mod: bump common and uplink version

Change-Id: Ia063d33c087dd91a46c008e154b078f11fa21527

cmd/gateway/main.go

@@ -316,10 +316,13 @@ func (flags GatewayFlags) interactive(cmd *cobra.Command, setupDir string, overr
 		return Error.Wrap(err)
 	}
 
+	encAccess := libuplink.NewEncryptionAccessWithDefaultKey(*key)
+	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
+
 	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satelliteAddress,
 		APIKey:           apiKey,
-		EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key),
+		EncryptionAccess: encAccess,
 	}).Serialize()
 	if err != nil {
 		return Error.Wrap(err)

cmd/storj-sim/network.go

@@ -426,10 +426,13 @@ func newNetwork(flags *Flags) (*Processes, error) {
 			Address:    net.JoinHostPort(host, port(gatewayPeer, i, publicGRPC)),
 		})
 
+		encAccess := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
+		encAccess.SetDefaultPathCipher(storj.EncAESGCM)
+
 		accessData, err := (&uplink.Scope{
 			SatelliteAddr:    satellite.Address,
 			APIKey:           defaultAPIKey,
-			EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}),
+			EncryptionAccess: encAccess,
 		}).Serialize()
 		if err != nil {
 			return nil, err

cmd/uplink/cmd/config.go

@@ -154,6 +154,7 @@ func (a AccessConfig) GetAccess() (_ *libuplink.Scope, err error) {
 			return nil, errs.Wrap(err)
 		}
 		encAccess = libuplink.NewEncryptionAccessWithDefaultKey(*key)
+		encAccess.SetDefaultPathCipher(storj.EncAESGCM)
 	}
 
 	return &libuplink.Scope{

cmd/uplink/cmd/setup.go

@@ -13,6 +13,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/zeebo/errs"
 
+	"storj.io/common/storj"
 	"storj.io/storj/cmd/internal/wizard"
 	libuplink "storj.io/storj/lib/uplink"
 	"storj.io/storj/pkg/cfgstruct"
@@ -119,10 +120,13 @@ func cmdSetup(cmd *cobra.Command, args []string) (err error) {
 		return Error.Wrap(err)
 	}
 
+	encAccess := libuplink.NewEncryptionAccessWithDefaultKey(*key)
+	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
+
 	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satelliteAddress,
 		APIKey:           apiKey,
-		EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key),
+		EncryptionAccess: encAccess,
 	}).Serialize()
 	if err != nil {
 		return Error.Wrap(err)

go.mod

@@ -108,7 +108,7 @@ require (
 	gopkg.in/ini.v1 v1.38.2 // indirect
 	gopkg.in/olivere/elastic.v5 v5.0.76 // indirect
 	gopkg.in/yaml.v2 v2.2.4
-	storj.io/common v0.0.0-20200130005211-04afbf4cd6a5
+	storj.io/common v0.0.0-20200207172231-7113b4908e35
 	storj.io/drpc v0.0.8
-	storj.io/uplink v0.0.0-20200131143957-f3b6350b4add
+	storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d
 )

go.sum

@@ -604,8 +604,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 storj.io/common v0.0.0-20200130005211-04afbf4cd6a5 h1:BqnkK/pId17R1a70qWcCm2fBgR3kQ5fLBKZ69W+8ecU=
 storj.io/common v0.0.0-20200130005211-04afbf4cd6a5/go.mod h1:n4sxosrQlw5iDBlbTdBtae/8ZqnXUG3nA5XZdIHJibY=
+storj.io/common v0.0.0-20200207172231-7113b4908e35 h1:uz4o0HBF9QK3yhdq9V5/HYqfsSm3kzSmwPT4jdL+7hE=
+storj.io/common v0.0.0-20200207172231-7113b4908e35/go.mod h1:n4sxosrQlw5iDBlbTdBtae/8ZqnXUG3nA5XZdIHJibY=
 storj.io/drpc v0.0.7-0.20191115031725-2171c57838d2/go.mod h1:/ascUDbzNAv0A3Jj7wUIKFBH2JdJ2uJIBO/b9+2yHgQ=
 storj.io/drpc v0.0.8 h1:wu68cMmtoT0vSWIAZz29RpJkWdi4o0S8BIrLslpH5FQ=
 storj.io/drpc v0.0.8/go.mod h1:v39uWro/EbXXk+gNnrM9FQuVVS2zUBWBfeduydgeXUA=
 storj.io/uplink v0.0.0-20200131143957-f3b6350b4add h1:/G2nFSq00KxD/9tQIpNJA2vRGkaSHdZvi1ZsX4qAgbQ=
 storj.io/uplink v0.0.0-20200131143957-f3b6350b4add/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8=
+storj.io/uplink v0.0.0-20200210111421-04761b3aaccd h1:jjOXtv0L9sd/i5UW0qsaMjFDA857z0BTBIsTIhImumk=
+storj.io/uplink v0.0.0-20200210111421-04761b3aaccd/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8=
+storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d h1:Co/Sa2VflIZ4tHk+eLj8vSES/ciksSHILX9+fuTGtAQ=
+storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8=

