Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(resolution): restore hex.Decode/Encode when loading/storing ciphered data from database #395

Merged
merged 2 commits into from
Nov 23, 2022

Conversation

rbeuque74
Copy link
Member

Signed-off-by: Romain Beuque 556072+rbeuque74@users.noreply.github.com

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
    Bug fix

  • What is the current behavior? (You can also link to an open issue here)
    Failed to load resolution from public id: chacha20poly1305: message authentication failed

  • What is the new behavior (if this is a feature change)?
    Previously, we were using symmecrypt.DecryptMarshal to load data from the database, and we switched to symmecrypt.Decrypt with bf23fbb.
    This changed the behaviour because DecryptMarshal was also calling hex.Decode on the ciphered text before doing the Decrypt. We had to restore this behaviour to read old data from our database.
    Same for EncryptMarshal/Encrypt/hex.Encode

  • Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)
    No

  • Other information:

…red data from database

Previously, we were using symmecrypt.DecryptMarshal to load data from
the database, and we switched to symmecrypt.Decrypt with
bf23fbb.
This changed the behaviour because DecryptMarshal was also calling hex.Decode
on the ciphered text before doing the Decrypt. We had to restore this
behaviour to read old data from our database.
Same for EncryptMarshal/Encrypt/hex.Encode

Signed-off-by: Romain Beuque <556072+rbeuque74@users.noreply.github.com>
@rbeuque74 rbeuque74 requested a review from loopfz as a code owner November 22, 2022 17:01
@@ -166,6 +167,9 @@ func Create(dbp zesty.DBProvider, t *task.Task, resolverInputs map[string]interf
if err != nil {
return nil, err
}

dst := make([]byte, 0, hex.EncodedLen(len(encryptedSteps)))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
dst := make([]byte, 0, hex.EncodedLen(len(encryptedSteps)))
dst := make([]byte, hex.EncodedLen(len(encryptedSteps)))

From the official documentation, it uses the size of the buffer: https://pkg.go.dev/encoding/hex#Encode

Copy link
Contributor

@wI2L wI2L Nov 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: (correcting myself) the functions uses the byte slice indexes, and not append, so the slice must be of the proper length, enough capacity with a 0 length won't work.

@@ -377,6 +391,8 @@ func (r *Resolution) Update(dbp zesty.DBProvider) (err error) {
return err
}

dst := make([]byte, 0, hex.EncodedLen(len(compressedSteps)))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
dst := make([]byte, 0, hex.EncodedLen(len(compressedSteps)))
dst := make([]byte, hex.EncodedLen(len(compressedSteps)))

@@ -247,7 +251,17 @@ func load(dbp zesty.DBProvider, publicID string, locked bool, lockNoWait bool) (
return nil, err
}

compressedSteps, err := models.EncryptionKey.Decrypt(r.EncryptedSteps, []byte(r.PublicID))
dst := make([]byte, 0, hex.DecodedLen(len(r.EncryptedSteps)))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
dst := make([]byte, 0, hex.DecodedLen(len(r.EncryptedSteps)))
dst := make([]byte, hex.DecodedLen(len(r.EncryptedSteps)))

// often.
// See https://github.com/ovh/utask/commit/bf23fbb10b62bb487ac4ea01b1e519f85480e58b and migration
// from symmecrypt.Key.DecryptMarshal to symmecrypt.Key.Decrypt
_, _ = hex.Decode(dst, r.EncryptedSteps)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably check returned error and set dst to r.EncryptedSteps if there was an error.

Signed-off-by: Thomas Bétrancourt <thomas@betrancourt.net>
@rclsilver rclsilver merged commit 4b2ed72 into master Nov 23, 2022
@wI2L wI2L deleted the dev/rbeuque/fix-resolution-decrypt branch November 23, 2022 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants