storj/pkg/encryption/path_new.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package encryption

import (
	"crypto/hmac"
	"crypto/sha512"
	"encoding/base64"
	"strings"

	"github.com/zeebo/errs"

	"storj.io/storj/pkg/paths"
	"storj.io/storj/pkg/storj"
)

// StoreEncryptPath encrypts the path using the provided cipher and looking up
// keys from the provided store and bucket.
func StoreEncryptPath(bucket string, path paths.Unencrypted, cipher storj.Cipher, store *Store) (
	encPath paths.Encrypted, err error) {

	// Invalid paths map to invalid paths
	if !path.Valid() {
		return paths.Encrypted{}, nil
	}

	if cipher == storj.Unencrypted {
		return paths.NewEncrypted(path.Raw()), nil
	}

	_, consumed, base := store.LookupUnencrypted(bucket, path)
	if base == nil {
		return paths.Encrypted{}, errs.New("unable to find encryption base for: %s/%q", bucket, path)
	}

	remaining, ok := path.Consume(consumed)
	if !ok {
		return paths.Encrypted{}, errs.New("unable to encrypt bucket path: %s/%q", bucket, path)
	}

	// if we didn't consume any path, we're at the root of the bucket, and so we have
	// to fold the bucket name into the key.
	key := &base.Key
	if !consumed.Valid() {
		key, err = derivePathKeyComponent(key, bucket)
		if err != nil {
			return paths.Encrypted{}, errs.Wrap(err)
		}
	}

	encrypted, err := EncryptPathRaw(remaining.Raw(), cipher, key)
	if err != nil {
		return paths.Encrypted{}, errs.Wrap(err)
	}

	var builder strings.Builder
	builder.WriteString(base.Encrypted.Raw())

	if len(encrypted) > 0 {
		if builder.Len() > 0 {
			builder.WriteByte('/')
		}
		builder.WriteString(encrypted)
	}

	return paths.NewEncrypted(builder.String()), nil
}

// EncryptPathRaw encrypts the path using the provided key directly. EncryptPath should be
// preferred if possible.
func EncryptPathRaw(raw string, cipher storj.Cipher, key *storj.Key) (string, error) {
	if cipher == storj.Unencrypted {
		return raw, nil
	}

	var builder strings.Builder
	for iter, i := paths.NewIterator(raw), 0; !iter.Done(); i++ {
		component := iter.Next()
		encComponent, err := storeEncryptPathComponent(component, cipher, key)
		if err != nil {
			return "", errs.Wrap(err)
		}
		key, err = derivePathKeyComponent(key, component)
		if err != nil {
			return "", errs.Wrap(err)
		}
		if i > 0 {
			builder.WriteByte('/')
		}
		builder.WriteString(encComponent)
	}
	return builder.String(), nil
}

// StoreDecryptPath decrypts the path using the provided cipher and looking up
// keys from the provided store and bucket.
func StoreDecryptPath(bucket string, path paths.Encrypted, cipher storj.Cipher, store *Store) (
	unencPath paths.Unencrypted, err error) {

	// Invalid paths map to invalid paths
	if !path.Valid() {
		return paths.Unencrypted{}, nil
	}

	if cipher == storj.Unencrypted {
		return paths.NewUnencrypted(path.Raw()), nil
	}

	_, consumed, base := store.LookupEncrypted(bucket, path)
	if base == nil {
		return paths.Unencrypted{}, errs.New("unable to find decryption base for: %q", path)
	}

	remaining, ok := path.Consume(consumed)
	if !ok {
		return paths.Unencrypted{}, errs.New("unable to decrypt bucket path: %q", path)
	}

	// if we didn't consume any path, we're at the root of the bucket, and so we have
	// to fold the bucket name into the key.
	key := &base.Key
	if !consumed.Valid() {
		key, err = derivePathKeyComponent(key, bucket)
		if err != nil {
			return paths.Unencrypted{}, errs.Wrap(err)
		}
	}

	decrypted, err := DecryptPathRaw(remaining.Raw(), cipher, key)
	if err != nil {
		return paths.Unencrypted{}, errs.Wrap(err)
	}

	var builder strings.Builder
	builder.WriteString(base.Unencrypted.Raw())

	if len(decrypted) > 0 {
		if builder.Len() > 0 {
			builder.WriteByte('/')
		}
		builder.WriteString(decrypted)
	}

