accesscontrol

package
v2.2.0-rc8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 9, 2024 License: BSD-3-Clause Imports: 18 Imported by: 3

Documentation

Overview

Package accesscontrol provides functionalities needed for managing access control on Swarm

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNothingToRemove indicates that the remove list is empty.
	ErrNothingToRemove = errors.New("nothing to remove")
	// ErrNoGranteeFound indicates that the grantee list is empty.
	ErrNoGranteeFound = errors.New("no grantee found")
	// ErrNothingToAdd indicates that the add list is empty.
	ErrNothingToAdd = errors.New("nothing to add")
)
View Source
var (
	// ErrEndIteration indicates that the iteration terminated.
	ErrEndIteration = errors.New("end iteration")
	// ErrUnexpectedType indicates that an error occurred during the mantary-manifest creation.
	ErrUnexpectedType = errors.New("unexpected type")
	// ErrInvalidTimestamp indicates that the timestamp given to Lookup is invalid.
	ErrInvalidTimestamp = errors.New("invalid timestamp")
	// ErrNotFound is returned when an Entry is not found in the history.
	ErrNotFound = errors.New("access control: not found")
)
View Source
var (
	// ErrInvalidPublicKey is an error that is returned when a public key is nil.
	ErrInvalidPublicKey = errors.New("invalid public key")
	// ErrSecretKeyInfinity is an error that is returned when the shared secret is a point at infinity.
	ErrSecretKeyInfinity = errors.New("shared secret is point at infinity")
)

Functions

This section is empty.

Types

type ActLogic

type ActLogic struct {
	Session
}

ActLogic represents the access control logic.

func NewLogic

func NewLogic(s Session) ActLogic

NewLogic creates a new ACT Logic from a session.

func (ActLogic) AddGrantee

func (al ActLogic) AddGrantee(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey, granteePubKey *ecdsa.PublicKey) error

AddGrantee adds a new grantee to the ACT.

func (ActLogic) DecryptRef

func (al ActLogic) DecryptRef(ctx context.Context, storage kvs.KeyValueStore, encryptedRef swarm.Address, publisher *ecdsa.PublicKey) (swarm.Address, error)

DecryptRef will return a decrypted reference, for given encrypted reference and publisher.

func (ActLogic) EncryptRef

func (al ActLogic) EncryptRef(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey *ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)

EncryptRef encrypts a Swarm reference for a publisher.

type Control

type Control interface {
	Decryptor
	// AddGrantee adds a new grantee to the ACT.
	AddGrantee(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey, granteePubKey *ecdsa.PublicKey) error
	// EncryptRef encrypts a Swarm reference for a given grantee.
	EncryptRef(ctx context.Context, storage kvs.KeyValueStore, grantee *ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)
}

Control interface for the ACT (does write operations).

type Controller

type Controller interface {
	Grantees
	// DownloadHandler decrypts the encryptedRef using the lookupkey based on the history and timestamp.
	DownloadHandler(ctx context.Context, ls file.LoadSaver, encryptedRef swarm.Address, publisher *ecdsa.PublicKey, historyRef swarm.Address, timestamp int64) (swarm.Address, error)
	// UploadHandler encrypts the reference and stores it in the history as the latest update.
	UploadHandler(ctx context.Context, ls file.LoadSaver, reference swarm.Address, publisher *ecdsa.PublicKey, historyRef swarm.Address) (swarm.Address, swarm.Address, swarm.Address, error)
	io.Closer
}

Controller represents an interface for managing access control on Swarm. It provides methods for handling downloads, uploads and updates for grantee lists and references.

type ControllerStruct

type ControllerStruct struct {
	// contains filtered or unexported fields
}

ControllerStruct represents a controller for access control logic.

func NewController

func NewController(access ActLogic) *ControllerStruct

NewController creates a new access controller with the given access logic.

func (*ControllerStruct) Close

func (c *ControllerStruct) Close() error

Close simply returns nil

func (*ControllerStruct) DownloadHandler

func (c *ControllerStruct) DownloadHandler(
	ctx context.Context,
	ls file.LoadSaver,
	encryptedRef swarm.Address,
	publisher *ecdsa.PublicKey,
	historyRef swarm.Address,
	timestamp int64,
) (swarm.Address, error)

DownloadHandler decrypts the encryptedRef using the lookupkey based on the history and timestamp.

func (*ControllerStruct) Get

func (c *ControllerStruct) Get(ctx context.Context, ls file.LoadSaver, publisher *ecdsa.PublicKey, encryptedglRef swarm.Address) ([]*ecdsa.PublicKey, error)

Get returns the list of grantees for the given publisher. The list is accessible only by the publisher.

func (*ControllerStruct) UpdateHandler

func (c *ControllerStruct) UpdateHandler(
	ctx context.Context,
	ls file.LoadSaver,
	gls file.LoadSaver,
	encryptedglRef swarm.Address,
	historyRef swarm.Address,
	publisher *ecdsa.PublicKey,
	addList []*ecdsa.PublicKey,
	removeList []*ecdsa.PublicKey,
) (swarm.Address, swarm.Address, swarm.Address, swarm.Address, error)

UpdateHandler manages the grantees for the given publisher, updating the list based on provided public keys to add or remove. Only the publisher can make changes to the grantee list. Limitation: If an update is called again within a second from the latest upload/update then mantaray save fails with ErrInvalidInput, because the key (timestamp) is already present, hence a new fork is not created.

func (*ControllerStruct) UploadHandler

func (c *ControllerStruct) UploadHandler(
	ctx context.Context,
	ls file.LoadSaver,
	reference swarm.Address,
	publisher *ecdsa.PublicKey,
	historyRef swarm.Address,
) (swarm.Address, swarm.Address, swarm.Address, error)

