storj/pkg/paths/paths.go

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.

package paths

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/sha512"
	"encoding/base64"
	"path"
	"strings"
)

// Path is a unique identifier for an object stored in the Storj network
type Path []string

// New creates new Path from the given path segments
func New(segs ...string) Path {
	s := path.Join(segs...)
	s = strings.Trim(s, "/")
	p := strings.Split(s, "/")
	if len(p) == 1 && p[0] == "" {
		// Avoid building a path with a single empty segment
		return []string{}
	}
	return p
}

// String returns the string representation of the path
func (p Path) String() string {
	return path.Join([]string(p)...)
}

// Bytes serializes the current path to []byte
func (p Path) Bytes() []byte {
	return []byte(p.String())
}

// Prepend creates new Path from the current path with the given segments prepended
func (p Path) Prepend(segs ...string) Path {
	return New(append(segs, []string(p)...)...)
}

// Append creates new Path from the current path with the given segments appended
func (p Path) Append(segs ...string) Path {
	return New(append(p, segs...)...)
}

// HasPrefix tests whether the current path begins with prefix.
func (p Path) HasPrefix(prefix Path) bool {
	if len(prefix) > len(p) {
		return false
	}
	for i := 0; i < len(prefix); i++ {
		if p[i] != prefix[i] {
			return false
		}
	}
	return true
}

// Encrypt creates new Path by encrypting the current path with the given key
func (p Path) Encrypt(key []byte) (encrypted Path, err error) {
	encrypted = make([]string, len(p))
	for i, seg := range p {
		encrypted[i], err = encrypt(seg, key)
		if err != nil {
			return nil, err
		}
		key, err = deriveSecret(key, seg)
		if err != nil {
			return nil, err
		}
	}
	return encrypted, nil
}

// Decrypt creates new Path by decrypting the current path with the given key
func (p Path) Decrypt(key []byte) (decrypted Path, err error) {
	decrypted = make([]string, len(p))
	for i, seg := range p {
		decrypted[i], err = decrypt(seg, key)
		if err != nil {
			return nil, err
		}
		key, err = deriveSecret(key, decrypted[i])
		if err != nil {
			return nil, err
		}
	}
	return decrypted, nil
}

// DeriveKey derives the key for the given depth from the given root key
//
// This method must be called on an unencrypted path.
func (p Path) DeriveKey(key []byte, depth int) (derivedKey []byte, err error) {
	if depth < 0 {
		return nil, Error.New("negative depth")
	}
	if depth > len(p) {
		return nil, Error.New("depth greater than path length")
	}

	derivedKey = key
	for i := 0; i < depth; i++ {
		derivedKey, err = deriveSecret(derivedKey, p[i])
		if err != nil {
			return nil, err
		}
	}
	return derivedKey, nil
}

func encrypt(text string, secret []byte) (cipherText string, err error) {
	key, nonce, err := getAESGCMKeyAndNonce(secret)
	if err != nil {
		return "", Error.Wrap(err)
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", Error.Wrap(err)
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", Error.Wrap(err)
	}
	data := aesgcm.Seal(nil, nonce, []byte(text), nil)
	cipherText = base64.RawURLEncoding.EncodeToString(data)
	// prepend version number to the cipher text
	return "1" + cipherText, nil
}

func decrypt(cipherText string, secret []byte) (text string, err error) {
	if cipherText == "" {
		return "", Error.New("empty cipher text")
	}
	// check the version number, only "1" is supported for now
	if cipherText[0] != '1' {
		return "", Error.New("invalid version number")
	}
	data, err := base64.RawURLEncoding.DecodeString(cipherText[1:])
	if err != nil {
		return "", Error.Wrap(err)
	}
	key, nonce, err := getAESGCMKeyAndNonce(secret)
	if err != nil {
		return "", Error.Wrap(err)
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", Error.Wrap(err)
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", Error.Wrap(err)
	}
	decrypted, err := aesgcm.Open(nil, nonce, data, nil)
	if err != nil {
		return "", Error.Wrap(err)
	}
	return string(decrypted), nil
}

func getAESGCMKeyAndNonce(secret []byte) (key, nonce []byte, err error) {
	mac := hmac.New(sha512.New, secret)
	_, err = mac.Write([]byte("enc"))
	if err != nil {
		return nil, nil, Error.Wrap(err)
	}
	key = mac.Sum(nil)[:32]
	mac.Reset()
	_, err = mac.Write([]byte("nonce"))
	if err != nil {
		return nil, nil, Error.Wrap(err)
	}
	nonce = mac.Sum(nil)[:12]
	return key, nonce, nil
}

func deriveSecret(secret []byte, child string) (derived []byte, err error) {
	mac := hmac.New(sha512.New, secret)
	_, err = mac.Write([]byte(child))
	if err != nil {
		return nil, Error.Wrap(err)
	}
	return mac.Sum(nil), nil
}
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`// Copyright (C) 2018 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package paths`

