JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rename EncryptionCtx back to EncryptionAccess (#2368)

Browse Source 
* rename EncryptionCtx back to EncryptionAccess

Change-Id: I5e58915a59979ad6f2e83d36e191b2bbf3ba2ba2

* missed some stuff

Change-Id: Ib65fb186d7f854c0406e5fd7d11498e8941da59e

* oops protolock

Change-Id: I85a5ab4bafb9dd6a804d3dcd17a70811702f07e4

* retrigger

Change-Id: I2d0e3f02b4dbae0299b090e9617662b4437980b0
This commit is contained in:
Jeff Wendling 2019-06-28 05:18:24 +00:00 committed by JT Olio
parent 811168e2c4
commit 1a65e42d33
29 changed files with 303 additions and 304 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/gateway/main.go
View File

@ -225,7 +225,7 @@ func (flags GatewayFlags) action(ctx context.Context, cliCtx *cli.Context) (err
// NewGateway creates a new minio Gateway
func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err error) {
encCtx, err := setup.LoadEncryptionCtx(ctx, flags.Enc)
access, err := setup.LoadEncryptionAccess(ctx, flags.Enc)
if err != nil {
return nil, err
}
@ -237,7 +237,7 @@ func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err
return miniogw.NewStorjGateway(
project,
encCtx,
access,
storj.Cipher(flags.Enc.PathType).ToCipherSuite(),
flags.GetEncryptionScheme().ToEncryptionParameters(),
flags.GetRedundancyScheme(),

12
cmd/uplink/cmd/cp.go
View File

@ -83,12 +83,12 @@ func upload(ctx context.Context, src fpath.FPath, dst fpath.FPath, showProgress
return fmt.Errorf("source cannot be a directory: %s", src)
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx)
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access)
if err != nil {
return err
}
@ -136,12 +136,12 @@ func download(ctx context.Context, src fpath.FPath, dst fpath.FPath, showProgres
return fmt.Errorf("destination must be local path: %s", dst)
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
project, bucket, err := cfg.GetProjectAndBucket(ctx, src.Bucket(), encCtx)
project, bucket, err := cfg.GetProjectAndBucket(ctx, src.Bucket(), access)
if err != nil {
return err
}
@ -215,12 +215,12 @@ func copyObject(ctx context.Context, src fpath.FPath, dst fpath.FPath) (err erro
return fmt.Errorf("destination must be Storj URL: %s", dst)
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx)
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access)
if err != nil {
return err
}

10
cmd/uplink/cmd/ls.go
View File

@ -43,7 +43,7 @@ func list(cmd *cobra.Command, args []string) error {
}
}()
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
@ -58,7 +58,7 @@ func list(cmd *cobra.Command, args []string) error {
return fmt.Errorf("No bucket specified, use format sj://bucket/")
}
bucket, err := project.OpenBucket(ctx, src.Bucket(), encCtx)
bucket, err := project.OpenBucket(ctx, src.Bucket(), access)
if err != nil {
return err
}
@ -87,7 +87,7 @@ func list(cmd *cobra.Command, args []string) error {
for _, bucket := range list.Items {
fmt.Println("BKT", formatTime(bucket.Created), bucket.Name)
if *recursiveFlag {
if err := listFilesFromBucket(ctx, project, bucket.Name, encCtx); err != nil {
if err := listFilesFromBucket(ctx, project, bucket.Name, access); err != nil {
return err
}
}
@ -106,13 +106,13 @@ func list(cmd *cobra.Command, args []string) error {
return nil
}
func listFilesFromBucket(ctx context.Context, project *libuplink.Project, bucketName string, encCtx *libuplink.EncryptionCtx) error {
func listFilesFromBucket(ctx context.Context, project *libuplink.Project, bucketName string, access *libuplink.EncryptionAccess) error {
prefix, err := fpath.New(fmt.Sprintf("sj://%s/", bucketName))
if err != nil {
return err
}
bucket, err := project.OpenBucket(ctx, bucketName, encCtx)
bucket, err := project.OpenBucket(ctx, bucketName, access)
if err != nil {
return err
}

4
cmd/uplink/cmd/rb.go
View File

@ -42,12 +42,12 @@ func deleteBucket(cmd *cobra.Command, args []string) error {
return fmt.Errorf("Nested buckets not supported, use format sj://bucket/")
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx)
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access)
if err != nil {
return convertError(err, dst)
}

4
cmd/uplink/cmd/rm.go
View File

@ -37,12 +37,12 @@ func deleteObject(cmd *cobra.Command, args []string) error {
return fmt.Errorf("No bucket specified, use format sj://bucket/")
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx)
project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access)
if err != nil {
return convertError(err, dst)
}

4
cmd/uplink/cmd/root.go
View File

@ -112,7 +112,7 @@ func (cliCfg *UplinkFlags) GetProject(ctx context.Context) (*libuplink.Project,
}
// GetProjectAndBucket returns a *libuplink.Bucket for interacting with a specific project's bucket
func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName string, encCtx *libuplink.EncryptionCtx) (project *libuplink.Project, bucket *libuplink.Bucket, err error) {
func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName string, access *libuplink.EncryptionAccess) (project *libuplink.Project, bucket *libuplink.Bucket, err error) {
project, err = cliCfg.GetProject(ctx)
if err != nil {
return project, bucket, err
@ -126,7 +126,7 @@ func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName s
}
}()
bucket, err = project.OpenBucket(ctx, bucketName, encCtx)
bucket, err = project.OpenBucket(ctx, bucketName, access)
if err != nil {
return project, bucket, err
}

8
cmd/uplink/cmd/share.go
View File

@ -100,13 +100,13 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
return err
}
encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc)
access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc)
if err != nil {
return err
}
if len(restrictions) > 0 {
key, encCtx, err = encCtx.Restrict(key, restrictions...)
key, access, err = access.Restrict(key, restrictions...)
if err != nil {
return err
}
@ -146,12 +146,12 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
return err
}
encCtxData, err := encCtx.Serialize()
accessData, err := access.Serialize()
if err != nil {
return err
}
fmt.Println("api key:", key.Serialize())
fmt.Println("enc ctx:", encCtxData)
fmt.Println("enc ctx:", accessData)
return nil
}

2
go.sum
View File

@ -379,8 +379,6 @@ github.com/zeebo/assert v0.0.0-20181109011804-10f827ce2ed6 h1:bs7mSHVrLRQHxqWcm0
github.com/zeebo/assert v0.0.0-20181109011804-10f827ce2ed6/go.mod h1:yssERNPivllc1yU3BvpjYI5BUW+zglcz6QWqeVRL5t0=
github.com/zeebo/errs v1.1.1 h1:Cs5Noqj/tj3Ql/hLkD9WdumKlssx/IN2zr7CRGNOKZA=
github.com/zeebo/errs v1.1.1/go.mod h1:Yj8dHrUQwls1bF3dr/vcSIu+qf4mI7idnTcHfoACc6I=
github.com/zeebo/errs v1.2.0 h1:Tk8UszIOLEjtx6DWnvfmMJe6N8q7vu03Bj95HMWDUkc=
github.com/zeebo/errs v1.2.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
github.com/zeebo/errs v1.2.1-0.20190617123220-06a113fed680 h1:nLsPSuW22yF+MmUX0sFaTfnMKL83XuHtx8B1YvNtYys=
github.com/zeebo/errs v1.2.1-0.20190617123220-06a113fed680/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
github.com/zeebo/float16 v0.1.0 h1:kRqxv5og6z1emEyz5FpW0/BVHe5VfxEAw6b1ljCZlUc=