UploadHandler encrypts the reference and stores it in the history as the latest update.

type Decryptor

type Decryptor interface {
	// DecryptRef will return a decrypted reference, for given encrypted reference and grantee.
	DecryptRef(ctx context.Context, storage kvs.KeyValueStore, encryptedRef swarm.Address, publisher *ecdsa.PublicKey) (swarm.Address, error)
	Session
}

Decryptor is a read-only interface for the ACT.

type GranteeList

type GranteeList interface {
	// Add adds a list of public keys to the grantee list. It filters out duplicates.
	Add(addList []*ecdsa.PublicKey) error
	// Remove removes a list of public keys from the grantee list, if there is any.
	Remove(removeList []*ecdsa.PublicKey) error
	// Get simply returns the list of public keys.
	Get() []*ecdsa.PublicKey
	// Save saves the grantee list to the underlying storage and returns the reference.
	Save(ctx context.Context) (swarm.Address, error)
}

GranteeList manages a list of public keys.

type GranteeListStruct

type GranteeListStruct struct {
	// contains filtered or unexported fields
}

GranteeListStruct represents a list of grantee public keys.

func NewGranteeList

func NewGranteeList(ls file.LoadSaver) *GranteeListStruct

NewGranteeList creates a new (and empty) grantee list.

func NewGranteeListReference

func NewGranteeListReference(ctx context.Context, ls file.LoadSaver, reference swarm.Address) (*GranteeListStruct, error)

NewGranteeListReference loads an existing grantee list.

func (*GranteeListStruct) Add

func (g *GranteeListStruct) Add(addList []*ecdsa.PublicKey) error

Add adds a list of public keys to the grantee list. It filters out duplicates.

func (*GranteeListStruct) Get

func (g *GranteeListStruct) Get() []*ecdsa.PublicKey

Get simply returns the list of public keys.

func (*GranteeListStruct) Remove

func (g *GranteeListStruct) Remove(keysToRemove []*ecdsa.PublicKey) error

Remove removes a list of public keys from the grantee list, if there is any.

func (*GranteeListStruct) Save

Save saves the grantee list to the underlying storage and returns the reference.

type Grantees

type Grantees interface {
	// UpdateHandler manages the grantees for the given publisher, updating the list based on provided public keys to add or remove.
	// Only the publisher can make changes to the grantee list.
	UpdateHandler(ctx context.Context, ls file.LoadSaver, gls file.LoadSaver, granteeRef swarm.Address, historyRef swarm.Address, publisher *ecdsa.PublicKey, addList, removeList []*ecdsa.PublicKey) (swarm.Address, swarm.Address, swarm.Address, swarm.Address, error)
	// Get returns the list of grantees for the given publisher.
	// The list is accessible only by the publisher.
	Get(ctx context.Context, ls file.LoadSaver, publisher *ecdsa.PublicKey, encryptedglRef swarm.Address) ([]*ecdsa.PublicKey, error)
}

Grantees represents an interface for managing and retrieving grantees for a publisher.

type History

type History interface {
	// Add adds a new entry to the access control history with the given timestamp and metadata.
	Add(ctx context.Context, ref swarm.Address, timestamp *int64, metadata *map[string]string) error
	// Lookup retrieves the entry from the history based on the given timestamp or returns error if not found.
	Lookup(ctx context.Context, timestamp int64) (manifest.Entry, error)
	// Store stores the history to the underlying storage and returns the reference.
	Store(ctx context.Context) (swarm.Address, error)
}

History represents the interface for managing access control history.

type HistoryStruct

type HistoryStruct struct {
	// contains filtered or unexported fields
}

HistoryStruct represents an access control history with a mantaray-based manifest.

func NewHistory

func NewHistory(ls file.LoadSaver) (*HistoryStruct, error)

NewHistory creates a new history with a mantaray-based manifest.

func NewHistoryReference

func NewHistoryReference(ls file.LoadSaver, ref swarm.Address) (*HistoryStruct, error)

NewHistoryReference loads a history with a mantaray-based manifest.

func (*HistoryStruct) Add

func (h *HistoryStruct) Add(ctx context.Context, ref swarm.Address, timestamp *int64, metadata *map[string]string) error

Add adds a new entry to the access control history with the given timestamp and metadata.

func (*HistoryStruct) Lookup

func (h *HistoryStruct) Lookup(ctx context.Context, timestamp int64) (manifest.Entry, error)

Lookup retrieves the entry from the history based on the given timestamp or returns error if not found.

func (*HistoryStruct) Store

func (h *HistoryStruct) Store(ctx context.Context) (swarm.Address, error)

Store stores the history to the underlying storage and returns the reference.

type Session

type Session interface {
	// Key returns a derived key for each nonce.
	Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)
}

Session represents an interface for a Diffie-Hellmann key derivation

type SessionStruct

type SessionStruct struct {
	// contains filtered or unexported fields
}

SessionStruct represents a session with an access control key.

func NewDefaultSession

func NewDefaultSession(key *ecdsa.PrivateKey) *SessionStruct

NewDefaultSession creates a new session from a private key.

func (*SessionStruct) Key

func (s *SessionStruct) Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)

Key returns a derived key for each nonce.

Directories

Path Synopsis
kvs
Package kvs provides functionalities needed for storing key-value pairs on Swarm.
Package kvs provides functionalities needed for storing key-value pairs on Swarm.
mock
Package mock provides an in-memory key-value store implementation.
Package mock provides an in-memory key-value store implementation.
Package mock provides a mock implementation for the access control functionalities.
Package mock provides a mock implementation for the access control functionalities.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL