Error while downloading object after using restrict_scope from lib/uplinkc

Ayush-003 · January 3, 2020, 2:08pm

Hello Everyone,
I have been trying to use restrict_scope function in uplinkc. I want to use restricted scope to access some object uploaded on a bucket using API Key and Encryption PassPhrase. I am using "lib/uplinkc v0.28.4" functions for this.

Steps and functions involved in uploading data:

new_uplink
parse_api_key
open_project
project_salted_key_from_passphrase
new_encryption_access_with_default_key
serialize_encryption_access
open_bucket
upload
upload_write
upload_commit

The data is successfully uploaded on storj and can be accessed/downloaded using uplink CLI.
Bucket: "bucketname01" Object Path: "uploadPath01/data/README.md"

Further Scope is created using new_scope function with returned objects from above “parse_api_key” and “new_encryption_access_with_default_key” functions.

The created scope is then restricted using restrict_scope function with parameters as:

Caveat caveat = {disallow_deletes : true};
EncryptionRestriction restrictions[] = {
            {"bucketname01", "uploadPath01/data"}};

Steps involved in downloading data using restricted scope:

get_scope_satellite_address
get_scope_api_key
get_scope_enc_access
serialize_encryption_access
new_uplink
open_project
open_bucket
download
download_read
download_close

It works properly till open bucket but fails to download object data.

Error: unable to find encryption base for: bucketname01/“”

If I add this path to restrictions, I get the following error:

EncryptionRestriction restrictions[] = {
            {"bucketname01", ""},
            {"bucketname01", "uploadPath01/data"}};

Error: encryption error: decryption failed, check encryption key: cipher: message authentication failed

error2976×508 11.6 KB

If I try the above steps without using restrict_scope function, it successfully downloads object data.

Please let me know what may be the issue and if I am doing something wrong ?

Egon · January 3, 2020, 4:12pm

Is there a full self-contained code that demonstrates the issue?

Currently it’s difficult to debug what could be going wrong.

Ayush-003 · January 6, 2020, 4:27am

Sorry Sir, but to share the code that would demonstrate the issue, complete project need to be shared because all the functions are interlinked. You can use the test examples in lib/uplinkc to test the issue.

I have tested the same procedure using uplink instead of uplinkc and it works like a charm.

I think there is an issue with the restrict_scope function of uplinkc. If possible please try to download or upload using restricted scope created using uplinkc. This might recreate the issue.

michaln · January 9, 2020, 5:05pm

I prepared test case where file is uploaded and later is downloaded with restricted api key and encryption access. Looks to be working fine. Let me know what kind of restrictions you are trying to apply, maybe there is a difference there. Also let me know if you have any questions about code I prepared.

https://review.dev.storj.io/c/storj/storj/+/460

Ayush-003 · January 15, 2020, 5:55am

@michaln Thank you . i will check and get back to you.

TopperDEL · January 16, 2020, 7:35pm

@Ayush-003 Is it working for you now? I Encounter the same Problem and I’m not sure, if the error is on my side. Will have to do some further Tests.

TopperDEL · January 27, 2020, 3:13pm

I’m seeing problems using a restricted-scope with a caveat used where at least one of the disallow-fields is set to true. Download works from that restricted scope, but upload does not.

@michaln: Your test code does only a download, but no upload. I’ve created an issue to discuss this “officially”: https://github.com/storj/storj/issues/3762