JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cebdf57ad8
storj/cmd/captplanet/setup.go
Maximillian von Briesen 821d0b6f1d
Stream encryption (#302) 
* begin adding encryption for remote pieces

* begin adding decryption

* add encryption key as arg to Put and Get

* move encryption/decryption to object store

* Add encryption key to object store constructor

* Add the erasure scheme to object store constructor

* Ensure decrypter is initialized with the stripe size used by encrypter

* Revert "Ensure decrypter is initialized with the stripe size used by encrypter"

This reverts commit 07272333f461606edfb43ad106cc152f37a3bd46.

* Revert "Add the erasure scheme to object store constructor"

This reverts commit ea5e793b536159d993b96e3db69a37c1656a193c.

* move encryption to stream store

* move decryption stuff to stream store

* revert changes in object store

* add encryptedBlockSize and close rangers on error during Get

* calculate padding sizes correctly

* encryptedBlockSize -> encryptionBlockSize

* pass encryption key and block size into stream store

* remove encryption key and block size from object store constructor

* move encrypter/decrypter initialization

* remove unnecessary cast

* Fix padding issue

* Fix linter

* add todos

* use random encryption key for data encryption. Store an encrypted copy of this key in segment metadata

* use different encryption key for each segment

* encrypt data in one step if it is small enough

* refactor and move encryption stuff

* fix errors related to nil slices passed to copy

* fix encrypter vs. decrypter bug

* put encryption stuff in eestream

* get captplanet test to pass

* fix linting errors

* add types for encryption keys/nonces and clean up

* fix tests

* more review changes

* add Cipher type for encryption stuff

* fix rs_test

* Simplify type casting of key and nonce

* Init starting nonce to the segment index

* don't copy derived key

* remove default encryption key; force user to explicitly set it

* move getSegmentPath to streams package

* dont require user to specify encryption key for captplanet

* rename GenericKey and GenericNonce to Key and Nonce

* review changes

* fix linting error

* Download uses the encryption type from metadata

* Store enc block size in metadata and use it for download
2018-09-26 09:32:23 -04:00