lib/uplink/bucket_attrs_test.go

@@ -293,7 +293,6 @@ func TestBucketAttrs(t *testing.T) {
 // specific config, the specific config applies and not the bucket attrs.
 func TestBucketAttrsApply(t *testing.T) {
 	var (
-		access          = uplink.NewEncryptionAccessWithDefaultKey(storj.Key{0, 1, 2, 3, 4})
 		bucketName      = "dodecahedron"
 		objectPath1     = "vax/vex/vox"
 		objectContents  = "Willingham,Ray,Jaffe,Johnson,Riegel,O'Brien,Bailey,Mercer"
@@ -324,6 +323,8 @@ func TestBucketAttrsApply(t *testing.T) {
 		}
 		testConfig testConfig
 	)
+	access := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{0, 1, 2, 3, 4})
+	access.SetDefaultPathCipher(storj.EncAESGCM)
 
 	// so our test object will not be inlined (otherwise it will lose its RS params)
 	testConfig.uplinkCfg.Volatile.MaxInlineSize = 1

lib/uplink/encryption.go

@@ -29,7 +29,6 @@ type EncryptionAccess struct {
 // NewEncryptionAccess creates an encryption access context
 func NewEncryptionAccess() *EncryptionAccess {
 	store := encryption.NewStore()
-	store.SetDefaultPathCipher(defaultCipher)
 	return &EncryptionAccess{store: store}
 }
 
@@ -53,6 +52,11 @@ func (s *EncryptionAccess) SetDefaultKey(defaultKey storj.Key) {
 	s.store.SetDefaultKey(&defaultKey)
 }
 
+// SetDefaultPathCipher sets the default path cipher for the encryption access context.
+func (s *EncryptionAccess) SetDefaultPathCipher(defaultPathCipher storj.CipherSuite) {
+	s.store.SetDefaultPathCipher(defaultPathCipher)
+}
+
 // Import merges the other encryption access context into this one. In cases
 // of conflicting path decryption settings (including if both accesses have
 // a default key), the new settings are kept.
@@ -60,6 +64,7 @@ func (s *EncryptionAccess) Import(other *EncryptionAccess) error {
 	if key := other.store.GetDefaultKey(); key != nil {
 		s.store.SetDefaultKey(key)
 	}
+	s.store.SetDefaultPathCipher(other.store.GetDefaultPathCipher())
 	return other.store.Iterate(s.store.Add)
 }
 
@@ -82,7 +87,12 @@ func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRes
 	}
 
 	caveat := macaroon.Caveat{}
+
 	access := NewEncryptionAccess()
+	err := access.Import(s)
+	if err != nil {
+		return APIKey{}, nil, err
+	}
 
 	for _, res := range restrictions {
 		unencPath := paths.NewUnencrypted(res.PathPrefix)
@@ -106,12 +116,12 @@ func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRes
 		})
 	}
 
-	apiKey, err := apiKey.Restrict(caveat)
+	restrictedAPIKey, err := apiKey.Restrict(caveat)
 	if err != nil {
 		return APIKey{}, nil, err
 	}
 
