You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2022/05/06 18:03:51 UTC

[couchdb] branch aegis_3.x updated: canary value to detect encryption

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch aegis_3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git


The following commit(s) were added to refs/heads/aegis_3.x by this push:
     new b23a1d39b canary value to detect encryption
b23a1d39b is described below

commit b23a1d39bc68f94202bc0fa4a2a607ef66554420
Author: Robert Newson <rn...@apache.org>
AuthorDate: Fri May 6 19:01:40 2022 +0100

    canary value to detect encryption
---
 src/couch/src/couch_file.erl | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/couch/src/couch_file.erl b/src/couch/src/couch_file.erl
index 68c716a47..c194e6efe 100644
--- a/src/couch/src/couch_file.erl
+++ b/src/couch/src/couch_file.erl
@@ -23,6 +23,7 @@
 -define(IS_OLD_STATE(S), is_pid(S#file.db_monitor)).
 -define(PREFIX_SIZE, 5).
 -define(DEFAULT_READ_COUNT, 1024).
+-define(ENCRYPTED_HEADER, 0,1,2,3,4,5,6,7).
 
 -type block_id() :: non_neg_integer().
 -type location() :: non_neg_integer().
@@ -932,23 +933,30 @@ reset_eof(#file{} = File) ->
 init_key(#file{eof = 0} = File) ->
     Key = crypto:strong_rand_bytes(32),
     WrappedKey = couch_keywrap:key_wrap(?AES_MASTER_KEY, Key),
-    ok = file:write(File#file.fd, WrappedKey),
+    Header = <<?ENCRYPTED_HEADER, WrappedKey/binary>>,
+    ok = file:write(File#file.fd, Header),
     ok = file:sync(File#file.fd),
-    {ok, File#file{eof = iolist_size(WrappedKey), key = Key}};
+    {ok, File#file{eof = iolist_size(Header), key = Key}};
 
 %% we're opening an existing file and need to unwrap the key.
 init_key(#file{key = undefined} = File) ->
-    {ok, WrappedKey} = file:pread(File#file.fd, 0, 40),
-    case couch_keywrap:key_unwrap(?AES_MASTER_KEY, WrappedKey) of
-        fail ->
-            {ok, File#file{key = unencrypted}};
-        Key when is_binary(Key) ->
-            {ok, File#file{key = Key}}
+    case file:pread(File#file.fd, 0, 48) of
+        {ok, <<?ENCRYPTED_HEADER, WrappedKey/binary>>} ->
+            case couch_keywrap:key_unwrap(?AES_MASTER_KEY, WrappedKey) of
+                fail ->
+                    {error, unwrap_failed};
+                Key when is_binary(Key) ->
+                    {ok, File#file{key = Key}}
+            end;
+        {ok, _} ->
+            {ok,  File#file{key = unencrypted}};
+        Else ->
+            Else
     end;
 
 %% we're opening an existing file that contains a wrapped key
 %% which we've already unwrapped.
-init_key(#file{eof = Eof, key = Key} = File) when Eof > 40, is_binary(Key) ->
+init_key(#file{eof = Eof, key = Key} = File) when Eof > 48, is_binary(Key) ->
     {ok, File}.