4
lib/uplink/bucket_attrs_test.go
View File

@ -53,12 +53,12 @@ func testPlanetWithLibUplink(t *testing.T, cfg testConfig,
})
}
func simpleEncryptionAccess(encKey string) (access *EncryptionCtx) {
func simpleEncryptionAccess(encKey string) (access *EncryptionAccess) {
key, err := storj.NewKey([]byte(encKey))
if err != nil {
panic(err)
}
return NewEncryptionCtxWithDefaultKey(*key)
return NewEncryptionAccessWithDefaultKey(*key)
}
// check that partner bucket attributes are stored and retrieved correctly.

48
lib/uplink/encryption.go
View File

@ -19,40 +19,40 @@ const (
defaultCipher = storj.EncAESGCM
)
// EncryptionCtx represents an encryption context. It holds information about
// EncryptionAccess represents an encryption context. It holds information about
// how various buckets and objects should be encrypted and decrypted.
type EncryptionCtx struct {
type EncryptionAccess struct {
store *encryption.Store
}
// NewEncryptionCtx creates an encryption ctx
func NewEncryptionCtx() *EncryptionCtx {
return &EncryptionCtx{
// NewEncryptionAccess creates an encryption ctx
func NewEncryptionAccess() *EncryptionAccess {
return &EncryptionAccess{
store: encryption.NewStore(),
}
}
// NewEncryptionCtxWithDefaultKey creates an encryption ctx with a default key set
func NewEncryptionCtxWithDefaultKey(defaultKey storj.Key) *EncryptionCtx {
ec := NewEncryptionCtx()
// NewEncryptionAccessWithDefaultKey creates an encryption ctx with a default key set
func NewEncryptionAccessWithDefaultKey(defaultKey storj.Key) *EncryptionAccess {
ec := NewEncryptionAccess()
ec.SetDefaultKey(defaultKey)
return ec
}
// Store returns the underlying encryption store for the context.
func (s *EncryptionCtx) Store() *encryption.Store {
func (s *EncryptionAccess) Store() *encryption.Store {
return s.store
}
// SetDefaultKey sets the default key for the encryption context.
func (s *EncryptionCtx) SetDefaultKey(defaultKey storj.Key) {
func (s *EncryptionAccess) SetDefaultKey(defaultKey storj.Key) {
s.store.SetDefaultKey(&defaultKey)
}
// Import merges the other encryption context into this one. In cases
// of conflicting path decryption settings (including if both contexts have
// a default key), the new settings are kept.
func (s *EncryptionCtx) Import(other *EncryptionCtx) error {
func (s *EncryptionAccess) Import(other *EncryptionAccess) error {
if key := other.store.GetDefaultKey(); key != nil {
s.store.SetDefaultKey(key)
}
@ -66,19 +66,19 @@ type EncryptionRestriction struct {
PathPrefix storj.Path
}
// Restrict creates a new EncryptionCtx with no default key, where the key material
// Restrict creates a new EncryptionAccess with no default key, where the key material
// in the new context is just enough to allow someone to access all of the given
// restrictions but no more.
func (s *EncryptionCtx) Restrict(apiKey APIKey, restrictions ...EncryptionRestriction) (APIKey, *EncryptionCtx, error) {
func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRestriction) (APIKey, *EncryptionAccess, error) {
if len(restrictions) == 0 {
// Should the function signature be
// func (s *EncryptionCtx) Restrict(apiKey APIKey, restriction EncryptionRestriction, restrictions ...EncryptionRestriction) (APIKey, *EncryptionCtx, error) {
// func (s *EncryptionAccess) Restrict(apiKey APIKey, restriction EncryptionRestriction, restrictions ...EncryptionRestriction) (APIKey, *EncryptionAccess, error) {
// so we don't have to do this test?
return APIKey{}, nil, errs.New("at least one restriction required")
}
caveat := macaroon.Caveat{}
encCtx := NewEncryptionCtx()
encCtx := NewEncryptionAccess()
for _, res := range restrictions {
unencPath := paths.NewUnencrypted(res.PathPrefix)
@ -110,11 +110,11 @@ func (s *EncryptionCtx) Restrict(apiKey APIKey, restrictions ...EncryptionRestri
return apiKey, encCtx, nil
}
// Serialize turns an EncryptionCtx into base58
func (s *EncryptionCtx) Serialize() (string, error) {
var storeEntries []*pb.EncryptionCtx_StoreEntry
// Serialize turns an EncryptionAccess into base58
func (s *EncryptionAccess) Serialize() (string, error) {
var storeEntries []*pb.EncryptionAccess_StoreEntry
err := s.store.Iterate(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key) error {
storeEntries = append(storeEntries, &pb.EncryptionCtx_StoreEntry{
storeEntries = append(storeEntries, &pb.EncryptionAccess_StoreEntry{
Bucket: []byte(bucket),
UnencryptedPath: []byte(unenc.Raw()),
EncryptedPath: []byte(enc.Raw()),
@ -131,7 +131,7 @@ func (s *EncryptionCtx) Serialize() (string, error) {
defaultKey = key[:]
}
data, err := proto.Marshal(&pb.EncryptionCtx{
data, err := proto.Marshal(&pb.EncryptionAccess{
DefaultKey: defaultKey,
StoreEntries: storeEntries,
})
@ -143,19 +143,19 @@ func (s *EncryptionCtx) Serialize() (string, error) {
}
// ParseEncryptionCtx parses a base58 serialized encryption context into a working one.
func ParseEncryptionCtx(b58data string) (*EncryptionCtx, error) {
// ParseEncryptionAccess parses a base58 serialized encryption context into a working one.
func ParseEncryptionAccess(b58data string) (*EncryptionAccess, error) {
data, version, err := base58.CheckDecode(b58data)
if err != nil || version != 0 {
return nil, errs.New("invalid encryption context format")
}
p := new(pb.EncryptionCtx)
p := new(pb.EncryptionAccess)
if err := proto.Unmarshal(data, p); err != nil {
return nil, errs.New("unable to unmarshal encryption context: %v", err)
}
encCtx := NewEncryptionCtx()
encCtx := NewEncryptionAccess()
if len(p.DefaultKey) > 0 {
if len(p.DefaultKey) != len(storj.Key{}) {

