TrueCloudLab/frostfs-s3-gw
17
3
Fork 20
Code Issues 28 Pull requests 9 Projects Releases 26 Packages 1 Activity Actions
frostfs-s3-gw/docs/images/authentication/accessbox-object.svg
Roman Loginov a725c68d06
All checks were successful
/ Vulncheck (push) Successful in 5m12s
Details
/ Lint (push) Successful in 5m30s
Details
/ Tests (push) Successful in 5m26s
Details
/ Builds (push) Successful in 6m13s
Details
/ OCI image (push) Successful in 2m33s
Details
[#529] Use salt when deriving the encryption key 
Salt is used when generating encryption
keys for data (tokens) in the access box.
Now frostfs-s3-authmate always derivation
an encryption key with salt.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-12-25 12:31:50 +00:00

1 line
No EOL
14 KiB
XML
Raw Permalink Blame History

<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" data-diagram-type="CLASS" height="660px" preserveAspectRatio="none" style="width:1270px;height:660px;background:#FFFFFF;" version="1.1" viewBox="0 0 1270 660" width="1270px" zoomAndPan="magnify"><defs/><g><!--cluster AccessBox--><g id="cluster_AccessBox"><path d="M10.17,6 L94.0831,6 A3.75,3.75 0 0 1 96.5831,8.5 L103.5831,28.2969 L1261.17,28.2969 A2.5,2.5 0 0 1 1263.67,30.7969 L1263.67,650.5 A2.5,2.5 0 0 1 1261.17,653 L10.17,653 A2.5,2.5 0 0 1 7.67,650.5 L7.67,8.5 A2.5,2.5 0 0 1 10.17,6 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="7.67" x2="103.5831" y1="28.2969" y2="28.2969"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="82.9131" x="11.67" y="20.9951">AccessBox</text></g><g id="elem_Tokens"><rect fill="#F1F1F1" height="81.1875" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="338.0898" x="117.67" y="552"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="50.0049" x="261.7125" y="566.9951">Tokens</text><line style="stroke:#181818;stroke-width:1;" x1="117.67" x2="455.7598" y1="572.2969" y2="572.2969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="71.1348" x="138.8131" y="587.292">SecretKey</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="78.5107" x="236.0909" y="587.292">Private key</text><line style="stroke:#181818;stroke-width:1;" x1="231.0909" x2="231.0909" y1="572.2969" y2="592.5938"/><line style="stroke:#181818;stroke-width:1;" x1="117.67" x2="455.7598" y1="592.5938" y2="592.5938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="89.6328" x="129.564" y="607.5889">BearerToken</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="155.1211" x="236.0909" y="607.5889">Encoded bearer token</text><line style="stroke:#181818;stroke-width:1;" x1="231.0909" x2="231.0909" y1="592.5938" y2="612.8906"/><line style="stroke:#181818;stroke-width:1;" x1="117.67" x2="455.7598" y1="612.8906" y2="612.8906"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103.4209" x="122.67" y="627.8857">SessionTokens</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="214.6689" x="236.0909" y="627.8857">List of encoded session tokens</text><line style="stroke:#181818;stroke-width:1;" x1="231.0909" x2="231.0909" y1="612.8906" y2="633.1875"/></g><g id="elem_Gate"><rect fill="#F1F1F1" height="81.1875" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="410.168" x="81.67" y="403"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="33.5303" x="269.9888" y="417.9951">Gate</text><line style="stroke:#181818;stroke-width:1;" x1="81.67" x2="491.838" y1="423.2969" y2="423.2969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="59.6094" x="120.9078" y="438.292">GateKey</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="172.416" x="224.755" y="438.292">Encoded public gate key</text><line style="stroke:#181818;stroke-width:1;" x1="219.755" x2="219.755" y1="423.2969" y2="443.5938"/><line style="stroke:#181818;stroke-width:1;" x1="81.67" x2="491.838" y1="443.5938" y2="443.5938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="122.7256" x="225.3912" y="458.5889">Encrypted tokens</text><line style="stroke:#181818;stroke-width:1;" x1="81.67" x2="491.838" y1="463.8906" y2="463.8906"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="128.085" x="86.67" y="478.8857">EncryptionKeySalt</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="262.083" x="224.755" y="478.8857">Salt for derivation the encryption key</text><line style="stroke:#181818;stroke-width:1;" x1="219.755" x2="219.755" y1="463.8906" y2="484.1875"/></g><g id="elem_ContainerPolicy"><rect fill="#F1F1F1" height="60.8906" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="336.8047" x="542.67" y="413.5"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="109.1836" x="656.4805" y="428.4951">ContainerPolicy</text><line style="stroke:#181818;stroke-width:1;" x1="542.67" x2="879.4747" y1="433.7969" y2="433.