Move and refactor ACT diffieHellman to Session. Add Key and NewFromKe…

…ystore functions. (#16)
Solar-Punk-Ltd · May 17, 2024 · 67e826a · 67e826a
1 parent bc5326c
commit 67e826a
Show file tree

Hide file tree

Showing 9 changed files with 261 additions and 156 deletions.
diff --git a/pkg/dynamicaccess/accesslogic.go b/pkg/dynamicaccess/accesslogic.go
@@ -14,8 +14,7 @@ type AccessLogic interface {
 	Get(act Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (swarm.Address, error)
 	EncryptRef(act Act, publisherPubKey ecdsa.PublicKey, ref swarm.Address) (swarm.Address, error)
 	//Add(act *Act, ref string, publisher ecdsa.PublicKey, tag string) (string, error)
-	getLookUpKey(publisher ecdsa.PublicKey, tag string) ([]byte, error)
-	getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) ([]byte, error)
+	getKeys(publicKey ecdsa.PublicKey) ([][]byte, error)
 	getEncryptedAccessKey(act Act, lookup_key []byte) ([]byte, error)
 	//createEncryptedAccessKey(ref string)
 	Add_New_Grantee_To_Content(act Act, publisherPubKey, granteePubKey ecdsa.PublicKey) (Act, error)
@@ -24,16 +23,20 @@ type AccessLogic interface {
 }
 
 type DefaultAccessLogic struct {
-	diffieHellman DiffieHellman
+	session Session
 	//encryption    encryption.Interface
 }
 
 // Will create a new Act list with only one element (the creator), and will also create encrypted_ref
 func (al *DefaultAccessLogic) AddPublisher(act Act, publisher ecdsa.PublicKey, tag string) (Act, error) {
 	access_key := encryption.GenerateRandomKey(encryption.KeyLength)
 
-	lookup_key, _ := al.getLookUpKey(publisher, "")
-	access_key_encryption_key, _ := al.getAccessKeyDecriptionKey(publisher, "")
+	keys, err := al.getKeys(publisher)
+	if err != nil {
+		return nil, err
+	}
+	lookup_key := keys[0]
+	access_key_encryption_key := keys[1]
 
 	access_key_cipher := encryption.New(encryption.Key(access_key_encryption_key), 0, uint32(0), hashFunc)
 	encrypted_access_key, _ := access_key_cipher.Encrypt(access_key)
@@ -62,8 +65,12 @@ func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act Act, publisherPubKe
 	// --Encrypt access key for new Grantee--
 
 	// 2 Diffie-Hellman for the Grantee
-	lookup_key, _ := al.getLookUpKey(granteePubKey, "")
-	access_key_encryption_key, _ := al.getAccessKeyDecriptionKey(granteePubKey, "")
+	keys, err := al.getKeys(granteePubKey)
+	if err != nil {
+		return nil, err
+	}
+	lookup_key := keys[0]
+	access_key_encryption_key := keys[1]
 
 	// Encrypt the access key for the new Grantee
 	cipher := encryption.New(encryption.Key(access_key_encryption_key), 0, uint32(0), hashFunc)
@@ -76,8 +83,12 @@ func (al *DefaultAccessLogic) Add_New_Grantee_To_Content(act Act, publisherPubKe
 }
 
 func (al *DefaultAccessLogic) getAccessKey(act Act, publisherPubKey ecdsa.PublicKey) []byte {
-	publisher_lookup_key, _ := al.getLookUpKey(publisherPubKey, "")
-	publisher_ak_decryption_key, _ := al.getAccessKeyDecriptionKey(publisherPubKey, "")
+	keys, err := al.getKeys(publisherPubKey)
+	if err != nil {
+		return nil
+	}
+	publisher_lookup_key := keys[0]
+	publisher_ak_decryption_key := keys[1]
 
 	access_key_decryption_cipher := encryption.New(encryption.Key(publisher_ak_decryption_key), 0, uint32(0), hashFunc)
 	encrypted_ak, _ := al.getEncryptedAccessKey(act, publisher_lookup_key)
@@ -93,25 +104,16 @@ func (al *DefaultAccessLogic) getAccessKey(act Act, publisherPubKey ecdsa.Public
 // func (al *DefaultAccessLogic) CreateAccessKey(reference string) {
 // }
 