-	return apiKey, access, nil
+	return restrictedAPIKey, access, nil
 }
 
 // Serialize turns an EncryptionAccess into base58
@@ -131,12 +141,13 @@ func (s *EncryptionAccess) Serialize() (string, error) {
 
 func (s *EncryptionAccess) toProto() (*pb.EncryptionAccess, error) {
 	var storeEntries []*pb.EncryptionAccess_StoreEntry
-	err := s.store.Iterate(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key) error {
+	err := s.store.IterateWithCipher(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key, pathCipher storj.CipherSuite) error {
 		storeEntries = append(storeEntries, &pb.EncryptionAccess_StoreEntry{
 			Bucket:          []byte(bucket),
 			UnencryptedPath: []byte(unenc.Raw()),
 			EncryptedPath:   []byte(enc.Raw()),
 			Key:             key[:],
+			PathCipher:      pb.CipherSuite(pathCipher),
 		})
 		return nil
 	})
@@ -150,8 +161,9 @@ func (s *EncryptionAccess) toProto() (*pb.EncryptionAccess, error) {
 	}
 
 	return &pb.EncryptionAccess{
-		DefaultKey:   defaultKey,
-		StoreEntries: storeEntries,
+		DefaultKey:        defaultKey,
+		StoreEntries:      storeEntries,
+		DefaultPathCipher: pb.CipherSuite(s.store.GetDefaultPathCipher()),
 	}, nil
 }
 
@@ -181,6 +193,11 @@ func parseEncryptionAccessFromProto(p *pb.EncryptionAccess) (*EncryptionAccess,
 		access.SetDefaultKey(defaultKey)
 	}
 
+	access.SetDefaultPathCipher(storj.CipherSuite(p.DefaultPathCipher))
+	if p.DefaultPathCipher == pb.CipherSuite_ENC_UNSPECIFIED {
+		access.SetDefaultPathCipher(storj.EncAESGCM)
+	}
+
 	for _, entry := range p.StoreEntries {
 		if len(entry.Key) != len(storj.Key{}) {
 			return nil, errs.New("invalid key in encryption access entry")
@@ -188,11 +205,13 @@ func parseEncryptionAccessFromProto(p *pb.EncryptionAccess) (*EncryptionAccess,
 		var key storj.Key
 		copy(key[:], entry.Key)
 
-		err := access.store.Add(
+		err := access.store.AddWithCipher(
 			string(entry.Bucket),
 			paths.NewUnencrypted(string(entry.UnencryptedPath)),
 			paths.NewEncrypted(string(entry.EncryptedPath)),
-			key)
+			key,
+			storj.CipherSuite(entry.PathCipher),
+		)
 		if err != nil {
 			return nil, errs.New("invalid encryption access entry: %v", err)
 		}

lib/uplink/ex_password_test.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/zeebo/errs"
 
+	"storj.io/common/storj"
 	"storj.io/storj/lib/uplink"
 )
 
@@ -52,6 +53,8 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context,
 
 	// Make an encryption context
 	access := uplink.NewEncryptionAccessWithDefaultKey(*encKey)
+	access.SetDefaultPathCipher(storj.EncAESGCM)
+
 	// serialize it
 	serializedAccess, err = access.Serialize()
 	if err != nil {

lib/uplink/list_test.go

@@ -187,6 +187,7 @@ func runTest(ctx context.Context, t *testing.T, apiKey, satelliteAddr string, te
 
 	// Make an encryption context
 	access := uplink.NewEncryptionAccessWithDefaultKey(*encKey)
+	access.SetDefaultPathCipher(storj.EncAESGCM)
 
 	bu, err := p.OpenBucket(ctx, test.bucket, access)
 	require.NoError(t, err)

lib/uplinkc/encryption_access.go

@@ -27,8 +27,11 @@ func new_encryption_access_with_default_key(key *C.uint8_t) C.EncryptionAccessRe
 	goKey, cKey := storj.Key{}, (*storj.Key)(unsafe.Pointer(key))
 	copy(goKey[:], cKey[:])
 
+	encAccess := libuplink.NewEncryptionAccessWithDefaultKey(goKey)
+	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
+
 	return C.EncryptionAccessRef{
-		_handle: universe.Add(libuplink.NewEncryptionAccessWithDefaultKey(goKey)),
+		_handle: universe.Add(encAccess),
 	}
 }
 

lib/uplinkc/testdata/access_scope_test.c

@@ -13,7 +13,7 @@ int main(int argc, char *argv[])
     char *_err = "";
     char **err = &_err;
 
