1// Copyright 2015 Keybase, Inc. All rights reserved. Use of 2// this source code is governed by the included BSD license. 3package libkb 4 5import ( 6 "fmt" 7 "os" 8 "runtime" 9 "time" 10 11 "github.com/keybase/client/go/kbconst" 12 keybase1 "github.com/keybase/client/go/protocol/keybase1" 13 "github.com/keybase/saltpack" 14) 15 16const ( 17 DevelServerURI = "http://localhost:3000" 18 StagingServerURI = "https://stage0.keybase.io" 19 ProductionServerURI = "https://api-0.core.keybaseapi.com" 20 TorServerURI = "http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion" 21) 22 23const ( 24 DevelSiteURI = DevelServerURI 25 StagingSiteURI = StagingServerURI 26 ProductionSiteURI = "https://keybase.io" 27) 28 29var TorProxy = "localhost:9050" 30 31// TODO (CORE-6576): Remove these aliases once everything outside of 32// this repo points to kbconst.RunMode. 33 34type RunMode = kbconst.RunMode 35 36const ( 37 DevelRunMode RunMode = kbconst.DevelRunMode 38 StagingRunMode RunMode = kbconst.StagingRunMode 39 ProductionRunMode RunMode = kbconst.ProductionRunMode 40 RunModeError RunMode = kbconst.RunModeError 41 NoRunMode RunMode = kbconst.NoRunMode 42) 43 44var SiteURILookup = map[RunMode]string{ 45 DevelRunMode: DevelSiteURI, 46 StagingRunMode: StagingSiteURI, 47 ProductionRunMode: ProductionSiteURI, 48} 49 50const ( 51 DevelGregorServerURI = "fmprpc://localhost:9911" 52 StagingGregorServerURI = "fmprpc+tls://gregord.dev.keybase.io:4443" 53 ProductionGregorServerURI = "fmprpc+tls://chat-0.core.keybaseapi.com:443" 54) 55 56const ( 57 DevelMpackAPIServerURI = "fmprpc://localhost:9914" 58 StagingMpackAPIServerURI = "fmprpc+tls://api.dev.keybase.io:4443" 59 ProductionMpackAPIServerURI = "fmprpc+tls://mpack-0.core.keybaseapi.com:443" 60) 61 62var GregorServerLookup = map[RunMode]string{ 63 DevelRunMode: DevelGregorServerURI, 64 StagingRunMode: StagingGregorServerURI, 65 ProductionRunMode: ProductionGregorServerURI, 66} 67 68var MpackAPIServerLookup = map[RunMode]string{ 69 DevelRunMode: DevelMpackAPIServerURI, 70 StagingRunMode: StagingMpackAPIServerURI, 71 ProductionRunMode: ProductionMpackAPIServerURI, 72} 73 74const ( 75 ConfigFile = "config.json" 76 SessionFile = "session.json" 77 UpdaterConfigFile = "updater.json" 78 GUIConfigFile = "gui_config.json" 79 DeviceCloneStateFile = "device_clone.json" 80 DBFile = "keybase.leveldb" 81 ChatDBFile = "keybase.chat.leveldb" 82 SocketFile = "keybased.sock" 83 PIDFile = "keybased.pid" 84 85 SecretKeyringTemplate = "secretkeys.%u.mpack" 86 87 APIVersion = "1.0" 88 APIURIPathPrefix = "/_/api/" + APIVersion 89 DaemonPort = 40933 90 GoClientID = "keybase.io go client" 91 KeybaseSaltpackBrand = "KEYBASE" 92) 93 94// Right now reddit is the only site that seems to have any requirements for 95// our User-Agent string. (See https://github.com/reddit/reddit/wiki/API.) If 96// something else comes up, we'll want to make this more configurable. 97var UserAgent = runtime.GOOS + ":" + "Keybase CLI (" + runtime.Version() + "):" + Version 98 99// Returns a simplified UserAgent that's used as the kb_ua GET param. 100func ProofUserAgent() string { 101 var os string 102 if runtime.GOOS == "darwin" { 103 // Either ios or mac 104 if isIOS { 105 os = "ios" 106 } else { 107 os = "mac" 108 } 109 } else { 110 os = runtime.GOOS 111 } 112 113 return fmt.Sprintf("%s:%s", os, Version) 114} 115 116const ( 117 PermFile os.FileMode = 0600 118 PermDir os.FileMode = 0700 119 UmaskablePermFile os.FileMode = 0666 120) 121 122const ( 123 UserCacheMaxAge = 5 * time.Minute 124 PGPFingerprintHexLen = 40 125 126 ProofCacheSize = 0x1000 127 ProofCacheLongDur = 48 * time.Hour 128 ProofCacheMediumDur = 6 * time.Hour 129 ProofCacheShortDur = 30 * time.Minute 130 131 // How old the merkle root must be to ask for a refresh. 132 // Measures time since the root was fetched, not time since published. 