	return paths.NewUnencrypted(builder.String()), nil
}

// DecryptPathRaw decrypts the path using the provided key directly. DecryptPath should be
// preferred if possible.
func DecryptPathRaw(raw string, cipher storj.Cipher, key *storj.Key) (string, error) {
	if cipher == storj.Unencrypted {
		return raw, nil
	}

	var builder strings.Builder
	for iter, i := paths.NewIterator(raw), 0; !iter.Done(); i++ {
		component := iter.Next()
		unencComponent, err := storeDecryptPathComponent(component, cipher, key)
		if err != nil {
			return "", errs.Wrap(err)
		}
		key, err = derivePathKeyComponent(key, unencComponent)
		if err != nil {
			return "", errs.Wrap(err)
		}
		if i > 0 {
			builder.WriteByte('/')
		}
		builder.WriteString(unencComponent)
	}
	return builder.String(), nil
}

// StoreDeriveContentKey returns the content key for the passed in path by looking up
// the appropriate base key from the store and bucket and deriving the rest.
func StoreDeriveContentKey(bucket string, path paths.Unencrypted, store *Store) (key *storj.Key, err error) {
	key, err = StoreDerivePathKey(bucket, path, store)
	if err != nil {
		return nil, errs.Wrap(err)
	}
	key, err = DeriveKey(key, "content")
	return key, errs.Wrap(err)
}

// StoreDerivePathKey returns the path key for the passed in path by looking up the
// appropriate base key from the store and bucket and deriving the rest.
func StoreDerivePathKey(bucket string, path paths.Unencrypted, store *Store) (key *storj.Key, err error) {
	_, consumed, base := store.LookupUnencrypted(bucket, path)
	if base == nil {
		return nil, errs.New("unable to find encryption base for: %s/%q", bucket, path)
	}

	// If asking for the key at the bucket, do that and return.
	if !path.Valid() {
		key, err = derivePathKeyComponent(&base.Key, bucket)
		if err != nil {
			return nil, errs.Wrap(err)
		}
		return key, nil
	}

	remaining, ok := path.Consume(consumed)
	if !ok {
		return nil, errs.New("unable to derive path key for: %s/%q", bucket, path)
	}

	// if we didn't consume any path, we're at the root of the bucket, and so we have
	// to fold the bucket name into the key.
	key = &base.Key
	if !consumed.Valid() {
		key, err = derivePathKeyComponent(key, bucket)
		if err != nil {
			return nil, errs.Wrap(err)
		}
	}

	for iter := remaining.Iterator(); !iter.Done(); {
		key, err = derivePathKeyComponent(key, iter.Next())
		if err != nil {
			return nil, errs.Wrap(err)
		}
	}
	return key, nil
}

// derivePathKeyComponent derives a new key from the provided one using the component. It
// should be preferred over DeriveKey when adding path components as it performs the
// necessary transformation to the component.
func derivePathKeyComponent(key *storj.Key, component string) (*storj.Key, error) {
	return DeriveKey(key, "path:"+component)
}

// storeEncryptPathComponent encrypts a single path component with the provided cipher and key.
func storeEncryptPathComponent(comp string, cipher storj.Cipher, key *storj.Key) (string, error) {
	if comp == "" {
		return "", nil
	}

	// derive the key for the next path component. this is so that
	// every encrypted component has a unique nonce.
	derivedKey, err := derivePathKeyComponent(key, comp)
	if err != nil {
		return "", err
	}

	// use the derived key to derive the nonce
	mac := hmac.New(sha512.New, derivedKey[:])
	_, err = mac.Write([]byte("nonce"))
	if err != nil {
		return "", Error.Wrap(err)
	}

	nonce := new(storj.Nonce)
	copy(nonce[:], mac.Sum(nil))

	// encrypt the path components with the parent's key and the derived nonce
	cipherText, err := Encrypt([]byte(comp), cipher, key, nonce)
	if err != nil {
		return "", Error.Wrap(err)
	}

	nonceSize := storj.NonceSize
	if cipher == storj.AESGCM {
		nonceSize = AESGCMNonceSize
	}

	// keep the nonce together with the cipher text
	return base64.RawURLEncoding.EncodeToString(append(nonce[:nonceSize], cipherText...)), nil
}

// storeDecryptPathComponent decrypts a single path component with the provided cipher and key.
func storeDecryptPathComponent(comp string, cipher storj.Cipher, key *storj.Key) (string, error) {
	if comp == "" {
		return "", nil
	}

	data, err := base64.RawURLEncoding.DecodeString(comp)
	if err != nil {
		return "", Error.Wrap(err)
	}

	nonceSize := storj.NonceSize
	if cipher == storj.AESGCM {
		nonceSize = AESGCMNonceSize
	}
	if len(data) < nonceSize || nonceSize < 0 {
		return "", errs.New("component did not contain enough nonce bytes")
	}