2
lib/uplink/ex_interface_test.go
View File

@ -48,7 +48,7 @@ func WorkWithLibUplink(satelliteAddress string, encryptionKey *storj.Key, apiKey
}
// Open up the desired Bucket within the Project
bucket, err := proj.OpenBucket(ctx, bucketName, uplink.NewEncryptionCtxWithDefaultKey(*encryptionKey))
bucket, err := proj.OpenBucket(ctx, bucketName, uplink.NewEncryptionAccessWithDefaultKey(*encryptionKey))
if err != nil {
return fmt.Errorf("could not open bucket %q: %v", bucketName, err)
}

20
lib/uplink/ex_password_test.go
View File

@ -16,7 +16,7 @@ import (
"storj.io/storj/lib/uplink"
)
func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, apiKey string, cfg *uplink.Config, out io.Writer) (serializedEncCtx string, err error) {
func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, apiKey string, cfg *uplink.Config, out io.Writer) (serializedAccess string, err error) {
errCatch := func(fn func() error) { err = errs.Combine(err, fn()) }
// First, create an Uplink handle.
@ -46,9 +46,9 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a
}
// Make an encryption context
encCtx := uplink.NewEncryptionCtxWithDefaultKey(*encKey)
access := uplink.NewEncryptionAccessWithDefaultKey(*encKey)
// serialize it
serializedEncCtx, err = encCtx.Serialize()
serializedAccess, err = access.Serialize()
if err != nil {
return "", err
}
@ -60,7 +60,7 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a
}
// Open bucket
bucket, err := p.OpenBucket(ctx, "prod", encCtx)
bucket, err := p.OpenBucket(ctx, "prod", access)
if err != nil {
return "", err
}
@ -73,10 +73,10 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a
}
fmt.Fprintln(out, "success!")
return serializedEncCtx, nil
return serializedAccess, nil
}
func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, apiKey string, serializedEncCtx string, cfg *uplink.Config, out io.Writer) (err error) {
func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, apiKey string, serializedAccess string, cfg *uplink.Config, out io.Writer) (err error) {
errCatch := func(fn func() error) { err = errs.Combine(err, fn()) }
// First, create an Uplink handle.
@ -100,13 +100,13 @@ func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, a
defer errCatch(p.Close)
// Parse the encryption context
encCtx, err := uplink.ParseEncryptionCtx(serializedEncCtx)
access, err := uplink.ParseEncryptionAccess(serializedAccess)
if err != nil {
return err
}
// Open bucket
bucket, err := p.OpenBucket(ctx, "prod", encCtx)
bucket, err := p.OpenBucket(ctx, "prod", access)
if err != nil {
return err
}
@ -148,13 +148,13 @@ func Example_createEncryptionKey() {
ctx := context.Background()
// Admin1 is going to create an encryption context and share it
encCtx, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddress, admin1APIKey, &uplink.Config{}, os.Stdout)
access, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddress, admin1APIKey, &uplink.Config{}, os.Stdout)
if err != nil {
panic(err)
}
// Admin2 is going to use the provided encryption context to load the uploaded file
err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddress, admin2APIKey, encCtx, &uplink.Config{}, os.Stdout)
err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddress, admin2APIKey, access, &uplink.Config{}, os.Stdout)
if err != nil {
panic(err)
}

24
lib/uplink/ex_restrict_test.go
View File

@ -16,7 +16,7 @@ import (
"storj.io/storj/pkg/macaroon"
)
func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey string, adminEncCtx string, cfg *uplink.Config, out io.Writer) (serializedUserAPIKey string, serializedEncCtx string, err error) {
func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey string, adminAccess string, cfg *uplink.Config, out io.Writer) (serializedUserAPIKey string, serializedAccess string, err error) {
// Parse the API key. API keys are "macaroons" that allow you to create new, restricted API keys.
key, err := uplink.ParseAPIKey(apiKey)
if err != nil {
@ -34,14 +34,14 @@ func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey
}
// Load the existing encryption context
encCtx, err := uplink.ParseEncryptionCtx(adminEncCtx)
access, err := uplink.ParseEncryptionAccess(adminAccess)
if err != nil {
return "", "", err
}
// Restrict the encryption context to just the prod and staging buckets
// for webserver/logs/
userAPIKey, userEncCtx, err := encCtx.Restrict(userAPIKey,
userAPIKey, userAccess, err := access.Restrict(userAPIKey,
uplink.EncryptionRestriction{Bucket: "prod", PathPrefix: "webserver/logs"},
uplink.EncryptionRestriction{Bucket: "staging", PathPrefix: "webserver/logs"},
)
@ -50,16 +50,16 @@ func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey
}
// Serialize the encryption context
serializedUserEncCtx, err := userEncCtx.Serialize()
serializedUserAccess, err := userAccess.Serialize()
if err != nil {
return "", "", err
}
fmt.Fprintln(out, "success!")
return userAPIKey.Serialize(), serializedUserEncCtx, nil
return userAPIKey.Serialize(), serializedUserAccess, nil
}
func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey string, serializedEncCtx string, cfg *uplink.Config, out io.Writer) (err error) {
func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey string, serializedAccess string, cfg *uplink.Config, out io.Writer) (err error) {
errCatch := func(fn func() error) { err = errs.Combine(err, fn()) }
// First, create an Uplink handle.
@ -83,13 +83,13 @@ func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey s
defer errCatch(p.Close)
// Parse the encryption context
encCtx, err := uplink.ParseEncryptionCtx(serializedEncCtx)
access, err := uplink.ParseEncryptionAccess(serializedAccess)
if err != nil {
return err
}
// Open bucket
bucket, err := p.OpenBucket(ctx, "prod", encCtx)
bucket, err := p.OpenBucket(ctx, "prod", access)
if err != nil {
return err
}
@ -127,20 +127,20 @@ func Example_restrictAccess() {
// The API key can be created in the web interface
adminAPIKey := "qPSUM3k0bZyOIyil2xrVWiSuc9HuB2yBP3qDrA2Gc"
// The encryption context was created using NewEncryptionCtxWithDefaultKey and
// The encryption context was created using NewEncryptionAccessWithDefaultKey and
// (*Project).SaltedKeyFromPassphrase() earlier
adminEncCtx := "HYGoqCEz43mCE40Hc5lQD3DtUYynx9Vo1GjOx75hQ"
adminAccess := "HYGoqCEz43mCE40Hc5lQD3DtUYynx9Vo1GjOx75hQ"
ctx := context.Background()
// Admin1 is going to create an encryption context and share it
userAPIKey, encCtx, err := RestrictAccessExampleByAdmin(ctx, satelliteAddress, adminAPIKey, adminEncCtx, &uplink.Config{}, os.Stdout)
userAPIKey, access, err := RestrictAccessExampleByAdmin(ctx, satelliteAddress, adminAPIKey, adminAccess, &uplink.Config{}, os.Stdout)
if err != nil {
panic(err)
}
// Admin2 is going to use the provided encryption context to load the uploaded file
err = RestrictAccessExampleByUser(ctx, satelliteAddress, userAPIKey, encCtx, &uplink.Config{}, os.Stdout)
err = RestrictAccessExampleByUser(ctx, satelliteAddress, userAPIKey, access, &uplink.Config{}, os.Stdout)
if err != nil {
panic(err)
}