133 MerkleStoreShouldRefresh time.Duration = 1 * time.Hour 134 // An older merkle root than this is too old to use. All identifies will fail. 135 MerkleStoreRequireRefresh time.Duration = 24 * time.Hour 136 137 Identify2CacheLongTimeout = 6 * time.Hour 138 Identify2CacheBrokenTimeout = 1 * time.Hour 139 Identify2CacheShortTimeout = 1 * time.Minute 140 141 // How long we'll go without rerequesting hints/merkle seqno. This is used in both 142 // CachedUPAKLoader and FullSelfCacher. Note that this timeout has to exceed the 143 // dtime value for Gregor IBMs that deal with user and key family changed notifications. 144 // Because if the client is offline for more than that amount of time, then our cache 145 // could be stale. 146 CachedUserTimeout = 10 * time.Minute 147 148 LinkCacheSize = 4000 149 LinkCacheCleanDur = 1 * time.Minute 150 151 UPAKCacheSize = 2000 152 UIDMapFullNameCacheSize = 100000 153 ImplicitTeamConflictInfoCacheSize = 10000 154 ImplicitTeamCacheSize = 10000 155 156 PayloadCacheSize = 1000 157 158 SigShortIDBytes = 27 159 LocalTrackMaxAge = 48 * time.Hour 160 161 CriticalClockSkewLimit = time.Hour 162 163 ChatBoxerMerkleFreshness = 10 * time.Minute 164 TeamMerkleFreshnessForAdmin = 30 * time.Second 165 EphemeralKeyMerkleFreshness = 30 * time.Second 166 167 // By default, only 48 files can be opened. 168 LevelDBNumFiles = 48 169 LevelDBWriteBufferMB = 12 170 LevelDBWriteBufferMBMobile = 8 171 172 HomeCacheTimeout = (time.Hour - time.Minute) 173 HomePeopleCacheTimeout = 10 * time.Minute 174) 175 176const RemoteIdentifyUITimeout = 5 * time.Second 177 178var MerkleProdKIDs = []string{ 179 "010159baae6c7d43c66adf8fb7bb2b8b4cbe408c062cfc369e693ccb18f85631dbcd0a", 180 "01209ec31411b9b287f62630c2486005af27548ba62a59bbc802e656b888991a20230a", 181} 182var MerkleTestKIDs = []string{ 183 "0101be58b6c82db64f6ccabb05088db443c69f87d5d48857d709ed6f73948dabe67d0a", 184 "0120328031cf9d2a6108036408aeb3646b8985f7f8ff1a8e635e829d248a48b1014d0a", 185} 186var MerkleStagingKIDs = []string{ 187 "0101bed85ce72cc315828367c28b41af585b6b7d95646a62ca829691d70f49184fa70a", 188 "01202e045e19e8d68ddd3d1582113bfd397f244f0529025ad8ccad7f0397e13d69c60a", 189} 190 191var CodeSigningProdKIDs = []string{ 192 "01209092ae4e790763dc7343851b977930f35b16cf43ab0ad900a2af3d3ad5cea1a10a", // keybot (device) 193 "012045891a45f03cec001196ad05207f3f80045b2b9f0ca38288a85f8120ac74db960a", // max (tiber - 2019-01) 194 "012065ae849d1949a8b0021b165b0edaf722e2a7a9036e07817e056e2d721bddcc0e0a", // max (cry glass) 195 "01202a70fa31596ae2afabbbea827c7d1efb205c4b02b2b98b8f8c75915be433ccb50a", // mike (demise sort) 196 "012003d86864fb20e310590042ad3d5492c3f5d06728620175b03c717c211bfaccc20a", // chris (clay harbor) 197} 198var CodeSigningTestKIDs = []string{} 199var CodeSigningStagingKIDs = []string{} 200 201// SigVersion describes how the signature is computed. In signatures v1, the payload is a JSON 202// blob. In Signature V2, it's a Msgpack wrapper that points via SHA256 to the V1 blob. 203// V2 sigs allow for bandwidth-saving eliding of signature bodies that aren't relevant to clients. 204type SigVersion int 205 206const ( 207 KeybaseNullSigVersion SigVersion = 0 208 KeybaseSignatureV1 SigVersion = 1 209 KeybaseSignatureV2 SigVersion = 2 210 KeybaseSignatureV3 SigVersion = 3 211) 212 213const ( 214 OneYearInSeconds = 24 * 60 * 60 * 365 215 216 SigExpireIn = OneYearInSeconds * 16 // 16 years 217 NaclEdDSAExpireIn = OneYearInSeconds * 16 // 16 years 218 NaclDHExpireIn = OneYearInSeconds * 16 // 16 years 219 NaclPerUserKeyExpireIn = OneYearInSeconds * 16 // 16 years 220 KeyExpireIn = OneYearInSeconds * 16 // 16 years 221 SubkeyExpireIn = OneYearInSeconds * 16 // 16 years 222 AuthExpireIn = OneYearInSeconds // 1 year 223 224 ProvisioningKeyMemoryTimeout = time.Hour 225) 226 227// Status codes. This list should match keybase/lib/status_codes.iced. 228const ( 229 SCOk = int(keybase1.StatusCode_SCOk) 230 SCInputError = int(keybase1.StatusCode_SCInputError) 231 SCAssertionParseError = int(keybase1.StatusCode_SCAssertionParseError) 232 SCLoginRequired = int(keybase1.StatusCode_SCLoginRequired) 233 SCBadSession = int(keybase1.StatusCode_SCBadSession) 234 SCNoSession = int(keybase1.StatusCode_SCNoSession) 235 SCBadLoginUserNotFound = int(keybase1.StatusCode_SCBadLoginUserNotFound) 236 SCBadLoginPassword = int(keybase1.StatusCode_SCBadLoginPassword) 237 SCNotFound = int(keybase1.StatusCode_SCNotFound) 238 SCDeleted = int(keybase1.StatusCode_SCDeleted) 