-    char *scopeStr = "1ZYMge4erhJ7hSTf4UCUvtcT2e7rHBNrQvVMgxVDPgFwndj2f2tUnoqmQhaQapEvkifiu9Dwi53C8a3QKB8xMYPZkKS3yCLKbhaccpRg91iDGJuUBS7m7FKW2AmvQYNm5EM56AJrCsb95CL4jTd686sJmuGMnpQhd6NqE7bYAsQTCyADUS15kDJ2zBzt43k689TwW";
+    char *scopeStr = "17jgVrPRktsquJQFzpsFZvzCqoQLuFwjKKvn3mStMzV1pYwt2zcQjbfga85pfpYGE4jLZTwMF7oxy4iE24d5gJ9A2zY1mMrKxQNRtQFycnKybCVXhPvx89kknnh1jF5v1FY1DnsXaXbQ1UptBjX6KXnsY7oNeERTgj5ZBMuK8dJ96gvnWab8x";
     {
         ScopeRef scope = parse_scope(scopeStr, err);
         require_noerror(*err);

linksharing/handler_test.go

@@ -125,10 +125,13 @@ func testHandlerRequests(t *testing.T, ctx *testcontext.Context, planet *testpla
 	apiKey, err := uplink.ParseAPIKey(planet.Uplinks[0].APIKey[planet.Satellites[0].ID()].Serialize())
 	require.NoError(t, err)
 
+	encAccess := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
+	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
+
 	access, err := (&uplink.Scope{
 		SatelliteAddr:    planet.Satellites[0].Addr(),
 		APIKey:           apiKey,
-		EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}),
+		EncryptionAccess: encAccess,
 	}).Serialize()
 	require.NoError(t, err)
 

pkg/miniogw/gateway_test.go

@@ -475,7 +475,7 @@ func TestListObjectsV2(t *testing.T) {
 }
 
 func testListObjects(t *testing.T, listObjects func(*testing.T, context.Context, minio.ObjectLayer, string, string, string, string, int) ([]string, []minio.ObjectInfo, bool, error)) {
-	runTest(t, func(t *testing.T, ctx context.Context, layer minio.ObjectLayer, m *kvmetainfo.DB, strms streams.Store) {
+	runTestWithPathCipher(t, storj.EncNull, func(t *testing.T, ctx context.Context, layer minio.ObjectLayer, m *kvmetainfo.DB, strms streams.Store) {
 		// Check the error when listing objects with unsupported delimiter
 		_, err := layer.ListObjects(ctx, TestBucket, "", "", "#", 0)
 		assert.Equal(t, minio.UnsupportedDelimiter{Delimiter: "#"}, err)
@@ -660,17 +660,21 @@ func testListObjects(t *testing.T, listObjects func(*testing.T, context.Context,
 }
 
 func runTest(t *testing.T, test func(*testing.T, context.Context, minio.ObjectLayer, *kvmetainfo.DB, streams.Store)) {
+	runTestWithPathCipher(t, storj.EncNull, test)
+}
+
+func runTestWithPathCipher(t *testing.T, pathCipher storj.CipherSuite, test func(*testing.T, context.Context, minio.ObjectLayer, *kvmetainfo.DB, streams.Store)) {
 	testplanet.Run(t, testplanet.Config{
 		SatelliteCount: 1, StorageNodeCount: 4, UplinkCount: 1,
 	}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
-		layer, m, strms, err := initEnv(ctx, t, planet)
+		layer, m, strms, err := initEnv(ctx, t, planet, pathCipher)
 		require.NoError(t, err)
 
 		test(t, ctx, layer, m, strms)
 	})
 }
 
-func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet) (minio.ObjectLayer, *kvmetainfo.DB, streams.Store, error) {
+func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet, pathCipher storj.CipherSuite) (minio.ObjectLayer, *kvmetainfo.DB, streams.Store, error) {
 	// TODO(kaloyan): We should have a better way for configuring the Satellite's API Key
 	// add project to satisfy constraint
 	project, err := planet.Satellites[0].DB.Console().Projects().Insert(ctx, &console.Project{
@@ -719,6 +723,7 @@ func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet) (mini
 	var encKey storj.Key
 	copy(encKey[:], TestEncKey)
 	access := libuplink.NewEncryptionAccessWithDefaultKey(encKey)
+	access.SetDefaultPathCipher(pathCipher)
 	encStore := access.Store()
 
 	blockSize := rs.StripeSize()

private/testplanet/uplink.go

@@ -334,6 +334,7 @@ func (client *Uplink) GetConfig(satellite *SatelliteSystem) cmd.Config {
 
 	encAccess := libuplink.NewEncryptionAccess()
 	encAccess.SetDefaultKey(storj.Key{})
+	encAccess.SetDefaultPathCipher(storj.EncAESGCM)
 
 	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satellite.Addr(),