Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update AES Encryption to 256bits for script + step package bootstrappers #1405

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

flin-8
Copy link
Contributor

@flin-8 flin-8 commented Dec 12, 2024

[sc-98850]

Depends on https://github.com/OctopusDeploy/step-api/pull/569

Relates to: OctopusDeploy/Issues#9183

This PR updates the variable encryption from 128 to 256bits for:

  • script bootstrapping (encryption in c#, decryption in the bootstrap scripts)
  • step packages (encryption in c#, decryption in step-api)

@flin-8 flin-8 self-assigned this Dec 12, 2024
@flin-8 flin-8 changed the title Update AES Encryption to 256bits Update AES Encryption to 256bits for script bootstrappers Dec 13, 2024
@@ -17,9 +32,10 @@ public class AesEncryption

readonly byte[] key;

public AesEncryption(string password)
public AesEncryption(string password, int keySizeBits)
Copy link
Contributor Author

@flin-8 flin-8 Dec 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making the key size configurable allows us to upgrade the 3 components (scripts, step package, variables file) separately.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The flexibility of this is nice, I wonder if this might open up the opportunity for the wrong one to be used in the wrong place.

It might be better to use inheritance here

keep AesEncryption abstract, and impliment the Bootstrapper and Script one passing through these key sizes required.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to factory methods for the scenarios and making the encryption key public on the encryptor


readonly int keySizeBits;

const int BlockSizeBits = 128;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Block size can remain at 128

public static readonly int ScriptBootstrapKeySize = 256;

//Key size used to decrypt the variables file sent by Octopus Server
public static readonly int VariablesFileKeySize = 128;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SaST will update this once they sort out variable encryption on the Server side. Currently it's encrypted by Tentacle which sounds wrong

@@ -31,7 +31,7 @@ static PythonBootstrapper()

public static string FormatCommandArguments(string bootstrapFile, string? scriptParameters)
{
var encryptionKey = ToHex(AesEncryption.GetEncryptionKey(SensitiveVariablePassword));
var encryptionKey = ToHex(AesEncryption.GetEncryptionKey(SensitiveVariablePassword, AesEncryption.ScriptBootstrapKeySize));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python's decryption doens't specify bitness:

@flin-8 flin-8 changed the title Update AES Encryption to 256bits for script bootstrappers Update AES Encryption to 256bits for script + step package bootstrappers Dec 19, 2024
@flin-8 flin-8 marked this pull request as ready for review December 19, 2024 00:45
Copy link
Contributor

@zentron zentron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Marked as approved so you can merge when ready, but a suggestion around how consumers use the AesEncryption class to avoid a foot-gun.

@@ -17,9 +32,10 @@ public class AesEncryption

readonly byte[] key;

public AesEncryption(string password)
public AesEncryption(string password, int keySizeBits)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The flexibility of this is nice, I wonder if this might open up the opportunity for the wrong one to be used in the wrong place.

It might be better to use inheritance here

keep AesEncryption abstract, and impliment the Bootstrapper and Script one passing through these key sizes required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants