diff --git a/cmd/gateway/main.go b/cmd/gateway/main.go index 8f5a44dc4..34bf7716e 100644 --- a/cmd/gateway/main.go +++ b/cmd/gateway/main.go @@ -225,7 +225,7 @@ func (flags GatewayFlags) action(ctx context.Context, cliCtx *cli.Context) (err // NewGateway creates a new minio Gateway func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err error) { - encCtx, err := setup.LoadEncryptionCtx(ctx, flags.Enc) + access, err := setup.LoadEncryptionAccess(ctx, flags.Enc) if err != nil { return nil, err } @@ -237,7 +237,7 @@ func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err return miniogw.NewStorjGateway( project, - encCtx, + access, storj.Cipher(flags.Enc.PathType).ToCipherSuite(), flags.GetEncryptionScheme().ToEncryptionParameters(), flags.GetRedundancyScheme(), diff --git a/cmd/uplink/cmd/cp.go b/cmd/uplink/cmd/cp.go index 44e32f0e7..b020a887b 100644 --- a/cmd/uplink/cmd/cp.go +++ b/cmd/uplink/cmd/cp.go @@ -83,12 +83,12 @@ func upload(ctx context.Context, src fpath.FPath, dst fpath.FPath, showProgress return fmt.Errorf("source cannot be a directory: %s", src) } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } - project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx) + project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access) if err != nil { return err } @@ -136,12 +136,12 @@ func download(ctx context.Context, src fpath.FPath, dst fpath.FPath, showProgres return fmt.Errorf("destination must be local path: %s", dst) } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } - project, bucket, err := cfg.GetProjectAndBucket(ctx, src.Bucket(), encCtx) + project, bucket, err := cfg.GetProjectAndBucket(ctx, src.Bucket(), access) if err != nil { return err } @@ -215,12 +215,12 @@ func copyObject(ctx context.Context, src fpath.FPath, dst fpath.FPath) (err erro return fmt.Errorf("destination must be Storj URL: %s", dst) } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } - project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx) + project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access) if err != nil { return err } diff --git a/cmd/uplink/cmd/ls.go b/cmd/uplink/cmd/ls.go index 13ba64f47..8f76b93b2 100644 --- a/cmd/uplink/cmd/ls.go +++ b/cmd/uplink/cmd/ls.go @@ -43,7 +43,7 @@ func list(cmd *cobra.Command, args []string) error { } }() - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } @@ -58,7 +58,7 @@ func list(cmd *cobra.Command, args []string) error { return fmt.Errorf("No bucket specified, use format sj://bucket/") } - bucket, err := project.OpenBucket(ctx, src.Bucket(), encCtx) + bucket, err := project.OpenBucket(ctx, src.Bucket(), access) if err != nil { return err } @@ -87,7 +87,7 @@ func list(cmd *cobra.Command, args []string) error { for _, bucket := range list.Items { fmt.Println("BKT", formatTime(bucket.Created), bucket.Name) if *recursiveFlag { - if err := listFilesFromBucket(ctx, project, bucket.Name, encCtx); err != nil { + if err := listFilesFromBucket(ctx, project, bucket.Name, access); err != nil { return err } } @@ -106,13 +106,13 @@ func list(cmd *cobra.Command, args []string) error { return nil } -func listFilesFromBucket(ctx context.Context, project *libuplink.Project, bucketName string, encCtx *libuplink.EncryptionCtx) error { +func listFilesFromBucket(ctx context.Context, project *libuplink.Project, bucketName string, access *libuplink.EncryptionAccess) error { prefix, err := fpath.New(fmt.Sprintf("sj://%s/", bucketName)) if err != nil { return err } - bucket, err := project.OpenBucket(ctx, bucketName, encCtx) + bucket, err := project.OpenBucket(ctx, bucketName, access) if err != nil { return err } diff --git a/cmd/uplink/cmd/rb.go b/cmd/uplink/cmd/rb.go index 738e9d875..4e27fe355 100644 --- a/cmd/uplink/cmd/rb.go +++ b/cmd/uplink/cmd/rb.go @@ -42,12 +42,12 @@ func deleteBucket(cmd *cobra.Command, args []string) error { return fmt.Errorf("Nested buckets not supported, use format sj://bucket/") } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } - project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx) + project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access) if err != nil { return convertError(err, dst) } diff --git a/cmd/uplink/cmd/rm.go b/cmd/uplink/cmd/rm.go index dc972d837..7415a4f58 100644 --- a/cmd/uplink/cmd/rm.go +++ b/cmd/uplink/cmd/rm.go @@ -37,12 +37,12 @@ func deleteObject(cmd *cobra.Command, args []string) error { return fmt.Errorf("No bucket specified, use format sj://bucket/") } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } - project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), encCtx) + project, bucket, err := cfg.GetProjectAndBucket(ctx, dst.Bucket(), access) if err != nil { return convertError(err, dst) } diff --git a/cmd/uplink/cmd/root.go b/cmd/uplink/cmd/root.go index e0cc0e111..f3c2fa308 100644 --- a/cmd/uplink/cmd/root.go +++ b/cmd/uplink/cmd/root.go @@ -112,7 +112,7 @@ func (cliCfg *UplinkFlags) GetProject(ctx context.Context) (*libuplink.Project, } // GetProjectAndBucket returns a *libuplink.Bucket for interacting with a specific project's bucket -func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName string, encCtx *libuplink.EncryptionCtx) (project *libuplink.Project, bucket *libuplink.Bucket, err error) { +func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName string, access *libuplink.EncryptionAccess) (project *libuplink.Project, bucket *libuplink.Bucket, err error) { project, err = cliCfg.GetProject(ctx) if err != nil { return project, bucket, err @@ -126,7 +126,7 @@ func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName s } }() - bucket, err = project.OpenBucket(ctx, bucketName, encCtx) + bucket, err = project.OpenBucket(ctx, bucketName, access) if err != nil { return project, bucket, err } diff --git a/cmd/uplink/cmd/share.go b/cmd/uplink/cmd/share.go index 102347939..46d6b99b8 100644 --- a/cmd/uplink/cmd/share.go +++ b/cmd/uplink/cmd/share.go @@ -100,13 +100,13 @@ func shareMain(cmd *cobra.Command, args []string) (err error) { return err } - encCtx, err := setup.LoadEncryptionCtx(ctx, cfg.Enc) + access, err := setup.LoadEncryptionAccess(ctx, cfg.Enc) if err != nil { return err } if len(restrictions) > 0 { - key, encCtx, err = encCtx.Restrict(key, restrictions...) + key, access, err = access.Restrict(key, restrictions...) if err != nil { return err } @@ -146,12 +146,12 @@ func shareMain(cmd *cobra.Command, args []string) (err error) { return err } - encCtxData, err := encCtx.Serialize() + accessData, err := access.Serialize() if err != nil { return err } fmt.Println("api key:", key.Serialize()) - fmt.Println("enc ctx:", encCtxData) + fmt.Println("enc ctx:", accessData) return nil } diff --git a/go.sum b/go.sum index b90dd16af..cd19ebd1e 100644 --- a/go.sum +++ b/go.sum @@ -379,8 +379,6 @@ github.com/zeebo/assert v0.0.0-20181109011804-10f827ce2ed6 h1:bs7mSHVrLRQHxqWcm0 github.com/zeebo/assert v0.0.0-20181109011804-10f827ce2ed6/go.mod h1:yssERNPivllc1yU3BvpjYI5BUW+zglcz6QWqeVRL5t0= github.com/zeebo/errs v1.1.1 h1:Cs5Noqj/tj3Ql/hLkD9WdumKlssx/IN2zr7CRGNOKZA= github.com/zeebo/errs v1.1.1/go.mod h1:Yj8dHrUQwls1bF3dr/vcSIu+qf4mI7idnTcHfoACc6I= -github.com/zeebo/errs v1.2.0 h1:Tk8UszIOLEjtx6DWnvfmMJe6N8q7vu03Bj95HMWDUkc= -github.com/zeebo/errs v1.2.