storj/lib/uplink-gomobile/encryption.go
Michal Niewrzal b17dc656b5 lib/uplink-gomobile: update to latest master
Change-Id: I1be7991ee73cc2a6e911ae024dce3fba97c02071
2020-04-04 19:08:48 +00:00

129 lines
4.2 KiB
Go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package mobile
import (
"storj.io/common/paths"
"storj.io/common/storj"
libuplink "storj.io/storj/lib/uplink"
)
// EncryptionAccess holds data about encryption keys for a bucket.
type EncryptionAccess struct {
lib *libuplink.EncryptionAccess
}
// NewEncryptionAccess constructs an empty encryption context.
func NewEncryptionAccess() *EncryptionAccess {
lib := libuplink.NewEncryptionAccess()
lib.SetDefaultPathCipher(storj.EncAESGCM)
return &EncryptionAccess{lib: lib}
}
// NewEncryptionAccessWithRoot constructs an encryption access with a key rooted at the provided path inside of a bucket.
func NewEncryptionAccessWithRoot(bucket, unencryptedPath, encryptedPath string, keyData []byte) (*EncryptionAccess, error) {
key, err := storj.NewKey(keyData)
if err != nil {
return nil, safeError(err)
}
encAccess := libuplink.NewEncryptionAccess()
err = encAccess.Store().Add(bucket, paths.NewUnencrypted(unencryptedPath), paths.NewEncrypted(encryptedPath), *key)
if err != nil {
return nil, safeError(err)
}
return &EncryptionAccess{lib: encAccess}, nil
}
// SetDefaultKey sets the default key to use when no matching keys are found
// for the encryption context.
func (e *EncryptionAccess) SetDefaultKey(keyData []byte) error {
key, err := storj.NewKey(keyData)
if err != nil {
return safeError(err)
}
e.lib.SetDefaultKey(*key)
return nil
}
// Serialize returns a base58-serialized encryption access for use with later
// parsing.
func (e *EncryptionAccess) Serialize() (b58data string, err error) {
return e.lib.Serialize()
}
// ParseEncryptionAccess parses the base58 encoded encryption context data and
// returns the resulting context.
func ParseEncryptionAccess(b58data string) (*EncryptionAccess, error) {
access, err := libuplink.ParseEncryptionAccess(b58data)
if err != nil {
return nil, safeError(err)
}
return &EncryptionAccess{lib: access}, nil
}
// NewEncryptionAccessWithDefaultKey creates an encryption access context with
// a default key set.
// Use Project.SaltedKeyFromPassphrase to generate a default key
func NewEncryptionAccessWithDefaultKey(defaultKey []byte) (_ *EncryptionAccess, err error) {
key, err := storj.NewKey(defaultKey)
if err != nil {
return nil, err
}
return &EncryptionAccess{lib: libuplink.NewEncryptionAccessWithDefaultKey(*key)}, nil
}
// Restrict creates a new EncryptionAccess with no default key, where the key material
// in the new access is just enough to allow someone to access all of the given
// restrictions but no more.
func (e *EncryptionAccess) Restrict(satelliteAddr string, apiKey *APIKey, restrictions *EncryptionRestrictions) (_ *Scope, err error) {
libAPIKey, ea, err := e.lib.Restrict(*apiKey.lib, restrictions.restrictions...)
return &Scope{
lib: &libuplink.Scope{
SatelliteAddr: satelliteAddr,
APIKey: libAPIKey,
EncryptionAccess: ea,
},
}, err
}
// Import merges the other encryption access context into this one. In cases
// of conflicting path decryption settings (including if both accesses have
// a default key), the new settings are kept.
func (e *EncryptionAccess) Import(other *EncryptionAccess) error {
return e.lib.Import(other.lib)
}
// EncryptionRestriction represents a scenario where some set of objects
// may need to be encrypted/decrypted
type EncryptionRestriction struct {
lib *libuplink.EncryptionRestriction
}
// NewEncryptionRestriction creates new EncryptionRestriction
func NewEncryptionRestriction(bucket, path string) *EncryptionRestriction {
return &EncryptionRestriction{
lib: &libuplink.EncryptionRestriction{
Bucket: bucket,
PathPrefix: path,
},
}
}
// EncryptionRestrictions combines EncryptionRestriction to overcome gomobile limitation (no arrays)
type EncryptionRestrictions struct {
restrictions []libuplink.EncryptionRestriction
}
// NewEncryptionRestrictions creates new EncryptionRestrictions
func NewEncryptionRestrictions() *EncryptionRestrictions {
return &EncryptionRestrictions{
restrictions: make([]libuplink.EncryptionRestriction, 0),
}
}
// Add adds EncryptionRestriction
func (e *EncryptionRestrictions) Add(restriction *EncryptionRestriction) {
e.restrictions = append(e.restrictions, *restriction.lib)
}