accesscontrol

package
v2.2.0-rc7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2024 License: BSD-3-Clause Imports: 18 Imported by: 3

Documentation

Overview

Package accesscontrol provides functionalities needed for managing access control on Swarm

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNothingToRemove indicates that the remove list is empty.
	ErrNothingToRemove = errors.New("nothing to remove")
	// ErrNoGranteeFound indicates that the grantee list is empty.
	ErrNoGranteeFound = errors.New("no grantee found")
	// ErrNothingToAdd indicates that the add list is empty.
	ErrNothingToAdd = errors.New("nothing to add")
)
View Source 
var (
	// ErrEndIteration indicates that the iteration terminated.
	ErrEndIteration = errors.New("end iteration")
	// ErrUnexpectedType indicates that an error occurred during the mantary-manifest creation.
	ErrUnexpectedType = errors.New("unexpected type")
	// ErrInvalidTimestamp indicates that the timestamp given to Lookup is invalid.
	ErrInvalidTimestamp = errors.New("invalid timestamp")
	// ErrNotFound is returned when an Entry is not found in the history.
	ErrNotFound = errors.New("access control: not found")
)
View Source 
var (
	// ErrInvalidPublicKey is an error that is returned when a public key is nil.
	ErrInvalidPublicKey = errors.New("invalid public key")
	// ErrSecretKeyInfinity is an error that is returned when the shared secret is a point at infinity.
	ErrSecretKeyInfinity = errors.New("shared secret is point at infinity")
)

Functions

This section is empty.

Types

type ActLogic 

type ActLogic struct {
	Session
}

ActLogic represents the access control logic.

func NewLogic 

func NewLogic(s Session) ActLogic

NewLogic creates a new ACT Logic from a session.

func (ActLogic) AddGrantee 

func (al ActLogic) AddGrantee(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey, granteePubKey *ecdsa.PublicKey) error

AddGrantee adds a new grantee to the ACT.

func (ActLogic) DecryptRef 

func (al ActLogic) DecryptRef(ctx context.Context, storage kvs.KeyValueStore, encryptedRef swarm.Address, publisher *ecdsa.PublicKey) (swarm.Address, error)

DecryptRef will return a decrypted reference, for given encrypted reference and publisher.

func (ActLogic) EncryptRef 

func (al ActLogic) EncryptRef(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey *ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)

EncryptRef encrypts a Swarm reference for a publisher.

type Control 

type Control interface {
	Decryptor
	// AddGrantee adds a new grantee to the ACT.
	AddGrantee(ctx context.Context, storage kvs.KeyValueStore, publisherPubKey, granteePubKey *ecdsa.PublicKey) error
	// EncryptRef encrypts a Swarm reference for a given grantee.
	EncryptRef(ctx context.Context, storage kvs.KeyValueStore, grantee *ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)
}

Control interface for the ACT (does write operations).

type Controller 

type Controller interface {
	Grantees
	// DownloadHandler decrypts the encryptedRef using the lookupkey based on the history and timestamp.
	DownloadHandler(ctx context.Context, ls file.LoadSaver, encryptedRef swarm.Address, publisher *ecdsa.PublicKey, historyRef swarm.Address, timestamp int64) (swarm.Address, error)
	// UploadHandler encrypts the reference and stores it in the history as the latest update.
	UploadHandler(ctx context.Context, ls file.LoadSaver, reference swarm.Address, publisher *ecdsa.PublicKey, historyRef swarm.Address) (swarm.Address, swarm.Address, swarm.Address, error)
	io.Closer
}

Controller represents an interface for managing access control on Swarm. It provides methods for handling downloads, uploads and updates for grantee lists and references.

type ControllerStruct 

type ControllerStruct struct {
	// contains filtered or unexported fields
}

ControllerStruct represents a controller for access control logic.

func NewController 

func NewController(access ActLogic) *ControllerStruct

NewController creates a new access controller with the given access logic.

