move cipher to dbcrypt package

johnstcn · johnstcn · commit 7837f7116774 · 2023-08-22T14:36:22.000+01:00
diff --git a/coderd/database/dbcrypt/cipher.go b/coderd/database/dbcrypt/cipher.go
@@ -1,9 +1,10 @@
-package cryptorand
+package dbcrypt
 
 import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"errors"
 	"io"
 
 	"golang.org/x/xerrors"
@@ -14,6 +15,23 @@ type Cipher interface {
 	Decrypt([]byte) ([]byte, error)
 }
 
+type DecryptFailedError struct {
+	Inner error
+}
+
+func (e *DecryptFailedError) Error() string {
+	return xerrors.Errorf("decrypt failed: %w", e.Inner).Error()
+}
+
+func (e *DecryptFailedError) Unwrap() error {
+	return e.Inner
+}
+
+func IsDecryptFailedError(err error) bool {
+	var e *DecryptFailedError
+	return errors.As(err, &e)
+}
+
 // CipherAES256 returns a new AES-256 cipher.
 func CipherAES256(key []byte) (Cipher, error) {
 	block, err := aes.NewCipher(key)
@@ -44,5 +62,9 @@ func (a *aes256) Decrypt(ciphertext []byte) ([]byte, error) {
 	if len(ciphertext) < a.aead.NonceSize() {
 		return nil, xerrors.Errorf("ciphertext too short")
 	}
-	return a.aead.Open(nil, ciphertext[:a.aead.NonceSize()], ciphertext[a.aead.NonceSize():], nil)
+	decrypted, err := a.aead.Open(nil, ciphertext[:a.aead.NonceSize()], ciphertext[a.aead.NonceSize():], nil)
+	if err != nil {
+		return nil, &DecryptFailedError{Inner: err}
+	}
+	return decrypted, nil
 }
diff --git a/coderd/database/dbcrypt/cipher_test.go b/coderd/database/dbcrypt/cipher_test.go
@@ -0,0 +1,45 @@
+package dbcrypt_test
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/coderd/database/dbcrypt"
+)
+
+func TestCipherAES256(t *testing.T) {
+	t.Parallel()
+
+	t.Run("ValidInput", func(t *testing.T) {
+		t.Parallel()
+		key := bytes.Repeat([]byte{'a'}, 32)
+		cipher, err := dbcrypt.CipherAES256(key)
+		require.NoError(t, err)
+
+		output, err := cipher.Encrypt([]byte("hello world"))
+		require.NoError(t, err)
+
+		response, err := cipher.Decrypt(output)
+		require.NoError(t, err)
+		require.Equal(t, "hello world", string(response))
+	})
+
+	t.Run("InvalidInput", func(t *testing.T) {
+		t.Parallel()
+		key := bytes.Repeat([]byte{'a'}, 32)
+		cipher, err := dbcrypt.CipherAES256(key)
+		require.NoError(t, err)
+		_, err = cipher.Decrypt(bytes.Repeat([]byte{'a'}, 100))
+		var decryptErr *dbcrypt.DecryptFailedError
+		require.ErrorAs(t, err, &decryptErr)
+	})
+
+	t.Run("InvalidKeySize", func(t *testing.T) {
+		t.Parallel()
+
+		_, err := dbcrypt.CipherAES256(bytes.Repeat([]byte{'a'}, 31))
+		require.ErrorContains(t, err, "invalid key size")
+	})
+}
diff --git a/coderd/database/dbcrypt/dbcrypt.go b/coderd/database/dbcrypt/dbcrypt.go
@@ -8,11 +8,11 @@ import (
 	"strings"
 	"sync/atomic"
 
-	"cdr.dev/slog"
 	"golang.org/x/xerrors"
 
+	"cdr.dev/slog"
+
 	"github.com/coder/coder/v2/coderd/database"
-	"github.com/coder/coder/v2/cryptorand"
 )
 
 // MagicPrefix is prepended to all encrypted values in the database.
@@ -24,7 +24,7 @@ type Options struct {
 	// ExternalTokenCipher is an optional cipher that is used
 	// to encrypt/decrypt user link and git auth link tokens. If this is nil,
 	// then no encryption/decryption will be performed.
-	ExternalTokenCipher *atomic.Pointer[cryptorand.Cipher]
+	ExternalTokenCipher *atomic.Pointer[Cipher]
 	Logger              slog.Logger
 }
 
