From cea4c25f539fbc795ea2c45d490d04f41e6a30ab Mon Sep 17 00:00:00 2001 From: Michal Niewrzal Date: Tue, 11 Feb 2020 09:25:31 +0100 Subject: [PATCH] mod: bump common and uplink version Change-Id: Ia063d33c087dd91a46c008e154b078f11fa21527 --- cmd/gateway/main.go | 5 +++- cmd/storj-sim/network.go | 5 +++- cmd/uplink/cmd/config.go | 1 + cmd/uplink/cmd/setup.go | 6 +++- go.mod | 4 +-- go.sum | 6 ++++ lib/uplink/bucket_attrs_test.go | 3 +- lib/uplink/encryption.go | 35 ++++++++++++++++++------ lib/uplink/ex_password_test.go | 3 ++ lib/uplink/list_test.go | 1 + lib/uplinkc/encryption_access.go | 5 +++- lib/uplinkc/testdata/access_scope_test.c | 2 +- linksharing/handler_test.go | 5 +++- pkg/miniogw/gateway_test.go | 11 ++++++-- private/testplanet/uplink.go | 1 + 15 files changed, 73 insertions(+), 20 deletions(-) diff --git a/cmd/gateway/main.go b/cmd/gateway/main.go index e1092c587..612cbd8c1 100644 --- a/cmd/gateway/main.go +++ b/cmd/gateway/main.go @@ -316,10 +316,13 @@ func (flags GatewayFlags) interactive(cmd *cobra.Command, setupDir string, overr return Error.Wrap(err) } + encAccess := libuplink.NewEncryptionAccessWithDefaultKey(*key) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) + accessData, err := (&libuplink.Scope{ SatelliteAddr: satelliteAddress, APIKey: apiKey, - EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key), + EncryptionAccess: encAccess, }).Serialize() if err != nil { return Error.Wrap(err) diff --git a/cmd/storj-sim/network.go b/cmd/storj-sim/network.go index 3e9cf3cc7..85df8a510 100644 --- a/cmd/storj-sim/network.go +++ b/cmd/storj-sim/network.go @@ -426,10 +426,13 @@ func newNetwork(flags *Flags) (*Processes, error) { Address: net.JoinHostPort(host, port(gatewayPeer, i, publicGRPC)), }) + encAccess := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) + accessData, err := (&uplink.Scope{ SatelliteAddr: satellite.Address, APIKey: defaultAPIKey, - EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}), + EncryptionAccess: encAccess, }).Serialize() if err != nil { return nil, err diff --git a/cmd/uplink/cmd/config.go b/cmd/uplink/cmd/config.go index d82e03dab..9e0f4daa4 100644 --- a/cmd/uplink/cmd/config.go +++ b/cmd/uplink/cmd/config.go @@ -154,6 +154,7 @@ func (a AccessConfig) GetAccess() (_ *libuplink.Scope, err error) { return nil, errs.Wrap(err) } encAccess = libuplink.NewEncryptionAccessWithDefaultKey(*key) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) } return &libuplink.Scope{ diff --git a/cmd/uplink/cmd/setup.go b/cmd/uplink/cmd/setup.go index 949ee439f..3f5e5066f 100644 --- a/cmd/uplink/cmd/setup.go +++ b/cmd/uplink/cmd/setup.go @@ -13,6 +13,7 @@ import ( "github.com/spf13/cobra" "github.com/zeebo/errs" + "storj.io/common/storj" "storj.io/storj/cmd/internal/wizard" libuplink "storj.io/storj/lib/uplink" "storj.io/storj/pkg/cfgstruct" @@ -119,10 +120,13 @@ func cmdSetup(cmd *cobra.Command, args []string) (err error) { return Error.Wrap(err) } + encAccess := libuplink.NewEncryptionAccessWithDefaultKey(*key) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) + accessData, err := (&libuplink.Scope{ SatelliteAddr: satelliteAddress, APIKey: apiKey, - EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key), + EncryptionAccess: encAccess, }).Serialize() if err != nil { return Error.Wrap(err) diff --git a/go.mod b/go.mod index 1790d9777..f66394b9a 100644 --- a/go.mod +++ b/go.mod @@ -108,7 +108,7 @@ require ( gopkg.in/ini.v1 v1.38.2 // indirect gopkg.in/olivere/elastic.v5 v5.0.76 // indirect gopkg.in/yaml.v2 v2.2.4 - storj.io/common v0.0.0-20200130005211-04afbf4cd6a5 + storj.io/common v0.0.0-20200207172231-7113b4908e35 storj.io/drpc v0.0.8 - storj.io/uplink v0.0.0-20200131143957-f3b6350b4add + storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d ) diff --git a/go.sum b/go.sum index 90bab02e6..6ce003475 100644 --- a/go.sum +++ b/go.sum @@ -604,8 +604,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= storj.io/common v0.0.0-20200130005211-04afbf4cd6a5 h1:BqnkK/pId17R1a70qWcCm2fBgR3kQ5fLBKZ69W+8ecU= storj.io/common v0.0.0-20200130005211-04afbf4cd6a5/go.mod h1:n4sxosrQlw5iDBlbTdBtae/8ZqnXUG3nA5XZdIHJibY= +storj.io/common v0.0.0-20200207172231-7113b4908e35 h1:uz4o0HBF9QK3yhdq9V5/HYqfsSm3kzSmwPT4jdL+7hE= +storj.io/common v0.0.0-20200207172231-7113b4908e35/go.mod h1:n4sxosrQlw5iDBlbTdBtae/8ZqnXUG3nA5XZdIHJibY= storj.io/drpc v0.0.7-0.20191115031725-2171c57838d2/go.mod h1:/ascUDbzNAv0A3Jj7wUIKFBH2JdJ2uJIBO/b9+2yHgQ= storj.io/drpc v0.0.8 h1:wu68cMmtoT0vSWIAZz29RpJkWdi4o0S8BIrLslpH5FQ= storj.io/drpc v0.0.8/go.mod h1:v39uWro/EbXXk+gNnrM9FQuVVS2zUBWBfeduydgeXUA= storj.io/uplink v0.0.0-20200131143957-f3b6350b4add h1:/G2nFSq00KxD/9tQIpNJA2vRGkaSHdZvi1ZsX4qAgbQ= storj.io/uplink v0.0.0-20200131143957-f3b6350b4add/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8= +storj.io/uplink v0.0.0-20200210111421-04761b3aaccd h1:jjOXtv0L9sd/i5UW0qsaMjFDA857z0BTBIsTIhImumk= +storj.io/uplink v0.0.0-20200210111421-04761b3aaccd/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8= +storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d h1:Co/Sa2VflIZ4tHk+eLj8vSES/ciksSHILX9+fuTGtAQ= +storj.io/uplink v0.0.0-20200211130624-1f304dca3b7d/go.mod h1:sqhw1H30vF8pD6coKYkx0nLAkw9M0ISwjLi+3R5b3A8= diff --git a/lib/uplink/bucket_attrs_test.go b/lib/uplink/bucket_attrs_test.go index f6e837611..388b0bd32 100644 --- a/lib/uplink/bucket_attrs_test.go +++ b/lib/uplink/bucket_attrs_test.go @@ -293,7 +293,6 @@ func TestBucketAttrs(t *testing.T) { // specific config, the specific config applies and not the bucket attrs. func TestBucketAttrsApply(t *testing.T) { var ( - access = uplink.NewEncryptionAccessWithDefaultKey(storj.Key{0, 1, 2, 3, 4}) bucketName = "dodecahedron" objectPath1 = "vax/vex/vox" objectContents = "Willingham,Ray,Jaffe,Johnson,Riegel,O'Brien,Bailey,Mercer" @@ -324,6 +323,8 @@ func TestBucketAttrsApply(t *testing.T) { } testConfig testConfig ) + access := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{0, 1, 2, 3, 4}) + access.SetDefaultPathCipher(storj.EncAESGCM) // so our test object will not be inlined (otherwise it will lose its RS params) testConfig.uplinkCfg.Volatile.MaxInlineSize = 1 diff --git a/lib/uplink/encryption.go b/lib/uplink/encryption.go index 84cea3a58..743131468 100644 --- a/lib/uplink/encryption.go +++ b/lib/uplink/encryption.go @@ -29,7 +29,6 @@ type EncryptionAccess struct { // NewEncryptionAccess creates an encryption access context func NewEncryptionAccess() *EncryptionAccess { store := encryption.NewStore() - store.SetDefaultPathCipher(defaultCipher) return &EncryptionAccess{store: store} } @@ -53,6 +52,11 @@ func (s *EncryptionAccess) SetDefaultKey(defaultKey storj.Key) { s.store.SetDefaultKey(&defaultKey) } +// SetDefaultPathCipher sets the default path cipher for the encryption access context. +func (s *EncryptionAccess) SetDefaultPathCipher(defaultPathCipher storj.CipherSuite) { + s.store.SetDefaultPathCipher(defaultPathCipher) +} + // Import merges the other encryption access context into this one. In cases // of conflicting path decryption settings (including if both accesses have // a default key), the new settings are kept. @@ -60,6 +64,7 @@ func (s *EncryptionAccess) Import(other *EncryptionAccess) error { if key := other.store.GetDefaultKey(); key != nil { s.store.SetDefaultKey(key) } + s.store.SetDefaultPathCipher(other.store.GetDefaultPathCipher()) return other.store.Iterate(s.store.Add) } @@ -82,7 +87,12 @@ func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRes } caveat := macaroon.Caveat{} + access := NewEncryptionAccess() + err := access.Import(s) + if err != nil { + return APIKey{}, nil, err + } for _, res := range restrictions { unencPath := paths.NewUnencrypted(res.PathPrefix) @@ -106,12 +116,12 @@ func (s *EncryptionAccess) Restrict(apiKey APIKey, restrictions ...EncryptionRes }) } - apiKey, err := apiKey.Restrict(caveat) + restrictedAPIKey, err := apiKey.Restrict(caveat) if err != nil { return APIKey{}, nil, err } - return apiKey, access, nil + return restrictedAPIKey, access, nil } // Serialize turns an EncryptionAccess into base58 @@ -131,12 +141,13 @@ func (s *EncryptionAccess) Serialize() (string, error) { func (s *EncryptionAccess) toProto() (*pb.EncryptionAccess, error) { var storeEntries []*pb.EncryptionAccess_StoreEntry - err := s.store.Iterate(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key) error { + err := s.store.IterateWithCipher(func(bucket string, unenc paths.Unencrypted, enc paths.Encrypted, key storj.Key, pathCipher storj.CipherSuite) error { storeEntries = append(storeEntries, &pb.EncryptionAccess_StoreEntry{ Bucket: []byte(bucket), UnencryptedPath: []byte(unenc.Raw()), EncryptedPath: []byte(enc.Raw()), Key: key[:], + PathCipher: pb.CipherSuite(pathCipher), }) return nil }) @@ -150,8 +161,9 @@ func (s *EncryptionAccess) toProto() (*pb.EncryptionAccess, error) { } return &pb.EncryptionAccess{ - DefaultKey: defaultKey, - StoreEntries: storeEntries, + DefaultKey: defaultKey, + StoreEntries: storeEntries, + DefaultPathCipher: pb.CipherSuite(s.store.GetDefaultPathCipher()), }, nil } @@ -181,6 +193,11 @@ func parseEncryptionAccessFromProto(p *pb.EncryptionAccess) (*EncryptionAccess, access.SetDefaultKey(defaultKey) } + access.SetDefaultPathCipher(storj.CipherSuite(p.DefaultPathCipher)) + if p.DefaultPathCipher == pb.CipherSuite_ENC_UNSPECIFIED { + access.SetDefaultPathCipher(storj.EncAESGCM) + } + for _, entry := range p.StoreEntries { if len(entry.Key) != len(storj.Key{}) { return nil, errs.New("invalid key in encryption access entry") @@ -188,11 +205,13 @@ func parseEncryptionAccessFromProto(p *pb.EncryptionAccess) (*EncryptionAccess, var key storj.Key copy(key[:], entry.Key) - err := access.store.Add( + err := access.store.AddWithCipher( string(entry.Bucket), paths.NewUnencrypted(string(entry.UnencryptedPath)), paths.NewEncrypted(string(entry.EncryptedPath)), - key) + key, + storj.CipherSuite(entry.PathCipher), + ) if err != nil { return nil, errs.New("invalid encryption access entry: %v", err) } diff --git a/lib/uplink/ex_password_test.go b/lib/uplink/ex_password_test.go index ba3456bca..4e027d845 100644 --- a/lib/uplink/ex_password_test.go +++ b/lib/uplink/ex_password_test.go @@ -13,6 +13,7 @@ import ( "github.com/zeebo/errs" + "storj.io/common/storj" "storj.io/storj/lib/uplink" ) @@ -52,6 +53,8 @@ func CreateEncryptionKeyExampleByAdmin1(ctx context.Context, // Make an encryption context access := uplink.NewEncryptionAccessWithDefaultKey(*encKey) + access.SetDefaultPathCipher(storj.EncAESGCM) + // serialize it serializedAccess, err = access.Serialize() if err != nil { diff --git a/lib/uplink/list_test.go b/lib/uplink/list_test.go index 4df26a84b..aa3ae9934 100644 --- a/lib/uplink/list_test.go +++ b/lib/uplink/list_test.go @@ -187,6 +187,7 @@ func runTest(ctx context.Context, t *testing.T, apiKey, satelliteAddr string, te // Make an encryption context access := uplink.NewEncryptionAccessWithDefaultKey(*encKey) + access.SetDefaultPathCipher(storj.EncAESGCM) bu, err := p.OpenBucket(ctx, test.bucket, access) require.NoError(t, err) diff --git a/lib/uplinkc/encryption_access.go b/lib/uplinkc/encryption_access.go index 8ffe135e7..ce2a22ccf 100644 --- a/lib/uplinkc/encryption_access.go +++ b/lib/uplinkc/encryption_access.go @@ -27,8 +27,11 @@ func new_encryption_access_with_default_key(key *C.uint8_t) C.EncryptionAccessRe goKey, cKey := storj.Key{}, (*storj.Key)(unsafe.Pointer(key)) copy(goKey[:], cKey[:]) + encAccess := libuplink.NewEncryptionAccessWithDefaultKey(goKey) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) + return C.EncryptionAccessRef{ - _handle: universe.Add(libuplink.NewEncryptionAccessWithDefaultKey(goKey)), + _handle: universe.Add(encAccess), } } diff --git a/lib/uplinkc/testdata/access_scope_test.c b/lib/uplinkc/testdata/access_scope_test.c index 4b9567c6d..35fed54c9 100644 --- a/lib/uplinkc/testdata/access_scope_test.c +++ b/lib/uplinkc/testdata/access_scope_test.c @@ -13,7 +13,7 @@ int main(int argc, char *argv[]) char *_err = ""; char **err = &_err; - char *scopeStr = "1ZYMge4erhJ7hSTf4UCUvtcT2e7rHBNrQvVMgxVDPgFwndj2f2tUnoqmQhaQapEvkifiu9Dwi53C8a3QKB8xMYPZkKS3yCLKbhaccpRg91iDGJuUBS7m7FKW2AmvQYNm5EM56AJrCsb95CL4jTd686sJmuGMnpQhd6NqE7bYAsQTCyADUS15kDJ2zBzt43k689TwW"; + char *scopeStr = "17jgVrPRktsquJQFzpsFZvzCqoQLuFwjKKvn3mStMzV1pYwt2zcQjbfga85pfpYGE4jLZTwMF7oxy4iE24d5gJ9A2zY1mMrKxQNRtQFycnKybCVXhPvx89kknnh1jF5v1FY1DnsXaXbQ1UptBjX6KXnsY7oNeERTgj5ZBMuK8dJ96gvnWab8x"; { ScopeRef scope = parse_scope(scopeStr, err); require_noerror(*err); diff --git a/linksharing/handler_test.go b/linksharing/handler_test.go index f65161217..62c985996 100644 --- a/linksharing/handler_test.go +++ b/linksharing/handler_test.go @@ -125,10 +125,13 @@ func testHandlerRequests(t *testing.T, ctx *testcontext.Context, planet *testpla apiKey, err := uplink.ParseAPIKey(planet.Uplinks[0].APIKey[planet.Satellites[0].ID()].Serialize()) require.NoError(t, err) + encAccess := uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) + access, err := (&uplink.Scope{ SatelliteAddr: planet.Satellites[0].Addr(), APIKey: apiKey, - EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}), + EncryptionAccess: encAccess, }).Serialize() require.NoError(t, err) diff --git a/pkg/miniogw/gateway_test.go b/pkg/miniogw/gateway_test.go index 993f81b6e..7a1a8262a 100644 --- a/pkg/miniogw/gateway_test.go +++ b/pkg/miniogw/gateway_test.go @@ -475,7 +475,7 @@ func TestListObjectsV2(t *testing.T) { } func testListObjects(t *testing.T, listObjects func(*testing.T, context.Context, minio.ObjectLayer, string, string, string, string, int) ([]string, []minio.ObjectInfo, bool, error)) { - runTest(t, func(t *testing.T, ctx context.Context, layer minio.ObjectLayer, m *kvmetainfo.DB, strms streams.Store) { + runTestWithPathCipher(t, storj.EncNull, func(t *testing.T, ctx context.Context, layer minio.ObjectLayer, m *kvmetainfo.DB, strms streams.Store) { // Check the error when listing objects with unsupported delimiter _, err := layer.ListObjects(ctx, TestBucket, "", "", "#", 0) assert.Equal(t, minio.UnsupportedDelimiter{Delimiter: "#"}, err) @@ -660,17 +660,21 @@ func testListObjects(t *testing.T, listObjects func(*testing.T, context.Context, } func runTest(t *testing.T, test func(*testing.T, context.Context, minio.ObjectLayer, *kvmetainfo.DB, streams.Store)) { + runTestWithPathCipher(t, storj.EncNull, test) +} + +func runTestWithPathCipher(t *testing.T, pathCipher storj.CipherSuite, test func(*testing.T, context.Context, minio.ObjectLayer, *kvmetainfo.DB, streams.Store)) { testplanet.Run(t, testplanet.Config{ SatelliteCount: 1, StorageNodeCount: 4, UplinkCount: 1, }, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) { - layer, m, strms, err := initEnv(ctx, t, planet) + layer, m, strms, err := initEnv(ctx, t, planet, pathCipher) require.NoError(t, err) test(t, ctx, layer, m, strms) }) } -func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet) (minio.ObjectLayer, *kvmetainfo.DB, streams.Store, error) { +func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet, pathCipher storj.CipherSuite) (minio.ObjectLayer, *kvmetainfo.DB, streams.Store, error) { // TODO(kaloyan): We should have a better way for configuring the Satellite's API Key // add project to satisfy constraint project, err := planet.Satellites[0].DB.Console().Projects().Insert(ctx, &console.Project{ @@ -719,6 +723,7 @@ func initEnv(ctx context.Context, t *testing.T, planet *testplanet.Planet) (mini var encKey storj.Key copy(encKey[:], TestEncKey) access := libuplink.NewEncryptionAccessWithDefaultKey(encKey) + access.SetDefaultPathCipher(pathCipher) encStore := access.Store() blockSize := rs.StripeSize() diff --git a/private/testplanet/uplink.go b/private/testplanet/uplink.go index 98cb8beec..9c67091b0 100644 --- a/private/testplanet/uplink.go +++ b/private/testplanet/uplink.go @@ -334,6 +334,7 @@ func (client *Uplink) GetConfig(satellite *SatelliteSystem) cmd.Config { encAccess := libuplink.NewEncryptionAccess() encAccess.SetDefaultKey(storj.Key{}) + encAccess.SetDefaultPathCipher(storj.EncAESGCM) accessData, err := (&libuplink.Scope{ SatelliteAddr: satellite.Addr(),