func (*ControllerStruct) Close 

func (c *ControllerStruct) Close() error

Close simply returns nil

func (*ControllerStruct) DownloadHandler 

func (c *ControllerStruct) DownloadHandler(
	ctx context.Context,
	ls file.LoadSaver,
	encryptedRef swarm.Address,
	publisher *ecdsa.PublicKey,
	historyRef swarm.Address,
	timestamp int64,
) (swarm.Address, error)

DownloadHandler decrypts the encryptedRef using the lookupkey based on the history and timestamp.

func (*ControllerStruct) Get 

func (c *ControllerStruct) Get(ctx context.Context, ls file.LoadSaver, publisher *ecdsa.PublicKey, encryptedglRef swarm.Address) ([]*ecdsa.PublicKey, error)

Get returns the list of grantees for the given publisher. The list is accessible only by the publisher.

func (*ControllerStruct) UpdateHandler 

func (c *ControllerStruct) UpdateHandler(
	ctx context.Context,
	ls file.LoadSaver,
	gls file.LoadSaver,
	encryptedglRef swarm.Address,
	historyRef swarm.Address,
	publisher *ecdsa.PublicKey,
	addList []*ecdsa.PublicKey,
	removeList []*ecdsa.PublicKey,
) (swarm.Address, swarm.Address, swarm.Address, swarm.Address, error)

UpdateHandler manages the grantees for the given publisher, updating the list based on provided public keys to add or remove. Only the publisher can make changes to the grantee list. Limitation: If an update is called again within a second from the latest upload/update then mantaray save fails with ErrInvalidInput, because the key (timestamp) is already present, hence a new fork is not created.

func (*ControllerStruct) UploadHandler 

func (c *ControllerStruct) UploadHandler(
	ctx context.Context,
	ls file.LoadSaver,
	reference swarm.Address,
	publisher *ecdsa.PublicKey,
	historyRef swarm.Address,
) (swarm.Address, swarm.Address, swarm.Address, error)

UploadHandler encrypts the reference and stores it in the history as the latest update.

type Decryptor 

type Decryptor interface {
	// DecryptRef will return a decrypted reference, for given encrypted reference and grantee.
	DecryptRef(ctx context.Context, storage kvs.KeyValueStore, encryptedRef swarm.Address, publisher *ecdsa.PublicKey) (swarm.Address, error)
	Session
}

Decryptor is a read-only interface for the ACT.

type GranteeList 

type GranteeList interface {
	// Add adds a list of public keys to the grantee list. It filters out duplicates.
	Add(addList []*ecdsa.PublicKey) error
	// Remove removes a list of public keys from the grantee list, if there is any.
	Remove(removeList []*ecdsa.PublicKey) error
	// Get simply returns the list of public keys.
	Get() []*ecdsa.PublicKey
	// Save saves the grantee list to the underlying storage and returns the reference.
	Save(ctx context.Context) (swarm.Address, error)
}

GranteeList manages a list of public keys.

type GranteeListStruct 

type GranteeListStruct struct {
	// contains filtered or unexported fields
}

GranteeListStruct represents a list of grantee public keys.

func NewGranteeList 

func NewGranteeList(ls file.LoadSaver) *GranteeListStruct

NewGranteeList creates a new (and empty) grantee list.

func NewGranteeListReference 

func NewGranteeListReference(ctx context.Context, ls file.LoadSaver, reference swarm.Address) (*GranteeListStruct, error)

NewGranteeListReference loads an existing grantee list.

func (*GranteeListStruct) Add 

func (g *GranteeListStruct) Add(addList []*ecdsa.PublicKey) error

Add adds a list of public keys to the grantee list. It filters out duplicates.

func (*GranteeListStruct) Get 

func (g *GranteeListStruct) Get() []*ecdsa.PublicKey

Get simply returns the list of public keys.