8
lib/uplink/examples_test.go
View File

@ -52,22 +52,22 @@ func TestBucketExamples(t *testing.T) {
require.Equal(t, out.String(), "")
out = bytes.NewBuffer(nil)
encCtx, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddr, apiKey, &cfg, out)
access, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddr, apiKey, &cfg, out)
require.NoError(t, err)
require.Equal(t, out.String(), "success!\n")
out = bytes.NewBuffer(nil)
err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddr, apiKey, encCtx, &cfg, out)
err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddr, apiKey, access, &cfg, out)
require.NoError(t, err)
require.Equal(t, out.String(), "hello world\n")
out = bytes.NewBuffer(nil)
userAPIKey, userEncCtx, err := RestrictAccessExampleByAdmin(ctx, satelliteAddr, apiKey, encCtx, &cfg, out)
userAPIKey, userAccess, err := RestrictAccessExampleByAdmin(ctx, satelliteAddr, apiKey, access, &cfg, out)
require.NoError(t, err)
require.Equal(t, out.String(), "success!\n")
out = bytes.NewBuffer(nil)
err = RestrictAccessExampleByUser(ctx, satelliteAddr, userAPIKey, userEncCtx, &cfg, out)
err = RestrictAccessExampleByUser(ctx, satelliteAddr, userAPIKey, userAccess, &cfg, out)
require.NoError(t, err)
require.Equal(t, out.String(), "hello world\n")
})

6
lib/uplink/project.go
View File

@ -150,7 +150,7 @@ func (p *Project) GetBucketInfo(ctx context.Context, bucket string) (b storj.Buc
// OpenBucket returns a Bucket handle with the given EncryptionAccess
// information.
func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *EncryptionCtx) (b *Bucket, err error) {
func (p *Project) OpenBucket(ctx context.Context, bucketName string, access *EncryptionAccess) (b *Bucket, err error) {
defer mon.Task()(&ctx)(&err)
bucketInfo, cfg, err := p.GetBucketInfo(ctx, bucketName)
@ -194,7 +194,7 @@ func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *Enc
}
segmentStore := segments.NewSegmentStore(p.metainfo, ec, rs, p.maxInlineSize.Int(), maxEncryptedSegmentSize)
streamStore, err := streams.NewStreamStore(segmentStore, cfg.Volatile.SegmentsSize.Int64(), encCtx.store, int(encryptionScheme.BlockSize), encryptionScheme.Cipher, p.maxInlineSize.Int())
streamStore, err := streams.NewStreamStore(segmentStore, cfg.Volatile.SegmentsSize.Int64(), access.store, int(encryptionScheme.BlockSize), encryptionScheme.Cipher, p.maxInlineSize.Int())
if err != nil {
return nil, err
}
@ -204,7 +204,7 @@ func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *Enc
Name: bucketInfo.Name,
Created: bucketInfo.Created,
bucket: bucketInfo,
metainfo: kvmetainfo.New(p.project, p.metainfo, streamStore, segmentStore, encCtx.store),
metainfo: kvmetainfo.New(p.project, p.metainfo, streamStore, segmentStore, access.store),
streams: streamStore,
}, nil
}

6
lib/uplinkc/bucket.go
View File

@ -76,14 +76,14 @@ func get_bucket_info(projectHandle C.ProjectRef, bucketName *C.char, cerr **C.ch
// open_bucket returns a Bucket handle with the given encryption context information.
//export open_bucket
func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionCtx *C.char, cerr **C.char) C.BucketRef {
func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionAccess *C.char, cerr **C.char) C.BucketRef {
project, ok := universe.Get(projectHandle._handle).(*Project)
if !ok {
*cerr = C.CString("invalid project")
return C.BucketRef{}
}
encCtx, err := uplink.ParseEncryptionCtx(C.GoString(encryptionCtx))
access, err := uplink.ParseEncryptionAccess(C.GoString(encryptionAccess))
if err != nil {
*cerr = C.CString(err.Error())
return C.BucketRef{}
@ -91,7 +91,7 @@ func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionCtx *C.char
scope := project.scope.child()
bucket, err := project.OpenBucket(scope.ctx, C.GoString(name), encCtx)
bucket, err := project.OpenBucket(scope.ctx, C.GoString(name), access)
if err != nil {
*cerr = C.CString(err.Error())
return C.BucketRef{}

22
mobile/encryption.go
View File

@ -8,19 +8,19 @@ import (
"storj.io/storj/pkg/storj"
)
// EncryptionCtx holds data about encryption keys for a bucket.
type EncryptionCtx struct {
lib *libuplink.EncryptionCtx
// EncryptionAccess holds data about encryption keys for a bucket.
type EncryptionAccess struct {
lib *libuplink.EncryptionAccess
}
// NewEncryptionCtx constructs an empty encryption context.
func NewEncryptionCtx() *EncryptionCtx {
return &EncryptionCtx{lib: libuplink.NewEncryptionCtx()}
// NewEncryptionAccess constructs an empty encryption context.
func NewEncryptionAccess() *EncryptionAccess {
return &EncryptionAccess{lib: libuplink.NewEncryptionAccess()}
}
// SetDefaultKey sets the default key to use when no matching keys are found
// for the encryption context.
func (e *EncryptionCtx) SetDefaultKey(keyData []byte) error {
func (e *EncryptionAccess) SetDefaultKey(keyData []byte) error {
key, err := storj.NewKey(keyData)
if err != nil {
return safeError(err)
@ -29,12 +29,12 @@ func (e *EncryptionCtx) SetDefaultKey(keyData []byte) error {
return nil
}
// ParseEncryptionCtx parses the base58 encoded encryption context data and
// ParseEncryptionAccess parses the base58 encoded encryption context data and
// returns the resulting context.
func ParseEncryptionCtx(b58data string) (*EncryptionCtx, error) {
encCtx, err := libuplink.ParseEncryptionCtx(b58data)
func ParseEncryptionAccess(b58data string) (*EncryptionAccess, error) {
access, err := libuplink.ParseEncryptionAccess(b58data)
if err != nil {
return nil, safeError(err)
}
return &EncryptionCtx{lib: encCtx}, nil
return &EncryptionAccess{lib: access}, nil
}

18
mobile/libuplink_android/app/src/androidTest/java/io/storj/mobile/libuplink/LibuplinkInstrumentedTest.java
View File

