Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Act merge test2 #61

Closed
wants to merge 36 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
4064d14
feat: add act.go with TODOs
Feb 19, 2024
3747c33
Diffie-Hellman (#3)
ferencsarai Mar 13, 2024
4aa8a54
Acces Logic (#8)
aranyia Mar 13, 2024
21d782a
Added context & details to use cases (#6)
aranyia Mar 13, 2024
073fe2f
Add grantee management (#10)
Kexort Mar 14, 2024
a2c39af
(refactor): from `Get` to `Lookup` to improve clarity and consistency…
ferencsarai Mar 19, 2024
bc5326c
Act params rename doc (#14)
ferencsarai Mar 19, 2024
67e826a
Move and refactor ACT diffieHellman to Session. Add Key and NewFromKe…
bosi95 Mar 19, 2024
087bff6
Act swarm address (#15)
ferencsarai Mar 19, 2024
bee534c
(rename): defaultAct to inMemoryAct (#17)
ferencsarai Mar 19, 2024
fb7562a
(refactor): Update controller_test.go to use NewInMemoryAct, modify S…
ferencsarai Mar 20, 2024
bccfacc
Act access logic merge (#19)
rolandlor Mar 21, 2024
a56c526
Act kvs merge (#22)
ferencsarai Mar 22, 2024
9c5c959
Session refactor (#24)
bosi95 Mar 26, 2024
a5151ae
Access logic refactor (#25)
rolandlor Mar 26, 2024
2e843ea
(refactor:) PR comments (#23)
ferencsarai Mar 27, 2024
98a2d5f
Add referenced mock kvs (#26)
Kexort Mar 28, 2024
a549d84
Act kvs test (#27)
ferencsarai Mar 28, 2024
422cb20
Small refactor + al test (#28)
Kexort Apr 2, 2024
330fec8
Persist grantee list on swarm (#30)
bosi95 Apr 3, 2024
58a8915
Update package imports to use the v2 version of the modules (#33)
ferencsarai Apr 4, 2024
ce408ac
chore(mantaray): merge mantaray fix for rebase
LevilkTheReal Apr 9, 2024
94b69e4
Dynamicaccess service for ACT (#35)
bosi95 Apr 19, 2024
37fbb68
Act refactor api and ctrl (#36)
bosi95 Apr 19, 2024
29a5954
ACT grantee management (#37)
Kexort May 13, 2024
eb74fcf
Start refactoring for new linter rules (#39)
kopi-solarpunk May 16, 2024
4d69d8d
refactor(act): typos & docs (#40)
aranyia May 16, 2024
afccdbd
refactor(act): naming and fix remaining PR comments (#42)
bosi95 May 16, 2024
c0fe597
Refactor accesslogic.AddGrantee and parallelize tests (#43)
bosi95 May 17, 2024
b0dba7e
docs(act): add act api to openapi (#44)
aranyia May 22, 2024
5b19d0e
refactor(act): chunk download and granteelist handling (#46)
bosi95 May 23, 2024
3a1ff2b
refactor(act): controller logic (#47)
bosi95 May 24, 2024
09a876b
test(act): controller add, revoke and get with history + fix typos (#48)
bosi95 May 29, 2024
d1ea594
refactor(act): fix pr comments (#50)
bosi95 Jun 6, 2024
bd7ac4e
chore(act): merged api changes
aranyia Jun 7, 2024
b5130ab
chore(act): test master merge as merge commit (#60)
aranyia Jun 7, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add grantee management (#10)
* Add grantee management

* Added controller test

* Fix test fixture, refactor accesslogic

* Add UploadHandler

---------

Co-authored-by: Bálint Ujvári <balint.ujvari@solarpunk.buzz>
  • Loading branch information
2 people authored and aranyia committed May 17, 2024
commit 073fe2fea18cf2c87d09558222fe4fc58f470039
124 changes: 51 additions & 73 deletions pkg/dynamicaccess/accesslogic.go
Original file line number Diff line number Diff line change
@@ -1,69 +1,63 @@
package dynamicaccess

import (
"context"
"crypto/ecdsa"
"errors"

encryption "github.com/ethersphere/bee/pkg/encryption"
file "github.com/ethersphere/bee/pkg/file"
manifest "github.com/ethersphere/bee/pkg/manifest"
"github.com/ethersphere/bee/pkg/swarm"
"golang.org/x/crypto/sha3"
)

