2018-04-11 14:41:50 +01:00
|
|
|
// Copyright (C) 2018 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package eestream
|
|
|
|
|
|
|
|
import (
|
2018-09-26 14:32:23 +01:00
|
|
|
"github.com/zeebo/errs"
|
2018-04-11 14:41:50 +01:00
|
|
|
"golang.org/x/crypto/nacl/secretbox"
|
|
|
|
)
|
|
|
|
|
|
|
|
type secretboxEncrypter struct {
|
2018-04-16 01:48:19 +01:00
|
|
|
blockSize int
|
2018-09-26 14:32:23 +01:00
|
|
|
key Key
|
|
|
|
startingNonce Nonce
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewSecretboxEncrypter returns a Transformer that encrypts the data passing
|
|
|
|
// through with key.
|
2018-04-16 01:48:19 +01:00
|
|
|
//
|
|
|
|
// startingNonce is treated as a big-endian encoded unsigned
|
|
|
|
// integer, and as blocks pass through, their block number and the starting
|
|
|
|
// nonce is added together to come up with that block's nonce. Encrypting
|
|
|
|
// different data with the same key and the same nonce is a huge security
|
|
|
|
// issue. It's safe to always encode new data with a random key and random
|
|
|
|
// startingNonce. The monotonically-increasing nonce (that rolls over) is to
|
|
|
|
// protect against data reordering.
|
|
|
|
//
|
|
|
|
// When in doubt, generate a new key from crypto/rand and a startingNonce
|
|
|
|
// from crypto/rand as often as possible.
|
2018-09-26 14:32:23 +01:00
|
|
|
func NewSecretboxEncrypter(key *Key, startingNonce *Nonce, encryptedBlockSize int) (Transformer, error) {
|
2018-04-11 14:41:50 +01:00
|
|
|
if encryptedBlockSize <= secretbox.Overhead {
|
|
|
|
return nil, Error.New("block size too small")
|
|
|
|
}
|
2018-04-16 01:48:19 +01:00
|
|
|
return &secretboxEncrypter{
|
|
|
|
blockSize: encryptedBlockSize - secretbox.Overhead,
|
|
|
|
key: *key,
|
|
|
|
startingNonce: *startingNonce,
|
|
|
|
}, nil
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secretboxEncrypter) InBlockSize() int {
|
|
|
|
return s.blockSize
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secretboxEncrypter) OutBlockSize() int {
|
|
|
|
return s.blockSize + secretbox.Overhead
|
|
|
|
}
|
|
|
|
|
2018-09-26 14:32:23 +01:00
|
|
|
func calcNonce(startingNonce *Nonce, blockNum int64) (rv *Nonce, err error) {
|
|
|
|
rv = new(Nonce)
|
2018-04-16 01:48:19 +01:00
|
|
|
if copy(rv[:], (*startingNonce)[:]) != len(rv) {
|
|
|
|
return rv, Error.New("didn't copy memory?!")
|
|
|
|
}
|
|
|
|
_, err = incrementBytes(rv[:], blockNum)
|
|
|
|
return rv, err
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
2018-09-26 14:32:23 +01:00
|
|
|
func (s *secretboxEncrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
|
2018-04-16 01:48:19 +01:00
|
|
|
n, err := calcNonce(&s.startingNonce, blockNum)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2018-09-26 14:32:23 +01:00
|
|
|
return secretbox.Seal(out, in, n.Bytes(), s.key.Bytes()), nil
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
type secretboxDecrypter struct {
|
2018-04-16 01:48:19 +01:00
|
|
|
blockSize int
|
2018-09-26 14:32:23 +01:00
|
|
|
key Key
|
|
|
|
startingNonce Nonce
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewSecretboxDecrypter returns a Transformer that decrypts the data passing
|
2018-04-16 01:48:19 +01:00
|
|
|
// through with key. See the comments for NewSecretboxEncrypter about
|
|
|
|
// startingNonce.
|
2018-09-26 14:32:23 +01:00
|
|
|
func NewSecretboxDecrypter(key *Key, startingNonce *Nonce, encryptedBlockSize int) (Transformer, error) {
|
2018-04-11 14:41:50 +01:00
|
|
|
if encryptedBlockSize <= secretbox.Overhead {
|
|
|
|
return nil, Error.New("block size too small")
|
|
|
|
}
|
2018-04-16 01:48:19 +01:00
|
|
|
return &secretboxDecrypter{
|
|
|
|
blockSize: encryptedBlockSize - secretbox.Overhead,
|
|
|
|
key: *key,
|
|
|
|
startingNonce: *startingNonce,
|
|
|
|
}, nil
|
2018-04-11 14:41:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secretboxDecrypter) InBlockSize() int {
|
|
|
|
return s.blockSize + secretbox.Overhead
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *secretboxDecrypter) OutBlockSize() int {
|
|
|
|
return s.blockSize
|
|
|
|
}
|
|
|
|
|
2018-09-26 14:32:23 +01:00
|
|
|
func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
|
2018-04-16 01:48:19 +01:00
|
|
|
n, err := calcNonce(&s.startingNonce, blockNum)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2018-09-26 14:32:23 +01:00
|
|
|
rv, success := secretbox.Open(out, in, n.Bytes(), s.key.Bytes())
|
2018-04-11 14:41:50 +01:00
|
|
|
if !success {
|
|
|
|
return nil, Error.New("failed decrypting")
|
|
|
|
}
|
|
|
|
return rv, nil
|
|
|
|
}
|
2018-09-26 14:32:23 +01:00
|
|
|
|
|
|
|
// EncryptSecretBox encrypts byte data with a key and nonce. The cipher data is returned
|
|
|
|
func EncryptSecretBox(data []byte, key *Key, nonce *Nonce) (cipherData []byte, err error) {
|
|
|
|
return secretbox.Seal(nil, data, nonce.Bytes(), key.Bytes()), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecryptSecretBox decrypts byte data with a key and nonce. The plain data is returned
|
|
|
|
func DecryptSecretBox(cipherData []byte, key *Key, nonce *Nonce) (data []byte, err error) {
|
|
|
|
data, success := secretbox.Open(nil, cipherData, nonce.Bytes(), key.Bytes())
|
|
|
|
if !success {
|
|
|
|
return nil, errs.New("Failed decrypting")
|
|
|
|
}
|
|
|
|
return data, nil
|
|
|
|
}
|