239 SCThrottleControl = int(keybase1.StatusCode_SCThrottleControl) 240 SCGeneric = int(keybase1.StatusCode_SCGeneric) 241 SCAlreadyLoggedIn = int(keybase1.StatusCode_SCAlreadyLoggedIn) 242 SCCanceled = int(keybase1.StatusCode_SCCanceled) 243 SCInputCanceled = int(keybase1.StatusCode_SCInputCanceled) 244 SCBadUsername = int(keybase1.StatusCode_SCBadUsername) 245 SCOffline = int(keybase1.StatusCode_SCOffline) 246 SCExists = int(keybase1.StatusCode_SCExists) 247 SCInvalidAddress = int(keybase1.StatusCode_SCInvalidAddress) 248 SCReloginRequired = int(keybase1.StatusCode_SCReloginRequired) 249 SCResolutionFailed = int(keybase1.StatusCode_SCResolutionFailed) 250 SCProfileNotPublic = int(keybase1.StatusCode_SCProfileNotPublic) 251 SCRateLimit = int(keybase1.StatusCode_SCRateLimit) 252 SCBadSignupUsernameTaken = int(keybase1.StatusCode_SCBadSignupUsernameTaken) 253 SCBadSignupUsernameReserved = int(keybase1.StatusCode_SCBadSignupUsernameReserved) 254 SCBadInvitationCode = int(keybase1.StatusCode_SCBadInvitationCode) 255 SCBadSignupTeamName = int(keybase1.StatusCode_SCBadSignupTeamName) 256 SCFeatureFlag = int(keybase1.StatusCode_SCFeatureFlag) 257 SCEmailTaken = int(keybase1.StatusCode_SCEmailTaken) 258 SCEmailAlreadyAdded = int(keybase1.StatusCode_SCEmailAlreadyAdded) 259 SCEmailLimitExceeded = int(keybase1.StatusCode_SCEmailLimitExceeded) 260 SCEmailCannotDeletePrimary = int(keybase1.StatusCode_SCEmailCannotDeletePrimary) 261 SCEmailUnknown = int(keybase1.StatusCode_SCEmailUnknown) 262 SCNoUpdate = int(keybase1.StatusCode_SCNoUpdate) 263 SCMissingResult = int(keybase1.StatusCode_SCMissingResult) 264 SCKeyNotFound = int(keybase1.StatusCode_SCKeyNotFound) 265 SCKeyCorrupted = int(keybase1.StatusCode_SCKeyCorrupted) 266 SCKeyInUse = int(keybase1.StatusCode_SCKeyInUse) 267 SCKeyBadGen = int(keybase1.StatusCode_SCKeyBadGen) 268 SCKeyNoSecret = int(keybase1.StatusCode_SCKeyNoSecret) 269 SCKeyBadUIDs = int(keybase1.StatusCode_SCKeyBadUIDs) 270 SCKeyNoActive = int(keybase1.StatusCode_SCKeyNoActive) 271 SCKeyNoSig = int(keybase1.StatusCode_SCKeyNoSig) 272 SCKeyBadSig = int(keybase1.StatusCode_SCKeyBadSig) 273 SCKeyBadEldest = int(keybase1.StatusCode_SCKeyBadEldest) 274 SCKeyNoEldest = int(keybase1.StatusCode_SCKeyNoEldest) 275 SCKeyDuplicateUpdate = int(keybase1.StatusCode_SCKeyDuplicateUpdate) 276 SCKeySyncedPGPNotFound = int(keybase1.StatusCode_SCKeySyncedPGPNotFound) 277 SCKeyNoMatchingGPG = int(keybase1.StatusCode_SCKeyNoMatchingGPG) 278 SCKeyRevoked = int(keybase1.StatusCode_SCKeyRevoked) 279 SCSigCannotVerify = int(keybase1.StatusCode_SCSigCannotVerify) 280 SCSibkeyAlreadyExists = int(keybase1.StatusCode_SCSibkeyAlreadyExists) 281 SCSigCreationDisallowed = int(keybase1.StatusCode_SCSigCreationDisallowed) 282 SCDecryptionKeyNotFound = int(keybase1.StatusCode_SCDecryptionKeyNotFound) 283 SCVerificationKeyNotFound = int(keybase1.StatusCode_SCVerificationKeyNotFound) 284 SCBadTrackSession = int(keybase1.StatusCode_SCBadTrackSession) 285 SCDeviceBadName = int(keybase1.StatusCode_SCDeviceBadName) 286 SCDeviceBadStatus = int(keybase1.StatusCode_SCDeviceBadStatus) 287 SCDeviceNameInUse = int(keybase1.StatusCode_SCDeviceNameInUse) 288 SCDeviceNotFound = int(keybase1.StatusCode_SCDeviceNotFound) 289 SCDeviceMismatch = int(keybase1.StatusCode_SCDeviceMismatch) 290 SCDeviceRequired = int(keybase1.StatusCode_SCDeviceRequired) 291 SCDevicePrevProvisioned = int(keybase1.StatusCode_SCDevicePrevProvisioned) 292 SCDeviceProvisionViaDevice = int(keybase1.StatusCode_SCDeviceProvisionViaDevice) 293 SCDeviceNoProvision = int(keybase1.StatusCode_SCDeviceNoProvision) 294 SCDeviceProvisionOffline = int(keybase1.StatusCode_SCDeviceProvisionOffline) 295 SCStreamExists = int(keybase1.StatusCode_SCStreamExists) 296 SCStreamNotFound = int(keybase1.StatusCode_SCStreamNotFound) 297 SCStreamWrongKind = int(keybase1.StatusCode_SCStreamWrongKind) 298 SCStreamUnknown = int(keybase1.StatusCode_SCStreamUnknown) 299 SCStreamEOF = int(keybase1.StatusCode_SCStreamEOF) 300 SCGenericAPIError = int(keybase1.StatusCode_SCGenericAPIError) 301 SCAPINetworkError = int(keybase1.StatusCode_SCAPINetworkError) 302 SCTimeout = int(keybase1.StatusCode_SCTimeout) 303 SCProofError = int(keybase1.StatusCode_SCProofError) 304 SCIdentificationExpired = int(keybase1.StatusCode_SCIdentificationExpired) 305 SCSelfNotFound = int(keybase1.StatusCode_SCSelfNotFound) 306 SCBadKexPhrase = int(keybase1.StatusCode_SCBadKexPhrase) 307 SCNoUI = int(keybase1.StatusCode_SCNoUI) 308 SCNoUIDelegation = int(keybase1.StatusCode_SCNoUIDelegation) 309 SCIdentifyFailed = int(keybase1.StatusCode_SCIdentifyFailed) 310 SCTrackingBroke = int(keybase1.StatusCode_SCTrackingBroke) 311 SCKeyNoPGPEncryption = int(keybase1.StatusCode_SCKeyNoPGPEncryption) 312 SCKeyNoNaClEncryption = int(keybase1.StatusCode_SCKeyNoNaClEncryption) 313 SCWrongCryptoFormat = int(keybase1.StatusCode_SCWrongCryptoFormat) 314 SCGPGUnavailable = int(keybase1.StatusCode_SCGPGUnavailable) 315 SCDecryptionError = int(keybase1.StatusCode_SCDecryptionError) 316 SCWrongCryptoMsgType = int(keybase1.StatusCode_SCWrongCryptoMsgType) 317 SCChatInternal = int(keybase1.StatusCode_SCChatInternal) 318 SCChatRateLimit = int(keybase1.StatusCode_SCChatRateLimit) 319 SCChatConvExists = int(keybase1.StatusCode_SCChatConvExists) 320 SCChatUnknownTLFID = int(keybase1.StatusCode_SCChatUnknownTLFID) 321 SCChatNotInConv = int(keybase1.StatusCode_SCChatNotInConv) 322 SCChatNotInTeam = int(keybase1.StatusCode_SCChatNotInTeam) 323 SCChatBadMsg = int(keybase1.StatusCode_SCChatBadMsg) 324 SCChatBroadcast = int(keybase1.StatusCode_SCChatBroadcast) 325 SCChatAlreadySuperseded = int(keybase1.StatusCode_SCChatAlreadySuperseded) 326 SCChatAlreadyDeleted = int(keybase1.StatusCode_SCChatAlreadyDeleted) 327 SCChatTLFFinalized = int(keybase1.StatusCode_SCChatTLFFinalized) 328 SCChatCollision = int(keybase1.StatusCode_SCChatCollision) 329 SCChatStalePreviousState = int(keybase1.StatusCode_SCChatStalePreviousState) 330 SCChatEphemeralRetentionPolicyViolatedError = int(keybase1.StatusCode_SCChatEphemeralRetentionPolicyViolatedError) 331 SCMerkleClientError = int(keybase1.StatusCode_SCMerkleClientError) 332 SCMerkleUpdateRoot = int(keybase1.StatusCode_SCMerkleUpdateRoot) 333 SCBadEmail = int(keybase1.StatusCode_SCBadEmail) 334 SCIdentifySummaryError = int(keybase1.StatusCode_SCIdentifySummaryError) 335 SCNeedSelfRekey = int(keybase1.StatusCode_SCNeedSelfRekey) 336 SCNeedOtherRekey = int(keybase1.StatusCode_SCNeedOtherRekey) 337 SCChatMessageCollision = int(keybase1.StatusCode_SCChatMessageCollision) 338 SCChatDuplicateMessage = int(keybase1.StatusCode_SCChatDuplicateMessage) 339 SCChatClientError = int(keybase1.StatusCode_SCChatClientError) 340 SCChatUsersAlreadyInConversationError = int(keybase1.StatusCode_SCChatUsersAlreadyInConversationError) 341 SCChatBadConversationError = int(keybase1.StatusCode_SCChatBadConversationError) 342 SCAccountReset = int(keybase1.StatusCode_SCAccountReset) 343 SCIdentifiesFailed = int(keybase1.StatusCode_SCIdentifiesFailed) 344 SCTeamReadError = int(keybase1.StatusCode_SCTeamReadError) 345 SCTeamWritePermDenied = int(keybase1.StatusCode_SCTeamWritePermDenied) 346 SCNoOp = int(keybase1.StatusCode_SCNoOp) 347 SCTeamBadGeneration = int(keybase1.StatusCode_SCTeamBadGeneration) 348 SCTeamNotFound = int(keybase1.StatusCode_SCTeamNotFound) 349 SCTeamTarDuplicate = int(keybase1.StatusCode_SCTeamTarDuplicate) 350 SCTeamTarNotFound = int(keybase1.StatusCode_SCTeamTarNotFound) 351 SCTeamMemberExists = int(keybase1.StatusCode_SCTeamMemberExists) 352 SCTeamFTLOutdated = int(keybase1.StatusCode_SCTeamFTLOutdated) 353 SCTeamContactSettingsBlock = int(keybase1.StatusCode_SCTeamContactSettingsBlock) 354 SCLoginStateTimeout = int(keybase1.StatusCode_SCLoginStateTimeout) 355 SCRevokeCurrentDevice = int(keybase1.StatusCode_SCRevokeCurrentDevice) 356 SCRevokeLastDevice = int(keybase1.StatusCode_SCRevokeLastDevice) 357 SCRevokeLastDevicePGP = int(keybase1.StatusCode_SCRevokeLastDevicePGP) 358 SCTeamKeyMaskNotFound = int(keybase1.StatusCode_SCTeamKeyMaskNotFound) 359 SCGitInternal = int(keybase1.StatusCode_SCGitInternal) 360 SCGitRepoAlreadyExists = int(keybase1.StatusCode_SCGitRepoAlreadyExists) 361 SCGitInvalidRepoName = int(keybase1.StatusCode_SCGitInvalidRepoName) 362 SCGitCannotDelete = int(keybase1.StatusCode_SCGitCannotDelete) 363 SCGitRepoDoesntExist = int(keybase1.StatusCode_SCGitRepoDoesntExist) 364 SCTeamBanned = int(keybase1.StatusCode_SCTeamBanned) 365 SCTeamInvalidBan = int(keybase1.StatusCode_SCTeamInvalidBan) 366 SCNoSpaceOnDevice = int(keybase1.StatusCode_SCNoSpaceOnDevice) 367 SCTeamInviteBadToken = int(keybase1.StatusCode_SCTeamInviteBadToken) 368 SCTeamInviteTokenReused = int(keybase1.StatusCode_SCTeamInviteTokenReused) 369 SCTeamBadMembership = int(keybase1.StatusCode_SCTeamBadMembership) 370 SCTeamProvisionalCanKey = int(keybase1.StatusCode_SCTeamProvisionalCanKey) 371 SCTeamProvisionalCannotKey = int(keybase1.StatusCode_SCTeamProvisionalCannotKey) 372 SCBadSignupUsernameDeleted = int(keybase1.StatusCode_SCBadSignupUsernameDeleted) 373 SCEphemeralPairwiseMACsMissingUIDs = int(keybase1.StatusCode_SCEphemeralPairwiseMACsMissingUIDs) 374 SCEphemeralDeviceAfterEK = int(keybase1.StatusCode_SCEphemeralDeviceAfterEK) 375 SCEphemeralMemberAfterEK = int(keybase1.StatusCode_SCEphemeralMemberAfterEK) 376 SCEphemeralDeviceStale = int(keybase1.StatusCode_SCEphemeralDeviceStale) 377 SCEphemeralUserStale = int(keybase1.StatusCode_SCEphemeralUserStale) 378 SCStellarNeedDisclaimer = int(keybase1.StatusCode_SCStellarNeedDisclaimer) 379 SCStellarDeviceNotMobile = int(keybase1.StatusCode_SCStellarDeviceNotMobile) 380 SCStellarMobileOnlyPurgatory = int(keybase1.StatusCode_SCStellarMobileOnlyPurgatory) 381 SCStellarIncompatibleVersion = int(keybase1.StatusCode_SCStellarIncompatibleVersion) 382 SCStellarMissingAccount = int(keybase1.StatusCode_SCStellarMissingAccount) 383 SCPhoneNumberUnknown = int(keybase1.StatusCode_SCPhoneNumberUnknown) 384 SCPhoneNumberAlreadyVerified = int(keybase1.StatusCode_SCPhoneNumberAlreadyVerified) 385 SCPhoneNumberVerificationCodeExpired = int(keybase1.StatusCode_SCPhoneNumberVerificationCodeExpired) 386 SCPhoneNumberWrongVerificationCode = int(keybase1.StatusCode_SCPhoneNumberWrongVerificationCode) 387 SCPhoneNumberLimitExceeded = int(keybase1.StatusCode_SCPhoneNumberLimitExceeded) 388 SCNoPaperKeys = int(keybase1.StatusCode_SCNoPaperKeys) 389 SCTeambotKeyGenerationExists = int(keybase1.StatusCode_SCTeambotKeyGenerationExists) 390 SCTeamStorageWrongRevision = int(keybase1.StatusCode_SCTeamStorageWrongRevision) 391 SCTeamStorageBadGeneration = int(keybase1.StatusCode_SCTeamStorageBadGeneration) 392 SCTeamStorageNotFound = int(keybase1.StatusCode_SCTeamStorageNotFound) 393) 394 395const ( 396 MerkleTreeNode = 1 397 MerkleTreeLeaf = 2 398) 399 400type LinkType string 401type DelegationType LinkType 402 403const ( 404 LinkTypeAuthentication LinkType = "auth" 405 LinkTypeCryptocurrency LinkType = "cryptocurrency" 406 LinkTypeRevoke LinkType = "revoke" 407 LinkTypeTrack LinkType = "track" 408 LinkTypeUntrack LinkType = "untrack" 409 LinkTypeUpdatePassphrase LinkType = "update_passphrase_hash" 410 LinkTypeUpdateSettings LinkType = "update_settings" 411 LinkTypeWebServiceBinding LinkType = "web_service_binding" 412 LinkTypePerUserKey LinkType = "per_user_key" 413 LinkTypeWalletStellar LinkType = "wallet.stellar" 414 LinkTypeWotVouch LinkType = "wot.vouch" 415 LinkTypeWotReact LinkType = "wot.react" 416 417 // team links 418 LinkTypeTeamRoot LinkType = "team.root" 419 LinkTypeNewSubteam LinkType = "team.new_subteam" 420 LinkTypeChangeMembership LinkType = "team.change_membership" 421 LinkTypeRotateKey LinkType = "team.rotate_key" 422 LinkTypeLeave LinkType = "team.leave" 423 LinkTypeSubteamHead LinkType = "team.subteam_head" 424 LinkTypeRenameSubteam LinkType = "team.rename_subteam" 425 LinkTypeInvite LinkType = "team.invite" 426 LinkTypeRenameUpPointer LinkType = "team.rename_up_pointer" 427 LinkTypeDeleteRoot LinkType = "team.delete_root" 428 LinkTypeDeleteSubteam LinkType = "team.delete_subteam" 429 LinkTypeDeleteUpPointer LinkType = "team.delete_up_pointer" 430 LinkTypeKBFSSettings LinkType = "team.kbfs" 431 LinkTypeSettings LinkType = "team.settings" 432 LinkTypeTeamBotSettings LinkType = "team.bot_settings" 433 434 DelegationTypeEldest DelegationType = "eldest" 435 DelegationTypePGPUpdate DelegationType = "pgp_update" 436 DelegationTypeSibkey DelegationType = "sibkey" 437 DelegationTypeSubkey DelegationType = "subkey" 438) 439 440const ( 441 SigTypeNone = 0 442 SigTypeSelfSig = 1 443 SigTypeRemoteProof = 2 444 SigTypeTrack = 3 445 SigTypeUntrack = 4 446 SigTypeRevoke = 5 447 SigTypeCryptocurrency = 6 448 SigTypeAnnouncement = 7 449) 450 451type KeyType int 452 453const ( 454 KeyTypeNone KeyType = 0 455 KeyTypeOpenPGPPublic KeyType = 1 456 KeyTypeP3skbPrivate KeyType = 2 457 KeyTypeKbNaclEddsa KeyType = 3 458 KeyTypeKbNaclDH KeyType = 4 459 KeyTypeKbNaclEddsaServerHalf KeyType = 5 460 KeyTypeKbNaclDHServerHalf KeyType = 6 461) 462 463const ( 464 DeviceStatusNone = 0 465 DeviceStatusActive = 1 466 DeviceStatusDefunct = 2 467) 468 469const DownloadURL = "https://keybase.io/download" 470 471var PGPVersion = "Keybase Go " + Version + " (" + runtime.GOOS + ")" 472 473var PGPArmorHeaders = map[string]string{ 474 "Version": PGPVersion, 475 "Comment": DownloadURL, 476} 477 478const GenericSocialWebServiceBinding = "web_service_binding.generic_social" 479 480var RemoteServiceTypes = map[string]keybase1.ProofType{ 481 "keybase": keybase1.ProofType_KEYBASE, 482 "twitter": keybase1.ProofType_TWITTER, 483 "facebook": keybase1.ProofType_FACEBOOK, 484 "github": keybase1.ProofType_GITHUB, 485 "reddit": keybase1.ProofType_REDDIT, 486 "coinbase": keybase1.ProofType_COINBASE, 487 "hackernews": keybase1.ProofType_HACKERNEWS, 488 "https": keybase1.ProofType_GENERIC_WEB_SITE, 489 "http": keybase1.ProofType_GENERIC_WEB_SITE, 490 "dns": keybase1.ProofType_DNS, 491 "rooter": keybase1.ProofType_ROOTER, 492 "generic_social": keybase1.ProofType_GENERIC_SOCIAL, 493} 494 495// remove when ShouldUseParameterizedProofs is removed 496var RemoteServiceOrder = []keybase1.ProofType{ 497 keybase1.ProofType_KEYBASE, 498 keybase1.ProofType_TWITTER, 499 keybase1.ProofType_FACEBOOK, 500 keybase1.ProofType_GITHUB, 501 keybase1.ProofType_REDDIT, 502 keybase1.ProofType_COINBASE, 503 keybase1.ProofType_HACKERNEWS, 504 keybase1.ProofType_GENERIC_WEB_SITE, 505 keybase1.ProofType_GENERIC_SOCIAL, 506 keybase1.ProofType_ROOTER, 507} 508 509const CanonicalHost = "keybase.io" 510 511const ( 512 HTTPDefaultTimeout = 60 * time.Second 513 HTTPDefaultScraperTimeout = 10 * time.Second 514 HTTPPollMaximum = 5 * time.Second 515 HTTPFastTimeout = 5 * time.Second 516) 517 518// The following constants apply to APIArg parameters for 519// critical idempotent API calls 520const ( 521 HTTPRetryInitialTimeout = 1 * time.Second 522 HTTPRetryMutliplier = 1.5 523 HTTPRetryCount = 6 524) 525 526const ( 527 ServerUpdateLag = time.Minute 528) 529 530// key_revocation_types 531const ( 532 RevSimpleDelete = 0 533 RevFull = 1 534 RevDated = 2 535) 536 537type KeyStatus int 538 539const ( 540 KeyUncancelled KeyStatus = iota 541 KeyRevoked 542 KeyDeleted 543 KeySuperseded 544) 545 546type KeyRole int 547 548const ( 549 DLGNone KeyRole = iota 550 DLGSibkey 551 DLGSubkey 552) 553 554const ( 555 Kex2PhraseEntropy = 88 556 Kex2PhraseEntropy2 = 99 // we've upped the entropy to 99 bits after the 2018 NCC Audit 557 Kex2ScryptCost = 1 << 17 558 Kex2ScryptLiteCost = 1 << 10 559 Kex2ScryptR = 8 560 Kex2ScryptP = 1 561 Kex2ScryptKeylen = 32 562) 563 564// PaperKeyWordCountMin of 13 is based on the current state: 565// entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) 566// len(secwords): 2048 567const ( 568 PaperKeyScryptCost = 32768 569 PaperKeyScryptR = 8 570 PaperKeyScryptP = 1 571 PaperKeyScryptKeylen = 128 572 PaperKeySecretEntropy = 117 573 PaperKeyIDBits = 22 574 PaperKeyVersionBits = 4 575 PaperKeyVersion = 0 576 PaperKeyWordCountMin = 13 // this should never change to a value greater than 13 577 PaperKeyNoPrefixLen = 11 // word count min - 2 578) 579 580const UserSummaryLimit = 500 // max number of user summaries in one request 581 582const MinPassphraseLength = 8 583 584const TrackingRateLimitSeconds = 50 585 586type KexRole int 587 588const ( 589 KexRoleProvisioner KexRole = iota 590 KexRoleProvisionee 591) 592 593const ( 594 IdentifySourceKBFS = "kbfs" 595 TestInvitationCode = "202020202020202020202020" 596) 597 598const ( 599 SecretPromptCancelDuration = 5 * time.Minute 600) 601 602const ( 603 