179 lines
5.9 KiB
Go
Raw Blame History

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"crypto/rand"
"fmt"
"net"
"os"
"path/filepath"
base58 "github.com/jbenet/go-base58"
"github.com/spf13/cobra"
"storj.io/storj/pkg/cfgstruct"
"storj.io/storj/pkg/process"
"storj.io/storj/pkg/provider"
)
// Config defines broad Captain Planet configuration
type Config struct {
HCCA provider.CASetupConfig
HCIdentity provider.IdentitySetupConfig
ULCA provider.CASetupConfig
ULIdentity provider.IdentitySetupConfig
StorageNodeCA provider.CASetupConfig
StorageNodeIdentity provider.IdentitySetupConfig
BasePath string `help:"base path for captain planet storage" default:"$CONFDIR"`
ListenHost string `help:"the host for providers to listen on" default:"127.0.0.1"`
StartingPort int `help:"all providers will listen on ports consecutively starting with this one" default:"7777"`
Overwrite bool `help:"whether to overwrite pre-existing configuration files" default:"false"`
}
var (
setupCmd = &cobra.Command{
Use: "setup",
Short: "Set up configurations",
RunE: cmdSetup,
}
setupCfg Config
)
func init() {
rootCmd.AddCommand(setupCmd)
cfgstruct.Bind(setupCmd.Flags(), &setupCfg,
cfgstruct.ConfDir(defaultConfDir),
)
}
func cmdSetup(cmd *cobra.Command, args []string) (err error) {
setupCfg.BasePath, err = filepath.Abs(setupCfg.BasePath)
if err != nil {
return err
}
_, err = os.Stat(setupCfg.BasePath)
if !setupCfg.Overwrite && err == nil {
fmt.Println("A captplanet configuration already exists. Rerun with --overwrite")
return nil
}
hcPath := filepath.Join(setupCfg.BasePath, "satellite")
err = os.MkdirAll(hcPath, 0700)
if err != nil {
return err
}
setupCfg.HCCA.CertPath = filepath.Join(hcPath, "ca.cert")
setupCfg.HCCA.KeyPath = filepath.Join(hcPath, "ca.key")
setupCfg.HCIdentity.CertPath = filepath.Join(hcPath, "identity.cert")
setupCfg.HCIdentity.KeyPath = filepath.Join(hcPath, "identity.key")
fmt.Printf("creating identity for satellite\n")
err = provider.SetupIdentity(process.Ctx(cmd), setupCfg.HCCA, setupCfg.HCIdentity)
if err != nil {
return err
}
for i := 0; i < len(runCfg.StorageNodes); i++ {
storagenodePath := filepath.Join(setupCfg.BasePath, fmt.Sprintf("f%d", i))
err = os.MkdirAll(storagenodePath, 0700)
if err != nil {
return err
}
storagenodeCA := setupCfg.StorageNodeCA
storagenodeCA.CertPath = filepath.Join(storagenodePath, "ca.cert")
storagenodeCA.KeyPath = filepath.Join(storagenodePath, "ca.key")
storagenodeIdentity := setupCfg.StorageNodeIdentity
storagenodeIdentity.CertPath = filepath.Join(storagenodePath, "identity.cert")
storagenodeIdentity.KeyPath = filepath.Join(storagenodePath, "identity.key")
fmt.Printf("creating identity for storage node %d\n", i+1)
err := provider.SetupIdentity(process.Ctx(cmd), storagenodeCA, storagenodeIdentity)
if err != nil {
return err
}
}
uplinkPath := filepath.Join(setupCfg.BasePath, "uplink")
err = os.MkdirAll(uplinkPath, 0700)
if err != nil {
return err
}
setupCfg.ULCA.CertPath = filepath.Join(uplinkPath, "ca.cert")
setupCfg.ULCA.KeyPath = filepath.Join(uplinkPath, "ca.key")
setupCfg.ULIdentity.CertPath = filepath.Join(uplinkPath, "identity.cert")
setupCfg.ULIdentity.KeyPath = filepath.Join(uplinkPath, "identity.key")
fmt.Printf("creating identity for uplink\n")
err = provider.SetupIdentity(process.Ctx(cmd), setupCfg.ULCA, setupCfg.ULIdentity)
if err != nil {
return err
}
startingPort := setupCfg.StartingPort
apiKey, err := newAPIKey()
if err != nil {
return err
}
overrides := map[string]interface{}{
"satellite.identity.cert-path": setupCfg.HCIdentity.CertPath,
"satellite.identity.key-path": setupCfg.HCIdentity.KeyPath,
"satellite.identity.address": joinHostPort(
setupCfg.ListenHost, startingPort+1),
"satellite.kademlia.todo-listen-addr": joinHostPort(
setupCfg.ListenHost, startingPort+2),
"satellite.kademlia.bootstrap-addr": joinHostPort(
setupCfg.ListenHost, startingPort+4),
"satellite.pointer-db.database-url": "bolt://" + filepath.Join(
setupCfg.BasePath, "satellite", "pointerdb.db"),
"satellite.overlay.database-url": "bolt://" + filepath.Join(
setupCfg.BasePath, "satellite", "overlay.db"),
"uplink.cert-path": setupCfg.ULIdentity.CertPath,
"uplink.key-path": setupCfg.ULIdentity.KeyPath,
"uplink.address": joinHostPort(
setupCfg.ListenHost, startingPort),
"uplink.overlay-addr": joinHostPort(
setupCfg.ListenHost, startingPort+1),
"uplink.pointer-db-addr": joinHostPort(
setupCfg.ListenHost, startingPort+1),
"uplink.minio-dir": filepath.Join(
setupCfg.BasePath, "uplink", "minio"),
"uplink.api-key": apiKey,
"uplink.enc-key": "highlydistributedridiculouslyresilient",
"pointer-db.auth.api-key": apiKey,
}
for i := 0; i < len(runCfg.StorageNodes); i++ {
storagenodePath := filepath.Join(setupCfg.BasePath, fmt.Sprintf("f%d", i))
storagenode := fmt.Sprintf("storage-nodes.%03d.", i)
overrides[storagenode+"identity.cert-path"] = filepath.Join(
storagenodePath, "identity.cert")
overrides[storagenode+"identity.key-path"] = filepath.Join(
storagenodePath, "identity.key")
overrides[storagenode+"identity.address"] = joinHostPort(
setupCfg.ListenHost, startingPort+i*2+3)
overrides[storagenode+"kademlia.todo-listen-addr"] = joinHostPort(
setupCfg.ListenHost, startingPort+i*2+4)
overrides[storagenode+"kademlia.bootstrap-addr"] = joinHostPort(
setupCfg.ListenHost, startingPort+1)
overrides[storagenode+"storage.path"] = filepath.Join(storagenodePath, "data")
}
return process.SaveConfig(runCmd.Flags(),
filepath.Join(setupCfg.BasePath, "config.yaml"), overrides)
}
func joinHostPort(host string, port int) string {
return net.JoinHostPort(host, fmt.Sprint(port))
}
func newAPIKey() (string, error) {
var buf [20]byte
_, err := rand.Read(buf[:])
if err != nil {
return "", err
}
return base58.Encode(buf[:]), nil
}
Reference in New Issue View Git Blame Copy Permalink