From 2a1a8aa3791daa85900cda06fd9a493414fca9e6 Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Wed, 8 Jul 2020 02:37:27 +0300 Subject: [PATCH] Move auth file to layer; add RSA keys --- go.mod | 4 ++-- go.sum | 2 ++ neofs/auth.go | 23 ------------------ neofs/layer/auth.go | 57 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 25 deletions(-) delete mode 100644 neofs/auth.go create mode 100644 neofs/layer/auth.go diff --git a/go.mod b/go.mod index f022317d0..c4b9a179a 100644 --- a/go.mod +++ b/go.mod @@ -30,6 +30,7 @@ require ( github.com/gogo/protobuf v1.3.1 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect github.com/gomodule/redigo v2.0.0+incompatible + github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a github.com/google/uuid v1.1.1 github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f // indirect github.com/gorilla/handlers v1.4.2 @@ -41,7 +42,7 @@ require ( github.com/hashicorp/vault/api v1.0.4 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf github.com/json-iterator/go v1.1.10 - github.com/klauspost/compress v1.10.4 + github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.3.0 github.com/klauspost/pgzip v1.2.1 github.com/klauspost/readahead v1.3.1 @@ -111,5 +112,4 @@ require ( gopkg.in/olivere/elastic.v5 v5.0.80 gopkg.in/yaml.v2 v2.2.8 honnef.co/go/tools v0.0.1-2020.1.3 // indirect - github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a ) diff --git a/go.sum b/go.sum index d7e9e7db3..e6250637f 100644 --- a/go.sum +++ b/go.sum @@ -298,6 +298,8 @@ github.com/klauspost/compress v1.9.4/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.10.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc= github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd/0B3I= +github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v1.2.2 h1:1xAgYebNnsb9LKCdLOvFWtAxGU/33mjJtyOVbmUa0Us= github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= diff --git a/neofs/auth.go b/neofs/auth.go deleted file mode 100644 index bd9f388e1..000000000 --- a/neofs/auth.go +++ /dev/null @@ -1,23 +0,0 @@ -package neofs - -import ( - br "github.com/google/brotli/go/cbrotli" - "github.com/nspcc-dev/neofs-api-go/service" - "github.com/pkg/errors" -) - -func UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) { - // secretHash := packedCredentials[:32] - _ = packedCredentials[:32] - compressedKeyID := packedCredentials[32:] - keyID, err := br.Decode(compressedKeyID) - if err != nil { - return nil, errors.Wrap(err, "failed to decompress key ID") - } - bearerToken := new(service.BearerTokenMsg) - if err = bearerToken.Unmarshal(keyID); err != nil { - return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token") - } - // TODO - return bearerToken, nil -} diff --git a/neofs/layer/auth.go b/neofs/layer/auth.go new file mode 100644 index 000000000..f4776cf8b --- /dev/null +++ b/neofs/layer/auth.go @@ -0,0 +1,57 @@ +package layer + +import ( + "crypto/rand" + "crypto/rsa" + + "github.com/klauspost/compress/zstd" + "github.com/nspcc-dev/neofs-api-go/service" + "github.com/pkg/errors" +) + +type KeyPair struct { + PrivateKey *rsa.PrivateKey + PublicKey *rsa.PublicKey +} + +type AuthCenter struct { + gatewayKeys KeyPair +} + +func NewAuthCenter() (*AuthCenter, error) { + var kp KeyPair + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, err + } + kp.PrivateKey = privateKey + kp.PublicKey = &privateKey.PublicKey + ac := &AuthCenter{ + gatewayKeys: kp, + } + return ac, nil +} + +func (ac *AuthCenter) PackBearerToken(bt service.BearerToken) ([]byte, error) { + // TODO + panic("unimplemented method") +} + +func (ac *AuthCenter) UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) { + zstdDecoder, _ := zstd.NewReader(nil) + // secretHash := packedCredentials[:32] + _ = packedCredentials[:32] + compressedKeyID := packedCredentials[32:] + // Get an encrypted key. + var encryptedKeyID []byte + if _, err := zstdDecoder.DecodeAll(compressedKeyID, encryptedKeyID); err != nil { + return nil, errors.Wrap(err, "failed to decompress key ID") + } + // TODO: Decrypt the key ID. + var keyID []byte + bearerToken := new(service.BearerTokenMsg) + if err := bearerToken.Unmarshal(keyID); err != nil { + return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token") + } + return bearerToken, nil +}