@ -133,8 +133,8 @@ public class LibuplinkInstrumentedTest {
try {
Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY);
try {
EncryptionCtx encCtx = new EncryptionCtx();
encCtx.setDefaultKey("TestEncryptionKey".getBytes());
EncryptionAccess access = new EncryptionAccess();
access.setDefaultKey("TestEncryptionKey".getBytes());
RedundancyScheme scheme = new RedundancyScheme();
scheme.setRequiredShares((short) 2);
@ -147,7 +147,7 @@ public class LibuplinkInstrumentedTest {
project.createBucket("test", bucketConfig);
Bucket bucket = project.openBucket("test", encCtx);
Bucket bucket = project.openBucket("test", access);
byte[] expectedData = new byte[1024];
Random random = new Random();
@ -197,8 +197,8 @@ public class LibuplinkInstrumentedTest {
try {
Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY);
try {
EncryptionCtx encCtx = new EncryptionCtx();
encCtx.setDefaultKey("TestEncryptionKey".getBytes());
EncryptionAccess access = new EncryptionAccess();
access.setDefaultKey("TestEncryptionKey".getBytes());
RedundancyScheme scheme = new RedundancyScheme();
scheme.setRequiredShares((short) 2);
@ -211,7 +211,7 @@ public class LibuplinkInstrumentedTest {
project.createBucket("test", bucketConfig);
Bucket bucket = project.openBucket("test", encCtx);
Bucket bucket = project.openBucket("test", access);
byte[] expectedData = new byte[1024 * 100];
Random random = new Random();
@ -267,8 +267,8 @@ public class LibuplinkInstrumentedTest {
try {
Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY);
try {
EncryptionCtx encCtx = new EncryptionCtx();
encCtx.setDefaultKey("TestEncryptionKey".getBytes());
EncryptionAccess access = new EncryptionAccess();
access.setDefaultKey("TestEncryptionKey".getBytes());
BucketConfig bucketConfig = new BucketConfig();
bucketConfig.setRedundancyScheme(new RedundancyScheme());
@ -276,7 +276,7 @@ public class LibuplinkInstrumentedTest {
BucketInfo bucketInfo = project.createBucket("testBucket", bucketConfig);
assertEquals("testBucket", bucketInfo.getName());
Bucket bucket = project.openBucket("testBucket", encCtx);
Bucket bucket = project.openBucket("testBucket", access);
long before = System.currentTimeMillis();

4
mobile/uplink.go
View File

@ -117,10 +117,10 @@ func (project *Project) CreateBucket(bucketName string, opts *BucketConfig) (*Bu
// OpenBucket returns a Bucket handle with the given EncryptionAccess
// information.
func (project *Project) OpenBucket(bucketName string, encCtx *EncryptionCtx) (*Bucket, error) {
func (project *Project) OpenBucket(bucketName string, access *EncryptionAccess) (*Bucket, error) {
scope := project.scope.child()
bucket, err := project.lib.OpenBucket(scope.ctx, bucketName, encCtx.lib)
bucket, err := project.lib.OpenBucket(scope.ctx, bucketName, access.lib)
if err != nil {
return nil, safeError(err)
}

22
pkg/miniogw/gateway.go
View File

@ -30,10 +30,10 @@ var (
)
// NewStorjGateway creates a *Storj object from an existing ObjectStore
func NewStorjGateway(project *uplink.Project, encCtx *uplink.EncryptionCtx, pathCipher storj.CipherSuite, encryption storj.EncryptionParameters, redundancy storj.RedundancyScheme, segmentSize memory.Size) *Gateway {
func NewStorjGateway(project *uplink.Project, access *uplink.EncryptionAccess, pathCipher storj.CipherSuite, encryption storj.EncryptionParameters, redundancy storj.RedundancyScheme, segmentSize memory.Size) *Gateway {
return &Gateway{
project: project,
encCtx: encCtx,
access: access,
pathCipher: pathCipher,
encryption: encryption,
redundancy: redundancy,
@ -45,7 +45,7 @@ func NewStorjGateway(project *uplink.Project, encCtx *uplink.EncryptionCtx, path
// Gateway is the implementation of a minio cmd.Gateway
type Gateway struct {
project *uplink.Project
encCtx *uplink.EncryptionCtx
access *uplink.EncryptionAccess
pathCipher storj.CipherSuite
encryption storj.EncryptionParameters
redundancy storj.RedundancyScheme
@ -93,7 +93,7 @@ func (layer *gatewayLayer) DeleteBucket(ctx context.Context, bucketName string)
func (layer *gatewayLayer) bucketEmpty(ctx context.Context, bucketName string) (empty bool, err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return false, convertError(err, bucketName, "")
}
@ -110,7 +110,7 @@ func (layer *gatewayLayer) bucketEmpty(ctx context.Context, bucketName string) (
func (layer *gatewayLayer) DeleteObject(ctx context.Context, bucketName, objectPath string) (err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return convertError(err, bucketName, "")
}
@ -136,7 +136,7 @@ func (layer *gatewayLayer) GetBucketInfo(ctx context.Context, bucketName string)
func (layer *gatewayLayer) GetObject(ctx context.Context, bucketName, objectPath string, startOffset int64, length int64, writer io.Writer, etag string) (err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return convertError(err, bucketName, "")
}
@ -170,7 +170,7 @@ func (layer *gatewayLayer) GetObject(ctx context.Context, bucketName, objectPath
func (layer *gatewayLayer) GetObjectInfo(ctx context.Context, bucketName, objectPath string) (objInfo minio.ObjectInfo, err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return minio.ObjectInfo{}, convertError(err, bucketName, "")
}
@ -225,7 +225,7 @@ func (layer *gatewayLayer) ListObjects(ctx context.Context, bucketName, prefix,
return minio.ListObjectsInfo{}, minio.UnsupportedDelimiter{Delimiter: delimiter}
}
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return minio.ListObjectsInfo{}, convertError(err, bucketName, "")
}
@ -291,7 +291,7 @@ func (layer *gatewayLayer) ListObjectsV2(ctx context.Context, bucketName, prefix
return minio.ListObjectsV2Info{ContinuationToken: continuationToken}, minio.UnsupportedDelimiter{Delimiter: delimiter}
}
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return minio.ListObjectsV2Info{}, convertError(err, bucketName, "")
}
@ -392,7 +392,7 @@ func (layer *gatewayLayer) MakeBucketWithLocation(ctx context.Context, bucketNam
func (layer *gatewayLayer) CopyObject(ctx context.Context, srcBucket, srcObject, destBucket, destObject string, srcInfo minio.ObjectInfo) (objInfo minio.ObjectInfo, err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, srcBucket, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, srcBucket, layer.gateway.access)
if err != nil {
return minio.ObjectInfo{}, convertError(err, srcBucket, "")
}
@ -424,7 +424,7 @@ func (layer *gatewayLayer) CopyObject(ctx context.Context, srcBucket, srcObject,
func (layer *gatewayLayer) putObject(ctx context.Context, bucketName, objectPath string, reader io.Reader, opts *uplink.UploadOptions) (objInfo minio.ObjectInfo, err error) {
defer mon.Task()(&ctx)(&err)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx)
bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access)
if err != nil {
return minio.ObjectInfo{}, convertError(err, bucketName, "")
}