var hashFunc = sha3.NewLegacyKeccak256

type AccessLogic interface {
Get(act *Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (string, error)
Get(act Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (swarm.Address, error)
EncryptRef(act Act, publisherPubKey ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)
//Add(act *Act, ref string, publisher ecdsa.PublicKey, tag string) (string, error)
getLookUpKey(publisher ecdsa.PublicKey, tag string) (string, error)
getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) (string, error)
getEncryptedAccessKey(act Act, lookup_key string) (manifest.Entry, error)
getLookUpKey(publisher ecdsa.PublicKey, tag string) ([]byte, error)
getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) ([]byte, error)
getEncryptedAccessKey(act Act, lookup_key []byte) ([]byte, error)
//createEncryptedAccessKey(ref string)
Add_New_Grantee_To_Content(act *Act, encryptedRef swarm.Address, publisherPubKey ecdsa.PublicKey, granteePubKey ecdsa.PublicKey) (*Act, error)
ActInit(ref swarm.Address, publisher ecdsa.PublicKey, tag string) (*Act, swarm.Address, error)
Add_New_Grantee_To_Content(act Act, publisherPubKey, granteePubKey ecdsa.PublicKey) (Act, error)
AddPublisher(act Act, publisher ecdsa.PublicKey, tag string) (Act, error)
// CreateAccessKey()
}

type DefaultAccessLogic struct {
diffieHellman DiffieHellman
//encryption encryption.Interface
act defaultAct
}

// Will create a new Act list with only one element (the creator), and will also create encrypted_ref
func (al *DefaultAccessLogic) ActInit(ref swarm.Address, publisher ecdsa.PublicKey, tag string) (*Act, swarm.Address, error) {
act := NewDefaultAct()
func (al *DefaultAccessLogic) AddPublisher(act Act, publisher ecdsa.PublicKey, tag string) (Act, error) {
access_key := encryption.GenerateRandomKey(encryption.KeyLength)

lookup_key, _ := al.getLookUpKey(publisher, "")
access_key_encryption_key, _ := al.getAccessKeyDecriptionKey(publisher, "")

access_key_cipher := encryption.New(encryption.Key(access_key_encryption_key), 0, uint32(0), hashFunc)
access_key := encryption.GenerateRandomKey(encryption.KeyLength)
encrypted_access_key, _ := access_key_cipher.Encrypt([]byte(access_key))
encrypted_access_key, _ := access_key_cipher.Encrypt(access_key)

ref_cipher := encryption.New(access_key, 0, uint32(0), hashFunc)
encrypted_ref, _ := ref_cipher.Encrypt(ref.Bytes())
act.Add(lookup_key, encrypted_access_key)

act.Add([]byte(lookup_key), encrypted_access_key)
return act, nil
}

return &act, swarm.NewAddress(encrypted_ref), nil
func (al *DefaultAccessLogic) EncryptRef(act Act, publisherPubKey ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error) {
access_key := al.getAccessKey(act, publisherPubKey)
ref_cipher := encryption.New(access_key, 0, uint32(0), hashFunc)
encrypted_ref, _ := ref_cipher.Encrypt(ref.Bytes())
return swarm.NewAddress(encrypted_ref), nil
}

// publisher is public key
func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act *Act, encryptedRef swarm.Address, publisherPubKey ecdsa.PublicKey, granteePubKey ecdsa.PublicKey) (*Act, error) {
func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act Act, publisherPubKey, granteePubKey ecdsa.PublicKey) (Act, error) {

// error handling no encrypted_ref

// 2 Diffie-Hellman for the publisher (the Creator)
publisher_lookup_key, _ := al.getLookUpKey(publisherPubKey, "")
publisher_ak_decryption_key, _ := al.getAccessKeyDecriptionKey(publisherPubKey, "")

// Get previously generated access key
access_key_decryption_cipher := encryption.New(encryption.Key(publisher_ak_decryption_key), 0, uint32(0), hashFunc)
encrypted_ak, _ := al.getEncryptedAccessKey(*act, publisher_lookup_key)
access_key, _ := access_key_decryption_cipher.Decrypt(encrypted_ak.Reference().Bytes())
access_key := al.getAccessKey(act, publisherPubKey)

// --Encrypt access key for new Grantee--

Expand All @@ -75,11 +69,20 @@ func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act *Act, encryptedRef
cipher := encryption.New(encryption.Key(access_key_encryption_key), 0, uint32(0), hashFunc)
granteeEncryptedAccessKey, _ := cipher.Encrypt(access_key)
// Add the new encrypted access key for the Act
actObj := *act
actObj.Add([]byte(lookup_key), granteeEncryptedAccessKey)
act.Add(lookup_key, granteeEncryptedAccessKey)

return act, nil

}

return &actObj, nil
func (al *DefaultAccessLogic) getAccessKey(act Act, publisherPubKey ecdsa.PublicKey) []byte {
publisher_lookup_key, _ := al.getLookUpKey(publisherPubKey, "")
publisher_ak_decryption_key, _ := al.getAccessKeyDecriptionKey(publisherPubKey, "")

access_key_decryption_cipher := encryption.New(encryption.Key(publisher_ak_decryption_key), 0, uint32(0), hashFunc)
encrypted_ak, _ := al.getEncryptedAccessKey(act, publisher_lookup_key)
access_key, _ := access_key_decryption_cipher.Decrypt(encrypted_ak)
return access_key
}