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zeebo/errs v1.2.1-0.20190617123220-06a113fed680 h1:nLsPSuW22yF+MmUX0sFaTfnMKL83XuHtx8B1YvNtYys= github.com/zeebo/errs v1.2.1-0.20190617123220-06a113fed680/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zeebo/float16 v0.1.0 h1:kRqxv5og6z1emEyz5FpW0/BVHe5VfxEAw6b1ljCZlUc= diff --git a/lib/uplink/bucket_attrs_test.go b/lib/uplink/bucket_attrs_test.go index 0c8479ba2..1f63d6081 100644 --- a/lib/uplink/bucket_attrs_test.go +++ b/lib/uplink/bucket_attrs_test.go @@ -53,12 +53,12 @@ func testPlanetWithLibUplink(t *testing.T, cfg testConfig, }) } -func simpleEncryptionAccess(encKey string) (access *EncryptionCtx) { +func simpleEncryptionAccess(encKey string) (access *EncryptionAccess) { key, err := storj.NewKey([]byte(encKey)) if err != nil { panic(err) } - return NewEncryptionCtxWithDefaultKey(*key) + return NewEncryptionAccessWithDefaultKey(*key) } // check that partner bucket attributes are stored and retrieved correctly. diff --git a/lib/uplink/encryption.go b/lib/uplink/encryption.go index c464632f3..bff785228 100644 --- a/lib/uplink/encryption.go +++ b/lib/uplink/encryption.go @@ -19,40 +19,40 @@ const ( defaultCipher = storj.EncAESGCM ) -// EncryptionCtx represents an encryption context. It holds information about +// EncryptionAccess represents an encryption context. It holds information about // how various buckets and objects should be encrypted and decrypted. -type EncryptionCtx struct { +type EncryptionAccess struct { store *encryption.Store } -// NewEncryptionCtx creates an encryption ctx -func NewEncryptionCtx() *EncryptionCtx { - return &EncryptionCtx{ +// NewEncryptionAccess creates an encryption ctx +func NewEncryptionAccess() *EncryptionAccess { + return &EncryptionAccess{ store: encryption.NewStore(), } } -// NewEncryptionCtxWithDefaultKey creates an encryption ctx with a default key set -func NewEncryptionCtxWithDefaultKey(defaultKey storj.Key) *EncryptionCtx { - ec := NewEncryptionCtx() +// NewEncryptionAccessWithDefaultKey creates an encryption ctx with a default key set +func NewEncryptionAccessWithDefaultKey(defaultKey storj.Key) *EncryptionAccess { + ec := NewEncryptionAccess() ec.SetDefaultKey(defaultKey) return ec } // Store returns the underlying encryption store for the context. -func (s *EncryptionCtx) Store() *encryption.Store { +func (s *EncryptionAccess) Store() *encryption.Store { return s.store } // SetDefaultKey sets the default key for the encryption context. -func (s *EncryptionCtx) SetDefaultKey(defaultKey storj.Key) { +func (s *EncryptionAccess) SetDefaultKey(defaultKey storj.Key) { s.store.SetDefaultKey(&defaultKey) } // Import merges the other encryption context into this one. In cases // of conflicting path decryption settings (including if both contexts have // a default key), the new settings are kept. -func (s *EncryptionCtx) Import(other *EncryptionCtx) error { +func (s *EncryptionAccess) Import(other *EncryptionAccess) error { if key := other.store.GetDefaultKey(); key != nil { s.store.SetDefaultKey(key) } @@ -66,19 +66,19 @@ type EncryptionRestriction struct { PathPrefix storj.Path } -// Restrict creates a new EncryptionCtx with no default key, where the key material +// Restrict creates a new EncryptionAccess with no default key, where the key material // in the new context is just enough to allow someone to access all of the given // restrictions but no more. -func (s *EncryptionCtx) Restrict(apiKey APIKey, restrictions ...EncryptionRestriction) (APIKey, *EncryptionCtx, error) { +func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRestriction) (APIKey, *EncryptionAccess, error) { if len(restrictions) == 0 { // Should the function signature be - // func (s *EncryptionCtx) Restrict(apiKey APIKey, restriction EncryptionRestriction, restrictions ...EncryptionRestriction) (APIKey, *EncryptionCtx, error) { + // func (s *EncryptionAccess) Restrict(apiKey APIKey, restriction EncryptionRestriction, restrictions ...EncryptionRestriction) (APIKey, *EncryptionAccess, error) { // so we don't have to do this test? return APIKey{}, nil, errs.New("at least one restriction required") } caveat := macaroon.Caveat{} - encCtx := NewEncryptionCtx() + encCtx := NewEncryptionAccess() for _, res := range restrictions { unencPath := paths.NewUnencrypted(res.PathPrefix) @@ -110,11 +110,11 @@ func (s *EncryptionCtx) Restrict(apiKey APIKey, restrictions ...EncryptionRestri return apiKey, encCtx, nil } -// Serialize turns an EncryptionCtx into base58 -func (s *EncryptionCtx) Serialize() (string, error) { - var storeEntries []*pb.EncryptionCtx_StoreEntry +// Serialize turns an EncryptionAccess into base58 +func (s *EncryptionAccess) Serialize() (string, error) { + var storeEntries []*pb.EncryptionAccess_StoreEntry err := s.store.Iterate(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key) error { - storeEntries = append(storeEntries, &pb.EncryptionCtx_StoreEntry{ + storeEntries = append(storeEntries, &pb.EncryptionAccess_StoreEntry{ Bucket: []byte(bucket), UnencryptedPath: []byte(unenc.Raw()), EncryptedPath: []byte(enc.Raw()), @@ -131,7 +131,7 @@ func (s *EncryptionCtx) Serialize() (string, error) { defaultKey = key[:] } - data, err := proto.Marshal(&pb.EncryptionCtx{ + data, err := proto.Marshal(&pb.EncryptionAccess{ DefaultKey: defaultKey, StoreEntries: storeEntries, }) @@ -143,19 +143,19 @@ func (s *EncryptionCtx) Serialize() (string, error) { } -// ParseEncryptionCtx parses a base58 serialized encryption context into a working one. -func ParseEncryptionCtx(b58data string) (*EncryptionCtx, error) { +// ParseEncryptionAccess parses a base58 serialized encryption context into a working one. +func ParseEncryptionAccess(b58data string) (*EncryptionAccess, error) { data, version, err := base58.CheckDecode(b58data) if err != nil || version != 0 { return nil, errs.New("invalid encryption context format") } - p := new(pb.EncryptionCtx) + p := new(pb.EncryptionAccess) if err := proto.Unmarshal(data, p); err != nil { return nil, errs.New("unable to unmarshal encryption context: %v", err) } - encCtx := NewEncryptionCtx() + encCtx := NewEncryptionAccess() if len(p.DefaultKey) > 0 { if len(p.DefaultKey) != len(storj.Key{}) { diff --git a/lib/uplink/ex_interface_test.go b/lib/uplink/ex_interface_test.go index 0b8662850..f9a2a9246 100644 --- a/lib/uplink/ex_interface_test.go +++ b/lib/uplink/ex_interface_test.go @@ -48,7 +48,7 @@ func WorkWithLibUplink(satelliteAddress string, encryptionKey *storj.Key, apiKey } // Open up the desired Bucket within the Project - bucket, err := proj.OpenBucket(ctx, bucketName, uplink.NewEncryptionCtxWithDefaultKey(*encryptionKey)) + bucket, err := proj.OpenBucket(ctx, bucketName, uplink.NewEncryptionAccessWithDefaultKey(*encryptionKey)) if err != nil { return fmt.Errorf("could not open bucket %q: %v", bucketName, err) } diff --git a/lib/uplink/ex_password_test.go b/lib/uplink/ex_password_test.go index 6003f5631..2835033ed 100644 --- a/lib/uplink/ex_password_test.go +++ b/lib/uplink/ex_password_test.go @@ -16,7 +16,7 @@ import ( "storj.io/storj/lib/uplink" ) -func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, apiKey string, cfg *uplink.Config, out io.Writer) (serializedEncCtx string, err error) { +func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, apiKey string, cfg *uplink.Config, out io.Writer) (serializedAccess string, err error) { errCatch := func(fn func() error) { err = errs.Combine(err, fn()) } // First, create an Uplink handle. @@ -46,9 +46,9 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a } // Make an encryption context - encCtx := uplink.NewEncryptionCtxWithDefaultKey(*encKey) + access := uplink.NewEncryptionAccessWithDefaultKey(*encKey) // serialize it - serializedEncCtx, err = encCtx.Serialize() + serializedAccess, err = access.Serialize() if err != nil { return "", err } @@ -60,7 +60,7 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a } // Open bucket - bucket, err := p.OpenBucket(ctx, "prod", encCtx) + bucket, err := p.OpenBucket(ctx, "prod", access) if err != nil { return "", err } @@ -73,10 +73,10 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, satelliteAddress, a } fmt.Fprintln(out, "success!") - return serializedEncCtx, nil + return serializedAccess, nil } -func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, apiKey string, serializedEncCtx string, cfg *uplink.Config, out io.Writer) (err error) { +func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, apiKey string, serializedAccess string, cfg *uplink.Config, out io.Writer) (err error) { errCatch := func(fn func() error) { err = errs.Combine(err, fn()) } // First, create an Uplink handle. @@ -100,13 +100,13 @@ func CreateEncryptionKeyExampleByAdmin2(ctx context.Context, satelliteAddress, a defer errCatch(p.Close) // Parse the encryption context - encCtx, err := uplink.ParseEncryptionCtx(serializedEncCtx) + access, err := uplink.ParseEncryptionAccess(serializedAccess) if err != nil { return err } // Open bucket - bucket, err := p.OpenBucket(ctx, "prod", encCtx) + bucket, err := p.OpenBucket(ctx, "prod", access) if err != nil { return err } @@ -148,13 +148,13 @@ func Example_createEncryptionKey() { ctx := context.Background() // Admin1 is going to create an encryption context and share it - encCtx, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddress, admin1APIKey, &uplink.Config{}, os.Stdout) + access, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddress, admin1APIKey, &uplink.Config{}, os.Stdout) if err != nil { panic(err) } // Admin2 is going to use the provided encryption context to load the uploaded file - err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddress, admin2APIKey, encCtx, &uplink.Config{}, os.Stdout) + err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddress, admin2APIKey, access, &uplink.Config{}, os.Stdout) if err != nil { panic(err) } diff --git a/lib/uplink/ex_restrict_test.go b/lib/uplink/ex_restrict_test.go index 053ddee7e..ef4884840 100644 --- a/lib/uplink/ex_restrict_test.go +++ b/lib/uplink/ex_restrict_test.go @@ -16,7 +16,7 @@ import ( "storj.io/storj/pkg/macaroon" ) -func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey string, adminEncCtx string, cfg *uplink.Config, out io.Writer) (serializedUserAPIKey string, serializedEncCtx string, err error) { +func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey string, adminAccess string, cfg *uplink.Config, out io.Writer) (serializedUserAPIKey string, serializedAccess string, err error) { // Parse the API key. API keys are "macaroons" that allow you to create new, restricted API keys. key, err := uplink.ParseAPIKey(apiKey) if err != nil { @@ -34,14 +34,14 @@ func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey } // Load the existing encryption context - encCtx, err := uplink.ParseEncryptionCtx(adminEncCtx) + access, err := uplink.ParseEncryptionAccess(adminAccess) if err != nil { return "", "", err } // Restrict the encryption context to just the prod and staging buckets // for webserver/logs/ - userAPIKey, userEncCtx, err := encCtx.Restrict(userAPIKey, + userAPIKey, userAccess, err := access.Restrict(userAPIKey, uplink.EncryptionRestriction{Bucket: "prod", PathPrefix: "webserver/logs"}, uplink.EncryptionRestriction{Bucket: "staging", PathPrefix: "webserver/logs"}, ) @@ -50,16 +50,16 @@ func RestrictAccessExampleByAdmin(ctx context.Context, satelliteAddress, apiKey } // Serialize the encryption context - serializedUserEncCtx, err := userEncCtx.Serialize() + serializedUserAccess, err := userAccess.Serialize() if err != nil { return "", "", err } fmt.Fprintln(out, "success!") - return userAPIKey.Serialize(), serializedUserEncCtx, nil + return userAPIKey.Serialize(), serializedUserAccess, nil } -func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey string, serializedEncCtx string, cfg *uplink.Config, out io.Writer) (err error) { +func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey string, serializedAccess string, cfg *uplink.Config, out io.Writer) (err error) { errCatch := func(fn func() error) { err = errs.Combine(err, fn()) } // First, create an Uplink handle. @@ -83,13 +83,13 @@ func RestrictAccessExampleByUser(ctx context.Context, satelliteAddress, apiKey s defer errCatch(p.Close) // Parse the encryption context - encCtx, err := uplink.ParseEncryptionCtx(serializedEncCtx) + access, err := uplink.ParseEncryptionAccess(serializedAccess) if err != nil { return err } // Open bucket - bucket, err := p.OpenBucket(ctx, "prod", encCtx) + bucket, err := p.OpenBucket(ctx, "prod", access) if err != nil { return err } @@ -127,20 +127,20 @@ func Example_restrictAccess() { // The API key can be created in the web interface adminAPIKey := "qPSUM3k0bZyOIyil2xrVWiSuc9HuB2yBP3qDrA2Gc" - // The