			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/hmac"`
			`"crypto/sha512"`
			`"encoding/base64"`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`"path"`
			`"strings"`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`)`

Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`// Path is a unique identifier for an object stored in the Storj network`
			`type Path []string`

			`// New creates new Path from the given path segments`
			`func New(segs ...string) Path {`
			`s := path.Join(segs...)`
			`s = strings.Trim(s, "/")`
Refactor List in PointerDB (#163) * Refactor List in Pointer DB * Fix pointerdb-client example * Fix issue in Path type related to empty paths * Test for the PointerDB service with some fixes * Fixed debug message in example: trancated --> more * GoDoc comments for unexported methods * TODO comment to check if Put is overwriting * Log warning if protobuf timestamp cannot be converted * TODO comment to make ListPageLimit configurable * Rename 'segment' package to 'segments' to reflect folder name 2018-07-27 07:02:59 +01:00			`p := strings.Split(s, "/")`
			`if len(p) == 1 && p[0] == "" {`
			`// Avoid building a path with a single empty segment`
			`return []string{}`
			`}`
			`return p`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`}`

			`// String returns the string representation of the path`
			`func (p Path) String() string {`
			`return path.Join([]string(p)...)`
			`}`

Mutex/nsclient- WIP (#104) * working on put request for nsclient * working on put request for nsclient * netstate put * netstate put * wip testing client * wip - testing client and working through some errors * wip - testing client and working through some errors * put request works * put request works for client * get request working * get request working * get request working-minor edit * get request working-minor edit * list request works * list request works * working through delete error * working through delete error * fixed exp client, still working through delete error * fixed exp client, still working through delete error * delete works; fixed formatting issues * delete works; fixed formatting issues * deleted comment * deleted comment * resolving merge conflicts * resolving merge conflict * fixing merge conflict * implemented and modified kayloyans paths file * working on testing * added test for path_test.go * fixed string, read through netstate test * deleted env variables * initial commit for mocking out grpc client- got it working * mocked grpc client * mock put passed test * 2 tests pass for PUT with mock * put requests test pass, wip- want mini review * get tests pass mock * list test working * initial commit for list test * all list req. working, starting on delete tests * delete tests passed * cleaned up tests * resolved merge conflicts * resolved merge conflicts * fixed linter errors * fixed error found in travis * initial commit for fixes from PR comments * fixed pr comments and linting * added error handling for api creds, and rebased * fixes from dennis comments * fixed pr with dennis suggestioon * added copyrights to files * fixed casing per dennis great comment * fixed travis complaint on sprintf 2018-07-19 23:57:22 +01:00			`// Bytes serializes the current path to []byte`
			`func (p Path) Bytes() []byte {`
			`return []byte(p.String())`
			`}`

Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`// Prepend creates new Path from the current path with the given segments prepended`
			`func (p Path) Prepend(segs ...string) Path {`
			`return New(append(segs, []string(p)...)...)`
			`}`

			`// Append creates new Path from the current path with the given segments appended`
			`func (p Path) Append(segs ...string) Path {`
			`return New(append(p, segs...)...)`
			`}`

adds Bucket Store (#213) * adds foundation for bucketStore * adds prefixedObjStore to buckets package, adjusts gateway-storj accordingly * fixes multi value assignment problems in gateway-storj * fixes more multi value assignment errors in gateway-storj * starts changing miniogw tests to accommodate buckets * creates bucket store mock * wip - fixing test cases in object tests * adds get, put, and list object tests, comments out two test cases * adds happy scenario tests for bucket methods * fixes bug in list, removes redundant parts from gateway tests * fixes nit * Clean up tests from #188 * Fix bug with timestamp conversion in segment store * fixes segments.Meta test * Fix regression in listing objects in a bucket * adds check to see if bucket is empty before deleting * updates DeleteBucket test to account for empty/full bucket * adds TODOs for DeleteBucket and MakeBucket for some cases, adjusts tests, filters out minio errors in logging.go * adds checks for if buckets already exist or not in DeleteBucket and MakeBucket functions; adjusts tests * adds BucketNotFound error check in bucket store, removes todo * adds make_bucket to Travis test, updates boltdb client constructor to always create a bucket (table) 2018-08-16 15:32:28 +01:00			`// HasPrefix tests whether the current path begins with prefix.`
			`func (p Path) HasPrefix(prefix Path) bool {`
			`if len(prefix) > len(p) {`
			`return false`
			`}`
			`for i := 0; i < len(prefix); i++ {`
			`if p[i] != prefix[i] {`
			`return false`
			`}`
			`}`
			`return true`
			`}`

Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`// Encrypt creates new Path by encrypting the current path with the given key`
			`func (p Path) Encrypt(key []byte) (encrypted Path, err error) {`
			`encrypted = make([]string, len(p))`
			`for i, seg := range p {`
			`encrypted[i], err = encrypt(seg, key)`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`key, err = deriveSecret(key, seg)`
			`if err != nil {`
			`return nil, err`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`return encrypted, nil`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`

Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`// Decrypt creates new Path by decrypting the current path with the given key`
			`func (p Path) Decrypt(key []byte) (decrypted Path, err error) {`
			`decrypted = make([]string, len(p))`
			`for i, seg := range p {`
			`decrypted[i], err = decrypt(seg, key)`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`key, err = deriveSecret(key, decrypted[i])`
			`if err != nil {`
			`return nil, err`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`return decrypted, nil`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`

Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`// DeriveKey derives the key for the given depth from the given root key`
			`//`
			`// This method must be called on an unencrypted path.`
			`func (p Path) DeriveKey(key []byte, depth int) (derivedKey []byte, err error) {`
			`if depth < 0 {`
			`return nil, Error.New("negative depth")`
			`}`
			`if depth > len(p) {`
			`return nil, Error.New("depth greater than path length")`
			`}`

Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`derivedKey = key`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`for i := 0; i < depth; i++ {`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`derivedKey, err = deriveSecret(derivedKey, p[i])`
			`if err != nil {`
			`return nil, err`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`
Define Path type (#101) * Define Path type * Make Prepend variadic + more tests * Append method 2018-07-02 16:21:32 +01:00			`return derivedKey, nil`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`

			`func encrypt(text string, secret []byte) (cipherText string, err error) {`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`key, nonce, err := getAESGCMKeyAndNonce(secret)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
			`aesgcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
			`data := aesgcm.Seal(nil, nonce, []byte(text), nil)`
			`cipherText = base64.RawURLEncoding.EncodeToString(data)`
			`// prepend version number to the cipher text`
			`return "1" + cipherText, nil`
			`}`

			`func decrypt(cipherText string, secret []byte) (text string, err error) {`
			`if cipherText == "" {`
			`return "", Error.New("empty cipher text")`
			`}`
			`// check the version number, only "1" is supported for now`
			`if cipherText[0] != '1' {`
			`return "", Error.New("invalid version number")`
			`}`
			`data, err := base64.RawURLEncoding.DecodeString(cipherText[1:])`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`key, nonce, err := getAESGCMKeyAndNonce(secret)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
			`aesgcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
			`decrypted, err := aesgcm.Open(nil, nonce, data, nil)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`
			`return string(decrypted), nil`
			`}`

Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`func getAESGCMKeyAndNonce(secret []byte) (key, nonce []byte, err error) {`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`mac := hmac.New(sha512.New, secret)`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`_, err = mac.Write([]byte("enc"))`
			`if err != nil {`
			`return nil, nil, Error.Wrap(err)`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`key = mac.Sum(nil)[:32]`
			`mac.Reset()`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`_, err = mac.Write([]byte("nonce"))`
			`if err != nil {`
			`return nil, nil, Error.Wrap(err)`
			`}`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`nonce = mac.Sum(nil)[:12]`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`return key, nonce, nil`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`

Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`func deriveSecret(secret []byte, child string) (derived []byte, err error) {`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`mac := hmac.New(sha512.New, secret)`
Errcheck (#133) * add errcheck * fixed linter errors * fixes * errcheck fixes in pkg/paths * Fix errchecks in PieceID.Derive * Fix ecclient tests * Move closeConn a little bit above in the exectution flow * fix new lint errors * Fatalf -> Printf * address eclipsed errors * rename err to closeErr * rename err to closeErr for differentiation 2018-07-16 20:22:34 +01:00			`_, err = mac.Write([]byte(child))`
			`if err != nil {`
			`return nil, Error.Wrap(err)`
			`}`
			`return mac.Sum(nil), nil`
Path encryption library (#61) * Path encryption library * Use base64 instead of hex encoding * Prepend version number to encrypted path segments * Remove redundant var alias * Simplified returns * wrap errors 2018-05-30 16:33:27 +01:00			`}`