//
Expand All @@ -90,94 +93,69 @@ func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act *Act, encryptedRef
// func (al *DefaultAccessLogic) CreateAccessKey(reference string) {
// }

func (al *DefaultAccessLogic) getLookUpKey(publisher ecdsa.PublicKey, tag string) (string, error) {
func (al *DefaultAccessLogic) getLookUpKey(publisher ecdsa.PublicKey, tag string) ([]byte, error) {
zeroByteArray := []byte{0}
// Generate lookup key using Diffie Hellman
lookup_key, err := al.diffieHellman.SharedSecret(&publisher, tag, zeroByteArray)
if err != nil {
return "", err
return []byte{}, err
}
return string(lookup_key), nil
return lookup_key, nil

}

func (al *DefaultAccessLogic) getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) (string, error) {
func (al *DefaultAccessLogic) getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) ([]byte, error) {
oneByteArray := []byte{1}
// Generate access key decryption key using Diffie Hellman
access_key_decryption_key, err := al.diffieHellman.SharedSecret(&publisher, tag, oneByteArray)
if err != nil {
return "", err
return []byte{}, err
}
return string(access_key_decryption_key), nil
return access_key_decryption_key, nil
}

func (al *DefaultAccessLogic) getEncryptedAccessKey(act Act, lookup_key string) (manifest.Entry, error) {
if act == nil {
return nil, errors.New("no ACT root hash was provided")
}
if lookup_key == "" {
return nil, errors.New("no lookup key")
}

manifest_raw := act.Get([]byte(lookup_key))
//al.act.Get(act_root_hash)

// Lookup encrypted access key from the ACT manifest
var loadSaver file.LoadSaver
var ctx context.Context
loadSaver.Load(ctx, []byte(manifest_raw)) // Load the manifest file into loadSaver
//y, err := x.Load(ctx, []byte(manifest_obj))
manifestObj, err := manifest.NewDefaultManifest(loadSaver, false)
if err != nil {
return nil, err
}
encrypted_access_key, err := manifestObj.Lookup(ctx, lookup_key)
if err != nil {
return nil, err
}

return encrypted_access_key, nil
func (al *DefaultAccessLogic) getEncryptedAccessKey(act Act, lookup_key []byte) ([]byte, error) {
return act.Get(lookup_key), nil
}

func (al *DefaultAccessLogic) Get(act *Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (string, error) {
func (al *DefaultAccessLogic) Get(act Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (swarm.Address, error) {

lookup_key, err := al.getLookUpKey(publisher, tag)
if err != nil {
return "", err
return swarm.EmptyAddress, err
}
access_key_decryption_key, err := al.getAccessKeyDecriptionKey(publisher, tag)
if err != nil {
return "", err
return swarm.EmptyAddress, err
}

// Lookup encrypted access key from the ACT manifest

encrypted_access_key, err := al.getEncryptedAccessKey(*act, lookup_key)
encrypted_access_key, err := al.getEncryptedAccessKey(act, lookup_key)
if err != nil {
return "", err
return swarm.EmptyAddress, err
}

// Decrypt access key
access_key_cipher := encryption.New(encryption.Key(access_key_decryption_key), 4096, uint32(0), hashFunc)
access_key, err := access_key_cipher.Decrypt(encrypted_access_key.Reference().Bytes())
access_key_cipher := encryption.New(encryption.Key(access_key_decryption_key), 0, uint32(0), hashFunc)
access_key, err := access_key_cipher.Decrypt(encrypted_access_key)
if err != nil {
return "", err
return swarm.EmptyAddress, err
}

// Decrypt reference
ref_cipher := encryption.New(access_key, 4096, uint32(0), hashFunc)
ref_cipher := encryption.New(access_key, 0, uint32(0), hashFunc)
ref, err := ref_cipher.Decrypt(encryped_ref.Bytes())
if err != nil {
return "", err
return swarm.EmptyAddress, err
}

return string(ref), nil
return swarm.NewAddress(ref), nil
}

func NewAccessLogic(diffieHellman DiffieHellman) AccessLogic {
return &DefaultAccessLogic{
diffieHellman: diffieHellman,
act: defaultAct{},
}
}

Expand Down
Loading