JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5abed63f53
storj/satellite/console/consolewasm/access.go
Cameron 98fed4bc30 {satellite/console,web/satellite}: get project salt from satellite 
Add getSalt to projects api. Add action, GET_SALT, on Store
Projects module to make the api request and return the salt
string everywhere in the web app that generates an access grant.
The Wasm code which is used to create the access grant has been
changed to decode the salt as a base64 encoded string. The names
of the function calls in the changed Wasm code have also been
changed to ensure that access grant creation fails if JS access
grant worker code and Wasm code are not the same version.

https://github.com/storj/storj-private/issues/64

Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a
2022-10-12 19:06:27 +00:00

51 lines
1.3 KiB
Go
Raw Blame History

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
package consolewasm
import (
"encoding/base64"
"storj.io/common/encryption"
"storj.io/common/grant"
"storj.io/common/macaroon"
"storj.io/common/storj"
)
// GenAccessGrant creates a new access grant and returns it serialized form.
func GenAccessGrant(satelliteNodeURL, apiKey, encryptionPassphrase, base64EncodedSalt string) (string, error) {
parsedAPIKey, err := macaroon.ParseAPIKey(apiKey)
if err != nil {
return "", err
}
key, err := DeriveRootKey(encryptionPassphrase, base64EncodedSalt)
if err != nil {
return "", err
}
encAccess := grant.NewEncryptionAccessWithDefaultKey(key)
encAccess.SetDefaultPathCipher(storj.EncAESGCM)
encAccess.LimitTo(parsedAPIKey)
accessString, err := (&grant.Access{
SatelliteAddress: satelliteNodeURL,
APIKey: parsedAPIKey,
EncAccess: encAccess,
}).Serialize()
if err != nil {
return "", err
}
return accessString, nil
}
// DeriveRootKey derives the root key portion of the access grant.
func DeriveRootKey(encryptionPassphrase, base64EncodedSalt string) (*storj.Key, error) {
const concurrency = 8
saltBytes, err := base64.StdEncoding.DecodeString(base64EncodedSalt)
if err != nil {
return nil, err
}
return encryption.DeriveRootKey([]byte(encryptionPassphrase), saltBytes, "", concurrency)
}
Reference in New Issue View Git Blame Copy Permalink