encryption context was created using NewEncryptionCtxWithDefaultKey and + // The encryption context was created using NewEncryptionAccessWithDefaultKey and // (*Project).SaltedKeyFromPassphrase() earlier - adminEncCtx := "HYGoqCEz43mCE40Hc5lQD3DtUYynx9Vo1GjOx75hQ" + adminAccess := "HYGoqCEz43mCE40Hc5lQD3DtUYynx9Vo1GjOx75hQ" ctx := context.Background() // Admin1 is going to create an encryption context and share it - userAPIKey, encCtx, err := RestrictAccessExampleByAdmin(ctx, satelliteAddress, adminAPIKey, adminEncCtx, &uplink.Config{}, os.Stdout) + userAPIKey, access, err := RestrictAccessExampleByAdmin(ctx, satelliteAddress, adminAPIKey, adminAccess, &uplink.Config{}, os.Stdout) if err != nil { panic(err) } // Admin2 is going to use the provided encryption context to load the uploaded file - err = RestrictAccessExampleByUser(ctx, satelliteAddress, userAPIKey, encCtx, &uplink.Config{}, os.Stdout) + err = RestrictAccessExampleByUser(ctx, satelliteAddress, userAPIKey, access, &uplink.Config{}, os.Stdout) if err != nil { panic(err) } diff --git a/lib/uplink/examples_test.go b/lib/uplink/examples_test.go index f3652c5f6..1bf7bd67e 100644 --- a/lib/uplink/examples_test.go +++ b/lib/uplink/examples_test.go @@ -52,22 +52,22 @@ func TestBucketExamples(t *testing.T) { require.Equal(t, out.String(), "") out = bytes.NewBuffer(nil) - encCtx, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddr, apiKey, &cfg, out) + access, err := CreateEncryptionKeyExampleByAdmin1(ctx, satelliteAddr, apiKey, &cfg, out) require.NoError(t, err) require.Equal(t, out.String(), "success!\n") out = bytes.NewBuffer(nil) - err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddr, apiKey, encCtx, &cfg, out) + err = CreateEncryptionKeyExampleByAdmin2(ctx, satelliteAddr, apiKey, access, &cfg, out) require.NoError(t, err) require.Equal(t, out.String(), "hello world\n") out = bytes.NewBuffer(nil) - userAPIKey, userEncCtx, err := RestrictAccessExampleByAdmin(ctx, satelliteAddr, apiKey, encCtx, &cfg, out) + userAPIKey, userAccess, err := RestrictAccessExampleByAdmin(ctx, satelliteAddr, apiKey, access, &cfg, out) require.NoError(t, err) require.Equal(t, out.String(), "success!\n") out = bytes.NewBuffer(nil) - err = RestrictAccessExampleByUser(ctx, satelliteAddr, userAPIKey, userEncCtx, &cfg, out) + err = RestrictAccessExampleByUser(ctx, satelliteAddr, userAPIKey, userAccess, &cfg, out) require.NoError(t, err) require.Equal(t, out.String(), "hello world\n") }) diff --git a/lib/uplink/project.go b/lib/uplink/project.go index b7c1b5625..e6e7e8954 100644 --- a/lib/uplink/project.go +++ b/lib/uplink/project.go @@ -150,7 +150,7 @@ func (p *Project) GetBucketInfo(ctx context.Context, bucket string) (b storj.Buc // OpenBucket returns a Bucket handle with the given EncryptionAccess // information. -func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *EncryptionCtx) (b *Bucket, err error) { +func (p *Project) OpenBucket(ctx context.Context, bucketName string, access *EncryptionAccess) (b *Bucket, err error) { defer mon.Task()(&ctx)(&err) bucketInfo, cfg, err := p.GetBucketInfo(ctx, bucketName) @@ -194,7 +194,7 @@ func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *Enc } segmentStore := segments.NewSegmentStore(p.metainfo, ec, rs, p.maxInlineSize.Int(), maxEncryptedSegmentSize) - streamStore, err := streams.NewStreamStore(segmentStore, cfg.Volatile.SegmentsSize.Int64(), encCtx.store, int(encryptionScheme.BlockSize), encryptionScheme.Cipher, p.maxInlineSize.Int()) + streamStore, err := streams.NewStreamStore(segmentStore, cfg.Volatile.SegmentsSize.Int64(), access.store, int(encryptionScheme.BlockSize), encryptionScheme.Cipher, p.maxInlineSize.Int()) if err != nil { return nil, err } @@ -204,7 +204,7 @@ func (p *Project) OpenBucket(ctx context.Context, bucketName string, encCtx *Enc Name: bucketInfo.Name, Created: bucketInfo.Created, bucket: bucketInfo, - metainfo: kvmetainfo.New(p.project, p.metainfo, streamStore, segmentStore, encCtx.store), + metainfo: kvmetainfo.New(p.project, p.metainfo, streamStore, segmentStore, access.store), streams: streamStore, }, nil } diff --git a/lib/uplinkc/bucket.go b/lib/uplinkc/bucket.go index 5307a7bea..77d83efd7 100644 --- a/lib/uplinkc/bucket.go +++ b/lib/uplinkc/bucket.go @@ -76,14 +76,14 @@ func get_bucket_info(projectHandle C.ProjectRef, bucketName *C.char, cerr **C.ch // open_bucket returns a Bucket handle with the given encryption context information. //export open_bucket -func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionCtx *C.char, cerr **C.char) C.BucketRef { +func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionAccess *C.char, cerr **C.char) C.BucketRef { project, ok := universe.Get(projectHandle._handle).(*Project) if !ok { *cerr = C.CString("invalid project") return C.BucketRef{} } - encCtx, err := uplink.ParseEncryptionCtx(C.GoString(encryptionCtx)) + access, err := uplink.ParseEncryptionAccess(C.GoString(encryptionAccess)) if err != nil { *cerr = C.CString(err.Error()) return C.BucketRef{} @@ -91,7 +91,7 @@ func open_bucket(projectHandle C.ProjectRef, name *C.char, encryptionCtx *C.char scope := project.scope.child() - bucket, err := project.OpenBucket(scope.ctx, C.GoString(name), encCtx) + bucket, err := project.OpenBucket(scope.ctx, C.GoString(name), access) if err != nil { *cerr = C.CString(err.Error()) return C.BucketRef{} diff --git a/mobile/encryption.go b/mobile/encryption.go index 0241b2352..3a2f8736d 100644 --- a/mobile/encryption.go +++ b/mobile/encryption.go @@ -8,19 +8,19 @@ import ( "storj.io/storj/pkg/storj" ) -// EncryptionCtx holds data about encryption keys for a bucket. -type EncryptionCtx struct { - lib *libuplink.EncryptionCtx +// EncryptionAccess holds data about encryption keys for a bucket. +type EncryptionAccess struct { + lib *libuplink.EncryptionAccess } -// NewEncryptionCtx constructs an empty encryption context. -func NewEncryptionCtx() *EncryptionCtx { - return &EncryptionCtx{lib: libuplink.NewEncryptionCtx()} +// NewEncryptionAccess constructs an empty encryption context. +func NewEncryptionAccess() *EncryptionAccess { + return &EncryptionAccess{lib: libuplink.NewEncryptionAccess()} } // SetDefaultKey sets the default key to use when no matching keys are found // for the encryption context. -func (e *EncryptionCtx) SetDefaultKey(keyData []byte) error { +func (e *EncryptionAccess) SetDefaultKey(keyData []byte) error { key, err := storj.NewKey(keyData) if err != nil { return safeError(err) @@ -29,12 +29,12 @@ func (e *EncryptionCtx) SetDefaultKey(keyData []byte) error { return nil } -// ParseEncryptionCtx parses the base58 encoded encryption context data and +// ParseEncryptionAccess