fix(encryption): replace encryption related methods for fips mode [be-11933] (#919)

Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
2025-08-04 21:35:23 +02:00 · 2025-08-04 17:04:03 +12:00 · 2025-08-04 17:04:03 +12:00 · d306d7a983
commit d306d7a983
parent 163aa57e5c
19 changed files with 701 additions and 169 deletions
--- a/api/database/boltdb/json.go
+++ b/api/database/boltdb/json.go
@ -4,8 +4,6 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
-	"crypto/rand"
-	"io"

 	"github.com/pkg/errors"
 	"github.com/segmentio/encoding/json"
@ -65,18 +63,18 @@ func (connection *DbConnection) UnmarshalObject(data []byte, object any) error {
 // https://gist.github.com/atoponce/07d8d4c833873be2f68c34f9afc5a78a#symmetric-encryption

 func encrypt(plaintext []byte, passphrase []byte) (encrypted []byte, err error) {
-	block, _ := aes.NewCipher(passphrase)
-	gcm, err := cipher.NewGCM(block)
+	block, err := aes.NewCipher(passphrase)
 	if err != nil {
 		return encrypted, err
 	}

-	nonce := make([]byte, gcm.NonceSize())
-	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+	// NewGCMWithRandomNonce in go 1.24 handles setting up the nonce and adding it to the encrypted output
+	gcm, err := cipher.NewGCMWithRandomNonce(block)
+	if err != nil {
 		return encrypted, err
 	}

-	return gcm.Seal(nonce, nonce, plaintext, nil), nil
+	return gcm.Seal(nil, nil, plaintext, nil), nil
 }

 func decrypt(encrypted []byte, passphrase []byte) (plaintextByte []byte, err error) {
@ -89,19 +87,17 @@ func decrypt(encrypted []byte, passphrase []byte) (plaintextByte []byte, err err
 		return encrypted, errors.Wrap(err, "Error creating cypher block")
 	}

-	gcm, err := cipher.NewGCM(block)
+	// NewGCMWithRandomNonce in go 1.24 handles reading the nonce from the encrypted input for us
+	gcm, err := cipher.NewGCMWithRandomNonce(block)
 	if err != nil {
 		return encrypted, errors.Wrap(err, "Error creating GCM")
 	}

-	nonceSize := gcm.NonceSize()
-	if len(encrypted) < nonceSize {
+	if len(encrypted) < gcm.NonceSize() {
 		return encrypted, errEncryptedStringTooShort
 	}

-	nonce, ciphertextByteClean := encrypted[:nonceSize], encrypted[nonceSize:]
-
-	plaintextByte, err = gcm.Open(nil, nonce, ciphertextByteClean, nil)
+	plaintextByte, err = gcm.Open(nil, nil, encrypted, nil)
 	if err != nil {
 		return encrypted, errors.Wrap(err, "Error decrypting text")
 	}
--- a/api/database/boltdb/json_test.go
+++ b/api/database/boltdb/json_test.go
@ -1,12 +1,19 @@
 package boltdb

 import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
 	"crypto/sha256"
+	"encoding/base64"
 	"fmt"
+	"io"
 	"testing"

 	"github.com/gofrs/uuid"
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 const (
@ -160,7 +167,7 @@ func Test_ObjectMarshallingEncrypted(t *testing.T) {
 	}

 	key := secretToEncryptionKey(passphrase)
-	conn := DbConnection{EncryptionKey: key}
+	conn := DbConnection{EncryptionKey: key, isEncrypted: true}
 	for _, test := range tests {
 		t.Run(fmt.Sprintf("%s -> %s", test.object, test.expected), func(t *testing.T) {

@ -175,3 +182,94 @@ func Test_ObjectMarshallingEncrypted(t *testing.T) {
 		})
 	}
 }
+
+func Test_NonceSources(t *testing.T) {
+	// ensure that the new go 1.24 NewGCMWithRandomNonce works correctly with
+	// the old way of creating and including the nonce
+
+	encryptOldFn := func(plaintext []byte, passphrase []byte) (encrypted []byte, err error) {
+		block, _ := aes.NewCipher(passphrase)
+		gcm, err := cipher.NewGCM(block)
+		if err != nil {
+			return encrypted, err
+		}
+
+		nonce := make([]byte, gcm.NonceSize())
+		if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+			return encrypted, err
+		}
+
+		return gcm.Seal(nonce, nonce, plaintext, nil), nil
+	}
+
+	decryptOldFn := func(encrypted []byte, passphrase []byte) (plaintext []byte, err error) {
+		block, err := aes.NewCipher(passphrase)
+		if err != nil {
+			return encrypted, errors.Wrap(err, "Error creating cypher block")
+		}
+
+		gcm, err := cipher.NewGCM(block)
+		if err != nil {
+			return encrypted, errors.Wrap(err, "Error creating GCM")
+		}
+
+		nonceSize := gcm.NonceSize()
+		if len(encrypted) < nonceSize {
+			return encrypted, errEncryptedStringTooShort
+		}
+
+		nonce, ciphertextByteClean := encrypted[:nonceSize], encrypted[nonceSize:]
+
+		plaintext, err = gcm.Open(nil, nonce, ciphertextByteClean, nil)
+		if err != nil {
+			return encrypted, errors.Wrap(err, "Error decrypting text")
+		}
+
+		return plaintext, err
+	}
+
+	encryptNewFn := encrypt
+	decryptNewFn := decrypt
+
+	passphrase := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, passphrase)
+	require.NoError(t, err)
+
+	junk := make([]byte, 1024)
+	_, err = io.ReadFull(rand.Reader, junk)
+	require.NoError(t, err)
+
+	junkEnc := make([]byte, base64.StdEncoding.EncodedLen(len(junk)))
+	base64.StdEncoding.Encode(junkEnc, junk)
+
+	cases := [][]byte{
+		[]byte("test"),
+		[]byte("35"),
+		[]byte("9ca4a1dd-a439-4593-b386-a7dfdc2e9fc6"),
+		[]byte(jsonobject),
+		passphrase,
+		junk,
+		junkEnc,
+	}
+
+	for _, plain := range cases {
+		var enc, dec []byte
+		var err error
+
+		enc, err = encryptOldFn(plain, passphrase)
+		require.NoError(t, err)
+
+		dec, err = decryptNewFn(enc, passphrase)
+		require.NoError(t, err)
+
+		require.Equal(t, plain, dec)
+
+		enc, err = encryptNewFn(plain, passphrase)
+		require.NoError(t, err)
+
+		dec, err = decryptOldFn(enc, passphrase)
+		require.NoError(t, err)
+
+		require.Equal(t, plain, dec)
+	}
+}