-func (al *DefaultAccessLogic) getLookUpKey(publisher ecdsa.PublicKey, tag string) ([]byte, error) {
+func (al *DefaultAccessLogic) getKeys(publicKey ecdsa.PublicKey) ([][]byte, error) {
+	// Generate lookup key and access key decryption
+	oneByteArray := []byte{1}
 	zeroByteArray := []byte{0}
-	// Generate lookup key using Diffie Hellman
-	lookup_key, err := al.diffieHellman.SharedSecret(&publisher, tag, zeroByteArray)
-	if err != nil {
-		return []byte{}, err
-	}
-	return lookup_key, nil
-
-}
 
-func (al *DefaultAccessLogic) getAccessKeyDecriptionKey(publisher ecdsa.PublicKey, tag string) ([]byte, error) {
-	oneByteArray := []byte{1}
-	// Generate access key decryption key using Diffie Hellman
-	access_key_decryption_key, err := al.diffieHellman.SharedSecret(&publisher, tag, oneByteArray)
+	keys, err := al.session.Key(&publicKey, [][]byte{zeroByteArray, oneByteArray})
 	if err != nil {
-		return []byte{}, err
+		return [][]byte{}, err
 	}
-	return access_key_decryption_key, nil
+	return keys, nil
 }
 
 func (al *DefaultAccessLogic) getEncryptedAccessKey(act Act, lookup_key []byte) ([]byte, error) {
@@ -124,14 +126,12 @@ func (al *DefaultAccessLogic) getEncryptedAccessKey(act Act, lookup_key []byte)
 
 func (al *DefaultAccessLogic) Get(act Act, encryped_ref swarm.Address, publisher ecdsa.PublicKey, tag string) (swarm.Address, error) {
 
-	lookup_key, err := al.getLookUpKey(publisher, tag)
-	if err != nil {
-		return swarm.EmptyAddress, err
-	}
-	access_key_decryption_key, err := al.getAccessKeyDecriptionKey(publisher, tag)
+	keys, err := al.getKeys(publisher)
 	if err != nil {
 		return swarm.EmptyAddress, err
 	}
+	lookup_key := keys[0]
+	access_key_decryption_key := keys[1]
 
 	// Lookup encrypted access key from the ACT manifest
 
@@ -157,18 +157,8 @@ func (al *DefaultAccessLogic) Get(act Act, encryped_ref swarm.Address, publisher
 	return swarm.NewAddress(ref), nil
 }
 
-func NewAccessLogic(diffieHellman DiffieHellman) AccessLogic {
+func NewAccessLogic(s Session) AccessLogic {
 	return &DefaultAccessLogic{
-		diffieHellman: diffieHellman,
+		session: s,
 	}
 }
-
-// -------
-// act: &mock.ContainerMock{
-// 	AddFunc: func(ref string, publisher string, tag string) error {
-// 		return nil
-// 	},
-// 	GetFunc: func(ref string, publisher string, tag string) (string, error) {
-// 		return "", nil
-// 	},
-// },
diff --git a/pkg/dynamicaccess/controller_test.go b/pkg/dynamicaccess/controller_test.go
@@ -35,9 +35,9 @@ func TestDecrypt(t *testing.T) {
 	pk := getPrivateKey()
 	ak := encryption.Key([]byte("cica"))
 
-	dh := dynamicaccess.NewDiffieHellman(pk)
-	aek, _ := dh.SharedSecret(&pk.PublicKey, "", []byte{1})
-	e2 := encryption.New(aek, 0, uint32(0), hashFunc)
+	si := dynamicaccess.NewDefaultSession(pk)
+	aek, _ := si.Key(&pk.PublicKey, [][]byte{{1}})
+	e2 := encryption.New(aek[0], 0, uint32(0), hashFunc)
 	peak, _ := e2.Encrypt(ak)
 
 	h := mockTestHistory(nil, peak)
@@ -61,9 +61,9 @@ func TestEncrypt(t *testing.T) {
 	pk := getPrivateKey()
 	ak := encryption.Key([]byte("cica"))
 