parses the base58 encoded encryption context data and // returns the resulting context. -func ParseEncryptionCtx(b58data string) (*EncryptionCtx, error) { - encCtx, err := libuplink.ParseEncryptionCtx(b58data) +func ParseEncryptionAccess(b58data string) (*EncryptionAccess, error) { + access, err := libuplink.ParseEncryptionAccess(b58data) if err != nil { return nil, safeError(err) } - return &EncryptionCtx{lib: encCtx}, nil + return &EncryptionAccess{lib: access}, nil } diff --git a/mobile/libuplink_android/app/src/androidTest/java/io/storj/mobile/libuplink/LibuplinkInstrumentedTest.java b/mobile/libuplink_android/app/src/androidTest/java/io/storj/mobile/libuplink/LibuplinkInstrumentedTest.java index 3ded586a0..5bd234e0c 100644 --- a/mobile/libuplink_android/app/src/androidTest/java/io/storj/mobile/libuplink/LibuplinkInstrumentedTest.java +++ b/mobile/libuplink_android/app/src/androidTest/java/io/storj/mobile/libuplink/LibuplinkInstrumentedTest.java @@ -133,8 +133,8 @@ public class LibuplinkInstrumentedTest { try { Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY); try { - EncryptionCtx encCtx = new EncryptionCtx(); - encCtx.setDefaultKey("TestEncryptionKey".getBytes()); + EncryptionAccess access = new EncryptionAccess(); + access.setDefaultKey("TestEncryptionKey".getBytes()); RedundancyScheme scheme = new RedundancyScheme(); scheme.setRequiredShares((short) 2); @@ -147,7 +147,7 @@ public class LibuplinkInstrumentedTest { project.createBucket("test", bucketConfig); - Bucket bucket = project.openBucket("test", encCtx); + Bucket bucket = project.openBucket("test", access); byte[] expectedData = new byte[1024]; Random random = new Random(); @@ -197,8 +197,8 @@ public class LibuplinkInstrumentedTest { try { Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY); try { - EncryptionCtx encCtx = new EncryptionCtx(); - encCtx.setDefaultKey("TestEncryptionKey".getBytes()); + EncryptionAccess access = new EncryptionAccess(); + access.setDefaultKey("TestEncryptionKey".getBytes()); RedundancyScheme scheme = new RedundancyScheme(); scheme.setRequiredShares((short) 2); @@ -211,7 +211,7 @@ public class LibuplinkInstrumentedTest { project.createBucket("test", bucketConfig); - Bucket bucket = project.openBucket("test", encCtx); + Bucket bucket = project.openBucket("test", access); byte[] expectedData = new byte[1024 * 100]; Random random = new Random(); @@ -267,8 +267,8 @@ public class LibuplinkInstrumentedTest { try { Project project = uplink.openProject(VALID_SATELLITE_ADDRESS, VALID_API_KEY); try { - EncryptionCtx encCtx = new EncryptionCtx(); - encCtx.setDefaultKey("TestEncryptionKey".getBytes()); + EncryptionAccess access = new EncryptionAccess(); + access.setDefaultKey("TestEncryptionKey".getBytes()); BucketConfig bucketConfig = new BucketConfig(); bucketConfig.setRedundancyScheme(new RedundancyScheme()); @@ -276,7 +276,7 @@ public class LibuplinkInstrumentedTest { BucketInfo bucketInfo = project.createBucket("testBucket", bucketConfig); assertEquals("testBucket", bucketInfo.getName()); - Bucket bucket = project.openBucket("testBucket", encCtx); + Bucket bucket = project.openBucket("testBucket", access); long before = System.currentTimeMillis(); diff --git a/mobile/uplink.go b/mobile/uplink.go index 2b06a4dc0..e4e32891a 100644 --- a/mobile/uplink.go +++ b/mobile/uplink.go @@ -117,10 +117,10 @@ func (project *Project) CreateBucket(bucketName string, opts *BucketConfig) (*Bu // OpenBucket returns a Bucket handle with the given EncryptionAccess // information. -func (project *Project) OpenBucket(bucketName string, encCtx *EncryptionCtx) (*Bucket, error) { +func (project *Project) OpenBucket(bucketName string, access *EncryptionAccess) (*Bucket, error) { scope := project.scope.child() - bucket, err := project.lib.OpenBucket(scope.ctx, bucketName, encCtx.lib) + bucket, err := project.lib.OpenBucket(scope.ctx, bucketName, access.lib) if err != nil { return nil, safeError(err) } diff --git a/pkg/miniogw/gateway.go b/pkg/miniogw/gateway.go index f56d8f30a..625909703 100644 --- a/pkg/miniogw/gateway.go +++ b/pkg/miniogw/gateway.go @@ -30,10 +30,10 @@ var ( ) // NewStorjGateway creates a *Storj object from an existing ObjectStore -func NewStorjGateway(project *uplink.Project, encCtx *uplink.EncryptionCtx, pathCipher storj.CipherSuite, encryption storj.EncryptionParameters, redundancy storj.RedundancyScheme, segmentSize memory.Size) *Gateway { +func NewStorjGateway(project *uplink.Project, access *uplink.EncryptionAccess, pathCipher storj.CipherSuite, encryption storj.EncryptionParameters, redundancy storj.RedundancyScheme, segmentSize memory.Size) *Gateway { return &Gateway{ project: project, - encCtx: encCtx, + access: access, pathCipher: pathCipher, encryption: encryption, redundancy: redundancy, @@ -45,7 +45,7 @@ func NewStorjGateway(project *uplink.Project, encCtx *uplink.EncryptionCtx, path // Gateway is the implementation of a minio cmd.Gateway type Gateway struct { project *uplink.Project - encCtx *uplink.EncryptionCtx + access *uplink.EncryptionAccess pathCipher storj.CipherSuite encryption storj.EncryptionParameters redundancy storj.RedundancyScheme @@ -93,7 +93,7 @@ func (layer *gatewayLayer) DeleteBucket(ctx context.Context, bucketName string) func (layer *gatewayLayer) bucketEmpty(ctx context.Context, bucketName string) (empty bool, err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return false, convertError(err, bucketName, "") } @@ -110,7 +110,7 @@ func (layer *gatewayLayer) bucketEmpty(ctx context.Context, bucketName string) ( func (layer *gatewayLayer) DeleteObject(ctx context.Context, bucketName, objectPath string) (err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return convertError(err, bucketName, "") } @@ -136,7 +136,7 @@ func (layer *gatewayLayer) GetBucketInfo(ctx context.Context, bucketName string) func (layer *gatewayLayer) GetObject(ctx context.Context, bucketName, objectPath string, startOffset int64, length int64, writer io.Writer, etag string) (err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return convertError(err, bucketName, "") } @@ -170,7 +170,7 @@ func (layer *gatewayLayer) GetObject(ctx context.Context, bucketName, objectPath func (layer *gatewayLayer) GetObjectInfo(ctx context.Context, bucketName, objectPath string) (objInfo minio.ObjectInfo, err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return minio.ObjectInfo{}, convertError(err, bucketName, "") } @@ -225,7 +225,7 @@ func (layer *gatewayLayer) ListObjects(ctx context.Context, bucketName, prefix, return minio.ListObjectsInfo{}, minio.UnsupportedDelimiter{Delimiter: delimiter} } - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return