moby · diogomonica · Oct 28, 2016 · Oct 11, 2016 · Oct 24, 2016 · Oct 28, 2016
diff --git a/api/types.pb.go b/api/types.pb.go
diff --git a/api/types.proto b/api/types.proto
@@ -840,3 +840,14 @@ message HealthConfig {
 	// container as unhealthy. Zero means inherit.
 	int32 retries = 4;
 }
+
+message MaybeEncryptedRecord {
+	enum Algorithm {
+		NONE = 0 [(gogoproto.enumvalue_customname) = "NotEncrypted"];
+		SECRETBOX_SALSA20_POLY1305 = 1 [(gogoproto.enumvalue_customname) = "NACLSecretboxSalsa20Poly1305"];
+	}
+
+	Algorithm algorithm = 1;
+	bytes data = 2;
+	bytes nonce = 3;
+}
diff --git a/manager/encryption/encryption.go b/manager/encryption/encryption.go
@@ -0,0 +1,132 @@
+package encryption
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/gogo/protobuf/proto"
+	"github.com/pkg/errors"
+)
+
+// This package defines the interfaces and encryption package
+
+const humanReadablePrefix = "SWMKEY-1-"
+
+// ErrCannotDecrypt is the type of error returned when some data cannot be decryptd as plaintext
+type ErrCannotDecrypt struct {
+	msg string
+}
+
+func (e ErrCannotDecrypt) Error() string {
+	return e.msg
+}
+
+// A Decrypter can decrypt an encrypted record
+type Decrypter interface {
+	Decrypt(api.MaybeEncryptedRecord) ([]byte, error)
+}
+
+// A Encrypter can encrypt some bytes into an encrypted record
+type Encrypter interface {
+	Encrypt(data []byte) (*api.MaybeEncryptedRecord, error)
+}
+
+type noopCrypter struct{}
+
+func (n noopCrypter) Decrypt(e api.MaybeEncryptedRecord) ([]byte, error) {
+	if e.Algorithm != n.Algorithm() {
+		return nil, fmt.Errorf("record is encrypted")
+	}
+	return e.Data, nil
+}
+
+func (n noopCrypter) Encrypt(data []byte) (*api.MaybeEncryptedRecord, error) {
+	return &api.MaybeEncryptedRecord{
+		Algorithm: n.Algorithm(),
+		Data:      data,
+	}, nil
+}
+
+func (n noopCrypter) Algorithm() api.MaybeEncryptedRecord_Algorithm {
+	return api.MaybeEncryptedRecord_NotEncrypted
+}
+
+// NoopCrypter is just a pass-through crypter - it does not actually encrypt or
+// decrypt any data
+var NoopCrypter = noopCrypter{}
+
+// Decrypt turns a slice of bytes serialized as an MaybeEncryptedRecord into a slice of plaintext bytes
+func Decrypt(encryptd []byte, decrypter Decrypter) ([]byte, error) {
+	if decrypter == nil {
+		return nil, ErrCannotDecrypt{msg: "no decrypter specified"}
+	}
+	r := api.MaybeEncryptedRecord{}
+	if err := proto.Unmarshal(encryptd, &r); err != nil {
+		// nope, this wasn't marshalled as a MaybeEncryptedRecord
+		return nil, ErrCannotDecrypt{msg: "unable to unmarshal as MaybeEncryptedRecord"}
+	}
+	plaintext, err := decrypter.Decrypt(r)
+	if err != nil {
+		return nil, ErrCannotDecrypt{msg: err.Error()}
+	}
+	return plaintext, nil
+}
+
+// Encrypt turns a slice of bytes into a serialized MaybeEncryptedRecord slice of bytes
+func Encrypt(plaintext []byte, encrypter Encrypter) ([]byte, error) {
+	if encrypter == nil {
+		return nil, fmt.Errorf("no encrypter specified")
+	}
+
+	encryptedRecord, err := encrypter.Encrypt(plaintext)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to encrypt data")
+	}
+
+	data, err := proto.Marshal(encryptedRecord)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to marshal as MaybeEncryptedRecord")
+	}
+
+	return data, nil
+}
+
+// Defaults returns a default encrypter and decrypter
+func Defaults(key []byte) (Encrypter, Decrypter) {
+	n := NewNACLSecretbox(key)
+	return n, n
+}
+
+// GenerateSecretKey generates a secret key that can be used for encrypting data
+// using this package
+func GenerateSecretKey() []byte {
+	secretData := make([]byte, naclSecretboxKeySize)