@@ -141,7 +141,7 @@ func (db *dbCrypt) encryptFields(fields ...*string) error {
 // decryptFields decrypts the given fields in place.
 // If the value fails to decrypt, sql.ErrNoRows will be returned.
 func (db *dbCrypt) decryptFields(deleteFn func() error, fields ...*string) error {
-	delete := func(reason string) error {
+	doDelete := func(reason string) error {
 		err := deleteFn()
 		if err != nil {
 			return xerrors.Errorf("delete encrypted row: %w", err)
@@ -164,7 +164,7 @@ func (db *dbCrypt) decryptFields(deleteFn func() error, fields ...*string) error
 			if strings.HasPrefix(*field, MagicPrefix) {
 				// If we have a magic prefix but encryption is disabled,
 				// we should delete the row.
-				return delete("encryption disabled")
+				return doDelete("encryption disabled")
 			}
 		}
 		return nil
@@ -183,12 +183,12 @@ func (db *dbCrypt) decryptFields(deleteFn func() error, fields ...*string) error
 		data, err := base64.StdEncoding.DecodeString((*field)[len(MagicPrefix):])
 		if err != nil {
 			// If it's not base64 with the prefix, we should delete the row.
-			return delete("stored value was not base64 encoded")
+			return doDelete("stored value was not base64 encoded")
 		}
 		decrypted, err := cipher.Decrypt(data)
 		if err != nil {
 			// If the encryption key changed, we should delete the row.
-			return delete("encryption key changed")
+			return doDelete("encryption key changed")
 		}
 		*field = string(decrypted)
 	}
diff --git a/coderd/database/dbcrypt/dbcrypt_test.go b/coderd/database/dbcrypt/dbcrypt_test.go
@@ -9,15 +9,15 @@ import (
 	"sync/atomic"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
-	"github.com/stretchr/testify/require"
 
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbcrypt"
 	"github.com/coder/coder/v2/coderd/database/dbfake"
 	"github.com/coder/coder/v2/coderd/database/dbgen"
-	"github.com/coder/coder/v2/cryptorand"
 )
 
 func TestUserLinks(t *testing.T) {
@@ -172,7 +172,7 @@ func TestGitAuthLinks(t *testing.T) {
 	})
 }
 
-func requireEncryptedEquals(t *testing.T, cipher *atomic.Pointer[cryptorand.Cipher], value, expected string) {
+func requireEncryptedEquals(t *testing.T, cipher *atomic.Pointer[dbcrypt.Cipher], value, expected string) {
 	t.Helper()
 	c := (*cipher.Load())
 	data, err := base64.StdEncoding.DecodeString(value[len(dbcrypt.MagicPrefix):])
@@ -182,20 +182,20 @@ func requireEncryptedEquals(t *testing.T, cipher *atomic.Pointer[cryptorand.Ciph
 	require.Equal(t, expected, string(got))
 }
 
-func initCipher(t *testing.T, cipher *atomic.Pointer[cryptorand.Cipher]) {
+func initCipher(t *testing.T, cipher *atomic.Pointer[dbcrypt.Cipher]) {
 	t.Helper()
 	key := make([]byte, 32) // AES-256 key size is 32 bytes
 	_, err := io.ReadFull(rand.Reader, key)
 	require.NoError(t, err)
-	c, err := cryptorand.CipherAES256(key)
+	c, err := dbcrypt.CipherAES256(key)
 	require.NoError(t, err)
 	cipher.Store(&c)
 }
 
-func setup(t *testing.T) (db, cryptodb database.Store, cipher *atomic.Pointer[cryptorand.Cipher]) {
+func setup(t *testing.T) (db, cryptodb database.Store, cipher *atomic.Pointer[dbcrypt.Cipher]) {
 	t.Helper()
 	rawDB := dbfake.New()
-	cipher = &atomic.Pointer[cryptorand.Cipher]{}
+	cipher = &atomic.Pointer[dbcrypt.Cipher]{}
 	return rawDB, dbcrypt.New(rawDB, &dbcrypt.Options{
 		ExternalTokenCipher: cipher,
 		Logger:              slogtest.Make(t, nil).Leveled(slog.LevelDebug),
diff --git a/cryptorand/cipher_test.go b/cryptorand/cipher_test.go
