JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Encapsulate key encryption in the Key and EncryptedPrivateKey types (#499)

Browse Source
This commit is contained in:
Kaloyan Raev 2018-10-18 17:21:08 +03:00 committed by GitHub
parent b34adc310b
commit b9e473a5eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/encryption/encryption.go
View File

@ -28,8 +28,13 @@ const (
type Key [KeySize]byte
// Bytes returns the key as a byte array pointer
func (key *Key) Bytes() *[KeySize]byte {
return (*[KeySize]byte)(key)
func (k *Key) Bytes() *[KeySize]byte {
return (*[KeySize]byte)(k)
}
// Encrypt encrypts the current key with the given key and nonce
func (k *Key) Encrypt(cipher Cipher, key *Key, nonce *Nonce) (EncryptedPrivateKey, error) {
return cipher.Encrypt(k[:], key, nonce)
}
// Nonce represents the largest nonce used by any encryption protocol
@ -60,6 +65,22 @@ func (nonce *AESGCMNonce) Bytes() *[AESGCMNonceSize]byte {
return (*[AESGCMNonceSize]byte)(nonce)
}
// EncryptedPrivateKey is a private key that has been encrypted
type EncryptedPrivateKey []byte
// Decrypt decrypts the current key with the given key and nonce
func (k EncryptedPrivateKey) Decrypt(cipher Cipher, key *Key, nonce *Nonce) (*Key, error) {
plainData, err := cipher.Decrypt(k, key, nonce)
if err != nil {
return nil, err
}
var decryptedKey Key
copy(decryptedKey[:], plainData)
return &decryptedKey, nil
}
// Encrypt encrypts byte data with a key and nonce. The cipher data is returned
// The type of encryption to use can be modified with encType
func (cipher Cipher) Encrypt(data []byte, key *Key, nonce *Nonce) (cipherData []byte, err error) {

11
pkg/storage/streams/store.go
View File

@ -155,7 +155,7 @@ func (s *streamStore) Put(ctx context.Context, path paths.Path, data io.Reader,
return Meta{}, err
}
encryptedKey, err := cipher.Encrypt(contentKey[:], (*encryption.Key)(derivedKey), &keyNonce)
encryptedKey, err := contentKey.Encrypt(cipher, (*encryption.Key)(derivedKey), &keyNonce)
if err != nil {
return Meta{}, err
}
@ -637,7 +637,7 @@ func (s *streamStore) cancelHandler(ctx context.Context, totalSegments int64, pa
}
}
func getEncryptedKeyAndNonce(m *pb.SegmentMeta) ([]byte, *encryption.Nonce) {
func getEncryptedKeyAndNonce(m *pb.SegmentMeta) (encryption.EncryptedPrivateKey, *encryption.Nonce) {
if m == nil {
return nil, nil
}
@ -662,14 +662,11 @@ func decryptStreamInfo(ctx context.Context, item segments.Meta, path paths.Path,
cipher := encryption.Cipher(streamMeta.EncryptionType)
encryptedKey, keyNonce := getEncryptedKeyAndNonce(streamMeta.LastSegmentMeta)
e, err := cipher.Decrypt(encryptedKey, (*encryption.Key)(derivedKey), keyNonce)
contentKey, err := encryptedKey.Decrypt(cipher, (*encryption.Key)(derivedKey), keyNonce)
if err != nil {
return nil, err
}
var contentKey encryption.Key
copy(contentKey[:], e)
// decrypt metadata with the content encryption key and zero nonce
return cipher.Decrypt(streamMeta.EncryptedStreamInfo, &contentKey, &encryption.Nonce{})
return cipher.Decrypt(streamMeta.EncryptedStreamInfo, contentKey, &encryption.Nonce{})
}