6
pkg/miniogw/gateway_test.go
View File

@ -704,8 +704,8 @@ func initEnv(ctx context.Context, planet *testplanet.Planet) (minio.ObjectLayer,
var encKey storj.Key
copy(encKey[:], TestEncKey)
encCtx := libuplink.NewEncryptionCtxWithDefaultKey(encKey)
encStore := encCtx.Store()
access := libuplink.NewEncryptionAccessWithDefaultKey(encKey)
encStore := access.Store()
blockSize := rs.StripeSize()
inlineThreshold := 4 * memory.KiB.Int()
@ -747,7 +747,7 @@ func initEnv(ctx context.Context, planet *testplanet.Planet) (minio.ObjectLayer,
gateway := NewStorjGateway(
proj,
encCtx,
access,
storj.EncAESGCM,
storj.EncryptionParameters{
CipherSuite: storj.EncAESGCM,

2
pkg/miniogw/integration_test.go
View File

@ -212,7 +212,7 @@ func runGateway(ctx context.Context, gwCfg config, uplinkCfg uplink.Config, log
gw := miniogw.NewStorjGateway(
project,
libuplink.NewEncryptionCtxWithDefaultKey(storj.Key{}),
libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{}),
storj.Cipher(uplinkCfg.Enc.PathType).ToCipherSuite(),
uplinkCfg.GetEncryptionScheme().ToEncryptionParameters(),
uplinkCfg.GetRedundancyScheme(),

156
pkg/pb/encryption_access.pb.go Normal file
View File

@ -0,0 +1,156 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: encryption_access.proto
package pb
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
type EncryptionAccess struct {
DefaultKey []byte `protobuf:"bytes,1,opt,name=default_key,json=defaultKey,proto3" json:"default_key,omitempty"`
StoreEntries []*EncryptionAccess_StoreEntry `protobuf:"bytes,2,rep,name=store_entries,json=storeEntries,proto3" json:"store_entries,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EncryptionAccess) Reset() { *m = EncryptionAccess{} }
func (m *EncryptionAccess) String() string { return proto.CompactTextString(m) }
func (*EncryptionAccess) ProtoMessage() {}
func (*EncryptionAccess) Descriptor() ([]byte, []int) {
return fileDescriptor_464b1a18bff4a17b, []int{0}
}
func (m *EncryptionAccess) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_EncryptionAccess.Unmarshal(m, b)
}
func (m *EncryptionAccess) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_EncryptionAccess.Marshal(b, m, deterministic)
}
func (m *EncryptionAccess) XXX_Merge(src proto.Message) {
xxx_messageInfo_EncryptionAccess.Merge(m, src)
}
func (m *EncryptionAccess) XXX_Size() int {
return xxx_messageInfo_EncryptionAccess.Size(m)
}
func (m *EncryptionAccess) XXX_DiscardUnknown() {
xxx_messageInfo_EncryptionAccess.DiscardUnknown(m)
}
var xxx_messageInfo_EncryptionAccess proto.InternalMessageInfo
func (m *EncryptionAccess) GetDefaultKey() []byte {
if m != nil {
return m.DefaultKey
}
return nil
}
func (m *EncryptionAccess) GetStoreEntries() []*EncryptionAccess_StoreEntry {
if m != nil {
return m.StoreEntries
}
return nil
}
type EncryptionAccess_StoreEntry struct {
Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"`
UnencryptedPath []byte `protobuf:"bytes,2,opt,name=unencrypted_path,json=unencryptedPath,proto3" json:"unencrypted_path,omitempty"`
EncryptedPath []byte `protobuf:"bytes,3,opt,name=encrypted_path,json=encryptedPath,proto3" json:"encrypted_path,omitempty"`
Key []byte `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EncryptionAccess_StoreEntry) Reset() { *m = EncryptionAccess_StoreEntry{} }
func (m *EncryptionAccess_StoreEntry) String() string { return proto.CompactTextString(m) }
func (*EncryptionAccess_StoreEntry) ProtoMessage() {}
func (*EncryptionAccess_StoreEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_464b1a18bff4a17b, []int{0, 0}
}
func (m *EncryptionAccess_StoreEntry) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_EncryptionAccess_StoreEntry.Unmarshal(m, b)
}
func (m *EncryptionAccess_StoreEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_EncryptionAccess_StoreEntry.Marshal(b, m, deterministic)
}
func (m *EncryptionAccess_StoreEntry) XXX_Merge(src proto.Message) {
xxx_messageInfo_EncryptionAccess_StoreEntry.Merge(m, src)
}
func (m *EncryptionAccess_StoreEntry) XXX_Size() int {
return xxx_messageInfo_EncryptionAccess_StoreEntry.Size(m)
}
func (m *EncryptionAccess_StoreEntry) XXX_DiscardUnknown() {
xxx_messageInfo_EncryptionAccess_StoreEntry.DiscardUnknown(m)
}
var xxx_messageInfo_EncryptionAccess_StoreEntry proto.InternalMessageInfo
func (m *EncryptionAccess_StoreEntry) GetBucket() []byte {
if m != nil {
return m.Bucket
}
return nil
}
func (m *EncryptionAccess_StoreEntry) GetUnencryptedPath() []byte {
if m != nil {
return m.UnencryptedPath
}
return nil
}
func (m *EncryptionAccess_StoreEntry) GetEncryptedPath() []byte {
if m != nil {
return m.EncryptedPath
}
return nil
}
func (m *EncryptionAccess_StoreEntry) GetKey() []byte {
if m != nil {
return m.Key
}
return nil
}
func init() {
proto.RegisterType((*EncryptionAccess)(nil), "encryption_access.EncryptionAccess")
proto.RegisterType((*EncryptionAccess_StoreEntry)(nil), "encryption_access.EncryptionAccess.StoreEntry")
}
func init() { proto.RegisterFile("encryption_access.proto", fileDescriptor_464b1a18bff4a17b) }
var fileDescriptor_464b1a18bff4a17b = []byte{
// 228 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcd, 0x4b, 0x2e,
0xaa, 0x2c, 0x28, 0xc9, 0xcc, 0xcf, 0x8b, 0x4f, 0x4c, 0x4e, 0x4e, 0x2d, 0x2e, 0xd6, 0x2b, 0x28,
0xca, 0x2f, 0xc9, 0x17, 0x12, 0xc4, 0x90, 0x90, 0xe2, 0x4a, 0xcf, 0x4f, 0xcf, 0x87, 0x48, 0x2b,
0x4d, 0x66, 0xe2, 0x12, 0x70, 0x85, 0xab, 0x70, 0x04, 0x2b, 0x10, 0x92, 0xe7, 0xe2, 0x4e, 0x49,
0x4d, 0x4b, 0x2c, 0xcd, 0x29, 0x89, 0xcf, 0x4e, 0xad, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x09,
0xe2, 0x82, 0x0a, 0x79, 0xa7, 0x56, 0x0a, 0x05, 0x73, 0xf1, 0x16, 0x97, 0xe4, 0x17, 0xa5, 0xc6,
0xa7, 0xe6, 0x95, 0x14, 0x65, 0xa6, 0x16, 0x4b, 0x30, 0x29, 0x30, 0x6b, 0x70, 0x1b, 0xe9, 0xe9,
0x61, 0xba, 0x02, 0xdd, 0x70, 0xbd, 0x60, 0x90, 0x46, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x9e,
0x62, 0x18, 0x3b, 0x33, 0xb5, 0x58, 0xaa, 0x83, 0x91, 0x8b, 0x0b, 0x21, 0x29, 0x24, 0xc6, 0xc5,
0x96, 0x54, 0x9a, 0x9c, 0x9d, 0x5a, 0x02, 0xb5, 0x1f, 0xca, 0x13, 0xd2, 0xe4, 0x12, 0x28, 0xcd,
0x83, 0xda, 0x93, 0x9a, 0x12, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x56, 0xc1, 0x8f, 0x24,
0x1e, 0x90, 0x58, 0x92, 0x21, 0xa4, 0xca, 0xc5, 0x87, 0xa6, 0x90, 0x19, 0xac, 0x90, 0x17, 0x55,
0x99, 0x00, 0x17, 0x33, 0xc8, 0x9b, 0x2c, 0x60, 0x39, 0x10, 0xd3, 0x89, 0x25, 0x8a, 0xa9, 0x20,
0x29, 0x89, 0x0d, 0x1c, 0x44, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf2, 0x73, 0xee, 0x7d,
0x5c, 0x01, 0x00, 0x00,
}