	// extract the nonce from the cipher text
	nonce := new(storj.Nonce)
	copy(nonce[:], data[:nonceSize])

	decrypted, err := Decrypt(data[nonceSize:], cipher, key, nonce)
	if err != nil {
		return "", Error.Wrap(err)
	}

	return string(decrypted), nil
}
Create and use an encryption.Store (#2293) * add path implementation This commit adds a pkg/paths package which contains two types, Encrypted and Unencrypted, to statically enforce what is contained in a path. It's part of a refactoring of the code base to be more clear about what is contained in a storj.Path at all the layers. Change-Id: Ifc4d4932da26a97ea99749b8356b4543496a8864 * add encryption store This change adds an encryption.Store type to keep a collection of root keys for arbitrary locations in some buckets. It allows one to look up all of the necessary information to encrypt paths, decrypt paths and decrypt list operations. It adds some exported functions to perform encryption on paths using a Store. Change-Id: I1a3d230c521d65f0ede727f93e1cb389f8be9497 * add shim around streams store This commit changes no functionality, but just reorganizes the code so that changes can be made directly to the streams store implementation without affecting callers. It also adds a Path type that will be used at the interface boundary for the streams store so that it can be sure that it's getting well formed paths that it expects. Change-Id: I50bd682995b185beb653b00562fab62ef11f1ab5 * refactor streams to use encryption store This commit changes the streams store to use the path type as well as the encryption store to handle all of it's encryption and decryption. Some changes were made to how the default key is returned in the encryption store to have it include the case when the bucket exists but no paths matched. The path iterator could also be simplified to not report if a consume was valid: that information is no longer necessary. The kvmetainfo tests were changed to appropriately pass the subtests testing.T rather than having the closure it executes use the parent one. The test framework now correctly reports which test did the failing. There are still some latent issues with listing in that listing for "a/" and listing for "a" are not the same operation, but we treat them as such. I suspect that there are also issues with paths like "/" or "//foo", but that's for another time. Change-Id: I81cad4ba2850c3d14ba7e632777c4cac93db9472 use an encryption store at the upper layers Change-Id: Id9b4dd5f27b3ecac863de586e9ae076f4f927f6f * fix linting failures Change-Id: Ifb8378879ad308d4d047a0483850156371a41280 * fix linting in encryption test Change-Id: Ia35647dfe18b0f20fe13763b28e53294f75c38fa * get rid of kvmetainfo rootKey Change-Id: Id795ca03d9417e3fe9634365a121430eb678d6d5 * Fix linting failure for return with else Change-Id: I0b9ffd92be42ffcd8fef7ea735c5fc114a55d3b5 * fix some bugs adding enc store to kvmetainfo Change-Id: I8e765970ba817289c65ec62971ae3bfa2c53a1ba * respond to review feedback Change-Id: I43e2ce29ce2fb6677b1cd6b9469838d80ec92c86 2019-06-24 20:23:07 +01:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package encryption`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha512"`
			`"encoding/base64"`
			`"strings"`

			`"github.com/zeebo/errs"`

			`"storj.io/storj/pkg/paths"`
			`"storj.io/storj/pkg/storj"`
			`)`

			`// StoreEncryptPath encrypts the path using the provided cipher and looking up`
			`// keys from the provided store and bucket.`
			`func StoreEncryptPath(bucket string, path paths.Unencrypted, cipher storj.Cipher, store *Store) (`
			`encPath paths.Encrypted, err error) {`

			`// Invalid paths map to invalid paths`
			`if !path.Valid() {`
			`return paths.Encrypted{}, nil`
			`}`

			`if cipher == storj.Unencrypted {`
			`return paths.NewEncrypted(path.Raw()), nil`
			`}`

			`_, consumed, base := store.LookupUnencrypted(bucket, path)`
			`if base == nil {`
			`return paths.Encrypted{}, errs.New("unable to find encryption base for: %s/%q", bucket, path)`
			`}`

			`remaining, ok := path.Consume(consumed)`
			`if !ok {`
			`return paths.Encrypted{}, errs.New("unable to encrypt bucket path: %s/%q", bucket, path)`
			`}`

