.Errorf("Wrong KID, first seen at %v, now %v", ctime.Time(), now.Time()) 357 return key, newTeambotPermanentKeyError(err, key.Metadata.Generation) 358 } 359 } 360 return key, err 361 } 362 363 // GetTeambotKeyAtGeneration finds the TeambotKey at the specified generation. 364 // This is used for *decryption* since we allow a key to be signed by an old 365 // PTK. For *encryption* keys, see GetLatestTeambotKey. 366 func (k *BotKeyer) GetTeambotKeyAtGeneration(mctx libkb.MetaContext, teamID keybase1.TeamID, 367 app keybase1.TeamApplication, generation keybase1.TeambotKeyGeneration) (key keybase1.TeambotKey, err error) { 368 mctx = mctx.WithLogTag("GTBK") 369 defer mctx.Trace(fmt.Sprintf("BotKeyer#GetTeambotKeyAtGeneration teamID: %v, app: %v, generation: %d", 370 teamID, app, generation), &err)() 371 372 lock := k.locktab.AcquireOnName(mctx.Ctx(), mctx.G(), k.lockKey(teamID)) 373 defer lock.Release(mctx.Ctx()) 374 375 key, _, err = k.get(mctx, teamID, app, generation) 376 if err != nil { 377 if _, ok := err.(TeambotTransientKeyError); ok { 378 // Ping team members to generate the key for us 379 if err2 := NotifyTeambotKeyNeeded(mctx, teamID, app, generation); err2 != nil { 380 mctx.Debug("Unable to NotifyTeambotKeyNeeded %v", err2) 381 } 382 } 383 return key, err 384 } 385 return key, nil 386 } 387 388 func (k *BotKeyer) OnLogout(mctx libkb.MetaContext) error { 389 k.lru.Purge() 390 return nil 391 } 392 393 func (k *BotKeyer) OnDbNuke(mctx libkb.MetaContext) error { 394 k.lru.Purge() 395 return nil 396 }