4
pkg/pb/encryption_ctx.proto → pkg/pb/encryption_access.proto
View File

@ -5,11 +5,11 @@ syntax = "proto3";
option go_package = "pb";
package encryption_ctx;
package encryption_access;
import "gogo.proto";
message EncryptionCtx {
message EncryptionAccess {
message StoreEntry {
bytes bucket = 1;
bytes unencrypted_path = 2;

155
pkg/pb/encryption_ctx.pb.go
View File

@ -1,155 +0,0 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: encryption_ctx.proto
package pb
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
type EncryptionCtx struct {
DefaultKey []byte `protobuf:"bytes,1,opt,name=default_key,json=defaultKey,proto3" json:"default_key,omitempty"`
StoreEntries []*EncryptionCtx_StoreEntry `protobuf:"bytes,2,rep,name=store_entries,json=storeEntries,proto3" json:"store_entries,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EncryptionCtx) Reset() { *m = EncryptionCtx{} }
func (m *EncryptionCtx) String() string { return proto.CompactTextString(m) }
func (*EncryptionCtx) ProtoMessage() {}
func (*EncryptionCtx) Descriptor() ([]byte, []int) {
return fileDescriptor_b1567295c75a6f56, []int{0}
}
func (m *EncryptionCtx) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_EncryptionCtx.Unmarshal(m, b)
}
func (m *EncryptionCtx) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_EncryptionCtx.Marshal(b, m, deterministic)
}
func (m *EncryptionCtx) XXX_Merge(src proto.Message) {
xxx_messageInfo_EncryptionCtx.Merge(m, src)
}
func (m *EncryptionCtx) XXX_Size() int {
return xxx_messageInfo_EncryptionCtx.Size(m)
}
func (m *EncryptionCtx) XXX_DiscardUnknown() {
xxx_messageInfo_EncryptionCtx.DiscardUnknown(m)
}
var xxx_messageInfo_EncryptionCtx proto.InternalMessageInfo
func (m *EncryptionCtx) GetDefaultKey() []byte {
if m != nil {
return m.DefaultKey
}
return nil
}
func (m *EncryptionCtx) GetStoreEntries() []*EncryptionCtx_StoreEntry {
if m != nil {
return m.StoreEntries
}
return nil
}
type EncryptionCtx_StoreEntry struct {
Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"`
UnencryptedPath []byte `protobuf:"bytes,2,opt,name=unencrypted_path,json=unencryptedPath,proto3" json:"unencrypted_path,omitempty"`
EncryptedPath []byte `protobuf:"bytes,3,opt,name=encrypted_path,json=encryptedPath,proto3" json:"encrypted_path,omitempty"`
Key []byte `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EncryptionCtx_StoreEntry) Reset() { *m = EncryptionCtx_StoreEntry{} }
func (m *EncryptionCtx_StoreEntry) String() string { return proto.CompactTextString(m) }
func (*EncryptionCtx_StoreEntry) ProtoMessage() {}
func (*EncryptionCtx_StoreEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_b1567295c75a6f56, []int{0, 0}
}
func (m *EncryptionCtx_StoreEntry) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_EncryptionCtx_StoreEntry.Unmarshal(m, b)
}
func (m *EncryptionCtx_StoreEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_EncryptionCtx_StoreEntry.Marshal(b, m, deterministic)
}
func (m *EncryptionCtx_StoreEntry) XXX_Merge(src proto.Message) {
xxx_messageInfo_EncryptionCtx_StoreEntry.Merge(m, src)
}
func (m *EncryptionCtx_StoreEntry) XXX_Size() int {
return xxx_messageInfo_EncryptionCtx_StoreEntry.Size(m)
}
func (m *EncryptionCtx_StoreEntry) XXX_DiscardUnknown() {
xxx_messageInfo_EncryptionCtx_StoreEntry.DiscardUnknown(m)
}
var xxx_messageInfo_EncryptionCtx_StoreEntry proto.InternalMessageInfo
func (m *EncryptionCtx_StoreEntry) GetBucket() []byte {
if m != nil {
return m.Bucket
}
return nil
}
func (m *EncryptionCtx_StoreEntry) GetUnencryptedPath() []byte {
if m != nil {
return m.UnencryptedPath
}
return nil
}
func (m *EncryptionCtx_StoreEntry) GetEncryptedPath() []byte {
if m != nil {
return m.EncryptedPath
}
return nil
}
func (m *EncryptionCtx_StoreEntry) GetKey() []byte {
if m != nil {
return m.Key
}
return nil
}
func init() {
proto.RegisterType((*EncryptionCtx)(nil), "encryption_ctx.EncryptionCtx")
proto.RegisterType((*EncryptionCtx_StoreEntry)(nil), "encryption_ctx.EncryptionCtx.StoreEntry")
}
func init() { proto.RegisterFile("encryption_ctx.proto", fileDescriptor_b1567295c75a6f56) }
var fileDescriptor_b1567295c75a6f56 = []byte{
// 224 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x49, 0xcd, 0x4b, 0x2e,
0xaa, 0x2c, 0x28, 0xc9, 0xcc, 0xcf, 0x8b, 0x4f, 0x2e, 0xa9, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9,
0x17, 0xe2, 0x43, 0x15, 0x95, 0xe2, 0x4a, 0xcf, 0x4f, 0xcf, 0x87, 0xc8, 0x29, 0x75, 0x31, 0x71,
0xf1, 0xba, 0xc2, 0xa5, 0x9d, 0x4b, 0x2a, 0x84, 0xe4, 0xb9, 0xb8, 0x53, 0x52, 0xd3, 0x12, 0x4b,
0x73, 0x4a, 0xe2, 0xb3, 0x53, 0x2b, 0x25, 0x18, 0x15, 0x18, 0x35, 0x78, 0x82, 0xb8, 0xa0, 0x42,
0xde, 0xa9, 0x95, 0x42, 0xbe, 0x5c, 0xbc, 0xc5, 0x25, 0xf9, 0x45, 0xa9, 0xf1, 0xa9, 0x79, 0x25,
0x45, 0x99, 0xa9, 0xc5, 0x12, 0x4c, 0x0a, 0xcc, 0x1a, 0xdc, 0x46, 0x1a, 0x7a, 0x68, 0x96, 0xa3,
0x18, 0xab, 0x17, 0x0c, 0xd2, 0xe2, 0x9a, 0x57, 0x52, 0x54, 0x19, 0xc4, 0x53, 0x0c, 0x63, 0x67,
0xa6, 0x16, 0x4b, 0x75, 0x30, 0x72, 0x71, 0x21, 0x24, 0x85, 0xc4, 0xb8, 0xd8, 0x92, 0x4a, 0x93,
0xb3, 0x53, 0x4b, 0xa0, 0x36, 0x43, 0x79, 0x42, 0x9a, 0x5c, 0x02, 0xa5, 0x79, 0x50, 0x1b, 0x52,
0x53, 0xe2, 0x0b, 0x12, 0x4b, 0x32, 0x24, 0x98, 0xc0, 0x2a, 0xf8, 0x91, 0xc4, 0x03, 0x12, 0x4b,
0x32, 0x84, 0x54, 0xb9, 0xf8, 0xd0, 0x14, 0x32, 0x83, 0x15, 0xf2, 0xa2, 0x2a, 0x13, 0xe0, 0x62,
0x06, 0x79, 0x90, 0x05, 0x2c, 0x07, 0x62, 0x3a, 0xb1, 0x44, 0x31, 0x15, 0x24, 0x25, 0xb1, 0x81,
0x43, 0xc6, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0xcb, 0x91, 0x63, 0x57, 0x4d, 0x01, 0x00, 0x00,
}