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="132.043" x="547.67" y="448.792">LocationConstraint</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="84.9229" x="689.713" y="448.792">Policy name</text><line style="stroke:#181818;stroke-width:1;" x1="684.713" x2="684.713" y1="433.7969" y2="454.0938"/><line style="stroke:#181818;stroke-width:1;" x1="542.67" x2="879.4747" y1="454.0938" y2="454.0938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="114.6045" x="556.3892" y="469.0889">PlacementPolicy</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="184.7617" x="689.713" y="469.0889">Encoded placement policy</text><line style="stroke:#181818;stroke-width:1;" x1="684.713" x2="684.713" y1="454.0938" y2="474.3906"/></g><g id="elem_Box"><rect fill="#F1F1F1" height="101.4844" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="609.1211" x="32.17" y="234"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="26.4551" x="323.503" y="248.9951">Box</text><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="641.2911" y1="254.2969" y2="254.2969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61.0791" x="91.8199" y="269.292">SeedKey</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="174.2549" x="217.5489" y="269.292">Encoded public seed key</text><line style="stroke:#181818;stroke-width:1;" x1="212.5489" x2="212.5489" y1="254.2969" y2="274.5938"/><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="641.2911" y1="274.5938" y2="274.5938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="87.6914" x="292.8848" y="289.5889">List of Gates</text><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="641.2911" y1="294.8906" y2="294.8906"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="170.3789" x="251.5411" y="309.8857">List of container policies</text><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="641.2911" y1="315.1875" y2="315.1875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="65.0576" x="89.8306" y="330.1826">IsCustom</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="418.7422" x="217.5489" y="330.1826">True if SecretKey was imported and must be treated as it is</text><line style="stroke:#181818;stroke-width:1;" x1="212.5489" x2="212.5489" y1="315.1875" y2="335.4844"/></g><g id="elem_ObjectAttributes"><rect fill="#F1F1F1" height="121.7813" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="1045.7119" x="194.17" y="45"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="114.9531" x="659.5494" y="59.9951">ObjectAttributes</text><line style="stroke:#181818;stroke-width:1;" x1="194.17" x2="1239.8819" y1="65.2969" y2="65.2969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="78.5791" x="271.8292" y="80.292">Timestamp</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="89.0723" x="433.0675" y="80.292">1710418478</text><line style="stroke:#181818;stroke-width:1;" x1="428.0675" x2="428.0675" y1="65.2969" y2="85.5938"/><line style="stroke:#181818;stroke-width:1;" x1="194.17" x2="1239.8819" y1="85.5938" y2="85.5938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="223.8975" x="199.17" y="100.5889">__SYSTEM__EXPIRATION_EPOCH</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="44.5361" x="433.0675" y="100.5889">10801</text><line style="stroke:#181818;stroke-width:1;" x1="428.0675" x2="428.0675" y1="85.5938" y2="105.8906"/><line style="stroke:#181818;stroke-width:1;" x1="194.17" x2="1239.8819" y1="105.8906" y2="105.8906"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="158.9971" x="231.6202" y="120.8857">S3-CRDT-Versions-Add</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="785.6611" x="433.0675" y="120.8857">5ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3Snxf,9bLtL1EsUpuSiqmHnqFf6RuT6x5QMLMNBqx7vCcCcNhy</text><line style="stroke:#181818;stroke-width:1;" x1="428.0675" x2="428.0675" y1="105.8906" y2="126.1875"/><line style="stroke:#181818;stroke-width:1;" x1="194.17" x2="1239.8819" y1="126.1875" y2="126.1875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="192.7666" x="214.7354" y="141.1826">S3-Access-Box-CRDT-Name</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="801.8145" x="433.0675" y="141.1826">2XGRML5EW3LMHdf64W2DkBy1Nkuu4y4wGhUj44QjbXBi05ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3Snxf</text><line style="stroke:#181818;stroke-width:1;" x1="428.0675" x2="428.0675" y1="126.1875" y2="146.4844"/><line style="stroke:#181818;stroke-width:1;" x1="194.17" x2="1239.8819" y1="146.4844" y2="146.4844"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="55.8291" x="283.2042" y="161.4795">FilePath</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="173.4346" x="433.0675" y="161.4795">1710418478_access.box</text><line style="stroke:#181818;stroke-width:1;" x1="428.0675" x2="428.0675" y1="146.4844" y2="166.7813"/></g><g id="elem_FrostFSObject"><rect fill="#F1F1F1" height="60.8906" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="111.6924" x="32.17" y="75.5"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="97.6924" x="39.17" y="90.4951">FrostFSObject</text><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="143.8624" y1="95.7969" y2="95.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="50.9756" x="62.5284" y="110.792">Header</text><line style="stroke:#181818;stroke-width:1;" x1="32.17" x2="143.8624" y1="116.0938" y2="116.0938"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="55.2275" x="60.4024" y="131.0889">Payload</text></g><!--link Gate to Tokens--><g id="link_Gate_Tokens"><path d="M492.67,453.5 C508.01,453.5 499.9,475.05 491.67,488 C475.36,513.66 455.8397,530.3046 429.0797,545.1146 " fill="none" id="Gate-to-Tokens" style="stroke:#181818;stroke-width:1;"/><polygon fill="#181818" points="423.83,548.02,433.6414,547.1617,428.2047,545.5989,429.7676,540.1622,423.83,548.02" style="stroke:#181818;stroke-width:1;"/></g><!--link Box to Gate--><g id="link_Box_Gate"><path d="M30.67,283.5 C6,283.5 17.71,318.66 31.67,339 C49.52,365 69.7818,381.7113 97.9418,396.2913 " fill="none" id="Box-to-Gate" style="stroke:#181818;stroke-width:1;"/><polygon fill="#181818" points="103.27,399.05,97.1169,391.3598,98.8298,396.7511,93.4386,398.4641,103.27,399.05" style="stroke:#181818;stroke-width:1;"/></g><!--link Box to ContainerPolicy--><g id="link_Box_ContainerPolicy"><path d="M642.67,304.5 C689.41,304.5 703.3523,363.0273 707.9223,403.8373 " fill="none" id="Box-to-ContainerPolicy" style="stroke:#181818;stroke-width:1;"/><polygon fill="#181818" points="708.59,409.8,711.5636,400.4108,708.0336,404.8311,703.6133,401.3011,708.59,409.8" style="stroke:#181818;stroke-width:1;"/></g><!--link FrostFSObject to ObjectAttributes--><g id="link_FrostFSObject_ObjectAttributes"><path d="M144.67,105.5 C158.42,106.42 166.3802,106.9407 180.4402,107.7607 " fill="none" id="FrostFSObject-to-ObjectAttributes" style="stroke:#181818;stroke-width:1;"/><polygon fill="#181818" points="186.43,108.11,177.6782,103.5928,181.4385,107.8189,177.2124,111.5792,186.43,108.11" style="stroke:#181818;stroke-width:1;"/></g><!--link FrostFSObject to Box--><g id="link_FrostFSObject_Box"><path d="M144.67,125.5 C167.14,125.5 153.59,153.34 168.67,170 C189.22,192.7 210.2171,209.7478 235.5771,226.7578 " fill="none" id="FrostFSObject-to-Box" style="stroke:#181818;stroke-width:1;"/><polygon fill="#181818" points="240.56,230.1,235.3138,221.7647,236.4076,227.3148,230.8575,228.4086,240.56,230.1" style="stroke:#181818;stroke-width:1;"/></g><!--SRC=[bLF1Sjem5BpdAtJkb0uEJY27PWOS4p8nnC66a5uOMNu4OMmvafpWTD9lhoJB6TBsqXD2ktgxRzzpYKc6dm0D2G4XHko0VfuWbECInIo3GfY_24L0ECXRgD7tInHo-e8be0ng0uu0S-26hs6_82o552Nc6abzRui8GLbX2ojcG8L4R8F0lX0DeNaYr9lt4slcMkirLlJH6ccLoYhPKuAUZaqfZDUbL6XJ3NtfT2vjKyS4fQUgHNWlTKNpks4SfM2QD6wse1rQiXNuSEQnGc9Q00-Pyb1Ram4Zvh52XUGADzKjfS0v65QunmHoAAG5Zbjg8LGQx5YodP9E5D9_Po4Kyf55cxEEpWQXZvymqlRH2DAM-4T_visDy2eXMQvrOru1efkZ3Nd50j6yP5o7ZuiKvOgijW593jZSALmYQWTicxfBTa3aK4fEaqhRR3gCQGv2uhpKMaxVwRhEmEqF3BR-jOuUezYVgeE_2c_cm_ZcRhRsmpjlOkZTGTTfSkfrlFbLt5a2rmicEiCqrOop7xCNCNXOljREAiuZFoFBh4x3spVlIURp_gBtLWUFyQuN5OVDruiaa87ZYqLPHVGvdnJFuytvl8hF3sVtqs0w6pqV-YyUySXiMxUgpMVLKHDh3CpKwBNmwUfwFWtE_8TUC9sactFtuVGg6zNEBAigjtPVhxUBdUlUxvBLY7R_nwKH7jCzX5XkFsUsniRCjuGTZhTfp9cGuwZ9twO-0Qm-0BK0bt_DfLbSNEyPJfiD6RNrJjv_0m00]--></g></svg>
Reference in a new issue View git blame Copy permalink