			`// if we didn't consume any path, we're at the root of the bucket, and so we have`
			`// to fold the bucket name into the key.`
			`key := &base.Key`
			`if !consumed.Valid() {`
			`key, err = derivePathKeyComponent(key, bucket)`
			`if err != nil {`
			`return paths.Encrypted{}, errs.Wrap(err)`
			`}`
			`}`

			`encrypted, err := EncryptPathRaw(remaining.Raw(), cipher, key)`
			`if err != nil {`
			`return paths.Encrypted{}, errs.Wrap(err)`
			`}`

			`var builder strings.Builder`
			`builder.WriteString(base.Encrypted.Raw())`

			`if len(encrypted) > 0 {`
			`if builder.Len() > 0 {`
			`builder.WriteByte('/')`
			`}`
			`builder.WriteString(encrypted)`
			`}`

			`return paths.NewEncrypted(builder.String()), nil`
			`}`

			`// EncryptPathRaw encrypts the path using the provided key directly. EncryptPath should be`
			`// preferred if possible.`
			`func EncryptPathRaw(raw string, cipher storj.Cipher, key *storj.Key) (string, error) {`
			`if cipher == storj.Unencrypted {`
			`return raw, nil`
			`}`

			`var builder strings.Builder`
			`for iter, i := paths.NewIterator(raw), 0; !iter.Done(); i++ {`
			`component := iter.Next()`
			`encComponent, err := storeEncryptPathComponent(component, cipher, key)`
			`if err != nil {`
			`return "", errs.Wrap(err)`
			`}`
			`key, err = derivePathKeyComponent(key, component)`
			`if err != nil {`
			`return "", errs.Wrap(err)`
			`}`
			`if i > 0 {`
			`builder.WriteByte('/')`
			`}`
			`builder.WriteString(encComponent)`
			`}`
			`return builder.String(), nil`
			`}`

			`// StoreDecryptPath decrypts the path using the provided cipher and looking up`
			`// keys from the provided store and bucket.`
			`func StoreDecryptPath(bucket string, path paths.Encrypted, cipher storj.Cipher, store *Store) (`
			`unencPath paths.Unencrypted, err error) {`

			`// Invalid paths map to invalid paths`
			`if !path.Valid() {`
			`return paths.Unencrypted{}, nil`
			`}`

			`if cipher == storj.Unencrypted {`
			`return paths.NewUnencrypted(path.Raw()), nil`
			`}`

			`_, consumed, base := store.LookupEncrypted(bucket, path)`
			`if base == nil {`
			`return paths.Unencrypted{}, errs.New("unable to find decryption base for: %q", path)`
			`}`

			`remaining, ok := path.Consume(consumed)`
			`if !ok {`
			`return paths.Unencrypted{}, errs.New("unable to decrypt bucket path: %q", path)`
			`}`

			`// if we didn't consume any path, we're at the root of the bucket, and so we have`
			`// to fold the bucket name into the key.`
			`key := &base.Key`
			`if !consumed.Valid() {`
			`key, err = derivePathKeyComponent(key, bucket)`
			`if err != nil {`
			`return paths.Unencrypted{}, errs.Wrap(err)`
			`}`
			`}`

			`decrypted, err := DecryptPathRaw(remaining.Raw(), cipher, key)`
			`if err != nil {`
			`return paths.Unencrypted{}, errs.Wrap(err)`
			`}`

			`var builder strings.Builder`
			`builder.WriteString(base.Unencrypted.Raw())`

			`if len(decrypted) > 0 {`
			`if builder.Len() > 0 {`
			`builder.WriteByte('/')`
			`}`
			`builder.WriteString(decrypted)`
			`}`

			`return paths.NewUnencrypted(builder.String()), nil`
			`}`

			`// DecryptPathRaw decrypts the path using the provided key directly. DecryptPath should be`
			`// preferred if possible.`
			`func DecryptPathRaw(raw string, cipher storj.Cipher, key *storj.Key) (string, error) {`
			`if cipher == storj.Unencrypted {`
			`return raw, nil`
			`}`

			`var builder strings.Builder`
			`for iter, i := paths.NewIterator(raw), 0; !iter.Done(); i++ {`
			`component := iter.Next()`
			`unencComponent, err := storeDecryptPathComponent(component, cipher, key)`
			`if err != nil {`
			`return "", errs.Wrap(err)`
			`}`
			`key, err = derivePathKeyComponent(key, unencComponent)`
			`if err != nil {`
			`return "", errs.Wrap(err)`
			`}`
			`if i > 0 {`
			`builder.WriteByte('/')`
			`}`
			`builder.WriteString(unencComponent)`
			`}`
			`return builder.String(), nil`
			`}`

