satellite/orders: add factory function to encryption key

Change-Id: I9a1020c63e4ebc6d73683cf1749366e9b9f20f07
This commit is contained in:
Jessica Grebenschikov 2020-11-20 11:16:31 -08:00
parent 2b92bba563
commit 5beb2f5737
4 changed files with 64 additions and 28 deletions

View File

@ -33,6 +33,17 @@ type EncryptionKeys struct {
KeyByID map[EncryptionKeyID]storj.Key
}
// NewEncryptionKeys creates a new EncrytpionKeys object with the provided keys.
func NewEncryptionKeys(keys ...EncryptionKey) (*EncryptionKeys, error) {
var ekeys EncryptionKeys
for _, key := range keys {
if err := ekeys.Add(key); err != nil {
return nil, err
}
}
return &ekeys, nil
}
// EncryptionKey contains an identifier and an encryption key that is used to
// encrypt transient metadata in orders.
//
@ -137,9 +148,6 @@ func (EncryptionKeys) Type() string { return "orders.EncryptionKeys" }
// Set adds the values from a comma delimited hex encoded strings "hex(id1)=hex(key1),hex(id2)=hex(key2)".
func (keys *EncryptionKeys) Set(s string) error {
if keys.KeyByID == nil {
keys.KeyByID = map[EncryptionKeyID]storj.Key{}
}
if s == "" {
return nil
}
@ -150,25 +158,36 @@ func (keys *EncryptionKeys) Set(s string) error {
if err := ekey.Set(x); err != nil {
return ErrEncryptionKey.New("invalid keys %q: %v", s, err)
}
if ekey.IsZero() {
continue
if err := keys.Add(ekey); err != nil {
return err
}
if keys.Default.IsZero() {
keys.Default = ekey
}
if _, exists := keys.KeyByID[ekey.ID]; exists {
return ErrEncryptionKey.New("duplicate key identifier %q", s)
}
keys.List = append(keys.List, ekey)
keys.KeyByID[ekey.ID] = ekey.Key
}
return nil
}
// Add adds an encryption key to EncryptionsKeys object.
func (keys *EncryptionKeys) Add(ekey EncryptionKey) error {
if keys.KeyByID == nil {
keys.KeyByID = map[EncryptionKeyID]storj.Key{}
}
if ekey.IsZero() {
return ErrEncryptionKey.New("key is zero")
}
if keys.Default.IsZero() {
keys.Default = ekey
}
if _, exists := keys.KeyByID[ekey.ID]; exists {
return ErrEncryptionKey.New("duplicate key identifier %q", ekey)
}
keys.List = append(keys.List, ekey)
keys.KeyByID[ekey.ID] = ekey.Key
return nil
}
// String is required for pflag.Value.
func (keys *EncryptionKeys) String() string {
var s strings.Builder

View File

@ -15,6 +15,18 @@ import (
"storj.io/storj/satellite/orders"
)
func TestEncryptionKeys_New(t *testing.T) {
var key1, key2 orders.EncryptionKey
require.NoError(t, key1.Set(`11223344556677FF=11223344556677881122334455667788112233445566778811223344556677FF`))
require.NoError(t, key2.Set(`0100000000000000=0100000000000000000000000000000000000000000000000000000000000000`))
ekeys, err := orders.NewEncryptionKeys(key1, key2)
require.NoError(t, err)
require.Equal(t, ekeys.Default.Key, key1.Key)
require.Equal(t, ekeys.Default.ID, key1.ID)
const keyCount = 2
require.Equal(t, len(ekeys.KeyByID), keyCount)
require.Equal(t, len(ekeys.List), keyCount)
}
func TestEncryptionKey_Set_Valid(t *testing.T) {
type Test struct {
Hex string

View File

@ -151,14 +151,17 @@ func (signer *Signer) Sign(ctx context.Context, node storj.NodeURL, pieceNum int
return nil, ErrSigner.Wrap(err)
}
metadata, err := pb.Marshal(&pb.OrderLimitMetadata{
BucketId: bucketID[:],
})
encrypted, err := encryptionKey.EncryptMetadata(
signer.Serial,
&pb.OrderLimitMetadata{
BucketId: bucketID[:],
},
)
if err != nil {
return nil, ErrSigner.Wrap(err)
}
signer.EncryptedMetadataKeyID = encryptionKey.ID[:]
signer.EncryptedMetadata = encryptionKey.Encrypt(metadata, signer.Serial)
signer.EncryptedMetadata = encrypted
}
limit := &pb.OrderLimit{

View File

@ -21,10 +21,11 @@ import (
)
func TestSigner_EncryptedMetadata(t *testing.T) {
encryptionKey := orders.EncryptionKey{
ekeys, err := orders.NewEncryptionKeys(orders.EncryptionKey{
ID: orders.EncryptionKeyID{1},
Key: storj.Key{1},
}
})
require.NoError(t, err)
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 1, UplinkCount: 1,
@ -33,7 +34,7 @@ func TestSigner_EncryptedMetadata(t *testing.T) {
testplanet.ReconfigureRS(1, 1, 1, 1)(log, index, config)
config.Orders.IncludeEncryptedMetadata = true
config.Orders.EncryptionKeys.Default = encryptionKey
config.Orders.EncryptionKeys = *ekeys
},
},
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
@ -65,9 +66,9 @@ func TestSigner_EncryptedMetadata(t *testing.T) {
require.NotEmpty(t, addressedLimit.Limit.EncryptedMetadata)
require.NotEmpty(t, addressedLimit.Limit.EncryptedMetadataKeyId)
require.Equal(t, encryptionKey.ID[:], addressedLimit.Limit.EncryptedMetadataKeyId)
require.Equal(t, ekeys.Default.ID[:], addressedLimit.Limit.EncryptedMetadataKeyId)
metadata, err := encryptionKey.DecryptMetadata(addressedLimit.Limit.SerialNumber, addressedLimit.Limit.EncryptedMetadata)
metadata, err := ekeys.Default.DecryptMetadata(addressedLimit.Limit.SerialNumber, addressedLimit.Limit.EncryptedMetadata)
require.NoError(t, err)
bucketID, err := satellite.DB.Buckets().GetBucketID(ctx, bucketLocation)
@ -78,10 +79,11 @@ func TestSigner_EncryptedMetadata(t *testing.T) {
}
func TestSigner_EncryptedMetadata_UploadDownload(t *testing.T) {
encryptionKey := orders.EncryptionKey{
ekeys, err := orders.NewEncryptionKeys(orders.EncryptionKey{
ID: orders.EncryptionKeyID{1},
Key: storj.Key{1},
}
})
require.NoError(t, err)
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 1, UplinkCount: 1,
@ -90,7 +92,7 @@ func TestSigner_EncryptedMetadata_UploadDownload(t *testing.T) {
testplanet.ReconfigureRS(1, 1, 1, 1)(log, index, config)
config.Orders.IncludeEncryptedMetadata = true
config.Orders.EncryptionKeys.Default = encryptionKey
config.Orders.EncryptionKeys = *ekeys
},
},
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {