Fix decrypting secrets in alerting migration (#41061)

2025-02-25 18:55:37 -06:00 · 2021-10-29 14:20:07 +03:00
parent b9e0a41f5a
commit ff086df3b5
2 changed files with 75 additions and 2 deletions
--- a/pkg/util/encryption.go
+++ b/pkg/util/encryption.go
@@ -1,10 +1,12 @@
 package util

 import (
+	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
@@ -12,12 +14,22 @@ import (
 	"golang.org/x/crypto/pbkdf2"
 )

-const saltLength = 8
+const (
+	saltLength                   = 8
+	aesCfb                       = "aes-cfb"
+	aesGcm                       = "aes-gcm"
+	encryptionAlgorithmDelimiter = '*'
+)

 // Decrypt decrypts a payload with a given secret.
 // Deprecated. Do not use it.
 // Use encryption.Service instead.
 func Decrypt(payload []byte, secret string) ([]byte, error) {
+	alg, payload, err := deriveEncryptionAlgorithm(payload)
+	if err != nil {
+		return nil, err
+	}
+
 	if len(payload) < saltLength {
 		return nil, fmt.Errorf("unable to compute salt")
 	}
@@ -32,11 +44,60 @@ func Decrypt(payload []byte, secret string) ([]byte, error) {
 		return nil, err
 	}

+	switch alg {
+	case aesGcm:
+		return decryptGCM(block, payload)
+	default:
+		return decryptCFB(block, payload)
+	}
+}
+
+func deriveEncryptionAlgorithm(payload []byte) (string, []byte, error) {
+	if len(payload) == 0 {
+		return "", nil, fmt.Errorf("unable to derive encryption algorithm")
+	}
+
+	if payload[0] != encryptionAlgorithmDelimiter {
+		return aesCfb, payload, nil // backwards compatibility
+	}
+
+	payload = payload[1:]
+	algDelim := bytes.Index(payload, []byte{encryptionAlgorithmDelimiter})
+	if algDelim == -1 {
+		return aesCfb, payload, nil // backwards compatibility
+	}
+
+	algB64 := payload[:algDelim]
+	payload = payload[algDelim+1:]
+
+	alg := make([]byte, base64.RawStdEncoding.DecodedLen(len(algB64)))
+
+	_, err := base64.RawStdEncoding.Decode(alg, algB64)
+	if err != nil {
+		return "", nil, err
+	}
+
+	return string(alg), payload, nil
+}
+
+func decryptGCM(block cipher.Block, payload []byte) ([]byte, error) {
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := payload[saltLength : saltLength+gcm.NonceSize()]
+	ciphertext := payload[saltLength+gcm.NonceSize():]
+	return gcm.Open(nil, nonce, ciphertext, nil)
+}
+
+func decryptCFB(block cipher.Block, payload []byte) ([]byte, error) {
 	// The IV needs to be unique, but not secure. Therefore it's common to
 	// include it at the beginning of the ciphertext.
 	if len(payload) < aes.BlockSize {
 		return nil, errors.New("payload too short")
 	}
+
 	iv := payload[saltLength : saltLength+aes.BlockSize]
 	payload = payload[saltLength+aes.BlockSize:]
 	payloadDst := make([]byte, len(payload))