			`// StoreDeriveContentKey returns the content key for the passed in path by looking up`
			`// the appropriate base key from the store and bucket and deriving the rest.`
			`func StoreDeriveContentKey(bucket string, path paths.Unencrypted, store Store) (key storj.Key, err error) {`
			`key, err = StoreDerivePathKey(bucket, path, store)`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`
			`key, err = DeriveKey(key, "content")`
			`return key, errs.Wrap(err)`
			`}`

			`// StoreDerivePathKey returns the path key for the passed in path by looking up the`
			`// appropriate base key from the store and bucket and deriving the rest.`
			`func StoreDerivePathKey(bucket string, path paths.Unencrypted, store Store) (key storj.Key, err error) {`
			`_, consumed, base := store.LookupUnencrypted(bucket, path)`
			`if base == nil {`
			`return nil, errs.New("unable to find encryption base for: %s/%q", bucket, path)`
			`}`

			`// If asking for the key at the bucket, do that and return.`
			`if !path.Valid() {`
			`key, err = derivePathKeyComponent(&base.Key, bucket)`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`
			`return key, nil`
			`}`

			`remaining, ok := path.Consume(consumed)`
			`if !ok {`
			`return nil, errs.New("unable to derive path key for: %s/%q", bucket, path)`
			`}`

			`// if we didn't consume any path, we're at the root of the bucket, and so we have`
			`// to fold the bucket name into the key.`
			`key = &base.Key`
			`if !consumed.Valid() {`
			`key, err = derivePathKeyComponent(key, bucket)`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`
			`}`

			`for iter := remaining.Iterator(); !iter.Done(); {`
			`key, err = derivePathKeyComponent(key, iter.Next())`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`
			`}`
			`return key, nil`
			`}`

			`// derivePathKeyComponent derives a new key from the provided one using the component. It`
			`// should be preferred over DeriveKey when adding path components as it performs the`
			`// necessary transformation to the component.`
			`func derivePathKeyComponent(key storj.Key, component string) (storj.Key, error) {`
			`return DeriveKey(key, "path:"+component)`
			`}`

			`// storeEncryptPathComponent encrypts a single path component with the provided cipher and key.`
			`func storeEncryptPathComponent(comp string, cipher storj.Cipher, key *storj.Key) (string, error) {`
			`if comp == "" {`
			`return "", nil`
			`}`

			`// derive the key for the next path component. this is so that`
			`// every encrypted component has a unique nonce.`
			`derivedKey, err := derivePathKeyComponent(key, comp)`
			`if err != nil {`
			`return "", err`
			`}`

			`// use the derived key to derive the nonce`
			`mac := hmac.New(sha512.New, derivedKey[:])`
			`_, err = mac.Write([]byte("nonce"))`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`

			`nonce := new(storj.Nonce)`
			`copy(nonce[:], mac.Sum(nil))`

			`// encrypt the path components with the parent's key and the derived nonce`
			`cipherText, err := Encrypt([]byte(comp), cipher, key, nonce)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`

			`nonceSize := storj.NonceSize`
			`if cipher == storj.AESGCM {`
			`nonceSize = AESGCMNonceSize`
			`}`

			`// keep the nonce together with the cipher text`
			`return base64.RawURLEncoding.EncodeToString(append(nonce[:nonceSize], cipherText...)), nil`
			`}`

			`// storeDecryptPathComponent decrypts a single path component with the provided cipher and key.`
			`func storeDecryptPathComponent(comp string, cipher storj.Cipher, key *storj.Key) (string, error) {`
			`if comp == "" {`
			`return "", nil`
			`}`

			`data, err := base64.RawURLEncoding.DecodeString(comp)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`

			`nonceSize := storj.NonceSize`
			`if cipher == storj.AESGCM {`
			`nonceSize = AESGCMNonceSize`
			`}`
			`if len(data) < nonceSize \|\| nonceSize < 0 {`
			`return "", errs.New("component did not contain enough nonce bytes")`
			`}`

			`// extract the nonce from the cipher text`
			`nonce := new(storj.Nonce)`
			`copy(nonce[:], data[:nonceSize])`

			`decrypted, err := Decrypt(data[nonceSize:], cipher, key, nonce)`
			`if err != nil {`
			`return "", Error.Wrap(err)`
			`}`

			`return string(decrypted), nil`
			`}`