+	if _, err := io.ReadFull(rand.Reader, secretData); err != nil {
+		// panic if we can't read random data
+		panic(errors.Wrap(err, "failed to read random bytes"))
+	}
+	return secretData
+}
+
+// HumanReadableKey displays a secret key in a human readable way
+func HumanReadableKey(key []byte) string {
+	// base64-encode the key
+	return humanReadablePrefix + base64.StdEncoding.EncodeToString(key)
+}
+
+// ParseHumanReadableKey returns a key as bytes from recognized serializations of
+// said keys
+func ParseHumanReadableKey(key string) ([]byte, error) {
+	if !strings.HasPrefix(key, humanReadablePrefix) {
+		return nil, fmt.Errorf("invalid key string")
+	}
+	keyBytes, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(key, humanReadablePrefix))
+	if err != nil {
+		return nil, fmt.Errorf("invalid key string")
+	}
+	return keyBytes, nil
+}
diff --git a/manager/encryption/encryption_test.go b/manager/encryption/encryption_test.go
@@ -0,0 +1,71 @@
+package encryption
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestEncryptDecrypt(t *testing.T) {
+	// not providing an encrypter will fail
+	msg := []byte("hello again swarmkit")
+	_, err := Encrypt(msg, nil)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "no encrypter")
+
+	// noop encrypter can encrypt
+	encrypted, err := Encrypt(msg, NoopCrypter)
+	require.NoError(t, err)
+
+	// not providing a decrypter will fail
+	_, err = Decrypt(encrypted, nil)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "no decrypter")
+
+	// noop decrypter can decrypt
+	decrypted, err := Decrypt(encrypted, NoopCrypter)
+	require.NoError(t, err)
+	require.Equal(t, msg, decrypted)
+
+	// the default encrypter can produce something the default decrypter can read
+	encrypter, decrypter := Defaults([]byte("key"))
+	encrypted, err = Encrypt(msg, encrypter)
+	require.NoError(t, err)
+	decrypted, err = Decrypt(encrypted, decrypter)
+	require.NoError(t, err)
+	require.Equal(t, msg, decrypted)
+
+	// mismatched encrypters and decrypters can't read the content produced by each
+	encrypted, err = Encrypt(msg, NoopCrypter)
+	require.NoError(t, err)
+	_, err = Decrypt(encrypted, decrypter)
+	require.Error(t, err)
+	require.IsType(t, ErrCannotDecrypt{}, err)
+
+	encrypted, err = Encrypt(msg, encrypter)
+	require.NoError(t, err)
+	_, err = Decrypt(encrypted, NoopCrypter)
+	require.Error(t, err)
+	require.IsType(t, ErrCannotDecrypt{}, err)
+}
+
+func TestHumanReadable(t *testing.T) {
+	// we can produce human readable strings that can then be re-parsed
+	key := GenerateSecretKey()
+	keyString := HumanReadableKey(key)
+	parsedKey, err := ParseHumanReadableKey(keyString)
+	require.NoError(t, err)
+	require.Equal(t, parsedKey, key)
+
+	// if the prefix is wrong, we can't parse the key
+	_, err = ParseHumanReadableKey("A" + keyString)
+	require.Error(t, err)
+
+	// With the right prefix, we can't parse if the key isn't base64 encoded
+	_, err = ParseHumanReadableKey(humanReadablePrefix + "aaaaa/")
+	require.Error(t, err)
+
+	// Extra padding also fails
+	_, err = ParseHumanReadableKey(keyString + "=")
+	require.Error(t, err)
+}
diff --git a/manager/encryption/nacl.go b/manager/encryption/nacl.go
@@ -0,0 +1,73 @@
+package encryption
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io"
+
+	"github.com/docker/swarmkit/api"
+
+	"golang.org/x/crypto/nacl/secretbox"
+)
+
+const naclSecretboxKeySize = 32
+const naclSecretboxNonceSize = 24
+
+// This provides the default implementation of an encrypter and decrypter, as well
+// as the default KDF function.
+
+// NACLSecretbox is an implementation of an encrypter/decrypter.  Encrypting
+// generates random Nonces.
