Skip to content

Commit feae634

Browse files
johnstcnjohnstcn
committed
check for primary key revocation on startup
1 parent f340cba commit feae634

File tree

2 files changed

+36
-2
lines changed

2 files changed

+36
-2
lines changed

enterprise/dbcrypt/dbcrypt.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -343,16 +343,26 @@ func (db *dbCrypt) ensureEncrypted(ctx context.Context) error {
343343
}
344344

345345
var highestNumber int32
346+
var activeCipherFound bool
346347
for _, k := range ks {
348+
// If our primary key has been revoked, then we can't do anything.
349+
if k.RevokedKeyDigest.Valid && k.RevokedKeyDigest.String == db.primaryCipherDigest {
350+
return xerrors.Errorf("primary encryption key %q has been revoked", db.primaryCipherDigest)
351+
}
352+
347353
if k.ActiveKeyDigest.Valid && k.ActiveKeyDigest.String == db.primaryCipherDigest {
348-
// This is our currently active key. We don't need to do anything further.
349-
return nil
354+
activeCipherFound = true
350355
}
356+
351357
if k.Number > highestNumber {
352358
highestNumber = k.Number
353359
}
354360
}
355361

362+
if activeCipherFound {
363+
return nil
364+
}
365+
356366
// If we get here, then we have a new key that we need to insert.
357367
// If this conflicts with another transaction, we do not need to retry as
358368
// the other transaction will have inserted the key for us.

enterprise/dbcrypt/dbcrypt_internal_test.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -446,6 +446,30 @@ func TestNew(t *testing.T) {
446446
require.NoError(t, err, "no error should be returned")
447447
require.Empty(t, keys, "no keys should be present")
448448
})
449+
450+
t.Run("PrimaryRevoked", func(t *testing.T) {
451+
t.Parallel()
452+
// Given: a cipher is loaded
453+
cipher := initCipher(t)
454+
ctx, cancel := context.WithCancel(context.Background())
455+
t.Cleanup(cancel)
456+
rawDB, _ := dbtestutil.NewDB(t)
457+
458+
// And: the cipher is revoked before we init the crypt db
459+
err := rawDB.InsertDBCryptKey(ctx, database.InsertDBCryptKeyParams{
460+
Number: 1,
461+
ActiveKeyDigest: cipher.HexDigest(),
462+
Test: fakeBase64RandomData(t, 32),
463+
})
464+
require.NoError(t, err, "no error should be returned")
465+
err = rawDB.RevokeDBCryptKey(ctx, cipher.HexDigest())
466+
require.NoError(t, err, "no error should be returned")
467+
468+
// Then: when we init the crypt db, we error because the key is revoked
469+
_, err = New(ctx, rawDB, cipher)
470+
require.Error(t, err)
471+
require.ErrorContains(t, err, "has been revoked")
472+
})
449473
}
450474

451475
func requireEncryptedEquals(t *testing.T, c Cipher, value, expected string) {

0 commit comments

Comments
 (0)