821d0b6f1d
* begin adding encryption for remote pieces * begin adding decryption * add encryption key as arg to Put and Get * move encryption/decryption to object store * Add encryption key to object store constructor * Add the erasure scheme to object store constructor * Ensure decrypter is initialized with the stripe size used by encrypter * Revert "Ensure decrypter is initialized with the stripe size used by encrypter" This reverts commit 07272333f461606edfb43ad106cc152f37a3bd46. * Revert "Add the erasure scheme to object store constructor" This reverts commit ea5e793b536159d993b96e3db69a37c1656a193c. * move encryption to stream store * move decryption stuff to stream store * revert changes in object store * add encryptedBlockSize and close rangers on error during Get * calculate padding sizes correctly * encryptedBlockSize -> encryptionBlockSize * pass encryption key and block size into stream store * remove encryption key and block size from object store constructor * move encrypter/decrypter initialization * remove unnecessary cast * Fix padding issue * Fix linter * add todos * use random encryption key for data encryption. Store an encrypted copy of this key in segment metadata * use different encryption key for each segment * encrypt data in one step if it is small enough * refactor and move encryption stuff * fix errors related to nil slices passed to copy * fix encrypter vs. decrypter bug * put encryption stuff in eestream * get captplanet test to pass * fix linting errors * add types for encryption keys/nonces and clean up * fix tests * more review changes * add Cipher type for encryption stuff * fix rs_test * Simplify type casting of key and nonce * Init starting nonce to the segment index * don't copy derived key * remove default encryption key; force user to explicitly set it * move getSegmentPath to streams package * dont require user to specify encryption key for captplanet * rename GenericKey and GenericNonce to Key and Nonce * review changes * fix linting error * Download uses the encryption type from metadata * Store enc block size in metadata and use it for download
162 lines
4.4 KiB
Go
162 lines
4.4 KiB
Go
// Copyright (C) 2018 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package eestream
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
|
|
"github.com/zeebo/errs"
|
|
)
|
|
|
|
type aesgcmEncrypter struct {
|
|
blockSize int
|
|
key Key
|
|
startingNonce AESGCMNonce
|
|
overhead int
|
|
aesgcm cipher.AEAD
|
|
}
|
|
|
|
// NewAESGCMEncrypter returns a Transformer that encrypts the data passing
|
|
// through with key.
|
|
//
|
|
// startingNonce is treated as a big-endian encoded unsigned
|
|
// integer, and as blocks pass through, their block number and the starting
|
|
// nonce is added together to come up with that block's nonce. Encrypting
|
|
// different data with the same key and the same nonce is a huge security
|
|
// issue. It's safe to always encode new data with a random key and random
|
|
// startingNonce. The monotonically-increasing nonce (that rolls over) is to
|
|
// protect against data reordering.
|
|
//
|
|
// When in doubt, generate a new key from crypto/rand and a startingNonce
|
|
// from crypto/rand as often as possible.
|
|
func NewAESGCMEncrypter(key *Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
|
|
block, err := aes.NewCipher((*key)[:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aesgcmEncrypt, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if encryptedBlockSize <= aesgcmEncrypt.Overhead() {
|
|
return nil, Error.New("block size too small")
|
|
}
|
|
return &aesgcmEncrypter{
|
|
blockSize: encryptedBlockSize - aesgcmEncrypt.Overhead(),
|
|
key: *key,
|
|
startingNonce: *startingNonce,
|
|
overhead: aesgcmEncrypt.Overhead(),
|
|
aesgcm: aesgcmEncrypt,
|
|
}, nil
|
|
}
|
|
|
|
func (s *aesgcmEncrypter) InBlockSize() int {
|
|
return s.blockSize
|
|
}
|
|
|
|
func (s *aesgcmEncrypter) OutBlockSize() int {
|
|
return s.blockSize + s.overhead
|
|
}
|
|
|
|
func calcGCMNonce(startingNonce *AESGCMNonce, blockNum int64) (rv [12]byte, err error) {
|
|
if copy(rv[:], (*startingNonce)[:]) != len(rv) {
|
|
return rv, Error.New("didn't copy memory?!")
|
|
}
|
|
_, err = incrementBytes(rv[:], blockNum)
|
|
return rv, err
|
|
}
|
|
|
|
func (s *aesgcmEncrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
|
|
n, err := calcGCMNonce(&s.startingNonce, blockNum)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ciphertext := s.aesgcm.Seal(out, n[:], in, nil)
|
|
return ciphertext, nil
|
|
}
|
|
|
|
type aesgcmDecrypter struct {
|
|
blockSize int
|
|
key Key
|
|
startingNonce AESGCMNonce
|
|
overhead int
|
|
aesgcm cipher.AEAD
|
|
}
|
|
|
|
// NewAESGCMDecrypter returns a Transformer that decrypts the data passing
|
|
// through with key. See the comments for NewAESGCMEncrypter about
|
|
// startingNonce.
|
|
func NewAESGCMDecrypter(key *Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
|
|
block, err := aes.NewCipher((*key)[:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aesgcmDecrypt, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if encryptedBlockSize <= aesgcmDecrypt.Overhead() {
|
|
return nil, Error.New("block size too small")
|
|
}
|
|
return &aesgcmDecrypter{
|
|
blockSize: encryptedBlockSize - aesgcmDecrypt.Overhead(),
|
|
key: *key,
|
|
startingNonce: *startingNonce,
|
|
overhead: aesgcmDecrypt.Overhead(),
|
|
aesgcm: aesgcmDecrypt,
|
|
}, nil
|
|
}
|
|
func (s *aesgcmDecrypter) InBlockSize() int {
|
|
return s.blockSize + s.overhead
|
|
}
|
|
|
|
func (s *aesgcmDecrypter) OutBlockSize() int {
|
|
return s.blockSize
|
|
}
|
|
|
|
func (s *aesgcmDecrypter) Transform(out, in []byte, blockNum int64) ([]byte, error) {
|
|
n, err := calcGCMNonce(&s.startingNonce, blockNum)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return s.aesgcm.Open(out, n[:], in, nil)
|
|
}
|
|
|
|
// EncryptAESGCM encrypts byte data with a key and nonce. The cipher data is returned
|
|
func EncryptAESGCM(data, key, nonce []byte) (cipherData []byte, err error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return []byte{}, errs.Wrap(err)
|
|
}
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return []byte{}, errs.Wrap(err)
|
|
}
|
|
cipherData = aesgcm.Seal(nil, nonce, data, nil)
|
|
return cipherData, nil
|
|
}
|
|
|
|
// DecryptAESGCM decrypts byte data with a key and nonce. The plain data is returned
|
|
func DecryptAESGCM(cipherData, key, nonce []byte) (data []byte, err error) {
|
|
if len(cipherData) == 0 {
|
|
return []byte{}, errs.New("empty cipher data")
|
|
}
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return []byte{}, errs.Wrap(err)
|
|
}
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return []byte{}, errs.Wrap(err)
|
|
}
|
|
decrypted, err := aesgcm.Open(nil, nonce, cipherData, nil)
|
|
if err != nil {
|
|
return []byte{}, errs.Wrap(err)
|
|
}
|
|
return decrypted, nil
|
|
}
|