-	dh := dynamicaccess.NewDiffieHellman(pk)
-	aek, _ := dh.SharedSecret(&pk.PublicKey, "", []byte{1})
-	e2 := encryption.New(aek, 0, uint32(0), hashFunc)
+	si := dynamicaccess.NewDefaultSession(pk)
+	aek, _ := si.Key(&pk.PublicKey, [][]byte{{1}})
+	e2 := encryption.New(aek[0], 0, uint32(0), hashFunc)
 	peak, _ := e2.Encrypt(ak)
 
 	h := mockTestHistory(nil, peak)

diff --git a/pkg/dynamicaccess/diffieHellman.go b/pkg/dynamicaccess/diffieHellman.go
diff --git a/pkg/dynamicaccess/diffieHellman_test.go b/pkg/dynamicaccess/diffieHellman_test.go
diff --git a/pkg/dynamicaccess/grantee_manager_test.go b/pkg/dynamicaccess/grantee_manager_test.go
@@ -15,8 +15,8 @@ func setupAccessLogic(privateKey *ecdsa.PrivateKey) dynamicaccess.AccessLogic {
 	// if err != nil {
 	// 	errors.New("error creating private key")
 	// }
-	diffieHellman := dynamicaccess.NewDiffieHellman(privateKey)
-	al := dynamicaccess.NewAccessLogic(diffieHellman)
+	si := dynamicaccess.NewDefaultSession(privateKey)
+	al := dynamicaccess.NewAccessLogic(si)
 
 	return al
 }

diff --git a/pkg/dynamicaccess/mock/diffieHellman.go b/pkg/dynamicaccess/mock/diffieHellman.go
diff --git a/pkg/dynamicaccess/mock/session.go b/pkg/dynamicaccess/mock/session.go
@@ -0,0 +1,41 @@
+package mock
+
+import (
+	"crypto/ecdsa"
+
+	"github.com/ethersphere/bee/pkg/crypto"
+	"github.com/ethersphere/bee/pkg/keystore"
+)
+
+type SessionMock struct {
+	KeyFunc func(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)
+	key     *ecdsa.PrivateKey
+}
+
+func (s *SessionMock) Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error) {
+	if s.KeyFunc == nil {
+		return nil, nil
+	}
+	return s.KeyFunc(publicKey, nonces)
+
+}
+
+func NewSessionMock(key *ecdsa.PrivateKey) *SessionMock {
+	return &SessionMock{key: key}
+}
+
+func NewFromKeystore(
+	ks keystore.Service,
+	tag,
+	password string,
+	keyFunc func(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error),
+) *SessionMock {
+	key, created, err := ks.Key(tag, password, crypto.EDGSecp256_K1)
+	if !created || err != nil {
+		return nil
+	}
+	return &SessionMock{
+		key:     key,
+		KeyFunc: keyFunc,
+	}
+}
diff --git a/pkg/dynamicaccess/session.go b/pkg/dynamicaccess/session.go
@@ -0,0 +1,49 @@
+package dynamicaccess
+
+import (
+	"crypto/ecdsa"
+	"errors"
+
+	"github.com/ethersphere/bee/pkg/crypto"
+	"github.com/ethersphere/bee/pkg/keystore"
+)
+
+// Session represents an interface for a Diffie-Helmann key derivation
+type Session interface {
+	// Key returns a derived key for each nonce
+	Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error)
+}
+
+var _ Session = (*session)(nil)
+
+type session struct {
+	key *ecdsa.PrivateKey
+}
+
+func (s *session) Key(publicKey *ecdsa.PublicKey, nonces [][]byte) ([][]byte, error) {
+	x, _ := publicKey.Curve.ScalarMult(publicKey.X, publicKey.Y, s.key.D.Bytes())
+	if x == nil {
+		return nil, errors.New("shared secret is point at infinity")
+	}
+
+	keys := make([][]byte, len(nonces))
+	for _, nonce := range nonces {
+		key, err := crypto.LegacyKeccak256(append(x.Bytes(), nonce...))
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, key)
+	}
+
+	return keys, nil
+}
+
+func NewDefaultSession(key *ecdsa.PrivateKey) Session {
+	return &session{
+		key: key,
+	}
+}
+
+func NewFromKeystore(ks keystore.Service, tag, password string) Session {
+	return nil
+}