-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(resolution): restore hex.Decode/Encode when loading/storing ciphered data from database #395
Conversation
…red data from database Previously, we were using symmecrypt.DecryptMarshal to load data from the database, and we switched to symmecrypt.Decrypt with bf23fbb. This changed the behaviour because DecryptMarshal was also calling hex.Decode on the ciphered text before doing the Decrypt. We had to restore this behaviour to read old data from our database. Same for EncryptMarshal/Encrypt/hex.Encode Signed-off-by: Romain Beuque <556072+rbeuque74@users.noreply.github.com>
models/resolution/resolution.go
Outdated
@@ -166,6 +167,9 @@ func Create(dbp zesty.DBProvider, t *task.Task, resolverInputs map[string]interf | |||
if err != nil { | |||
return nil, err | |||
} | |||
|
|||
dst := make([]byte, 0, hex.EncodedLen(len(encryptedSteps))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dst := make([]byte, 0, hex.EncodedLen(len(encryptedSteps))) | |
dst := make([]byte, hex.EncodedLen(len(encryptedSteps))) |
From the official documentation, it uses the size of the buffer: https://pkg.go.dev/encoding/hex#Encode
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: (correcting myself) the functions uses the byte slice indexes, and not append, so the slice must be of the proper length, enough capacity with a 0 length won't work.
models/resolution/resolution.go
Outdated
@@ -377,6 +391,8 @@ func (r *Resolution) Update(dbp zesty.DBProvider) (err error) { | |||
return err | |||
} | |||
|
|||
dst := make([]byte, 0, hex.EncodedLen(len(compressedSteps))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dst := make([]byte, 0, hex.EncodedLen(len(compressedSteps))) | |
dst := make([]byte, hex.EncodedLen(len(compressedSteps))) |
models/resolution/resolution.go
Outdated
@@ -247,7 +251,17 @@ func load(dbp zesty.DBProvider, publicID string, locked bool, lockNoWait bool) ( | |||
return nil, err | |||
} | |||
|
|||
compressedSteps, err := models.EncryptionKey.Decrypt(r.EncryptedSteps, []byte(r.PublicID)) | |||
dst := make([]byte, 0, hex.DecodedLen(len(r.EncryptedSteps))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dst := make([]byte, 0, hex.DecodedLen(len(r.EncryptedSteps))) | |
dst := make([]byte, hex.DecodedLen(len(r.EncryptedSteps))) |
models/resolution/resolution.go
Outdated
// often. | ||
// See https://github.com/ovh/utask/commit/bf23fbb10b62bb487ac4ea01b1e519f85480e58b and migration | ||
// from symmecrypt.Key.DecryptMarshal to symmecrypt.Key.Decrypt | ||
_, _ = hex.Decode(dst, r.EncryptedSteps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably check returned error
and set dst
to r.EncryptedSteps
if there was an error.
Signed-off-by: Thomas Bétrancourt <thomas@betrancourt.net>
Signed-off-by: Romain Beuque 556072+rbeuque74@users.noreply.github.com
What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
Bug fix
What is the current behavior? (You can also link to an open issue here)
Failed to load resolution from public id: chacha20poly1305: message authentication failed
What is the new behavior (if this is a feature change)?
Previously, we were using symmecrypt.DecryptMarshal to load data from the database, and we switched to symmecrypt.Decrypt with bf23fbb.
This changed the behaviour because DecryptMarshal was also calling hex.Decode on the ciphered text before doing the Decrypt. We had to restore this behaviour to read old data from our database.
Same for EncryptMarshal/Encrypt/hex.Encode
Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)
No
Other information: