storj/pkg/eestream/secretbox.go

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.

package eestream

import (
	"golang.org/x/crypto/nacl/secretbox"
)

type secretboxEncrypter struct {
	blockSize     int
	key           [32]byte
	startingNonce [24]byte
}

// NewSecretboxEncrypter returns a Transformer that encrypts the data passing
// through with key.
//
// startingNonce is treated as a big-endian encoded unsigned
// integer, and as blocks pass through, their block number and the starting
// nonce is added together to come up with that block's nonce. Encrypting
// different data with the same key and the same nonce is a huge security
// issue. It's safe to always encode new data with a random key and random
// startingNonce. The monotonically-increasing nonce (that rolls over) is to
// protect against data reordering.
//
// When in doubt, generate a new key from crypto/rand and a startingNonce
// from crypto/rand as often as possible.
func NewSecretboxEncrypter(key *[32]byte, startingNonce *[24]byte,
	encryptedBlockSize int) (Transformer, error) {
	if encryptedBlockSize <= secretbox.Overhead {
		return nil, Error.New("block size too small")
	}
	return &secretboxEncrypter{
		blockSize:     encryptedBlockSize - secretbox.Overhead,
		key:           *key,
		startingNonce: *startingNonce,
	}, nil
}

func (s *secretboxEncrypter) InBlockSize() int {
	return s.blockSize
}

func (s *secretboxEncrypter) OutBlockSize() int {
	return s.blockSize + secretbox.Overhead
}

func calcNonce(startingNonce *[24]byte, blockNum int64) (rv [24]byte,
	err error) {
	if copy(rv[:], (*startingNonce)[:]) != len(rv) {
		return rv, Error.New("didn't copy memory?!")
	}
	_, err = incrementBytes(rv[:], blockNum)
	return rv, err
}

func (s *secretboxEncrypter) Transform(out, in []byte, blockNum int64) (
	[]byte, error) {
	n, err := calcNonce(&s.startingNonce, blockNum)
	if err != nil {
		return nil, err
	}
	return secretbox.Seal(out, in, &n, &s.key), nil
}

type secretboxDecrypter struct {
	blockSize     int
	key           [32]byte
	startingNonce [24]byte
}

// NewSecretboxDecrypter returns a Transformer that decrypts the data passing
// through with key. See the comments for NewSecretboxEncrypter about
// startingNonce.
func NewSecretboxDecrypter(key *[32]byte, startingNonce *[24]byte,
	encryptedBlockSize int) (Transformer, error) {
	if encryptedBlockSize <= secretbox.Overhead {
		return nil, Error.New("block size too small")
	}
	return &secretboxDecrypter{
		blockSize:     encryptedBlockSize - secretbox.Overhead,
		key:           *key,
		startingNonce: *startingNonce,
	}, nil
}

func (s *secretboxDecrypter) InBlockSize() int {
	return s.blockSize + secretbox.Overhead
}

func (s *secretboxDecrypter) OutBlockSize() int {
	return s.blockSize
}

func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) (
	[]byte, error) {
	n, err := calcNonce(&s.startingNonce, blockNum)
	if err != nil {
		return nil, err
	}
	rv, success := secretbox.Open(out, in, &n, &s.key)
	if !success {
		return nil, Error.New("failed decrypting")
	}
	return rv, nil
}
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`// Copyright (C) 2018 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package eestream`

			`import (`
			`"golang.org/x/crypto/nacl/secretbox"`
			`)`

			`type secretboxEncrypter struct {`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`blockSize int`
			`key [32]byte`
			`startingNonce [24]byte`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`// NewSecretboxEncrypter returns a Transformer that encrypts the data passing`
			`// through with key.`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`//`
			`// startingNonce is treated as a big-endian encoded unsigned`
			`// integer, and as blocks pass through, their block number and the starting`
			`// nonce is added together to come up with that block's nonce. Encrypting`
			`// different data with the same key and the same nonce is a huge security`
			`// issue. It's safe to always encode new data with a random key and random`
			`// startingNonce. The monotonically-increasing nonce (that rolls over) is to`
			`// protect against data reordering.`
			`//`
			`// When in doubt, generate a new key from crypto/rand and a startingNonce`
			`// from crypto/rand as often as possible.`
			`func NewSecretboxEncrypter(key [32]byte, startingNonce [24]byte,`
			`encryptedBlockSize int) (Transformer, error) {`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`if encryptedBlockSize <= secretbox.Overhead {`
			`return nil, Error.New("block size too small")`
			`}`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`return &secretboxEncrypter{`
			`blockSize: encryptedBlockSize - secretbox.Overhead,`
			`key: *key,`
			`startingNonce: *startingNonce,`
			`}, nil`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`func (s *secretboxEncrypter) InBlockSize() int {`
			`return s.blockSize`
			`}`

			`func (s *secretboxEncrypter) OutBlockSize() int {`
			`return s.blockSize + secretbox.Overhead`
			`}`

eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`func calcNonce(startingNonce *[24]byte, blockNum int64) (rv [24]byte,`
			`err error) {`
			`if copy(rv[:], (*startingNonce)[:]) != len(rv) {`
			`return rv, Error.New("didn't copy memory?!")`
			`}`
			`_, err = incrementBytes(rv[:], blockNum)`
			`return rv, err`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`func (s *secretboxEncrypter) Transform(out, in []byte, blockNum int64) (`
			`[]byte, error) {`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`n, err := calcNonce(&s.startingNonce, blockNum)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return secretbox.Seal(out, in, &n, &s.key), nil`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`type secretboxDecrypter struct {`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`blockSize int`
			`key [32]byte`
			`startingNonce [24]byte`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`// NewSecretboxDecrypter returns a Transformer that decrypts the data passing`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`// through with key. See the comments for NewSecretboxEncrypter about`
			`// startingNonce.`
			`func NewSecretboxDecrypter(key [32]byte, startingNonce [24]byte,`
			`encryptedBlockSize int) (Transformer, error) {`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`if encryptedBlockSize <= secretbox.Overhead {`
			`return nil, Error.New("block size too small")`
			`}`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`return &secretboxDecrypter{`
			`blockSize: encryptedBlockSize - secretbox.Overhead,`
			`key: *key,`
			`startingNonce: *startingNonce,`
			`}, nil`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`}`

			`func (s *secretboxDecrypter) InBlockSize() int {`
			`return s.blockSize + secretbox.Overhead`
			`}`

			`func (s *secretboxDecrypter) OutBlockSize() int {`
			`return s.blockSize`
			`}`

			`func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) (`
			`[]byte, error) {`
eestream: make secretbox example harder to fall victim to nonce reuse 2018-04-16 01:48:19 +01:00			`n, err := calcNonce(&s.startingNonce, blockNum)`
			`if err != nil {`
			`return nil, err`
			`}`
			`rv, success := secretbox.Open(out, in, &n, &s.key)`
pkg/eestream: initial 2018-04-11 14:41:50 +01:00			`if !success {`
			`return nil, Error.New("failed decrypting")`
			`}`
			`return rv, nil`
			`}`