Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New crypto implementation #155

Merged
merged 30 commits into from
Oct 16, 2023
Merged

New crypto implementation #155

merged 30 commits into from
Oct 16, 2023

Conversation

kleewho
Copy link
Contributor

@kleewho kleewho commented Sep 1, 2023

feat(crypto): Add crypto module

Update the crypto module structure and add enhanced AES-CBC cryptor.

fix(crypto): Improved security of crypto implementation by increasing the cipher key entropy by a factor of two.

Improved security of crypto implementation by increasing the cipher key entropy by a factor of two.

@kleewho kleewho marked this pull request as ready for review September 18, 2023 14:38
@kleewho kleewho changed the title New crypto wip New crypto implementation Sep 18, 2023
Copy link
Contributor

@Xavrax Xavrax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some questions, overall okay.

config.go Outdated Show resolved Hide resolved
Comment on lines +21 to +25
type ExtendedCryptor interface {
Cryptor
EncryptStream(reader io.Reader) (*EncryptedStreamData, error)
DecryptStream(encryptedData *EncryptedStreamData) (io.Reader, error)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that extended interface. Imo it works much better than having a big one cryptor - especially that file crypto is something a little bit different than raw data.

return nil, e
}

_, e = buffer.Write([]byte(cryptorId))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be wrong, but in our documented example, there is a possibility that we have V1 header for legacy and we don't add the ID into the meta. Here we always write it - is that expected or did I misunderstand something?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not add header at all for legacy therefore this won't be called with legacy cryptorId

Comment on lines 32 to 34
if readErr != nil && readErr != io.EOF {
return output[:sizeOfCurrentlyRead], readErr
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we return any output in case of error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not. I will remove it and if there's any problem report back to you to figure out what to do

return output, nil
}

func (decryptingReader *blockModeDecryptingReader) decryptUntilPFull(p []byte) (n int, err error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above - should we return anything in case of error?
Is having any return (even info about how much data have been read) viable for users?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above. I'll check it and let you know if I have problems

crypto/encrypting_reader.go Outdated Show resolved Hide resolved
var e error
var readBytes int

for e == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming that it waits until encryptingReader.Read() will return error.EOF, am I right?

Maybe it would be better to wait for concrete error?
What will happen if any other error will appear? Will we return false in case of any error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will end the loop for any error just like that but return false for any error other than EOF. Is that alright?

fire_request.go Outdated
if err != nil {
return []byte{}, err
}
msg, err := utils.ValueAsString(enc) //TODO WHAT?!
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What?!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What?! was I thinking 🤔

previousIvFlag bool
}

// TODO this needs to be tested
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How should we test getter function?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you can see it's kind of special getter function. It has actually a lot of things going on inside. Hopefully I figure out some not that awful way to test it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the only thing we can test is that we're getting nil in proper client configs. I think that there is no better way to do that ;/

kleewho and others added 2 commits September 20, 2023 17:27
Co-authored-by: Mateusz Dahlke <39696234+Xavrax@users.noreply.github.com>
Tests in this file have been order dependent. I broke those dependencies by introducing
few additional lines of code in each an every one. And the initHistoryOpts now requires passing pn, so maybe whoever decide to write new tests will realize that it might be nice
to create new pubnub and new config instead of reusing them across every test.
@Xavrax
Copy link
Contributor

Xavrax commented Oct 16, 2023

@pubnub-release-bot release

@Xavrax Xavrax merged commit 428517f into master Oct 16, 2023
8 checks passed
@Xavrax Xavrax deleted the crypto branch October 16, 2023 15:06
@pubnub-release-bot
Copy link
Contributor

🚀 Release successfully completed 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants