refactoring, update GetToken to new big_central

Author: billyb2

auth.go

@@ -2,41 +2,63 @@ package bfsp
 
 import (
 	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
-	"io"
 	"net/http"
 	"time"
 )
 
-func GetDLToken(bigCentralURL string, dlToken string) (string, error) {
+type encTokenInfo struct {
+	Token        string `json:"token"`
+	EncMasterKey string `json:"encrypted_master_key"`
+}
+
+type TokenInfo struct {
+	Token     string
+	MasterKey MasterKey
+}
+
+func GetToken(bigCentralURL string, dlToken string, rsaPrivKey *rsa.PrivateKey) (*TokenInfo, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
 
 	apiDLTokenURL := bigCentralURL + "/api/v1/dl_token?t=" + dlToken
 	for {
 		req, err := http.NewRequestWithContext(ctx, http.MethodGet, apiDLTokenURL, http.NoBody)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 		resp, err := http.DefaultClient.Do(req)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 		defer resp.Body.Close()
 
 		switch resp.StatusCode {
 		case 404:
 		case 200:
-			respBin, err := io.ReadAll(resp.Body)
+			var encryptedDLTokenInfo encTokenInfo
+			decoder := json.NewDecoder(resp.Body)
+			decoder.Decode(&encryptedDLTokenInfo)
+			encMasterKeyBin, err := base64.URLEncoding.DecodeString(encryptedDLTokenInfo.EncMasterKey)
+			if err != nil {
+				return nil, err
+			}
+			masterKey, err := rsaPrivKey.Decrypt(rand.Reader, encMasterKeyBin, nil)
 			if err != nil {
-				return "", err
+				return nil, err
 			}
-			resp := string(respBin)
 
-			return resp, nil
+			return &TokenInfo{
+				Token:     encryptedDLTokenInfo.Token,
+				MasterKey: masterKey,
+			}, nil
 
 		default:
-			return "", fmt.Errorf("status code %d from server", resp.StatusCode)
+			return nil, fmt.Errorf("status code %d from server", resp.StatusCode)
 		}
 
 		time.Sleep(1 * time.Second)

bfsp.pb.go

@@ -1,14 +1,14 @@
 package bfsp
 
 import (
+	"context"
 	"crypto/rand"
 	"encoding/base64"
 
 	"github.com/biscuit-auth/biscuit-go/v2"
 	"github.com/biscuit-auth/biscuit-go/v2/parser"
 	"github.com/google/uuid"
 	"github.com/klauspost/compress/zstd"
-	"golang.org/x/crypto/chacha20poly1305"
 	"google.golang.org/protobuf/proto"
 	"lukechampine.com/blake3"
 )
@@ -22,64 +22,16 @@ type EncryptedCompressedChunk struct {
 	chunk []byte
 }
 
-func CompressEncryptChunk(chunkBytes []byte, chunkMetadata *ChunkMetadata, fileId string, masterKey MasterKey) (*EncryptedCompressedChunk, error) {
-	zstdEncoder, err := zstd.NewWriter(nil)
-	if err != nil {
-		return nil, err
-	}
-	defer zstdEncoder.Close()
+type clientContextKeyType struct{}
 
-	compressedChunkBytes := zstdEncoder.EncodeAll(chunkBytes, nil)
-
-	fileUUID := uuid.MustParse(fileId)
-	fileUUIDBin, err := fileUUID.MarshalBinary()
-	fileKeyBytes := masterKey[:]
-	fileKeyBytes = append(fileKeyBytes, fileUUIDBin...)
-	fileKey := blake3.Sum256(fileKeyBytes)
+var clientContextKey = clientContextKeyType{}
 
-	enc, err := chacha20poly1305.NewX(fileKey[:])
-	if err != nil {
-		return nil, err
-	}
-	encryptedChunkBytes := enc.Seal(nil, chunkMetadata.Nonce, compressedChunkBytes, []byte(chunkMetadata.Id))
-
-	return &EncryptedCompressedChunk{
-		chunk: encryptedChunkBytes,
-	}, nil
+func ContextWithClient(ctx context.Context, cli FileServerClient) context.Context {
+	return context.WithValue(ctx, clientContextKey, cli)
 }
 