+type NACLSecretbox struct {
+	key [naclSecretboxKeySize]byte
+}
+
+// NewNACLSecretbox returns a new NACL secretbox encrypter/decrypter with the given key
+func NewNACLSecretbox(key []byte) NACLSecretbox {
+	secretbox := NACLSecretbox{}
+	copy(secretbox.key[:], key)
+	return secretbox
+}
+
+// Algorithm returns the type of algorhtm this is (NACL Secretbox using XSalsa20 and Poly1305)
+func (n NACLSecretbox) Algorithm() api.MaybeEncryptedRecord_Algorithm {
+	return api.MaybeEncryptedRecord_NACLSecretboxSalsa20Poly1305
+}
+
+// Encrypt encrypts some bytes and returns an encrypted record
+func (n NACLSecretbox) Encrypt(data []byte) (*api.MaybeEncryptedRecord, error) {
+	var nonce [24]byte
+	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
+		return nil, err
+	}
+
+	// Seal's first argument is an "out", the data that the new encrypted message should be
+	// appended to.  Since we don't want to append anything, we pass nil.
+	encrypted := secretbox.Seal(nil, data, &nonce, &n.key)
+	return &api.MaybeEncryptedRecord{
+		Algorithm: n.Algorithm(),
+		Data:      encrypted,
+		Nonce:     nonce[:],
+	}, nil
+}
+
+// Decrypt decrypts a MaybeEncryptedRecord and returns some bytes
+func (n NACLSecretbox) Decrypt(record api.MaybeEncryptedRecord) ([]byte, error) {
+	if record.Algorithm != n.Algorithm() {
+		return nil, fmt.Errorf("not a NACL secretbox record")
+	}
+	if len(record.Nonce) != naclSecretboxNonceSize {
+		return nil, fmt.Errorf("invalid nonce size for NACL secretbox: require 24, got %d", len(record.Nonce))
+	}
+
+	var decryptNonce [naclSecretboxNonceSize]byte
+	copy(decryptNonce[:], record.Nonce[:naclSecretboxNonceSize])
+
+	// Open's first argument is an "out", the data that the decrypted message should be
+	// appended to.  Since we don't want to append anything, we pass nil.
+	decrypted, ok := secretbox.Open(nil, record.Data, &decryptNonce, &n.key)
+	if !ok {
+		return nil, fmt.Errorf("decryption error using NACL secretbox")
+	}
+	return decrypted, nil
+}
diff --git a/manager/encryption/nacl_test.go b/manager/encryption/nacl_test.go
@@ -0,0 +1,83 @@
+package encryption
+
+import (
+	"crypto/rand"
+	"io"
+	"testing"
+
+	"github.com/docker/swarmkit/api"
+	"github.com/stretchr/testify/require"
+)
+
+// Using the same key to encrypt the same message, this encrypter produces two
+// different ciphertexts because it produces two different nonces.  Both
+// of these can be decrypted into the same data though.
+func TestNACLSecretbox(t *testing.T) {
+	key := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, key)
+	require.NoError(t, err)
+
+	crypter := NewNACLSecretbox(key)
+	data := []byte("Hello again world")
+
+	er1, err := crypter.Encrypt(data)
+	require.NoError(t, err)
+
+	er2, err := crypter.Encrypt(data)
+	require.NoError(t, err)
+
+	require.NotEqual(t, er1.Data, er2.Data)
+	require.NotEmpty(t, er1.Nonce, er2.Nonce)
+
+	result, err := crypter.Decrypt(*er1)
+	require.NoError(t, err)
+	require.Equal(t, data, result)
+
+	result, err = crypter.Decrypt(*er2)
+	require.NoError(t, err)
+	require.Equal(t, data, result)
+}
+
+func TestNACLSecretboxInvalidAlgorithm(t *testing.T) {
+	key := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, key)
+	require.NoError(t, err)
+
+	crypter := NewNACLSecretbox(key)
+	er, err := crypter.Encrypt([]byte("Hello again world"))
+	require.NoError(t, err)
+	er.Algorithm = api.MaybeEncryptedRecord_NotEncrypted
+
+	_, err = crypter.Decrypt(*er)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "not a NACL secretbox")
+}
+
+func TestNACLSecretboxCannotDecryptWithoutRightKey(t *testing.T) {
+	key := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, key)
+	require.NoError(t, err)
+
+	crypter := NewNACLSecretbox(key)
+	er, err := crypter.Encrypt([]byte("Hello again world"))
+	require.NoError(t, err)
+
+	crypter = NewNACLSecretbox([]byte{})
+	_, err = crypter.Decrypt(*er)
+	require.Error(t, err)
+}
+
+func TestNACLSecretboxInvalidNonce(t *testing.T) {
+	key := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, key)
+	require.NoError(t, err)
+
+	crypter := NewNACLSecretbox(key)
+	er, err := crypter.Encrypt([]byte("Hello again world"))
+	require.NoError(t, err)
+	er.Nonce = er.Nonce[:20]
+
+	_, err = crypter.Decrypt(*er)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "invalid nonce size")
+}