func (*GranteeListStruct) Remove 

func (g *GranteeListStruct) Remove(keysToRemove []*ecdsa.PublicKey) error

Remove removes a list of public keys from the grantee list, if there is any.

func (*GranteeListStruct) Save 

func (g *GranteeListStruct) Save(ctx context.Context) (swarm.Address, error)

Save saves the grantee list to the underlying storage and returns the reference.

type Grantees 

type Grantees interface {
	// UpdateHandler manages the grantees for the given publisher, updating the list based on provided public keys to add or remove.
	// Only the publisher can make changes to the grantee list.
	UpdateHandler(ctx context.Context, ls file.LoadSaver, gls file.LoadSaver, granteeRef swarm.Address, historyRef swarm.Address, publisher *ecdsa.PublicKey, addList, removeList []*ecdsa.PublicKey) (swarm.Address, swarm.Address, swarm.Address, swarm.Address, error)
	// Get returns the list of grantees for the given publisher.
	// The list is accessible only by the publisher.
	Get(ctx context.Context, ls file.LoadSaver, publisher *ecdsa.PublicKey, encryptedglRef swarm.Address) ([]*ecdsa.PublicKey, error)
}

Grantees represents an interface for managing and retrieving grantees for a publisher.

type History 

type History interface {
	// Add adds a new entry to the access control history with the given timestamp and metadata.
	Add(ctx context.Context, ref swarm.Address, timestamp *int64, metadata *map[string]string) error
	// Lookup retrieves the entry from the history based on the given timestamp or returns error if not found.
	Lookup(ctx context.Context, timestamp int64) (manifest.Entry, error)
	// Store stores the history to the underlying storage and returns the reference.
	Store(ctx context.Context) (swarm.Address, error)
}

History represents the interface for managing access control history.

type HistoryStruct 

type HistoryStruct struct {
	// contains filtered or unexported fields
}

HistoryStruct represents an access control history with a mantaray-based manifest.

func NewHistory 

func NewHistory(ls file.LoadSaver) (*HistoryStruct, error)

NewHistory creates a new history with a mantaray-based manifest.

func NewHistoryReference 

func NewHistoryReference(ls file.LoadSaver, ref swarm.Address) (*HistoryStruct, error)

NewHistoryReference loads a history with a mantaray-based manifest.

func (*HistoryStruct) Add 

func (h *HistoryStruct) Add(ctx context.Context, ref swarm.Address, timestamp *int64, metadata *map[string]string) error

Add adds a new entry to the access control history with the given timestamp and metadata.

func (*HistoryStruct) Lookup 

func (h *HistoryStruct) Lookup(ctx context.Context, timestamp int64) (manifest.Entry, error)

Lookup retrieves the entry from the history based on the given timestamp or returns error if not found.

func (*HistoryStruct) Store 

func (h *HistoryStruct) Store(ctx context.Context) (swarm.Address, error)

Store stores the history to the underlying storage and returns the reference.

type Session 

type Session interface {
	// Key returns a derived key for each nonce.
	Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)
}

Session represents an interface for a Diffie-Hellmann key derivation

type SessionStruct 

type SessionStruct struct {
	// contains filtered or unexported fields
}

SessionStruct represents a session with an access control key.

func NewDefaultSession 

func NewDefaultSession(key *ecdsa.PrivateKey) *SessionStruct

NewDefaultSession creates a new session from a private key.

func (*SessionStruct) Key 

func (s *SessionStruct) Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)

Key returns a derived key for each nonce.

Source Files

View all Source files

Directories

Path Synopsis
kvs
Package kvs provides functionalities needed for storing key-value pairs on Swarm.
 Package kvs provides functionalities needed for storing key-value pairs on Swarm.
mock
Package mock provides an in-memory key-value store implementation.
 Package mock provides an in-memory key-value store implementation.
Package mock provides a mock implementation for the access control functionalities.
 Package mock provides a mock implementation for the access control functionalities.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.