minio.ListObjectsInfo{}, convertError(err, bucketName, "") } @@ -291,7 +291,7 @@ func (layer *gatewayLayer) ListObjectsV2(ctx context.Context, bucketName, prefix return minio.ListObjectsV2Info{ContinuationToken: continuationToken}, minio.UnsupportedDelimiter{Delimiter: delimiter} } - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return minio.ListObjectsV2Info{}, convertError(err, bucketName, "") } @@ -392,7 +392,7 @@ func (layer *gatewayLayer) MakeBucketWithLocation(ctx context.Context, bucketNam func (layer *gatewayLayer) CopyObject(ctx context.Context, srcBucket, srcObject, destBucket, destObject string, srcInfo minio.ObjectInfo) (objInfo minio.ObjectInfo, err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, srcBucket, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, srcBucket, layer.gateway.access) if err != nil { return minio.ObjectInfo{}, convertError(err, srcBucket, "") } @@ -424,7 +424,7 @@ func (layer *gatewayLayer) CopyObject(ctx context.Context, srcBucket, srcObject, func (layer *gatewayLayer) putObject(ctx context.Context, bucketName, objectPath string, reader io.Reader, opts *uplink.UploadOptions) (objInfo minio.ObjectInfo, err error) { defer mon.Task()(&ctx)(&err) - bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.encCtx) + bucket, err := layer.gateway.project.OpenBucket(ctx, bucketName, layer.gateway.access) if err != nil { return minio.ObjectInfo{}, convertError(err, bucketName, "") } diff --git a/pkg/miniogw/gateway_test.go b/pkg/miniogw/gateway_test.go index 8036b7712..83d925a3b 100644 --- a/pkg/miniogw/gateway_test.go +++ b/pkg/miniogw/gateway_test.go @@ -704,8 +704,8 @@ func initEnv(ctx context.Context, planet *testplanet.Planet) (minio.ObjectLayer, var encKey storj.Key copy(encKey[:], TestEncKey) - encCtx := libuplink.NewEncryptionCtxWithDefaultKey(encKey) - encStore := encCtx.Store() + access := libuplink.NewEncryptionAccessWithDefaultKey(encKey) + encStore := access.Store() blockSize := rs.StripeSize() inlineThreshold := 4 * memory.KiB.Int() @@ -747,7 +747,7 @@ func initEnv(ctx context.Context, planet *testplanet.Planet) (minio.ObjectLayer, gateway := NewStorjGateway( proj, - encCtx, + access, storj.EncAESGCM, storj.EncryptionParameters{ CipherSuite: storj.EncAESGCM, diff --git a/pkg/miniogw/integration_test.go b/pkg/miniogw/integration_test.go index 9e6423462..1df6eaa31 100644 --- a/pkg/miniogw/integration_test.go +++ b/pkg/miniogw/integration_test.go @@ -212,7 +212,7 @@ func runGateway(ctx context.Context, gwCfg config, uplinkCfg uplink.Config, log gw := miniogw.NewStorjGateway( project, - libuplink.NewEncryptionCtxWithDefaultKey(storj.Key{}), + libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{}), storj.Cipher(uplinkCfg.Enc.PathType).ToCipherSuite(), uplinkCfg.GetEncryptionScheme().ToEncryptionParameters(), uplinkCfg.GetRedundancyScheme(), diff --git a/pkg/pb/encryption_access.pb.go b/pkg/pb/encryption_access.pb.go new file mode 100644 index 000000000..7a7252b12 --- /dev/null +++ b/pkg/pb/encryption_access.pb.go @@ -0,0 +1,156 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: encryption_access.proto + +package pb + +import ( + fmt "fmt" + _ "github.com/gogo/protobuf/gogoproto" + proto "github.com/gogo/protobuf/proto" + math "math" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package + +type EncryptionAccess struct { + DefaultKey []byte `protobuf:"bytes,1,opt,name=default_key,json=defaultKey,proto3" json:"default_key,omitempty"` + StoreEntries []*EncryptionAccess_StoreEntry `protobuf:"bytes,2,rep,name=store_entries,json=storeEntries,proto3" json:"store_entries,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *EncryptionAccess) Reset() { *m = EncryptionAccess{} } +func (m *EncryptionAccess) String() string { return proto.CompactTextString(m) } +func (*EncryptionAccess) ProtoMessage() {} +func (*EncryptionAccess) Descriptor() ([]byte, []int) { + return fileDescriptor_464b1a18bff4a17b, []int{0} +} +func (m *EncryptionAccess) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_EncryptionAccess.Unmarshal(m, b) +} +func (m *EncryptionAccess) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_EncryptionAccess.Marshal(b, m, deterministic) +} +func (m *EncryptionAccess) XXX_Merge(src proto.Message) { + xxx_messageInfo_EncryptionAccess.Merge(m, src) +} +func (m *EncryptionAccess) XXX_Size() int { + return xxx_messageInfo_EncryptionAccess.Size(m) +} +func (m *EncryptionAccess) XXX_DiscardUnknown() { + xxx_messageInfo_EncryptionAccess.DiscardUnknown(m) +} + +var xxx_messageInfo_EncryptionAccess proto.InternalMessageInfo + +func (m *EncryptionAccess) GetDefaultKey() []byte { + if m != nil { + return m.DefaultKey + } + return nil +} + +func (m *EncryptionAccess) GetStoreEntries() []*EncryptionAccess_StoreEntry { + if m != nil { + return m.StoreEntries + } + return nil +} + +type EncryptionAccess_StoreEntry struct { + Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"` + UnencryptedPath []byte `protobuf:"bytes,2,opt,name=unencrypted_path,json=unencryptedPath,proto3" json:"unencrypted_path,omitempty"` + EncryptedPath []byte `protobuf:"bytes,3,opt,name=encrypted_path,json=encryptedPath,proto3" json:"encrypted_path,omitempty"` + Key []byte `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *EncryptionAccess_StoreEntry) Reset() { *m = EncryptionAccess_StoreEntry{} } +func (m *EncryptionAccess_StoreEntry) String() string { return proto.CompactTextString(m) } +func (*EncryptionAccess_StoreEntry) ProtoMessage() {} +func (*EncryptionAccess_StoreEntry) Descriptor() ([]byte, []int) { + return fileDescriptor_464b1a18bff4a17b, []int{0, 0} +} +func (m *EncryptionAccess_StoreEntry) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_EncryptionAccess_StoreEntry.Unmarshal(m, b) +} +func (m *EncryptionAccess_StoreEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_EncryptionAccess_StoreEntry.Marshal(b, m, deterministic) +} +func (m *EncryptionAccess_StoreEntry) XXX_Merge(src proto.Message) { + xxx_messageInfo_EncryptionAccess_StoreEntry.Merge(m, src) +} +func (m *EncryptionAccess_StoreEntry) XXX_Size() int { + return xxx_messageInfo_EncryptionAccess_StoreEntry.Size(m) +} +func (m *EncryptionAccess_StoreEntry) XXX_DiscardUnknown() { + xxx_messageInfo_EncryptionAccess_StoreEntry.DiscardUnknown(m) +} + +var xxx_messageInfo_EncryptionAccess_StoreEntry proto.InternalMessageInfo + +func (m *EncryptionAccess_StoreEntry) GetBucket() []byte { + if m != nil { + return m.Bucket + } + return nil +} + +func (m *EncryptionAccess_StoreEntry) GetUnencryptedPath() []byte { + if m != nil { + return m.UnencryptedPath + } + return nil +} + +func (m *EncryptionAccess_StoreEntry) GetEncryptedPath() []byte { + if m != nil { + return m.EncryptedPath + } + return nil +} + +func (m *EncryptionAccess_StoreEntry) GetKey() []byte { + if m != nil { + return m.Key + } + return nil +} + +func init() { + proto.RegisterType((*EncryptionAccess)(nil), "encryption_access.EncryptionAccess") + proto.RegisterType((*EncryptionAccess_StoreEntry)(nil), "encryption_access.EncryptionAccess.StoreEntry") +} + +func init() { proto.RegisterFile("encryption_access.proto", fileDescriptor_464b1a18bff4a17b) } + +var fileDescriptor_464b1a18bff4a17b = []byte{ + // 228 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcd, 0x4b, 0x2e, + 0xaa, 0x2c, 0x28, 0xc9, 0xcc, 0xcf, 0x8b, 0x4f, 0x4c, 0x4e, 0x4e, 0x2d, 0x2e, 0xd6, 0x2b, 0x28, + 0xca, 0x2f, 0xc9, 0x17, 0x12, 0xc4, 0x90, 0x90, 0xe2, 0x4a, 0xcf, 0x4f, 0xcf, 0x87, 0x48, 0x2b, + 0x4d, 0x66, 0xe2, 0x12, 0x70, 0x85, 0xab, 0x70, 0x04, 0x2b, 0x10, 0x92, 0xe7, 0xe2, 0x4e, 0x49, + 0x4d, 0x4b, 0x2c, 0xcd, 0x29, 0x89, 0xcf, 0x4e, 0xad, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x09, + 0xe2, 0x82, 0x0a, 0x79, 0xa7, 0x56, 0x0a, 0x05, 0x73, 0xf1, 0x16, 0x97, 0xe4, 0x17, 0xa5, 0xc6, + 0xa7, 0xe6, 0x95, 0x14, 0x65, 0xa6, 0x16, 0x4b, 0x30, 0x29, 0x30, 0x6b, 0x70, 0x1b, 0xe9, 0xe9, + 0x61, 0xba, 0x02, 0xdd, 0x70, 0xbd, 0x60, 0x90, 0x46, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x9e, + 0x62, 0x18, 0x3b, 0x33, 0xb5, 0x58, 0xaa, 0x83, 0x91, 0x8b, 0x0b, 0x21, 0x29, 0x24, 0xc6, 0xc5, + 0x96, 0x54, 0x9a, 0x9c, 0x9d, 0x5a, 0x02, 0xb5, 0x1f, 0xca, 0x13, 0xd2, 0xe4, 0x12, 0x28, 0xcd, + 0x83, 0xda, 0x93, 0x9a, 0x12, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x56, 0xc1, 0x8f, 0x24, + 0x1e, 0x90, 0x58, 0x92, 0x21, 0xa4, 0xca, 0xc5, 0x87, 0xa6, 0x90, 0x19, 0xac, 0x90, 0x17, 0x55, + 0x99, 0x00, 0x17, 0x33, 0xc8, 0x9b, 0x2c, 0x60, 0x39, 0x10, 0xd3, 0x89, 0x25, 0x8a, 0xa9, 0x20, + 0x29, 0x89, 0x0d, 0x1c, 0x44, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf2, 0x73, 0xee, 0x7d, + 0x5c, 0x01, 0x00, 0x00, +} diff --git a/pkg/pb/encryption_ctx.proto b/pkg/pb/encryption_access.proto similarity index 87% rename from pkg/pb/encryption_ctx.proto rename to pkg/pb/encryption_access.proto index a0812531b..273443759 100644 --- a/pkg/pb/encryption_ctx.proto +++ b/pkg/pb/encryption_access.proto @@ -5,11 +5,11 @@ syntax = "proto3"; option go_package = "pb"; -package encryption_ctx; +package encryption_access; import "gogo.proto"; -message EncryptionCtx { +message EncryptionAccess { message StoreEntry { bytes bucket = 1; bytes unencrypted_path = 2; diff --git a/pkg/pb/encryption_ctx.pb.go b/pkg/pb/encryption_ctx.pb.go deleted file mode 100644 index b3d1b4d7f..000000000 --- a/pkg/pb/encryption_ctx.pb.go +++ /dev/null @@ -1,155 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: encryption_ctx.proto - -package pb - -import ( - fmt "fmt" - _ "github.com/gogo/protobuf/gogoproto" - proto "github.com/gogo/protobuf/proto" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package - -type EncryptionCtx struct { - DefaultKey []byte `protobuf:"bytes,1,opt,name=default_key,json=defaultKey,proto3" json:"default_key,omitempty"` - StoreEntries []*EncryptionCtx_StoreEntry `protobuf:"bytes,2,rep,name=store_entries,json=storeEntries,proto3" json:"store_entries,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptionCtx) Reset() { *m = EncryptionCtx{} } -func (m *EncryptionCtx) String() string { return proto.CompactTextString(m) } -func (*EncryptionCtx) ProtoMessage() {} -func (*EncryptionCtx) Descriptor() ([]byte, []int) { - return fileDescriptor_b1567295c75a6f56, []int{0} -} -func (m *EncryptionCtx) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptionCtx.Unmarshal(m, b) -} -func (m *EncryptionCtx) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptionCtx.Marshal(b, m, deterministic) -} -func (m *EncryptionCtx) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptionCtx.Merge(m, src) -} -func (m *EncryptionCtx) XXX_Size() int { - return xxx_messageInfo_EncryptionCtx.Size(m) -} -func (m *EncryptionCtx) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptionCtx.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptionCtx proto.InternalMessageInfo - -func (m *EncryptionCtx) GetDefaultKey() []byte { - if m != nil { - return m.DefaultKey - } - return nil -} - -func (m *EncryptionCtx) GetStoreEntries() []*EncryptionCtx_StoreEntry { - if m != nil { - return m.StoreEntries - } - return nil -} - -type EncryptionCtx_StoreEntry struct { - Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"` - UnencryptedPath []byte `protobuf:"bytes,2,opt,name=unencrypted_path,json=unencryptedPath,proto3" json:"unencrypted_path,omitempty"` - EncryptedPath []byte `protobuf:"bytes,3,opt,name=encrypted_path,json=encryptedPath,proto3" json:"encrypted_path,omitempty"` - Key []byte `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptionCtx_StoreEntry) Reset() { *m = EncryptionCtx_StoreEntry{} } -func (m *EncryptionCtx_StoreEntry) String() string { return proto.CompactTextString(m) } -func (*EncryptionCtx_StoreEntry) ProtoMessage() {} -func (*EncryptionCtx_StoreEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_b1567295c75a6f56, []int{0, 0} -} -func (m *EncryptionCtx_StoreEntry) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptionCtx_StoreEntry.Unmarshal(m, b) -} -func (m *EncryptionCtx_StoreEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptionCtx_StoreEntry.Marshal(b, m, deterministic) -} -func (m *EncryptionCtx_StoreEntry) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptionCtx_StoreEntry.Merge(m, src) -} -func (m *EncryptionCtx_StoreEntry) XXX_Size() int { - return xxx_messageInfo_EncryptionCtx_StoreEntry.Size(m) -} -func (m *EncryptionCtx_StoreEntry) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptionCtx_StoreEntry.