-func CompressEncryptChunkMetadata(chunkMetadata *ChunkMetadata, fileId string, masterKey MasterKey) ([]byte, error) {
-	zstdEncoder, err := zstd.NewWriter(nil)
-	if err != nil {
-		return nil, err
-	}
-	defer zstdEncoder.Close()
-
-	b, err := proto.Marshal(chunkMetadata)
-	compressedChunkBytes := zstdEncoder.EncodeAll(b, nil)
-
-	fileUUID := uuid.MustParse(fileId)
-	fileUUIDBin, err := fileUUID.MarshalBinary()
-	fileKeyBytes := masterKey[:]
-	fileKeyBytes = append(fileKeyBytes, fileUUIDBin...)
-	fileKey := blake3.Sum256(fileKeyBytes)
-
-	enc, err := chacha20poly1305.NewX(fileKey[:])
-	if err != nil {
-		return nil, err
-	}
-	chunkMetaUUID, err := uuid.Parse(chunkMetadata.Id)
-	if err != nil {
-		return nil, err
-	}
-	nonce, err := chunkMetaUUID.MarshalBinary()
-	if err != nil {
-		return nil, err
-	}
-	nonce = append(nonce, make([]byte, 24-len(nonce))...)
-
-	encryptedChunkMetaBytes := enc.Seal(nil, nonce, compressedChunkBytes, chunkMetaUUID[:])
-	return encryptedChunkMetaBytes, nil
+func ClientFromContext(ctx context.Context) FileServerClient {
+	return ctx.Value(clientContextKey).(FileServerClient)
 }
 
 func ShareFile(fileMeta *FileMetadata, tokenStr string, masterKey MasterKey) (*ViewFileInfo, error) {

cli.go

@@ -1,9 +1,14 @@
 package bfsp
 
 import (
+	"context"
 	"encoding/base64"
 
+	"github.com/google/uuid"
+	"github.com/klauspost/compress/zstd"
 	"golang.org/x/crypto/argon2"
+	"golang.org/x/crypto/chacha20poly1305"
+	"google.golang.org/protobuf/proto"
 	"lukechampine.com/blake3"
 )
 
@@ -27,3 +32,75 @@ func CreateMasterEncKey(password string) (MasterKey, error) {
 
 	return masterKey[:], nil
 }
+
+func CompressEncryptChunk(chunkBytes []byte, chunkMetadata *ChunkMetadata, fileId string, masterKey MasterKey) (*EncryptedCompressedChunk, error) {
+	zstdEncoder, err := zstd.NewWriter(nil)
+	if err != nil {
+		return nil, err
+	}
+	defer zstdEncoder.Close()
+
+	compressedChunkBytes := zstdEncoder.EncodeAll(chunkBytes, nil)
+
+	fileUUID := uuid.MustParse(fileId)
+	fileUUIDBin, err := fileUUID.MarshalBinary()
+	fileKeyBytes := masterKey[:]
+	fileKeyBytes = append(fileKeyBytes, fileUUIDBin...)
+	fileKey := blake3.Sum256(fileKeyBytes)
+
+	enc, err := chacha20poly1305.NewX(fileKey[:])
+	if err != nil {
+		return nil, err
+	}
+	encryptedChunkBytes := enc.Seal(nil, chunkMetadata.Nonce, compressedChunkBytes, []byte(chunkMetadata.Id))
+
+	return &EncryptedCompressedChunk{
+		chunk: encryptedChunkBytes,
+	}, nil
+}
+
+func CompressEncryptChunkMetadata(chunkMetadata *ChunkMetadata, fileId string, masterKey MasterKey) ([]byte, error) {
+	zstdEncoder, err := zstd.NewWriter(nil)
+	if err != nil {
+		return nil, err
+	}
+	defer zstdEncoder.Close()
+
+	b, err := proto.Marshal(chunkMetadata)
+	compressedChunkBytes := zstdEncoder.EncodeAll(b, nil)
+
+	fileUUID := uuid.MustParse(fileId)
+	fileUUIDBin, err := fileUUID.MarshalBinary()
+	fileKeyBytes := masterKey[:]
+	fileKeyBytes = append(fileKeyBytes, fileUUIDBin...)
+	fileKey := blake3.Sum256(fileKeyBytes)
+
+	enc, err := chacha20poly1305.NewX(fileKey[:])
+	if err != nil {
+		return nil, err
+	}
+	chunkMetaUUID, err := uuid.Parse(chunkMetadata.Id)
+	if err != nil {
+		return nil, err
+	}
+	nonce, err := chunkMetaUUID.MarshalBinary()
+	if err != nil {
+		return nil, err
+	}
+	nonce = append(nonce, make([]byte, 24-len(nonce))...)
+
+	encryptedChunkMetaBytes := enc.Seal(nil, nonce, compressedChunkBytes, chunkMetaUUID[:])
+	return encryptedChunkMetaBytes, nil
+}
+
+type keyContextKeyType struct{}
+
+var keyContextKey = keyContextKeyType{}
+
+func ContextWithMasterKey(ctx context.Context, masterKey MasterKey) context.Context {
+	return context.WithValue(ctx, keyContextKey, masterKey)
+}
+
+func MasterKeyFromContext(ctx context.Context) MasterKey {
+	return ctx.Value(keyContextKey).(MasterKey)
+}

enc.go

@@ -75,7 +75,7 @@ func (cli *httpClient) sendFileServerMessage(msg isFileServerMessage_Message, re
 	// the first 4 bytes are the length of the message in uint32_le, we'll ignore that for now
 	body = body[4:]
 
-	// i <3 generics
+	// i <3 interfaces
 	err = proto.Unmarshal(body, resp)
 	if err != nil {
 		return err