You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2022/05/06 18:07:15 UTC

[couchdb] 01/01: canary value to detect encryption

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch aegis_3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 20de0c858389f51d9184e3b5630ed3d3b9933c5d
Author: Robert Newson <rn...@apache.org>
AuthorDate: Fri May 6 19:01:40 2022 +0100

    canary value to detect encryption
---
 src/couch/src/couch_file.erl | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/couch/src/couch_file.erl b/src/couch/src/couch_file.erl
index 68c716a47..e4673c394 100644
--- a/src/couch/src/couch_file.erl
+++ b/src/couch/src/couch_file.erl
@@ -23,6 +23,7 @@
 -define(IS_OLD_STATE(S), is_pid(S#file.db_monitor)).
 -define(PREFIX_SIZE, 5).
 -define(DEFAULT_READ_COUNT, 1024).
+-define(ENCRYPTED_HEADER, 0,1,2,3,4,5,6,7).
 
 -type block_id() :: non_neg_integer().
 -type location() :: non_neg_integer().
@@ -932,23 +933,30 @@ reset_eof(#file{} = File) ->
 init_key(#file{eof = 0} = File) ->
     Key = crypto:strong_rand_bytes(32),
     WrappedKey = couch_keywrap:key_wrap(?AES_MASTER_KEY, Key),
-    ok = file:write(File#file.fd, WrappedKey),
+    Header = <<?ENCRYPTED_HEADER, WrappedKey/binary>>,
+    ok = file:write(File#file.fd, Header),
     ok = file:sync(File#file.fd),
-    {ok, File#file{eof = iolist_size(WrappedKey), key = Key}};
+    {ok, File#file{eof = iolist_size(Header), key = Key}};
 
 %% we're opening an existing file and need to unwrap the key.
 init_key(#file{key = undefined} = File) ->
-    {ok, WrappedKey} = file:pread(File#file.fd, 0, 40),
-    case couch_keywrap:key_unwrap(?AES_MASTER_KEY, WrappedKey) of
-        fail ->
+    case file:pread(File#file.fd, 0, 48) of
+        {ok, <<?ENCRYPTED_HEADER, WrappedKey/binary>>} ->
+            case couch_keywrap:key_unwrap(?AES_MASTER_KEY, WrappedKey) of
+                fail ->
+                    {error, unwrap_failed};
+                Key when is_binary(Key) ->
+                    {ok, File#file{key = Key}}
+            end;
+        {ok, _} ->
             {ok, File#file{key = unencrypted}};
-        Key when is_binary(Key) ->
-            {ok, File#file{key = Key}}
+        Else ->
+            Else
     end;
 
 %% we're opening an existing file that contains a wrapped key
 %% which we've already unwrapped.
-init_key(#file{eof = Eof, key = Key} = File) when Eof > 40, is_binary(Key) ->
+init_key(#file{eof = Eof, key = Key} = File) when Eof > 48, is_binary(Key) ->
     {ok, File}.