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptionCtx_StoreEntry proto.InternalMessageInfo - -func (m *EncryptionCtx_StoreEntry) GetBucket() []byte { - if m != nil { - return m.Bucket - } - return nil -} - -func (m *EncryptionCtx_StoreEntry) GetUnencryptedPath() []byte { - if m != nil { - return m.UnencryptedPath - } - return nil -} - -func (m *EncryptionCtx_StoreEntry) GetEncryptedPath() []byte { - if m != nil { - return m.EncryptedPath - } - return nil -} - -func (m *EncryptionCtx_StoreEntry) GetKey() []byte { - if m != nil { - return m.Key - } - return nil -} - -func init() { - proto.RegisterType((*EncryptionCtx)(nil), "encryption_ctx.EncryptionCtx") - proto.RegisterType((*EncryptionCtx_StoreEntry)(nil), "encryption_ctx.EncryptionCtx.StoreEntry") -} - -func init() { proto.RegisterFile("encryption_ctx.proto", fileDescriptor_b1567295c75a6f56) } - -var fileDescriptor_b1567295c75a6f56 = []byte{ - // 224 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x49, 0xcd, 0x4b, 0x2e, - 0xaa, 0x2c, 0x28, 0xc9, 0xcc, 0xcf, 0x8b, 0x4f, 0x2e, 0xa9, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, - 0x17, 0xe2, 0x43, 0x15, 0x95, 0xe2, 0x4a, 0xcf, 0x4f, 0xcf, 0x87, 0xc8, 0x29, 0x75, 0x31, 0x71, - 0xf1, 0xba, 0xc2, 0xa5, 0x9d, 0x4b, 0x2a, 0x84, 0xe4, 0xb9, 0xb8, 0x53, 0x52, 0xd3, 0x12, 0x4b, - 0x73, 0x4a, 0xe2, 0xb3, 0x53, 0x2b, 0x25, 0x18, 0x15, 0x18, 0x35, 0x78, 0x82, 0xb8, 0xa0, 0x42, - 0xde, 0xa9, 0x95, 0x42, 0xbe, 0x5c, 0xbc, 0xc5, 0x25, 0xf9, 0x45, 0xa9, 0xf1, 0xa9, 0x79, 0x25, - 0x45, 0x99, 0xa9, 0xc5, 0x12, 0x4c, 0x0a, 0xcc, 0x1a, 0xdc, 0x46, 0x1a, 0x7a, 0x68, 0x96, 0xa3, - 0x18, 0xab, 0x17, 0x0c, 0xd2, 0xe2, 0x9a, 0x57, 0x52, 0x54, 0x19, 0xc4, 0x53, 0x0c, 0x63, 0x67, - 0xa6, 0x16, 0x4b, 0x75, 0x30, 0x72, 0x71, 0x21, 0x24, 0x85, 0xc4, 0xb8, 0xd8, 0x92, 0x4a, 0x93, - 0xb3, 0x53, 0x4b, 0xa0, 0x36, 0x43, 0x79, 0x42, 0x9a, 0x5c, 0x02, 0xa5, 0x79, 0x50, 0x1b, 0x52, - 0x53, 0xe2, 0x0b, 0x12, 0x4b, 0x32, 0x24, 0x98, 0xc0, 0x2a, 0xf8, 0x91, 0xc4, 0x03, 0x12, 0x4b, - 0x32, 0x84, 0x54, 0xb9, 0xf8, 0xd0, 0x14, 0x32, 0x83, 0x15, 0xf2, 0xa2, 0x2a, 0x13, 0xe0, 0x62, - 0x06, 0x79, 0x90, 0x05, 0x2c, 0x07, 0x62, 0x3a, 0xb1, 0x44, 0x31, 0x15, 0x24, 0x25, 0xb1, 0x81, - 0x43, 0xc6, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0xcb, 0x91, 0x63, 0x57, 0x4d, 0x01, 0x00, 0x00, -} diff --git a/proto.lock b/proto.lock index 3f71783b0..bdc24d962 100644 --- a/proto.lock +++ b/proto.lock @@ -185,11 +185,11 @@ } }, { - "protopath": "pkg:/:pb:/:encryption_ctx.proto", + "protopath": "pkg:/:pb:/:encryption_access.proto", "def": { "messages": [ { - "name": "EncryptionCtx", + "name": "EncryptionAccess", "fields": [ { "id": 1, @@ -238,7 +238,7 @@ } ], "package": { - "name": "encryption_ctx" + "name": "encryption_access" }, "options": [ { diff --git a/uplink/config.go b/uplink/config.go index 6b673d716..04fa2d0e8 100644 --- a/uplink/config.go +++ b/uplink/config.go @@ -25,11 +25,11 @@ type RSConfig struct { // EncryptionConfig is a configuration struct that keeps details about // encrypting segments type EncryptionConfig struct { - EncryptionKey string `help:"the root key for encrypting the data which will be stored in KeyFilePath" setup:"true"` - KeyFilepath string `help:"the path to the file which contains the root key for encrypting the data"` - EncCtxFilepath string `help:"the path to a file containing a serialized encryption ctx"` - DataType int `help:"Type of encryption to use for content and metadata (1=AES-GCM, 2=SecretBox)" default:"1"` - PathType int `help:"Type of encryption to use for paths (0=Unencrypted, 1=AES-GCM, 2=SecretBox)" default:"1"` + EncryptionKey string `help:"the root key for encrypting the data which will be stored in KeyFilePath" setup:"true"` + KeyFilepath string `help:"the path to the file which contains the root key for encrypting the data"` + EncAccessFilepath string `help:"the path to a file containing a serialized encryption access"` + DataType int `help:"Type of encryption to use for content and metadata (1=AES-GCM, 2=SecretBox)" default:"1"` + PathType int `help:"Type of encryption to use for paths (0=Unencrypted, 1=AES-GCM, 2=SecretBox)" default:"1"` } // ClientConfig is a configuration struct for the uplink that controls how diff --git a/uplink/setup/setup.go b/uplink/setup/setup.go index 8cc5f9165..6bbdf79d4 100644 --- a/uplink/setup/setup.go +++ b/uplink/setup/setup.go @@ -23,16 +23,16 @@ var ( Error = errs.Class("uplink setup") ) -// LoadEncryptionCtx loads an EncryptionCtx from the values specified in the encryption config. -func LoadEncryptionCtx(ctx context.Context, cfg uplink.EncryptionConfig) (_ *libuplink.EncryptionCtx, err error) { +// LoadEncryptionAccess loads an EncryptionAccess from the values specified in the encryption config. +func LoadEncryptionAccess(ctx context.Context, cfg uplink.EncryptionConfig) (_ *libuplink.EncryptionAccess, err error) { defer mon.Task()(&ctx)(&err) - if cfg.EncCtxFilepath != "" { - data, err := ioutil.ReadFile(cfg.EncCtxFilepath) + if cfg.EncAccessFilepath != "" { + data, err := ioutil.ReadFile(cfg.EncAccessFilepath) if err != nil { return nil, errs.Wrap(err) } - return libuplink.ParseEncryptionCtx(strings.TrimSpace(string(data))) + return libuplink.ParseEncryptionAccess(strings.TrimSpace(string(data))) } data := []byte(cfg.EncryptionKey) @@ -47,5 +47,5 @@ func LoadEncryptionCtx(ctx context.Context, cfg uplink.EncryptionConfig) (_ *lib if err != nil { return nil, errs.Wrap(err) } - return libuplink.NewEncryptionCtxWithDefaultKey(*key), nil + return libuplink.NewEncryptionAccessWithDefaultKey(*key), nil } diff --git a/uplink/setup/setup_test.go b/uplink/setup/setup_test.go index fe413eb3d..3d110c5e1 100644 --- a/uplink/setup/setup_test.go +++ b/uplink/setup/setup_test.go @@ -19,13 +19,13 @@ import ( "storj.io/storj/uplink/setup" ) -func TestLoadEncryptionCtx(t *testing.T) { - saveRawCtx := func(encCtx *libuplink.EncryptionCtx) (filepath string, clenaup func()) { +func TestLoadEncryptionAccess(t *testing.T) { + saveRawCtx := func(access *libuplink.EncryptionAccess) (filepath string, clenaup func()) { t.Helper() ctx := testcontext.New(t) filename := ctx.File("encryption.ctx") - data, err := encCtx.Serialize() + data, err := access.Serialize() require.NoError(t, err) err = ioutil.WriteFile(filename, []byte(data), os.FileMode(0400)) require.NoError(t, err) @@ -38,20 +38,20 @@ func TestLoadEncryptionCtx(t *testing.T) { key, err := storj.NewKey(passphrase) require.NoError(t, err) - encCtx := libuplink.NewEncryptionCtxWithDefaultKey(*key) - filename, cleanup := saveRawCtx(encCtx) + access := libuplink.NewEncryptionAccessWithDefaultKey(*key) + filename, cleanup := saveRawCtx(access) defer cleanup() - gotCtx, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{ - EncCtxFilepath: filename, + gotCtx, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{ + EncAccessFilepath: filename, }) require.NoError(t, err) - require.Equal(t, encCtx, gotCtx) + require.Equal(t, access, gotCtx) }) t.Run("ok: empty filepath", func(t *testing.T) { - gotCtx, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{ - EncCtxFilepath: "", + gotCtx, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{ + EncAccessFilepath: "", }) require.NoError(t, err) @@ -63,8 +63,8 @@ func TestLoadEncryptionCtx(t *testing.T) { defer ctx.Cleanup() filename := ctx.File("encryption.ctx") - _, err := setup.LoadEncryptionCtx(context.Background(), uplink.EncryptionConfig{ - EncCtxFilepath: filename, + _, err := setup.LoadEncryptionAccess(context.Background(), uplink.EncryptionConfig{ + EncAccessFilepath: filename, }) require.Error(t, err) })