storj/pkg/encryption/secretbox.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package encryption

import (
	"golang.org/x/crypto/nacl/secretbox"

	"storj.io/storj/pkg/storj"
)

type secretboxEncrypter struct {
	blockSize     int
	key           *storj.Key
	startingNonce *storj.Nonce
}

// NewSecretboxEncrypter returns a Transformer that encrypts the data passing
// through with key.
//
// startingNonce is treated as a big-endian encoded unsigned
// integer, and as blocks pass through, their block number and the starting
// nonce is added together to come up with that block's nonce. Encrypting
// different data with the same key and the same nonce is a huge security
// issue. It's safe to always encode new data with a random key and random
// startingNonce. The monotonically-increasing nonce (that rolls over) is to
// protect against data reordering.
//
// When in doubt, generate a new key from crypto/rand and a startingNonce
// from crypto/rand as often as possible.
func NewSecretboxEncrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
	if encryptedBlockSize <= secretbox.Overhead {
		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
	}
	return &secretboxEncrypter{
		blockSize:     encryptedBlockSize - secretbox.Overhead,
		key:           key,
		startingNonce: startingNonce,
	}, nil
}

func (s *secretboxEncrypter) InBlockSize() int {
	return s.blockSize
}

func (s *secretboxEncrypter) OutBlockSize() int {
	return s.blockSize + secretbox.Overhead
}

func calcNonce(startingNonce *storj.Nonce, blockNum int64) (rv *storj.Nonce, err error) {
	rv = new(storj.Nonce)
	if copy(rv[:], (*startingNonce)[:]) != len(rv) {
		return rv, Error.New("didn't copy memory?!")
	}
	_, err = incrementBytes(rv[:], blockNum)
	return rv, err
}

func (s *secretboxEncrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
	nonce, err := calcNonce(s.startingNonce, blockNum)
	if err != nil {
		return nil, err
	}
	return secretbox.Seal(out, in, nonce.Raw(), s.key.Raw()), nil
}

type secretboxDecrypter struct {
	blockSize     int
	key           *storj.Key
	startingNonce *storj.Nonce
}

// NewSecretboxDecrypter returns a Transformer that decrypts the data passing
// through with key. See the comments for NewSecretboxEncrypter about
// startingNonce.
func NewSecretboxDecrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
	if encryptedBlockSize <= secretbox.Overhead {
		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
	}
	return &secretboxDecrypter{
		blockSize:     encryptedBlockSize - secretbox.Overhead,
		key:           key,
		startingNonce: startingNonce,
	}, nil
}

func (s *secretboxDecrypter) InBlockSize() int {
	return s.blockSize + secretbox.Overhead
}

func (s *secretboxDecrypter) OutBlockSize() int {
	return s.blockSize
}

func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
	nonce, err := calcNonce(s.startingNonce, blockNum)
	if err != nil {
		return nil, err
	}
	rv, success := secretbox.Open(out, in, nonce.Raw(), s.key.Raw())
	if !success {
		return nil, ErrDecryptFailed.New("")
	}
	return rv, nil
}

// EncryptSecretBox encrypts byte data with a key and nonce. The cipher data is returned
func EncryptSecretBox(data []byte, key *storj.Key, nonce *storj.Nonce) (cipherData []byte, err error) {
	return secretbox.Seal(nil, data, nonce.Raw(), key.Raw()), nil
}

// DecryptSecretBox decrypts byte data with a key and nonce. The plain data is returned
func DecryptSecretBox(cipherData []byte, key *storj.Key, nonce *storj.Nonce) (data []byte, err error) {
	data, success := secretbox.Open(nil, cipherData, nonce.Raw(), key.Raw())
	if !success {
		return nil, ErrDecryptFailed.New("")
	}
	return data, nil
}