ServiceLogFileName = "keybase.service.log" 604 EKLogFileName = "keybase.ek.log" 605 PerfLogFileName = "keybase.perf.log" 606 KBFSLogFileName = kbconst.KBFSLogFileName 607 KBFSPerfLogFileName = "keybase.kbfs.perf.log" 608 GitLogFileName = "keybase.git.log" 609 GitPerfLogFileName = "keybase.git.perf.log" 610 UpdaterLogFileName = "keybase.updater.log" 611 GUILogFileName = "Keybase.app.log" 612 // StartLogFileName is where services can log to (on startup) before they handle their own logging 613 StartLogFileName = "keybase.start.log" 614) 615 616const ( 617 PGPAssertionKey = "pgp" 618) 619 620const ( 621 NotificationDismissPGPPrefix = "pgp_secret_store" 622 NotificationDismissPGPValue = "dismissed" 623) 624 625const ( 626 EncryptionReasonChatLocalStorage EncryptionReason = "Keybase-Chat-Local-Storage-1" 627 EncryptionReasonChatMessage EncryptionReason = "Keybase-Chat-Message-1" 628 EncryptionReasonChatIndexerTokenKey EncryptionReason = "Keybase-Chat-IndexerTokenKey-1" 629 EncryptionReasonChatIndexerAliasKey EncryptionReason = "Keybase-Chat-IndexerAliasKey-1" 630 EncryptionReasonTeamsLocalStorage EncryptionReason = "Keybase-Teams-Local-Storage-1" 631 EncryptionReasonTeamsFTLLocalStorage EncryptionReason = "Keybase-Teams-FTL-Local-Storage-1" 632 EncryptionReasonTeamsHiddenLocalStorage EncryptionReason = "Keybase-Teams-Hidden-Local-Storage-1" 633 EncryptionReasonErasableKVLocalStorage EncryptionReason = "Keybase-Erasable-KV-Local-Storage-1" 634 EncryptionReasonTeambotEphemeralKey EncryptionReason = "Keybase-Teambot-Ephemeral-Key-1" 635 EncryptionReasonTeambotKey EncryptionReason = "Keybase-Teambot-Key-1" 636 EncryptionReasonContactsLocalStorage EncryptionReason = "Keybase-Contacts-Local-Storage-1" 637 EncryptionReasonContactsResolvedServer EncryptionReason = "Keybase-Contacts-Resolved-Server-1" 638 EncryptionReasonTeambotKeyLocalStorage EncryptionReason = "Keybase-Teambot-Key-Local-Storage-1" 639 EncryptionReasonKBFSFavorites EncryptionReason = "kbfs.favorites" // legacy const for kbfs favorites 640) 641 642type DeriveReason string 643 644const ( 645 DeriveReasonPUKSigning DeriveReason = "Derived-User-NaCl-EdDSA-1" 646 DeriveReasonPUKEncryption DeriveReason = "Derived-User-NaCl-DH-1" 647 // Context used for chaining generations of PerUserKeys. 648 DeriveReasonPUKPrev DeriveReason = "Derived-User-NaCl-SecretBox-1" 649 DeriveReasonPUKStellarBundle DeriveReason = "Derived-User-NaCl-SecretBox-StellarBundle-1" 650 DeriveReasonPUKStellarNoteSelf DeriveReason = "Derived-User-NaCl-SecretBox-StellarSelfNote-1" 651 DeriveReasonPUKStellarAcctBundle DeriveReason = "Derived-User-NaCl-SecretBox-StellarAcctBundle-1" 652 653 DeriveReasonDeviceEKEncryption DeriveReason = "Derived-Ephemeral-Device-NaCl-DH-1" 654 DeriveReasonUserEKEncryption DeriveReason = "Derived-Ephemeral-User-NaCl-DH-1" 655 DeriveReasonTeamEKEncryption DeriveReason = "Derived-Ephemeral-Team-NaCl-DH-1" 656 DeriveReasonTeamEKExplodingChat DeriveReason = "Derived-Ephemeral-Team-NaCl-SecretBox-ExplodingChat-1" 657 DeriveReasonTeambotEKEncryption DeriveReason = "Derived-Ephemeral-Teambot-NaCl-DH-1" 658 DeriveReasonTeambotKeyEncryption DeriveReason = "Derived-Teambot-Key-NaCl-DH-1" 659 660 DeriveReasonChatPairwiseMAC DeriveReason = "Derived-Chat-Pairwise-HMAC-SHA256-1" 661 662 DeriveReasonLinuxRevokableKeyring DeriveReason = "Keybase-Derived-LKS-SecretBox-1" 663) 664 665// Not a DeriveReason because it is not used in the same way. 666const DeriveReasonPUKStellarNoteShared string = "Keybase-Derived-Stellar-Note-PUK-Sbox-NaCl-DH-1" 667 668// FirstProdMerkleSeqnoWithSkips is the first merkle root on production that 669// has skip pointers indicating log(n) previous merkle roots. 