143 lines
4.2 KiB
Go
143 lines
4.2 KiB
Go
// Copyright (C) 2018 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package encryption
|
|
|
|
import (
|
|
"github.com/zeebo/errs"
|
|
)
|
|
|
|
// Cipher is a type used to define the type of encryption to use
|
|
type Cipher byte
|
|
|
|
// Constant definitions for no encryption (0), AESGCM (1), and SecretBox (2)
|
|
const (
|
|
None = Cipher(iota)
|
|
AESGCM
|
|
SecretBox
|
|
)
|
|
|
|
// Constant definitions for key and nonce sizes
|
|
const (
|
|
KeySize = 32
|
|
NonceSize = 24
|
|
AESGCMNonceSize = 12
|
|
)
|
|
|
|
// Key represents the largest key used by any encryption protocol
|
|
type Key [KeySize]byte
|
|
|
|
// Bytes returns the key as a byte array pointer
|
|
func (k *Key) Bytes() *[KeySize]byte {
|
|
return (*[KeySize]byte)(k)
|
|
}
|
|
|
|
// Encrypt encrypts the current key with the given key and nonce
|
|
func (k *Key) Encrypt(cipher Cipher, key *Key, nonce *Nonce) (EncryptedPrivateKey, error) {
|
|
return cipher.Encrypt(k[:], key, nonce)
|
|
}
|
|
|
|
// Nonce represents the largest nonce used by any encryption protocol
|
|
type Nonce [NonceSize]byte
|
|
|
|
// Bytes returns the nonce as a byte array pointer
|
|
func (nonce *Nonce) Bytes() *[NonceSize]byte {
|
|
return (*[NonceSize]byte)(nonce)
|
|
}
|
|
|
|
// Increment increments the nonce with the given amount
|
|
func (nonce *Nonce) Increment(amount int64) (truncated bool, err error) {
|
|
return incrementBytes(nonce[:], amount)
|
|
}
|
|
|
|
// AESGCMNonce returns the nonce as a AES-GCM nonce
|
|
func (nonce *Nonce) AESGCMNonce() *AESGCMNonce {
|
|
aes := new(AESGCMNonce)
|
|
copy((*aes)[:], nonce[:AESGCMNonceSize])
|
|
return aes
|
|
}
|
|
|
|
// AESGCMNonce represents the nonce used by the AES-GCM protocol
|
|
type AESGCMNonce [AESGCMNonceSize]byte
|
|
|
|
// Bytes returns the nonce as a byte array pointer
|
|
func (nonce *AESGCMNonce) Bytes() *[AESGCMNonceSize]byte {
|
|
return (*[AESGCMNonceSize]byte)(nonce)
|
|
}
|
|
|
|
// EncryptedPrivateKey is a private key that has been encrypted
|
|
type EncryptedPrivateKey []byte
|
|
|
|
// Decrypt decrypts the current key with the given key and nonce
|
|
func (k EncryptedPrivateKey) Decrypt(cipher Cipher, key *Key, nonce *Nonce) (*Key, error) {
|
|
plainData, err := cipher.Decrypt(k, key, nonce)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var decryptedKey Key
|
|
copy(decryptedKey[:], plainData)
|
|
|
|
return &decryptedKey, nil
|
|
}
|
|
|
|
// Encrypt encrypts byte data with a key and nonce. The cipher data is returned
|
|
// The type of encryption to use can be modified with encType
|
|
func (cipher Cipher) Encrypt(data []byte, key *Key, nonce *Nonce) (cipherData []byte, err error) {
|
|
switch cipher {
|
|
case None:
|
|
return data, nil
|
|
case AESGCM:
|
|
return EncryptAESGCM(data, key, nonce.AESGCMNonce())
|
|
case SecretBox:
|
|
return EncryptSecretBox(data, key, nonce)
|
|
default:
|
|
return nil, errs.New("Invalid encryption type")
|
|
}
|
|
}
|
|
|
|
// Decrypt decrypts byte data with a key and nonce. The plain data is returned
|
|
// The type of encryption to use can be modified with encType
|
|
func (cipher Cipher) Decrypt(cipherData []byte, key *Key, nonce *Nonce) (data []byte, err error) {
|
|
switch cipher {
|
|
case None:
|
|
return cipherData, nil
|
|
case AESGCM:
|
|
return DecryptAESGCM(cipherData, key, nonce.AESGCMNonce())
|
|
case SecretBox:
|
|
return DecryptSecretBox(cipherData, key, nonce)
|
|
default:
|
|
return nil, errs.New("Invalid encryption type")
|
|
}
|
|
}
|
|
|
|
// NewEncrypter creates transform stream using a key and a nonce to encrypt data passing through it
|
|
// The type of encryption to use can be modified with encType
|
|
func (cipher Cipher) NewEncrypter(key *Key, startingNonce *Nonce, encBlockSize int) (Transformer, error) {
|
|
switch cipher {
|
|
case None:
|
|
return &NoopTransformer{}, nil
|
|
case AESGCM:
|
|
return NewAESGCMEncrypter(key, startingNonce.AESGCMNonce(), encBlockSize)
|
|
case SecretBox:
|
|
return NewSecretboxEncrypter(key, startingNonce, encBlockSize)
|
|
default:
|
|
return nil, errs.New("Invalid encryption type")
|
|
}
|
|
}
|
|
|
|
// NewDecrypter creates transform stream using a key and a nonce to decrypt data passing through it
|
|
// The type of encryption to use can be modified with encType
|
|
func (cipher Cipher) NewDecrypter(key *Key, startingNonce *Nonce, encBlockSize int) (Transformer, error) {
|
|
switch cipher {
|
|
case None:
|
|
return &NoopTransformer{}, nil
|
|
case AESGCM:
|
|
return NewAESGCMDecrypter(key, startingNonce.AESGCMNonce(), encBlockSize)
|
|
case SecretBox:
|
|
return NewSecretboxDecrypter(key, startingNonce, encBlockSize)
|
|
default:
|
|
return nil, errs.New("Invalid encryption type")
|
|
}
|
|
}
|