6
proto.lock
View File

@ -185,11 +185,11 @@
}
},
{
"protopath": "pkg:/:pb:/:encryption_ctx.proto",
"protopath": "pkg:/:pb:/:encryption_access.proto",
"def": {
"messages": [
{
"name": "EncryptionCtx",
"name": "EncryptionAccess",
"fields": [
{
"id": 1,
@ -238,7 +238,7 @@
}
],
"package": {
"name": "encryption_ctx"
"name": "encryption_access"
},
"options": [
{

10
uplink/config.go
View File

@ -25,11 +25,11 @@ type RSConfig struct {
// EncryptionConfig is a configuration struct that keeps details about
// encrypting segments
type EncryptionConfig struct {
EncryptionKey string `help:"the root key for encrypting the data which will be stored in KeyFilePath" setup:"true"`
KeyFilepath string `help:"the path to the file which contains the root key for encrypting the data"`
EncCtxFilepath string `help:"the path to a file containing a serialized encryption ctx"`
DataType int `help:"Type of encryption to use for content and metadata (1=AES-GCM, 2=SecretBox)" default:"1"`
PathType int `help:"Type of encryption to use for paths (0=Unencrypted, 1=AES-GCM, 2=SecretBox)" default:"1"`
EncryptionKey string `help:"the root key for encrypting the data which will be stored in KeyFilePath" setup:"true"`
KeyFilepath string `help:"the path to the file which contains the root key for encrypting the data"`
EncAccessFilepath string `help:"the path to a file containing a serialized encryption access"`
DataType int `help:"Type of encryption to use for content and metadata (1=AES-GCM, 2=SecretBox)" default:"1"`
PathType int `help:"Type of encryption to use for paths (0=Unencrypted, 1=AES-GCM, 2=SecretBox)" default:"1"`
}
// ClientConfig is a configuration struct for the uplink that controls how

12
uplink/setup/setup.go
View File

@ -23,16 +23,16 @@ var (
Error = errs.Class("uplink setup")
)
// LoadEncryptionCtx loads an EncryptionCtx from the values specified in the encryption config.
func LoadEncryptionCtx(ctx context.Context, cfg uplink.EncryptionConfig) (_ *libuplink.EncryptionCtx, err error) {
// LoadEncryptionAccess loads an EncryptionAccess from the values specified in the encryption config.
func LoadEncryptionAccess(ctx context.Context, cfg uplink.EncryptionConfig) (_ *libuplink.EncryptionAccess, err error) {
defer mon.Task()(&ctx)(&err)
if cfg.EncCtxFilepath != "" {
data, err := ioutil.ReadFile(cfg.EncCtxFilepath)
if cfg.EncAccessFilepath != "" {
data, err := ioutil.ReadFile(cfg.EncAccessFilepath)
if err != nil {
return nil, errs.Wrap(err)
}
return libuplink.ParseEncryptionCtx(strings.TrimSpace(string(data)))
return libuplink.ParseEncryptionAccess(strings.TrimSpace(string(data)))
}
data := []byte(cfg.EncryptionKey)
@ -47,5 +47,5 @@ func LoadEncryptionCtx(ctx context.Context, cfg uplink.EncryptionConfig) (_ *lib
if err != nil {
return nil, errs.Wrap(err)
}
return libuplink.NewEncryptionCtxWithDefaultKey(*key), nil
return libuplink.NewEncryptionAccessWithDefaultKey(*key), nil
}

24
uplink/setup/setup_test.go
View File

@ -19,13 +19,13 @@ import (
"storj.io/storj/uplink/setup"
)
func TestLoadEncryptionCtx(t *testing.T) {
saveRawCtx := func(encCtx *libuplink.EncryptionCtx) (filepath string, clenaup func()) {
func TestLoadEncryptionAccess(t *testing.T) {
saveRawCtx := func(access *libuplink.EncryptionAccess) (filepath string, clenaup func()) {
t.Helper()
ctx := testcontext.New(t)
filename := ctx.File("encryption.ctx")
data, err := encCtx.Serialize()
data, err := access.Serialize()
require.NoError(t, err)
err = ioutil.WriteFile(filename, []byte(data), os.FileMode(0400))
require.NoError(t, err)
@ -38,20 +38,20 @@ func TestLoadEncryptionCtx(t *testing.T) {
key, err := storj.NewKey(passphrase)
require.NoError(t, err)
encCtx := libuplink.NewEncryptionCtxWithDefaultKey(*key)
filename, cleanup := saveRawCtx(encCtx)
access := libuplink.NewEncryptionAccessWithDefaultKey(*key)
filename, cleanup := saveRawCtx(access)
defer cleanup()
gotCtx, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{
EncCtxFilepath: filename,
gotCtx, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{
EncAccessFilepath: filename,
})
require.NoError(t, err)
require.Equal(t, encCtx, gotCtx)
require.Equal(t, access, gotCtx)
})
t.Run("ok: empty filepath", func(t *testing.T) {
gotCtx, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{
EncCtxFilepath: "",
gotCtx, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{
EncAccessFilepath: "",
})
require.NoError(t, err)
@ -63,8 +63,8 @@ func TestLoadEncryptionCtx(t *testing.T) {
defer ctx.Cleanup()
filename := ctx.File("encryption.ctx")
_, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{
EncCtxFilepath: filename,
_, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{
EncAccessFilepath: filename,
})
require.Error(t, err)
})