670var FirstProdMerkleSeqnoWithSkips = keybase1.Seqno(835903) 671 672// We didn't have valid signatures before 796, so don't try to load them. 673var FirstProdMerkleSeqnoWithSigs = keybase1.Seqno(796) 674 675// Before this merkle seqno, we had the other, more bushy shape. From this point 676// on, we have the modern shape. It's possible to tweak our clients to handle both 677// shapes, but it's not really worth it at this time. 678var FirstProdMerkleTreeWithModernShape = keybase1.Seqno(531408) 679 680// FirstProdMerkleSeqnoWithHiddenRootHash is the first merkle root on production that 681// contains the hash of a blind merkle tree root. 682var FirstProdMerkleSeqnoWithHiddenRootHash = keybase1.Seqno(14145980) 683 684type AppType string 685 686const ( 687 MobileAppType AppType = "mobile" 688 DesktopAppType AppType = "desktop" 689 NoAppType AppType = "" 690) 691 692func StringToAppType(s string) AppType { 693 switch s { 694 case string(MobileAppType): 695 return MobileAppType 696 case string(DesktopAppType): 697 return DesktopAppType 698 default: 699 return NoAppType 700 } 701} 702 703// UID of t_alice 704const TAliceUID = keybase1.UID("295a7eea607af32040647123732bc819") 705 706const SharedTeamKeyBoxVersion1 = 1 707 708const ( 709 TeamDHDerivationString = "Keybase-Derived-Team-NaCl-DH-1" 710 TeamEdDSADerivationString = "Keybase-Derived-Team-NaCl-EdDSA-1" 711 TeamKBFSDerivationString = "Keybase-Derived-Team-NaCl-KBFS-1" 712 TeamChatDerivationString = "Keybase-Derived-Team-NaCl-Chat-1" 713 TeamSaltpackDerivationString = "Keybase-Derived-Team-NaCl-Saltpack-1" 714 TeamPrevKeySecretBoxDerivationString = "Keybase-Derived-Team-NaCl-SecretBox-1" 715 TeamGitMetadataDerivationString = "Keybase-Derived-Team-NaCl-GitMetadata-1" 716 TeamSeitanTokenDerivationString = "Keybase-Derived-Team-NaCl-SeitanInviteToken-1" 717 TeamStellarRelayDerivationString = "Keybase-Derived-Team-NaCl-StellarRelay-1" 718 TeamKVStoreDerivationString = "Keybase-Derived-Team-NaCl-KVStore-1" 719 TeamKeySeedCheckDerivationString = "Keybase-Derived-Team-Seedcheck-1" 720) 721 722func CurrentSaltpackVersion() saltpack.Version { 723 return saltpack.Version2() 724} 725 726const ( 727 InviteIDTag = 0x27 728) 729 730const CurrentGitMetadataEncryptionVersion = 1 731 732// The secret_store_file and erasable_kv_store use a random noise file of this 733// size when encrypting secrets for disk. 734const noiseFileLen = 1024 * 1024 * 2 735 736// NOTE if you change these values you should change them in 737// go/chatbase/storage/ephemeral.go as well. 738const MaxEphemeralContentLifetime = time.Hour * 24 * 7 739const MinEphemeralContentLifetime = time.Second * 30 740 741// NOTE: If you change this value you should change it in lib/constants.iced 742// and go/ekreaperd/reaper.go as well. 743// Devices are considered stale and not included in new keys after this interval 744const MaxEphemeralKeyStaleness = time.Hour * 24 * 38 // 1.25 months 745// Everyday we want to generate a new key if possible 746const EphemeralKeyGenInterval = time.Hour * 24 // one day 747// Our keys must last at least this long. 748const MinEphemeralKeyLifetime = MaxEphemeralContentLifetime + EphemeralKeyGenInterval 749 750const MaxTeamMembersForPairwiseMAC = 100 751 752const TeamBackoffBeforeAuditOnNeedRotate = time.Minute 753 754const ( 755 MaxStellarPaymentNoteLength = 500 756 MaxStellarPaymentBoxedNoteLength = 2000 757 MaxStellarPaymentPublicNoteLength = 28 758) 759 760const ClientTriplesecVersion = 3 761 762// Also hard-coded in packaging/linux/{post_install.sh,run_keybase} 763const DisableRootRedirectorConfigKey = "disable-root-redirector" 764 765// Also defined in lib_public/public_constants.iced 766const ( 767 AutoresetEventStart = 0 768 AutoresetEventVerify = 1 769 AutoresetEventCancel = 2 770 AutoresetEventNotify = 3 771 AutoresetEventReady = 4 772 AutoresetEventReset = 5 773) 774 775const ProfileProofSuggestions = true 776 777const ( 778 ExternalURLsBaseKey = "external_urls" 779 ExternalURLsStellarPartners = "stellar_partners" 780) 781 782type LoginAttempt int 783 784const ( 785 LoginAttemptNone LoginAttempt = 0 786 LoginAttemptOffline LoginAttempt = 1 787 LoginAttemptOnline LoginAttempt = 2 788) 789 790const ( 791 // Do not fetch the merkle root again if it was fetched within this 792 // threshold. Note that the server can always not tell us about a new root 793 // even if we set this threshold to a very short value (unless we learn 794 // about it otherwise), and that if we poll an honest server will tell us if 795 // we should update the root (which will override this threshold). 796 DefaultMerkleRootFreshness = 1 * time.Minute 797) 798